hjacobs
commented
5 years ago Thanks for reporting, as a quick workaround, you can create a file read-only-token-secret with arbitrary fake content (the fake OAuth token).
Open MarcusPorterAtQuestDiagnostics opened 5 years ago
hjacobs
commented
5 years ago Thanks for reporting, as a quick workaround, you can create a file read-only-token-secret with arbitrary fake content (the fake OAuth token).
MarcusPorterAtQuestDiagnostics
commented
5 years ago Thanks! Where should this file be mounted on the pod?
hjacobs
commented
5 years ago @MarcusPorterAtQuestDiagnostics it reads from CREDENTIALS_DIR env var so mount it anywhere and point CREDENTIALS_DIR to the folder.
I have a number of clusters that are defined in a kubeconfig file. Everything works great except for the teams feature. I have created a registry that seems to return the right information, but the only team that shows up is "?unknown?"
In the logs I find the following: "WARNING:kube_resource_report.report:Failed to look up application audit: Invalid OAuth credentials: Failed to read token "read-only" from ."
Digging into the code I see that "resolve_application_ids" in report.py calls "cluster_discovery.OAuthTokenAuth("read-only")" to set an auth header. But within cluster_discoverer.py only "ClusterRegistryDiscoverer" references OAuthTokenAuth. KubeconfigDiscoverer does not.
Since my registry doesn't require an oath token anyway, is there a way to turn off this behavior, or is this a bug?