search

aquasecurity / kube-bench

Checks whether Kubernetes is deployed according to security best practices as defined in the CIS Kubernetes Benchmark
Apache License 2.0
7.08k stars 1.23k forks source link

docker build fails #1647

Closed za closed 3 months ago

za commented 3 months ago

Overview

Hi, I am following this step to build on EKS https://github.com/aquasecurity/kube-bench/blob/main/docs/running.md#running-cis-benchmark-in-an-eks-cluster

What happened?

It seems the KUBECTL_VERSION argument is empty.

$ ➜  kube-bench git:(main) docker build -t k8s/kube-bench .
 => ERROR [build 10/13] RUN wget -O /usr/local/bin/kubectl "https://dl.k8s.io/release/v${KUBECTL_VERSION}/bin/linux/amd64/kubectl"                     1.4s
------
 > [build 10/13] RUN wget -O /usr/local/bin/kubectl "https://dl.k8s.io/release/v${KUBECTL_VERSION}/bin/linux/amd64/kubectl":
0.414 --2024-07-24 09:46:14--  https://dl.k8s.io/release/v/bin/linux/amd64/kubectl
0.424 Resolving dl.k8s.io (dl.k8s.io)... 34.107.204.206, 2600:1901:0:26f3::
0.478 Connecting to dl.k8s.io (dl.k8s.io)|34.107.204.206|:443... connected.
0.665 HTTP request sent, awaiting response... 302 Found
0.912 Location: https://cdn.dl.k8s.io/release/v/bin/linux/amd64/kubectl [following]
0.929 --2024-07-24 09:46:14--  https://cdn.dl.k8s.io/release/v/bin/linux/amd64/kubectl
0.929 Resolving cdn.dl.k8s.io (cdn.dl.k8s.io)... 151.101.65.55, 151.101.193.55, 151.101.129.55, ...
0.973 Connecting to cdn.dl.k8s.io (cdn.dl.k8s.io)|151.101.65.55|:443... connected.
1.063 HTTP request sent, awaiting response... 404 Not Found
1.344 2024-07-24 09:46:14 ERROR 404: Not Found.
1.344
------
Dockerfile:14
--------------------
  12 |     # Add kubectl to run policies checks
  13 |     ARG KUBECTL_VERSION TARGETARCH
  14 | >>> RUN wget -O /usr/local/bin/kubectl "https://dl.k8s.io/release/v${KUBECTL_VERSION}/bin/linux/${TARGETARCH}/kubectl"
  15 |     RUN wget -O kubectl.sha256 "https://dl.k8s.io/release/v${KUBECTL_VERSION}/bin/linux/${TARGETARCH}/kubectl.sha256"
  16 |     # Verify kubectl sha256sum
--------------------
ERROR: failed to solve: process "/bin/sh -c wget -O /usr/local/bin/kubectl \"https://dl.k8s.io/release/v${KUBECTL_VERSION}/bin/linux/${TARGETARCH}/kubectl\"" did not complete successfully: exit code: 8

Any hint?

mozillazg commented 3 months ago

@za Please try again with make build-docker IMAGE_NAME=k8s/kube-bench

za commented 3 months ago

Hi @mozillazg it works now.

➜  kube-bench git:(main) make build-docker IMAGE_NAME=k8s/kube-bench
docker build --build-arg BUILD_DATE=2024-07-24T10:22:30Z \
                        --build-arg VCS_REF=5a3fd1d \
                --build-arg KUBEBENCH_VERSION=v0.8.0 \
                --build-arg KUBECTL_VERSION=1.28.7 \
                --build-arg TARGETARCH=amd64 \
                        -t k8s/kube-bench .

Should we update this line? https://github.com/aquasecurity/kube-bench/blob/main/docs/running.md?plain=1#L95

I am closing this issue, BTW.

za commented 3 months ago

Note: there's a makefile here https://github.com/aquasecurity/kube-bench/blob/main/makefile#L14 where we define KUBECTL_VERSION.

mozillazg commented 3 months ago

Should we update this line? https://github.com/aquasecurity/kube-bench/blob/main/docs/running.md?plain=1#L95

Feel free to send a pull request for this. Thanks!

za commented 3 months ago

Feel free to send a pull request for this. Thanks!

PR initiated @mozillazg Thanks!