Aqua Security on Aws ubuntu Kubernetes cluster #98
Comments
|
Hello @vamsi1122 are you running kube-bench on a master node? This error means that kube-bench could not detect a running kube-apiserver process. Please check the apiserver process is running on your node. |
|
I’m running in on the host machine and yes I’m checking for the master node. I’ve checked on multiple resources but couldn’t find how to check if api process is running ? |
|
@vamsi1122 how did you install kubernetes? It may be that our current implementation of kube-bench is not able to detect apiserver installed using that approach. Also have you tried |
|
I installed using Kops method. |
|
@vamsi1122 can you share what output you got for |
|
Also having issues running on nodes, but that seems to be because they don't include kubectl on the nodes. To answer the above question: My error however is: Any thoughts, or is kubectl necessary to be on the nodes for the tool to work? |
|
I had the similar error. You need to install kubectl on the nodes aswell. Kubectl: |
|
Installing kubectl fixed my issue. I wish it came preinstalled, but that an issue for the kops team. |
|
We've just made a change so that if kubectl isn't installed, the version will be obtained from kubelet. I think this should solve this issue - would be great if you could confirm whether this works for you @vamsi1122 @jacobfoard |
|
@lizrice I would like to run the Kube-Bench towards Openshift Container Platform. Do you see any possibility anytime soon? |
|
@lizrice I have confirmed this is working on my kops 1.8 cluster with out kubectl |
|
Thanks @jacobfoard. @vamsi1122 Regarding OpenShift, yes this is something we want to add support for - you might want to follow issue #23 (and we recently spoke to some folks from RedHat about this so hoping to make progress fairly soon) |
|
@lizrice kubectl logs kube-bench-node-xxxx I am trying to run kube-bench on worker node (Virtual Machine Scale Set on Azure) |
|
You need to run with a root permissions on the worker node
…On Sat, Jul 20, 2019 at 12:53 AM Sanjeev Ganjihal ***@***.***> wrote:
@lizrice <https://github.com/lizrice> kubectl logs kube-bench-node-xxxx
*need proxy executable but none of the candidates are running*
I am trying to run kube-bench on worker node (Virtual Machine Scale Set on
Azure)
I am able to run kubectl commands from the worker node but I still see the
above error.
Any help will be appreciated
—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub
<#98?email_source=notifications&email_token=AIP4C6HNGFMEPSCYTUVCWZLQAIIC3A5CNFSM4ESLEXDKYY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGOD2MQ4YY#issuecomment-513347171>,
or mute the thread
<https://github.com/notifications/unsubscribe-auth/AIP4C6GIYDKMQ6KQ6X4TDZDQAIIC3ANCNFSM4ESLEXDA>
.
|
|
@vamsi1122 I am running it as root |
|
I believe you have packages in master node please check whether having
packages on the worker nodes will work.
…On Sat, Jul 20, 2019 at 1:21 AM Sanjeev Ganjihal ***@***.***> wrote:
@vamsi1122 <https://github.com/vamsi1122> I am running it as root
—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub
<#98?email_source=notifications&email_token=AIP4C6APETHT5V2UNCETMTTQAILNRA5CNFSM4ESLEXDKYY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGOD2MTEPA#issuecomment-513356348>,
or mute the thread
<https://github.com/notifications/unsubscribe-auth/AIP4C6FJRLWPELU5NEQBQ2LQAILNRANCNFSM4ESLEXDA>
.
|
Hello, I have created a kubernetes cluster using AWS Ubuntu, and i've run the aquasecurity kube bench to run the security check but i'm getting an error "need apiserver executable but none of the candidates are running". Can you please guide me on how to resolve the issue.
The text was updated successfully, but these errors were encountered: