FairwindsOps/pluto

Failed to retrieve error messages running on a AKS cluster with version 1.23.12

BenjaminHerbert opened this issue · 5 comments

BenjaminHerbert commented

I am receiving the following error messages while running a scan on a AKS cluster with Kubernetes 1.23.12.

> ./pluto detect-api-resources -owide
W0125 14:47:04.566958  304125 warnings.go:70] v1 ComponentStatus is deprecated in v1.19+
E0125 14:47:16.234111  304125 discovery_api.go:133] Failed to retrieve: /v1, Resource=bindings the server could not find the requested resource
E0125 14:47:18.159713  304125 discovery_api.go:133] Failed to retrieve: authentication.k8s.io/v1, Resource=tokenreviews the server does not allow this method on the requested resource
E0125 14:47:18.188293  304125 discovery_api.go:133] Failed to retrieve: authorization.k8s.io/v1, Resource=selfsubjectaccessreviews the server does not allow this method on the requested resource
E0125 14:47:18.216023  304125 discovery_api.go:133] Failed to retrieve: authorization.k8s.io/v1, Resource=subjectaccessreviews the server does not allow this method on the requested resource
E0125 14:47:18.241599  304125 discovery_api.go:133] Failed to retrieve: authorization.k8s.io/v1, Resource=selfsubjectrulesreviews the server does not allow this method on the requested resource
E0125 14:47:18.335336  304125 discovery_api.go:133] Failed to retrieve: authorization.k8s.io/v1, Resource=localsubjectaccessreviews the server could not find the requested resource
NAME                 NAMESPACE     KIND                  VERSION          REPLACEMENT   DEPRECATED   DEPRECATED IN   REMOVED   REMOVED IN  
coredns-pdb          kube-system   PodDisruptionBudget   policy/v1beta1   policy/v1     true         v1.21.0         false     v1.25.0                                                                                                         
konnectivity-agent   kube-system   PodDisruptionBudget   policy/v1beta1   policy/v1     true         v1.21.0         false     v1.25.0     
metrics-server-pdb   kube-system   PodDisruptionBudget   policy/v1beta1   policy/v1     true         v1.21.0         false     v1.25.0                                                                                                         
tigera-operator      <UNKNOWN>     PodSecurityPolicy     policy/v1beta1                 true         v1.21.0         false     v1.25.0

What do the error messages "Failed to retrieve..." mean? What can I do about it? Any pointers would be appreciated.

sudermanjr commented

My guess is that this is some kind of issue within client-go that is getting surfaced here. Especially since discovery_api.go is not a file in the Pluto codebase.

sudermanjr commented

Are you using the latest version of Pluto?

BenjaminHerbert commented

Yes, I am using: Version:5.12.0 Commit:dc11ba13c840de0034510bff4712f651bf5ff45c

sudermanjr commented

Yep, good call, I completely forgot about that. Seems like the discovery of resources looking for the last-applied-configuration annotation is bit overzealous. We can take a look at that.

I think this is where we are grabbing the list of resources.

pluto/pkg/discovery-api/discovery_api.go

Line 106 in 4c80d3a

resourcelist, err := cl.DiscoveryClient.ServerPreferredResources()