search

aquasecurity / kube-hunter

Hunt for security weaknesses in Kubernetes clusters
Apache License 2.0
4.66k stars 579 forks source link

kubehunter does not work using docker Image or kubernetes pod #426

Closed eizieizi closed 3 years ago

eizieizi commented 3 years ago

What are you trying to achieve

Hi guys, first - thank you for your great work here.

Unfortunately we are facing an issue while trying to run kubehunter via a pod in our kubernetes cluster and the supplied job.yaml or directly on a node via the docker image. We always do get the following error in the pod/docker logs:

Traceback (most recent call last): File "/usr/local/bin/kube-hunter", line 5, in <module> from kube_hunter.__main__ import main File "/usr/local/lib/python3.8/site-packages/kube_hunter/__main__.py", line 35, in <module> from kube_hunter.core.events import handler File "/usr/local/lib/python3.8/site-packages/kube_hunter/core/__init__.py", line 2, in <module> from . import types File "/usr/local/lib/python3.8/site-packages/kube_hunter/core/types.py", line 88, in <module> from .events import handler # noqa File "/usr/local/lib/python3.8/site-packages/kube_hunter/core/events/__init__.py", line 2, in <module> from .handler import EventQueue, handler File "/usr/local/lib/python3.8/site-packages/kube_hunter/core/events/handler.py", line 160, in <module> handler = EventQueue(800) File "/usr/local/lib/python3.8/site-packages/kube_hunter/core/events/handler.py", line 30, in __init__ t.start() File "/usr/local/lib/python3.8/threading.py", line 852, in start _start_new_thread(self._bootstrap, ()) RuntimeError: can't start new thread

kube-hunter works in our testing cluster and in another cluster like a charm - we are facing this issue only in this deployment (on all nodes) and are quite unsure what the rootcause could be...do you guys have any idea?

Minimal example (if applicable)

Docker Example directly on the Node raises the error mentionend above: root@hostname /home/***# docker run -it --rm --network host aquasec/kube-hunter

danielsagi commented 3 years ago

Hi @eizieizi I opened an issue regarding this problem. I'm sorry you're having this issue on your environment. from our testing we never encountered this problem. this is why we made the thread count hardcoded.

Until we add a flag to make this configurable (#433) An easy fix for this is lowering the thread count by editing the line mentioned in the issue.

eizieizi commented 3 years ago

Thanks a lot for the hint, its working now! Best regards