jetstack
diff --git a/‎pkg/agent/run.go
Lines changed: 0 additions & 23 deletions b/‎pkg/agent/run.go
Lines changed: 0 additions & 23 deletions
diff --git a/‎pkg/clusteruid/clusteruid.go
Lines changed: 0 additions & 45 deletions b/‎pkg/clusteruid/clusteruid.go
Lines changed: 0 additions & 45 deletions
diff --git a/‎pkg/clusteruid/clusteruid_test.go
Lines changed: 0 additions & 39 deletions b/‎pkg/clusteruid/clusteruid_test.go
Lines changed: 0 additions & 39 deletions
diff --git a/‎pkg/internal/cyberark/dataupload/snapshot.go
Lines changed: 32 additions & 0 deletions b/‎pkg/internal/cyberark/dataupload/snapshot.go
Lines changed: 32 additions & 0 deletions
diff --git a/‎pkg/internal/cyberark/dataupload/testdata/example-1/agent.yaml
Lines changed: 6 additions & 0 deletions b/‎pkg/internal/cyberark/dataupload/testdata/example-1/agent.yaml
Lines changed: 6 additions & 0 deletions
diff --git a/‎pkg/internal/cyberark/dataupload/testdata/example-1/datareadings.json.gz
503 Bytes b/‎pkg/internal/cyberark/dataupload/testdata/example-1/datareadings.json.gz
503 Bytes
diff --git a/‎pkg/internal/cyberark/dataupload/testdata/example-1/snapshot.json.gz
24 Bytes b/‎pkg/internal/cyberark/dataupload/testdata/example-1/snapshot.json.gz
24 Bytes
@@ -32,7 +32,6 @@ import (
 
 	"github.com/jetstack/preflight/api"
 	"github.com/jetstack/preflight/pkg/client"
-	"github.com/jetstack/preflight/pkg/clusteruid"
 	"github.com/jetstack/preflight/pkg/datagatherer"
 	"github.com/jetstack/preflight/pkg/datagatherer/k8s"
 	"github.com/jetstack/preflight/pkg/kubeconfig"
@@ -79,28 +78,6 @@ func Run(cmd *cobra.Command, args []string) (returnErr error) {
 		return fmt.Errorf("While evaluating configuration: %v", err)
 	}
 
-	// We need the cluster UID before we progress further so it can be sent along with other data readings
-
-	{
-		restCfg, err := kubeconfig.LoadRESTConfig("")
-		if err != nil {
-			return err
-		}
-
-		clientset, err := kubernetes.NewForConfig(restCfg)
-		if err != nil {
-			return err
-		}
-
-		ctx, err = clusteruid.GetClusterUID(ctx, clientset)
-		if err != nil {
-			return fmt.Errorf("failed to get cluster UID: %v", err)
-		}
-
-		clusterUID := clusteruid.ClusterUIDFromContext(ctx)
-		log.V(logs.Debug).Info("Retrieved cluster UID", "clusterUID", clusterUID)
-	}
-
 	group, gctx := errgroup.WithContext(ctx)
 	defer func() {
 		cancel()
 
@@ -67,12 +67,34 @@ func extractServerVersionFromReading(reading *api.DataReading) (string, error) {
 	return data.ServerVersion.GitVersion, nil
 }
 
+// extractClusterUIDFromReading converts the opaque data from a DynamicData
+// reading to Unstructured Namespace resources, and finds the UID of the
+// `kube-system` namespace.
+// This UID can be used as a unique identifier for the Kubernetes cluster.
+// - https://venafi.slack.com/archives/C04SQR5DAD7/p1747825325264979
+// - https://github.com/kubernetes/kubernetes/issues/77487#issuecomment-489786023
+func extractClusterUIDFromReading(reading *api.DataReading) (string, error) {
+	resources, err := extractResourceListFromReading(reading)
+	if err != nil {
+		return "", err
+	}
+	for _, resource := range resources {
+		if resource.GetName() == "kube-system" {
+			return string(resource.GetUID()), nil
+		}
+	}
+	return "", fmt.Errorf("kube-system namespace UID not found in data reading: %v", reading)
+}
+
 // convertDataReadingsToCyberarkSnapshot converts DataReadings to the Cyberark
 // Snapshot format.
+// The ClusterUID is the UID of the kube-system namespace, which is assumed to
+// be unique to the cluster and assumed to never change.
 func convertDataReadingsToCyberarkSnapshot(
 	readings []*api.DataReading,
 ) (*snapshot, error) {
 	k8sVersion := ""
+	clusterID := ""
 	resourceData := resourceData{}
 	for _, reading := range readings {
 		if reading.DataGatherer == "ark/discovery" {
@@ -82,6 +104,15 @@ func convertDataReadingsToCyberarkSnapshot(
 				return nil, fmt.Errorf("while extracting server version from data-reading: %s", err)
 			}
 		}
+
+		if reading.DataGatherer == "ark/namespaces" {
+			var err error
+			clusterID, err = extractClusterUIDFromReading(reading)
+			if err != nil {
+				return nil, fmt.Errorf("while extracting cluster UID from data-reading: %s", err)
+			}
+		}
+
 		if key, found := gathererNameToResourceDataKeyMap[reading.DataGatherer]; found {
 			resources, err := extractResourceListFromReading(reading)
 			if err != nil {
@@ -94,6 +125,7 @@ func convertDataReadingsToCyberarkSnapshot(
 	return &snapshot{
 		AgentVersion:    version.PreflightVersion,
 		K8SVersion:      k8sVersion,
+		ClusterID:       clusterID,
 		Secrets:         resourceData["secrets"],
 		ServiceAccounts: resourceData["serviceaccounts"],
 		Roles:           resourceData["roles"],
 
@@ -4,6 +4,12 @@ data-gatherers:
 # gather k8s apiserver version information
 - kind: k8s-discovery
   name: ark/discovery
+- kind: k8s-dynamic
+  name: ark/namespaces
+  config:
+    resource-type:
+      version: v1
+      resource: namespaces
 - kind: k8s-dynamic
   name: ark/serviceaccounts
   config: