Fix kube sa token (#786)

* Use encodeURI for prometheus gpu query

* Fix sa token fetch on cluster

* Fix incorrect type for kube

* Add utf8 translation for fs.read in getCurrentToken

* gpu-fix-cleanup

* Update backend/src/plugins/kube.ts

Co-authored-by: Christopher Chase <[email protected]>

Co-authored-by: Chris Chase <[email protected]>
Co-authored-by: Andrew Ballantyne <[email protected]>

backend/src/plugins/kube.ts

@@ -5,6 +5,7 @@ import * as jsYaml from 'js-yaml';
 import * as k8s from '@kubernetes/client-node';
 import { DEV_MODE } from '../utils/constants';
 import { cleanupDSPSuffix, initializeWatchedResources } from '../utils/resourceUtils';
+import { User } from '@kubernetes/client-node/dist/config_types';
 
 const CONSOLE_CONFIG_YAML_FIELD = 'console-config.yaml';
 
@@ -27,6 +28,14 @@ export default fp(async (fastify: FastifyInstance) => {
     fastify.log.error(e, 'Failed to retrieve current namespace');
   }
 
+  let currentToken;
+  try {
+    currentToken = await getCurrentToken(currentUser);
+  } catch (e) {
+    currentToken = '';
+    fastify.log.error(e, 'Failed to retrieve current token');
+  }
+
   let clusterID;
   try {
     const clusterVersion = await customObjectsApi.getClusterCustomObject(
@@ -64,6 +73,7 @@ export default fp(async (fastify: FastifyInstance) => {
     batchV1Api,
     customObjectsApi,
     currentUser,
+    currentToken,
     clusterID,
     clusterBranding,
     rbac,
@@ -103,3 +113,21 @@ const getCurrentNamespace = async () => {
     }
   });
 };
+
+const getCurrentToken = async (currentUser: User) => {
+  return new Promise((resolve, reject) => {
+    if (currentContext === 'inClusterContext') {
+      const location =
+        currentUser?.authProvider?.config?.tokenFile ||
+        '/var/run/secrets/kubernetes.io/serviceaccount/token';
+      fs.readFile(location, 'utf8', (err, data) => {
+        if (err) {
+          reject(err);
+        }
+        resolve(data);
+      });
+    } else {
+      resolve(currentUser?.token || '');
+    }
+  });
+};

backend/src/routes/api/gpu/gpuUtils.ts

@@ -33,12 +33,12 @@ export const getGPUNumber = async (fastify: KubeFastifyInstance): Promise<GPUInf
       return { items: [] } as V1PodList;
     });
   const scalingLimit = await getGPUScaling(fastify);
-  if (gpuPodList.items.length != 0) {
+  if (gpuPodList.items.length != 0 && fastify.kube.currentToken) {
     areGpusConfigured = true;
     const gpuDataResponses = [];
     for (let i = 0; i < gpuPodList.items.length; i++) {
       gpuDataResponses.push(
-        getGPUData(gpuPodList.items[i].status.podIP, fastify.kube.currentUser.token),
+        getGPUData(gpuPodList.items[i].status.podIP, fastify.kube.currentToken),
       );
     }
 
@@ -76,7 +76,10 @@ export const getGPUData = async (
     const options = {
       hostname: 'thanos-querier.openshift-monitoring.svc.cluster.local',
       port: 9091,
-      path: `/api/v1/query?query=count+(count+by+(UUID,GPU_I_ID)(DCGM_FI_PROF_GR_ENGINE_ACTIVE{instance="${podIP}:9400"})+or+vector(0))-count+(count+by+(UUID,GPU_I_ID)(DCGM_FI_PROF_GR_ENGINE_ACTIVE{instance="${podIP}:9400",exported_pod=~".%2b"})+or+vector(0))`,
+      //Encode the raw prometheus query to remove any need for manual encoding
+      path: encodeURI(
+        `/api/v1/query?query=count (count by (UUID,GPU_I_ID)(DCGM_FI_PROF_GR_ENGINE_ACTIVE{instance="${podIP}:9400"}) or vector(0))-count (count by (UUID,GPU_I_ID)(DCGM_FI_PROF_GR_ENGINE_ACTIVE{instance="${podIP}:9400",exported_pod=~".+"}) or vector(0))`,
+      ),
       headers: {
         Authorization: `Bearer ${token}`,
       },

backend/src/types.ts

@@ -226,6 +226,7 @@ export type KubeDecorator = KubeStatus & {
   batchV1Api: k8s.BatchV1Api;
   customObjectsApi: k8s.CustomObjectsApi;
   rbac: k8s.RbacAuthorizationV1Api;
+  currentToken: string;
 };
 
 export type KubeFastifyInstance = FastifyInstance & {