CDK icon indicating copy to clipboard operation
CDK copied to clipboard
verified publisher icon cdk-team

k8s-psp-dump、secret、configmap、对于返回包的判断有误

Open yangusrname opened this issue 3 years ago • 3 comments

image 判断拉取失败,但是打印出的返回包中实际上已获取到信息,应该判定成功并输出到文件中。 secret、psp、configmap这三个都是这样。 image 可能需要修改这部分代码

yangusrname avatar Feb 24 '22 09:02 yangusrname

收到,隔离中,排期搞。

neargle avatar Feb 24 '22 09:02 neargle

我这边的环境没办法复现呀,有纯文本的返回吗?

neargle avatar Feb 27 '22 14:02 neargle

./cdk run k8s-psp-dump auto

2022/03/11 01:27:08 getting K8s api-server API addr. Find K8s api-server in ENV: https://10.1.0.1:443 2022/03/11 01:27:08 trying to dump K8s Pod Security Policies with user system:anonymous 2022/03/11 01:27:08 requesting /apis/policy/v1beta1/podsecuritypolicies err found in post request, error response code: 403 Forbidden. 2022/03/11 01:27:08 failed, 403 Forbidden, api-server response:

2022/03/11 01:27:08 trying to dump K8s Pod Security Policies with local service-account: /var/run/secrets/kubernetes.io/serviceaccount/token 2022/03/11 01:27:08 requesting /apis/policy/v1beta1/podsecuritypolicies 2022/03/11 01:27:08 failed, api-server response: {"kind":"PodSecurityPolicyList","apiVersion":"policy/v1beta1","metadata":{"resourceVersion":"1372081"},"items":[{"metadata":{"name":"psp.flannel.unprivileged","

第一部分是匿名拉取policies,我设置的禁止匿名,所以失败正常。第二部分token拉取显示失败,但实际上response中已经返回了policies,后面还有一堆我没有复制,都是policies。我后来自己改为,判断返回包中是否包含Failure image

还有一个问题,失败时response没有输出,可见下图,resp为空 image

k8s-psp-dump中,无论对错都会生成文件,如下图,匿名部分显示失败然后创建文件成功,不会进行下一步使用token拉取 image

yangusrname avatar Mar 11 '22 01:03 yangusrname