Closed Pascha23 closed 9 months ago
Seems like maybe it's trying to look for a clusterrole at the namespace level? @rbren any thoughts?
Yup looks like a bug!
We'll have to get smart about skipping non-namespaced resources here: https://github.com/FairwindsOps/polaris/blob/10e82cf0aeb3e1256c87f0dc20d7de7f556c28c6/pkg/kube/resources.go#L339
not stale
not stale
What happened?
When I try to audit a specific Namespace in-cluster I receive following error:
time="2023-08-22T03:05:17Z" level=info msg="Loading nodes" time="2023-08-22T03:05:17Z" level=info msg="Loading namespaces" time="2023-08-22T03:05:17Z" level=info msg="Loading pods" time="2023-08-22T03:05:17Z" level=info msg="Setting up restmapper" time="2023-08-22T03:05:18Z" level=info msg="Loading autoscaling/HorizontalPodAutoscaler" time="2023-08-22T03:05:18Z" level=info msg="Loading policy/PodDisruptionBudget" time="2023-08-22T03:05:18Z" level=info msg="Loading Service" time="2023-08-22T03:05:18Z" level=info msg="Loading networking.k8s.io/Ingress" time="2023-08-22T03:05:18Z" level=info msg="Loading rbac.authorization.k8s.io/RoleBinding" time="2023-08-22T03:05:18Z" level=info msg="Loading rbac.authorization.k8s.io/Role" time="2023-08-22T03:05:18Z" level=info msg="Loading rbac.authorization.k8s.io/ClusterRole" time="2023-08-22T03:05:18Z" level=warning msg="Error retrieving parent object API v1 and Kind clusterroles because of error: the server could not find the requested resource" time="2023-08-22T03:05:18Z" level=error msg="Error fetching Kubernetes resources the server could not find the requested resource"
What did you expect to happen?
Polaris audit a whole cluster works great, but when it is specified to a certain namespace it errors. I would wish that it would work also only with a specific namespace.
How can we reproduce this?
Command in Container:
polaris audit --namespace polaris --log-level trace
RBAC: `apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: name: polaris labels: name: polaris rules:
'list'
apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: name: polaris labels: name: polaris roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole name: polaris subjects:
kind: ServiceAccount name: polaris namespace: polaris
apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: name: polaris-view labels: name: polaris-view roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole name: view subjects:
Version
8.4.0, 7.3.2
Search
Code of Conduct
Additional context
No response