search

PaloAltoNetworks / prisma-cloud-compute-operator

15 stars 22 forks source link

nodeSelector value is incorrectly formatted by ansible #22

Closed pfox1969 closed 2 years ago

pfox1969 commented 3 years ago

Describe the bug

When supplying a nodeSelector the ansible must parse the input into twistcli acceptable format. twistcli expects the nodeSelector value to be in the key: "value" format.

Expected behavior

nodeSelector should be created correctly in the twistlock_defender.yaml

      serviceAccountName: twistlock-service
      restartPolicy: Always
      nodeSelector:
        kubernetes.io/hostname: "node-iverson-pfox-lab-twistlock-com"
      containers:
      - name: twistlock-defender

Current behavior

1) set consoledefender.yaml defender.config.nodeLabels value

---
apiVersion: pcc.paloaltonetworks.com/v1alpha1
kind: ConsoleDefender
metadata:
  name: pcc-consoledefender
  namespace: twistlock
spec:
  namespace: twistlock
  orchestrator: kubernetes
  version: '21_08_514'
  consoleConfig:
    serviceType: ClusterIP
  defenderConfig:
    docker: true
    nodeLabels: 'kubernetes.io/hostname: "node-iverson-pfox-lab-twistlock-com"'

2) Deploy Console and Defenders via Operator

kubectl apply -f ./consoledefender.yaml

3) View the logs of the Operator container, the Create Defender YAML task incorrectly passes the --nodeSelector parameter

["linux/twistcli", "defender", "export", "kubernetes", "--user", "pierre", "--password", "woof", "--address", "https://twistlock-console.twistlock:8083", "--cluster-address", "twistlock-console", "--monitor-service-accounts", "--namespace", "twistlock", "--nodeSelector", "kubernetes.io/hostname:", "node-iverson-pfox-lab-twistlock-com", "--output", "/opt/ansible/twistlock/twistlock_defender.yaml"]

The correct format should be:

--nodeSelector 'kubernetes.io/hostname: "node-iverson-pfox-lab-twistlock-com"'

Possible solution

Steps to reproduce

1. 2. 3. 4.

Screenshots

Context

Your Environment

welcome-to-palo-alto-networks[bot] commented 3 years ago

:tada: Thanks for opening your first issue here! Welcome to the community!

wfg commented 2 years ago

fixed in v0.2.0