Offline mode does not work.

datreeio / datree

Prevent Kubernetes misconfigurations from reaching production (again 😤 )! From code to cloud, Datree provides an E2E policy enforcement solution to run automatic checks for rule violations. See our docs: https://hub.datree.io

https://datree.io

Apache License 2.0

6.39k stars 363 forks source link

Offline mode does not work. #746

Closed mutilator closed 2 years ago

mutilator commented 2 years ago

Attempting to run the tool in an airgapped environment results in an error.

tech@WSAMZN-7N8TKGIS:/mnt/d/Workspace/tech/schemas$ kubectl-datree test -s 1.22.6 --verbose --no-record --schema-location ./kubernetes-json-schema/ -- -n nginx-ingress
Fetching resources, this may take some time depending on the amount of resources in your cluster...

invalid character '<' looking for beginning of value

I believe this is attempting to reach out to the internet and is getting a 403 'forbidden' html page response from the local in-line proxy as it can't reach out to the internet. That's where the invalid character '<' comes from, an html tag.

hadar-co commented 2 years ago

Hi @mutilator:)

I tried to reproduce the issue but could not (also tried using the exact same flags you posted here). The plugin does not try to access any internet resource, it only runs kubectl commands so I'm not sure that's the issue here.

Just making sure - did you run datree config set offline local before running this?

Does this error happen consistently?

If there is any more info you can share that can help us understand it, please do 🙂

mutilator commented 2 years ago

Yes, it was tested with the offline local setting

A schema tested with was https://github.com/yannh/kubernetes-json-schema

Is there a debug mode of any sort I can enable to get more detail? In what way does it try to call kubectl?

I get this error even when sending invalid commands e.g.

tech@WSAMZN-7N8TKGIS:/mnt/d/Workspace/tech/schemas$ datree test help

invalid character '<' looking for beginning of value

hadar-co commented 2 years ago

You can see exactly what the kubectl plugin does (the logic is in the file 'kubectl-datree' in this repo), but since the datree test command itself gives you the same error, looks like it's not related to the plugin.

Have you managed to run a successful datree test in this environment, or do you get this error every time? Also, what version of the CLI are you using? You can run datree version to check.

mutilator commented 2 years ago

oh, you meant kubectl calls datree.

datree test has never worked in this environment.

It's version 1.6.0

myishay commented 2 years ago

I believe this is attempting to reach out to the internet and is getting a 403 'forbidden' html page response from the local in-line proxy as it can't reach out to the internet. That's where the invalid character '<' comes from, an html tag.

yep, I think you are right, I got the same behavior when running the CLI against a mock server returning 403 html page response. Seems like a bug in the CLI to me, not the kubectl-datree plugin.