No PolicyReport CRDs found about policy-reporter HOT 12 CLOSED

Thank you for all the collaboration. Closing this as 1.9.2 is meeting all expectations on my end.

from policy-reporter.

Policy Reporter uses policyreports.wgpolicyk8s.io and clusterpolicyreports.wgpolicyk8s.io. If they are not installed you get this error but then it start watching every 5 seconds again for the CRDs. SO at the start it does not find this CRDs. After 10 seconds it founds both and should be start working as expected.

The only thing I am wondering about is that it found to different CRD Version. The current stable Kyverno Release should use v1alpha1

from policy-reporter.

Is there some additional information I can provide in order to better understand the potential issue?

> k get crd | grep policyreports
clusterpolicyreports.wgpolicyk8s.io           2021-01-28T21:12:32Z
policyreports.wgpolicyk8s.io                  2021-01-28T21:12:32Z

from policy-reporter.

Is there an issue? Do you don't get information from Policy Reporter? If its only the log entry you can ignore them because they were found a few seconds later.

from policy-reporter.

On some clusters, I am not seeing the data via the policy-reporter UI. I just wanted to get clarity on this error (now understood to be somewhat of a false positive). That said, it's very possible the work I'm currently doing with Network Policies is at the root of the problem. It might be good to add specifics about what ingress/egress traffic is needed to the project's README?

from policy-reporter.

As we've been discussing this, I figured I'd reopen and append what we've found:

> kubectl get crd policyreports.wgpolicyk8s.io -o jsonpath='{.status.storedVersions}'
[v1alpha1]%                                                                                                                                                 
> kubectl get crd clusterpolicyreports.wgpolicyk8s.io -o jsonpath='{.status.storedVersions}'
[v1alpha1]%                                                                                                                                                 

from policy-reporter.

I could reproduce this error with an deny network policy. Because policy reporter uses the Kubernetes API client, the policy reporter network policy has to allow egress traffic to the API Server (Port 6443).

I updated the network policy and released it with your new features with 1.9.0.

from policy-reporter.

Thank you. Testing now...

from policy-reporter.

I've deployed chart 1.9.0 to 2 v1.19.9 clusters.

> helm ls
NAME            NAMESPACE       REVISION        UPDATED                                 STATUS          CHART                   APP VERSION
policy-reporter policy-reporter 5               2021-09-09 14:44:12.73445032 +0000 UTC  deployed        policy-reporter-1.9.0   1.8.5

One is working, the other is not. What's interesting are the differences I'm seeing in the logs for the policy-reporter pod. Here's the few few lines from the working pod:

2021/09/09 14:44:19 [INFO] UI configured
2021/09/09 14:44:19 [INFO] Unable to sync Priorities: unknown (get configmaps)
2021/09/09 14:44:19 [INFO] Resource Found: wgpolicyk8s.io/v1alpha1, Resource=clusterpolicyreports
2021/09/09 14:44:19 [INFO] Resource Found: wgpolicyk8s.io/v1alpha1, Resource=policyreports
2021/09/09 14:44:20 [INFO] UI PUSH OK
2021/09/09 14:44:20 [INFO] UI PUSH OK
2021/09/09 14:44:20 [INFO] UI PUSH OK

And now the problem child:

2021/09/09 14:47:42 [INFO] UI configured
2021/09/09 14:48:09 [ERROR] No PolicyReport CRDs found
2021/09/09 14:48:12 [INFO] Resource Found: wgpolicyk8s.io/v1alpha2, Resource=policyreports
2021/09/09 14:48:12 [INFO] Resource Found: wgpolicyk8s.io/v1alpha1, Resource=clusterpolicyreports
2021/09/09 14:48:12 [INFO] Resource Found: wgpolicyk8s.io/v1alpha1, Resource=policyreports
2021/09/09 14:48:12 [INFO] Resource Found: wgpolicyk8s.io/v1alpha2, Resource=clusterpolicyreports

I've verified each of the 3 netpols are consistent on both clusters. I've also seen the same query results on each.

> kubectl get crd policyreports.wgpolicyk8s.io -o jsonpath='{.status.storedVersions}'
[v1alpha1]%                                                                                                                                                 
> kubectl get crd clusterpolicyreports.wgpolicyk8s.io -o jsonpath='{.status.storedVersions}'
[v1alpha1]%                                                                                                                                                 

from policy-reporter.

Is it possible that your Kubernetes API Server has a different port as 6443 or other/additional restrictions? I think the problem is still that the Kubernetes API Client can't connect.

from policy-reporter.

Release 1.9.1 has a new value networkPolicy.kubernetesApiPort with 6443 as default. You can change it to your needs.

from policy-reporter.

Thank you for your contributions

from policy-reporter.