Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Unable to run kube-bench job in Bottlerocket #2638

Closed
zeagord opened this issue Dec 6, 2022 · 0 comments · Fixed by #2639
Closed

Unable to run kube-bench job in Bottlerocket #2638

zeagord opened this issue Dec 6, 2022 · 0 comments · Fixed by #2639
Assignees
@stmcginnis
Labels
area/kubernetes K8s including EKS, EKS-A, and including VMW status/in-progress This issue is currently being worked on type/bug Something isn't working

Comments

@zeagord
Copy link

zeagord commented Dec 6, 2022

Image I'm using:
"build_id": "104f8e0f",
"pretty_name": "Bottlerocket OS 1.11.1 (aws-k8s-1.23)",
"variant_id": "aws-k8s-1.23",

What I expected to happen:

I am trying to run the kube-bench jobs to validate the CIS benchmarks for the EKS Cluster and expect the job to run

What actually happened:

The kube-bench job unable to access the ca.crt file in the /etc/kubernetes/pki/ca.crt location .

How to reproduce the problem:

  1. Launch an EKS cluster with latest Bottlerocket Image and run the kube-bench jobs from https://github.com/aquasecurity/kube-bench
  2. Run kubectl logs -f kube-bench-*
  3. Observe the error
@zeagord zeagord added status/needs-triage Pending triage or re-evaluation type/bug Something isn't working labels Dec 6, 2022
@zeagord zeagord mentioned this issue Dec 6, 2022
Closed
@stmcginnis stmcginnis self-assigned this Dec 6, 2022
@stmcginnis stmcginnis added area/kubernetes K8s including EKS, EKS-A, and including VMW status/research This issue is being researched and removed status/needs-triage Pending triage or re-evaluation labels Dec 6, 2022
@stmcginnis stmcginnis mentioned this issue Dec 6, 2022
Merged
@stmcginnis stmcginnis added status/in-progress This issue is currently being worked on and removed status/research This issue is being researched labels Dec 6, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@stmcginnis stmcginnis

Labels
area/kubernetes K8s including EKS, EKS-A, and including VMW status/in-progress This issue is currently being worked on type/bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

kubelet: Restrict access to TLS private key stmcginnis/bottlerocket
2 participants
@stmcginnis @zeagord