troubleshoot
troubleshoot copied to clipboard
replicatedhq
ImagePullSecret analyzer fails with IP registryName
@areed Hi andrew, could you tell me exactly what happend? Or do you have the yaml file you used when this happend? I tried some IPs and didn't have that problem.
I have this secret, which decodes to {"auths":{"10.96.0.249":{"username":"kurl","password":"password","auth":"a3VybDpwYXNzd29yZAo="}}}
apiVersion: v1
data:
.dockerconfigjson: eyJhdXRocyI6eyIxMC45Ni4wLjI0OSI6eyJ1c2VybmFtZSI6Imt1cmwiLCJwYXNzd29yZCI6InBhc3N3b3JkIiwiYXV0aCI6ImEzVnliRHB3WVhOemQyOXlaQW89In19fQo=
kind: Secret
metadata:
creationTimestamp: "2020-10-01T17:06:14Z"
name: registry-creds
namespace: default
resourceVersion: "50012"
selfLink: /api/v1/namespaces/default/secrets/registry-creds
uid: 89b63478-5612-4b92-a427-87cded2076ed
type: kubernetes.io/dockerconfigjson
And I have this spec:
apiVersion: troubleshoot.sh/v1beta2
kind: Preflight
metadata:
name: preflight-sample
spec:
analyzers:
- imagePullSecret:
checkName: Pull from Quay
registryName: 10.96.0.249
outcomes:
- fail:
message: Did not find credentials to pull from Quay
- pass:
message: Found credentials to pull from Quay
When I run kubectl preflight spec.yaml it shows the fail outcome.
@areed Hi Andrew! I would like a second opinion on how to approach this issue. As the imagepullsecrets are collected as part of the cluster resources and the redactor is only doing his job redacting ips, the cleaner solution I could think of is skipping the redaction of imagepullsecrets and doing it later in the analyze phase. It would imply the creation of an Exported function in the collect pkg, to call the redactMap function from the analyze pkg. Other solutions would be to collect imagepullsecrets again, but it may be inefficient, or redacting everything later, but this may be insecure.