Comments (12)
Thank you for all the collaboration. Closing this as 1.9.2 is meeting all expectations on my end.
from policy-reporter.
Policy Reporter uses policyreports.wgpolicyk8s.io
and clusterpolicyreports.wgpolicyk8s.io
. If they are not installed you get this error but then it start watching every 5 seconds again for the CRDs. SO at the start it does not find this CRDs. After 10 seconds it founds both and should be start working as expected.
The only thing I am wondering about is that it found to different CRD Version. The current stable Kyverno Release should use v1alpha1
from policy-reporter.
Is there some additional information I can provide in order to better understand the potential issue?
> k get crd | grep policyreports
clusterpolicyreports.wgpolicyk8s.io 2021-01-28T21:12:32Z
policyreports.wgpolicyk8s.io 2021-01-28T21:12:32Z
from policy-reporter.
Is there an issue? Do you don't get information from Policy Reporter? If its only the log entry you can ignore them because they were found a few seconds later.
from policy-reporter.
On some clusters, I am not seeing the data via the policy-reporter UI. I just wanted to get clarity on this error (now understood to be somewhat of a false positive). That said, it's very possible the work I'm currently doing with Network Policies is at the root of the problem. It might be good to add specifics about what ingress/egress traffic is needed to the project's README?
from policy-reporter.
As we've been discussing this, I figured I'd reopen and append what we've found:
> kubectl get crd policyreports.wgpolicyk8s.io -o jsonpath='{.status.storedVersions}'
[v1alpha1]%
> kubectl get crd clusterpolicyreports.wgpolicyk8s.io -o jsonpath='{.status.storedVersions}'
[v1alpha1]%
from policy-reporter.
I could reproduce this error with an deny network policy. Because policy reporter uses the Kubernetes API client, the policy reporter network policy has to allow egress traffic to the API Server (Port 6443).
I updated the network policy and released it with your new features with 1.9.0.
from policy-reporter.
Thank you. Testing now...
from policy-reporter.
I've deployed chart 1.9.0 to 2 v1.19.9 clusters.
> helm ls
NAME NAMESPACE REVISION UPDATED STATUS CHART APP VERSION
policy-reporter policy-reporter 5 2021-09-09 14:44:12.73445032 +0000 UTC deployed policy-reporter-1.9.0 1.8.5
One is working, the other is not. What's interesting are the differences I'm seeing in the logs for the policy-reporter pod. Here's the few few lines from the working pod:
2021/09/09 14:44:19 [INFO] UI configured
2021/09/09 14:44:19 [INFO] Unable to sync Priorities: unknown (get configmaps)
2021/09/09 14:44:19 [INFO] Resource Found: wgpolicyk8s.io/v1alpha1, Resource=clusterpolicyreports
2021/09/09 14:44:19 [INFO] Resource Found: wgpolicyk8s.io/v1alpha1, Resource=policyreports
2021/09/09 14:44:20 [INFO] UI PUSH OK
2021/09/09 14:44:20 [INFO] UI PUSH OK
2021/09/09 14:44:20 [INFO] UI PUSH OK
And now the problem child:
2021/09/09 14:47:42 [INFO] UI configured
2021/09/09 14:48:09 [ERROR] No PolicyReport CRDs found
2021/09/09 14:48:12 [INFO] Resource Found: wgpolicyk8s.io/v1alpha2, Resource=policyreports
2021/09/09 14:48:12 [INFO] Resource Found: wgpolicyk8s.io/v1alpha1, Resource=clusterpolicyreports
2021/09/09 14:48:12 [INFO] Resource Found: wgpolicyk8s.io/v1alpha1, Resource=policyreports
2021/09/09 14:48:12 [INFO] Resource Found: wgpolicyk8s.io/v1alpha2, Resource=clusterpolicyreports
I've verified each of the 3 netpols are consistent on both clusters. I've also seen the same query results on each.
> kubectl get crd policyreports.wgpolicyk8s.io -o jsonpath='{.status.storedVersions}'
[v1alpha1]%
> kubectl get crd clusterpolicyreports.wgpolicyk8s.io -o jsonpath='{.status.storedVersions}'
[v1alpha1]%
from policy-reporter.
Is it possible that your Kubernetes API Server has a different port as 6443 or other/additional restrictions? I think the problem is still that the Kubernetes API Client can't connect.
from policy-reporter.
Release 1.9.1 has a new value networkPolicy.kubernetesApiPort
with 6443
as default. You can change it to your needs.
from policy-reporter.
Thank you for your contributions
from policy-reporter.
Related Issues (20)
- [helm] add priorityClassName support
- Add priorityClassName to ui and kyvernoPlugin charts HOT 1
- reportFilter not excluding PolicyReport from namespaces HOT 3
- no such column: result.resource_kind HOT 2
- Allow searching through contained words HOT 3
- Wrong image in manifest/policy-reporter-kyverno-ui/install.yaml HOT 2
- Unable to import policyreport/v1alpha2 HOT 2
- policy_report_result{} should include type of policy HOT 4
- Querying logs in grafana loki HOT 1
- Publish policy-reporter as OCI chart HOT 4
- Support IRSA for AWS resources HOT 2
- UI "Logs" to the left disappears in a multi environment setup HOT 2
- provide policy validationFailureAction in policy_report_result metric for the reports HOT 5
- Querying logs in Grafana Loki HOT 5
- `secretRef` is not working for Grafana Loki HOT 15
- falco adapter integration didn't generate any reports HOT 1
- Telegram notifications HOT 1
- Helm chart - incorrect ingress backend configuration HOT 9
- UI name confusion HOT 1
- ingress rules are on same line as tls config HOT 4
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from policy-reporter.