Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

cfg/config.yaml doesn't support Bottlerocket OS nodes #808

Closed
felipeac opened this issue Jan 28, 2021 · 0 comments
Closed

cfg/config.yaml doesn't support Bottlerocket OS nodes #808

felipeac opened this issue Jan 28, 2021 · 0 comments
Labels
enhancement Good first issue
Milestone
v0.6.0

Comments

@felipeac
Copy link
Contributor

Expected Behavior

kube-bench report should return valid results when scanning Bottlerocket OS nodes.

== Summary total ==
14 checks PASS
0 checks FAIL
1 checks WARN
0 checks INFO

Actual Behavior

The kube-bench scan is throwing invalid results because Bottlerocket OS places the kubelet config files in a different location.

== Summary node ==
1 checks PASS
13 checks FAIL
1 checks WARN
0 checks INFO

== Summary total ==
1 checks PASS
13 checks FAIL
1 checks WARN
0 checks INFO

Steps to Reproduce the Problem

  1. Deploy an EKS cluster on AWS with a node group using Bottlerocket OS
  2. Deploy kube-bench Docker image to a container registry
  3. Deploy job-eks.yaml to the EKS Cluster

Specifications

  • Version: k8s 1.18
  • Platform: AWS EKS
This was referenced Jan 28, 2021
Merged
Closed
Merged
@lizrice lizrice added this to the v0.6.0 milestone Jan 29, 2021
aidy added a commit to cookpad/terraform-aws-eks that referenced this issue Feb 9, 2021
@aidy
Allow for expected kube-bench failures with bottlerocket
35719cc 
This should be fixed properly with
aquasecurity/kube-bench#808
and
bottlerocket-os/bottlerocket#1295

But, as these are known failures, this should not be a failure in our
CI.

Workaround by patching kube-bench config for bottlerocket config paths,
and allowing for a known number of failures.
@aidy aidy mentioned this issue Feb 9, 2021
Closed
aidy added a commit to cookpad/terraform-aws-eks that referenced this issue Feb 9, 2021
@aidy
Allow for expected kube-bench failures with bottlerocket
a00446d 
This should be fixed properly with
aquasecurity/kube-bench#808
and
bottlerocket-os/bottlerocket#1295

But, as these are known failures, this should not be a failure in our
CI.

Workaround by patching kube-bench config for bottlerocket config paths,
and allowing for a known number of failures.
@aidy aidy mentioned this issue Feb 9, 2021
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement Good first issue
Projects
None yet
Milestone
v0.6.0
Development

No branches or pull requests
3 participants
@lizrice @felipeac @yoavrotems