Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Allow for expected kube-bench failures with bottlerocket #179

Merged
merged 1 commit into from
Feb 11, 2021
Merged

Allow for expected kube-bench failures with bottlerocket #179

merged 1 commit into from
Feb 11, 2021

Conversation

aidy
Copy link
Contributor

@aidy aidy commented Feb 9, 2021
edited
Loading

Allow for expected kube-bench failures with bottlerocket

This should be fixed properly with aquasecurity/kube-bench#808 and bottlerocket-os/bottlerocket#1295

But, as these are known failures, this should not be a failure in our CI.

Workaround by patching kube-bench config for bottlerocket config paths, and allowing for a known number of failures.

connects #181

depends #178

@aidy
Allow for expected kube-bench failures with bottlerocket
a00446d 
This should be fixed properly with
aquasecurity/kube-bench#808
and
bottlerocket-os/bottlerocket#1295

But, as these are known failures, this should not be a failure in our
CI.

Workaround by patching kube-bench config for bottlerocket config paths,
and allowing for a known number of failures.
@aidy aidy force-pushed the fix_kubebench_bottlerocket branch from 35719cc to a00446d Compare February 9, 2021 14:18
@aidy aidy changed the title Fix kubebench bottlerocket Allow for expected kube-bench failures with bottlerocket Feb 9, 2021
ettiee
ettiee reviewed Feb 10, 2021
View reviewed changes
Copy link
Contributor

@ettiee ettiee left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Note to self - check how the default config has been patched for kube-bench job

test/cluster_test.go
- "/etc/kubernetes/kubelet.conf"
- "/var/lib/kubelet/kubeconfig"
- "/etc/kubernetes/kubelet-kubeconfig"
- "/etc/kubernetes/kubelet/kubeconfig"
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Patched addition from default config

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

As per https://github.com/aquasecurity/kube-bench/pull/809/files

test/cluster_test.go
- "/var/lib/kubelet/config.yaml"
- "/var/lib/kubelet/config.yml"
- "/etc/kubernetes/kubelet/kubelet-config.json"
- "/etc/kubernetes/kubelet/config"
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Patched addition from default config

test/cluster_test.go
- /var/snap/microk8s/current/args/kube-proxy
kubeconfig:
- "/etc/kubernetes/kubelet-kubeconfig"
- "/etc/kubernetes/kubelet/config"
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Patched addition from default config

test/cluster_test.go Show resolved Hide resolved
ettiee
ettiee approved these changes Feb 10, 2021
View reviewed changes
Copy link
Contributor

@ettiee ettiee left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM! I left a question out of curiosity having worked through the upstream fixes, but this looks 👌

@aidy aidy merged commit baf02cf into master Feb 11, 2021
@aidy aidy deleted the fix_kubebench_bottlerocket branch February 11, 2021 09:04
This was referenced Feb 11, 2021
Closed
Closed
@ettiee ettiee mentioned this pull request Feb 11, 2021
Merged
@takanabe takanabe restored the fix_kubebench_bottlerocket branch October 12, 2021 04:29
@ettiee ettiee deleted the fix_kubebench_bottlerocket branch November 19, 2021 15:47
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ettiee ettiee ettiee approved these changes

@dan-slinky-ckpd dan-slinky-ckpd dan-slinky-ckpd approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@aidy @ettiee @dan-slinky-ckpd