You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I've faced with two issue running the kubernetes security test using kub_bench.
On cluster which has predefined strict PSP is used, it's simply unable to start the containers from the job. The question here shouldn't be noted somewhere (maybe in the failed output) in case PSP used in the cluster this test is not applicable? Maybe the test should check it first, then reject the test without even start to run it?! This is just a theoretical question, what is the expected behaviour in such case.
Just to make sure without the PSP the test is running fine, I disabled the PSP on the cluster. Removed the below plugin from kube-apiserver. However, without PSP it still failed and I can't figure out why. Please help!
# remove from /etc/kubernetes/kube-apiserver-config
--enable-admission-plugins=PodSecurityPolicy
How did you run kube-bench?
podman run -it --env-file ~/opnfv/env \
-v ~/opnfv/ca.pem:/home/opnfv/functest/ca.pem:Z \
-v ~/opnfv/config:/root/.kube/config:Z \
-v ~/opnfv/results:/home/opnfv/functest/results:Z \
-v ~/opnfv/repositories.yml:/home/opnfv/functest/repositories.yml:Z \
-v ~/opnfv/cluster-admin.pem:/home/opnfv/functest/cluster-admin.pem:Z \
-v ~/opnfv/cluster-admin-key.pem:/home/opnfv/functest/cluster-admin-key.pem:Z \
opnfv/functest-kubernetes-security:v1.23 /bin/bash
# then within the container
run_tests -t kube_bench_node
cat opnfv/results/functest-kubernetes.debug.log
...
2023-02-22 08:08:30,957 - kubernetes.client.rest - DEBUG - response body:
failed to get a set of executables needed for tests: unable to detect running programs for component "kubelet"
2023-02-22 08:08:30,958 - functest_kubernetes.security.security - INFO -
failed to get a set of executables needed for tests: unable to detect running programs for component "kubelet"
2023-02-22 08:08:30,959 - xtesting.ci.run_tests - ERROR -
Please fix the testcase kube_bench_node.
All exceptions should be caught by the testcase instead!
Traceback (most recent call last):
File "/usr/lib/python3.9/site-packages/xtesting/ci/run_tests.py", line 171, in run_test
test_case.run(**kwargs)
File "/usr/lib/python3.9/site-packages/functest_kubernetes/security/security.py", line 212, in run
self.details["report"] = ast.literal_eval(self.pod_log)
File "/usr/lib/python3.9/ast.py", line 62, in literal_eval
node_or_string = parse(node_or_string, mode='eval')
File "/usr/lib/python3.9/ast.py", line 50, in parse
return compile(source, filename, mode, flags,
File "<unknown>", line 2
failed to get a set of executables needed for tests: unable to detect running programs for component "kubelet"
^
SyntaxError: invalid syntax
2023-02-22 08:08:30,962 - xtesting.ci.run_tests - ERROR - The test case 'kube_bench_node' failed.
2023-02-22 08:08:30,962 - xtesting.ci.run_tests - INFO - Execution exit value: Result.EX_ERROR
kubectl logs -n kube-bench-phqn5 kube-bench-node-84zg7
failed to get a set of executables needed for tests: unable to detect running programs for component "kubelet"
[Please include the output from running ps -eaf | grep kube on the affected node. This will allow us to check what Kubernetes processes are running, and how this compares to what kube-bench detected.]
[If kube-bench is reporting an issue related to the settings defined in a config file, please attach the file, or include an extract showing the settings that are being detected incorrectly.]
Anything else you would like to add:
[Miscellaneous information that will assist in solving the issue.]
The text was updated successfully, but these errors were encountered:
Overview
I've faced with two issue running the kubernetes security test using kub_bench.
How did you run kube-bench?
What happened?
Test case failed. For more information please check attached files.
functest-kubernetes.debug.log
What did you expect to happen:
I expected the test case executed successfully.
Environment
[What is your version of kube-bench? (run
kube-bench version)][What is your version of Kubernetes? (run
kubectl versionoroc versionon OpenShift.)]Running processes
[Please include the output from running
ps -eaf | grep kubeon the affected node. This will allow us to check what Kubernetes processes are running, and how this compares to what kube-bench detected.]Configuration files
[If kube-bench is reporting an issue related to the settings defined in a config file, please attach the file, or include an extract showing the settings that are being detected incorrectly.]
Anything else you would like to add:
[Miscellaneous information that will assist in solving the issue.]
The text was updated successfully, but these errors were encountered: