TAP Multi Cluster Troubleshooting- An error occurred while loading data from the Metadata Store: Unauthorized

Eknath -
Reading Time: 2 mins

Overview

Different Tanzu Application Platform GUI plug-ins use SCST – Store to display information about vulnerabilities and packages. Some errors visible in Tanzu Application Platform GUI are related to this connection.This post explains the steps to fix the error message An error occurred while loading data from the Metadata Store you see in TAP GUI Supply Chain Choreographer plug-in.

In TAP-GUI, navigate to Supply Chains plugin section, select the workload > click on source scanner or image scanner, you see the error message An error occurred while loading data from the Metadata Store as shown below:

Create service account

## Switch to View cluster

kubectl apply -f - -o yaml << EOF
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
  name: metadata-store-read-only
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: metadata-store-read-only
subjects:
- kind: ServiceAccount
  name: metadata-store-read-client
  namespace: metadata-store
---
apiVersion: v1
kind: ServiceAccount
metadata:
  name: metadata-store-read-client
  namespace: metadata-store
  annotations:
    kapp.k14s.io/change-group: "metadata-store.apps.tanzu.vmware.com/service-account"
automountServiceAccountToken: false
---
apiVersion: v1
kind: Secret
type: kubernetes.io/service-account-token
metadata:
  name: metadata-store-read-client
  namespace: metadata-store
  annotations:
    kapp.k14s.io/change-rule: "upsert after upserting metadata-store.apps.tanzu.vmware.com/service-account"
    kubernetes.io/service-account.name: "metadata-store-read-client"
EOF
kubectl get secrets metadata-store-read-client -n metadata-store -o jsonpath="{.data.token}" | base64 -d

Add this proxy configuration to the tap-gui: section of tap-values.yamlof view profile as shown below:

Note: The Authorization value must start with the word Bearer.

Update view cluster 

$ tanzu package installed update tap -f tap-values-view.yaml -n tap-install
 Updating installed package 'tap'
 Getting package install for 'tap'
 Getting package metadata for 'tap.tanzu.vmware.com'
 Updating secret 'tap-tap-install-values'
 Updating package install for 'tap'
 Waiting for 'PackageInstall' reconciliation for 'tap'
 'PackageInstall' resource install status: ReconcileSucceeded
Updated installed package 'tap' in namespace 'tap-install'

View Vulnerability Scan Results

Click the Source Scan stage or Image Scan stage to view vulnerability source scans and image scans for workload builds. CVE issues represent any vulnerabilities associated with a package or version found in the source code or image, including vulnerabilities from past scans.