Uploaded image for project: 'ONAP Operations Manager'
  1. ONAP Operations Manager
  2. OOM-578

Hard coded token in oom/kubernetes/kube2msb/values.yaml file

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Duplicate
    • Icon: Medium Medium
    • Beijing Release
    • Amsterdam Release
    • None

      When deploying oom/kubernetes/oneclick/createAll.bash -n onap -a kube2msb I get the following error and my pod “po/kube2msb-registrator” fails to start. 

       
      2018-01-12 13:55:45.256605 I | Using https://kubernetes.default.svc.cluster.local:443 for kubernetes master
      2018-01-12 13:55:45.266852 I | Could not connect to Kube MasterUnauthorized
       

       

      My understanding is that kube2msb-registrator is trying to access the kube-master API from within the pod

       

      I found a file “oom/kubernetes/kube2msb/values.yaml”   which has a hard coded token

      If I replace the token with the one returned from the following command I can get the pod to start. 

      kubectl describe secret $(kubectl get secrets | grep default | cut -f1 -d ' ')

       

      It is not recommended to use a hard coded token.  A service account should be used instead.  This is the recommended way described by kubernetes. 

      https://kubernetes.io/docs/tasks/access-application-cluster/access-cluster/#accessing-the-api-from-a-pod

            huabingzhao huabingzhao
            jsulliva jsulliva
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

              Created:
              Updated:
              Resolved: