cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Cannot extract bearer token from secret

rhaddad
Visitor

I am getting an empty result for this command:

oc get secret $(oc get sa dynatrace-kubernetes-monitoring -o jsonpath='{.secrets[1].name}' -n dynatrace) -o jsonpath='{.data.token}' -n dynatrace

 

Looks like the secret "dynatrace-kubernetes-monitoring-dockercfg-8c4xg" does not contain the parameter '.data.token'

I tried extracting the value from the 'metadata.annotations.openshift.io/token-secret.value' parameter but it says it contains a malformed base64

Trying to repair the malformed base64, I am not able to get a bearer token that the dynatrace integration would "like". Error is "invalid bearer token"

8 REPLIES 8

Moe
Dynatrace Helper
Dynatrace Helper

Hi rhaddad,

 

Regarding the "Invalid Bearer Token", you might want to check your ActiveGate logs to ensure there are no issues when trying to reach to this API (trying to authorize). It could be firewall rules or a proxy that might be causing this.

 

Regards,

Moe

Moe, you're right/ The API is not publicly accessible. Thank you for pointing that out.

the API accessibility does not seem to be the issue here since I can replicate this on AWS.

Moe
Dynatrace Helper
Dynatrace Helper

Are you using any Cluster Management Platform like Rancher? Docker EE? Also, please check and ensure there are no white spaces in the token.

No cluster management is being used. The issue is that the .data.token is coming back empty so the command is not decoding anything. Can you post a sample token so I know what the format looks like? thanks

rhaddad
Visitor

Tried the same procedure on AWS and I am hitting the same exact error. The API is definitely accessible there.

mike_villiger
Dynatrace Helper
Dynatrace Helper

There are some issues with this particular command as sometimes the token is the first secret and sometimes it is the second secret. Try the command again to get the first secret (zero indexed):

oc get secret $(oc get sa dynatrace-kubernetes-monitoring -o jsonpath='{.secrets[0].name}' -n dynatrace) -o jsonpath='{.data.token}' -n dynatrace

Thanks Mike. That resolved the issue.