Uploaded image for project: 'ONAP Operations Manager'
  1. ONAP Operations Manager
  2. OOM-578

Hard coded token in oom/kubernetes/kube2msb/values.yaml file

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Medium
    • Resolution: Duplicate
    • Affects Version/s: Amsterdam Release
    • Fix Version/s: Beijing Release
    • Labels:

      Description

      When deploying oom/kubernetes/oneclick/createAll.bash -n onap -a kube2msb I get the following error and my pod “po/kube2msb-registrator” fails to start. 

       
      2018-01-12 13:55:45.256605 I | Using https://kubernetes.default.svc.cluster.local:443 for kubernetes master
      2018-01-12 13:55:45.266852 I | Could not connect to Kube MasterUnauthorized
       

       

      My understanding is that kube2msb-registrator is trying to access the kube-master API from within the pod

       

      I found a file “oom/kubernetes/kube2msb/values.yaml”   which has a hard coded token

      If I replace the token with the one returned from the following command I can get the pod to start. 

      kubectl describe secret $(kubectl get secrets | grep default | cut -f1 -d ' ')

       

      It is not recommended to use a hard coded token.  A service account should be used instead.  This is the recommended way described by kubernetes. 

      https://kubernetes.io/docs/tasks/access-application-cluster/access-cluster/#accessing-the-api-from-a-pod

        Attachments

          Issue Links

          No reviews matched the request. Check your Options in the drop-down menu of this sections header.

            Activity

              People

              • Assignee:
                HuabingZhao HuabingZhao
                Reporter:
                jsulliva Joey Sullivan
              • Votes:
                0 Vote for this issue
                Watchers:
                3 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: