search

kubewarden / kubewarden-controller

Manage admission policies in your Kubernetes cluster with ease
https://kubewarden.io
Apache License 2.0
191 stars 33 forks source link

Policy reports in rancher are empty #523

Closed kravciak closed 1 year ago

kravciak commented 1 year ago

Audit scanner used from rancher-ui shows all zeroes on policy reports. Cluster has privileged pod in default namespace, it should show 5 passed 1 failed based on recommended polices.

To reproduce: Install rancher 2.7.6. Then from rancher UI:

~ k run privpod --image=nginx --privileged

~ k get policyreports.wgpolicyk8s.io -A
NAMESPACE                  NAME                               PASS   FAIL   WARN   ERROR   SKIP   AGE
cattle-ui-plugin-system    polr-ns-cattle-ui-plugin-system    0      0      0      0       0      61s
cattle-kubewarden-system   polr-ns-cattle-kubewarden-system   0      0      0      0       0      60s
default                    polr-ns-default                    0      0      0      0       0      6s

# 
~ k get clusteradmissionpolicies.policies.kubewarden.io
NAME                        POLICY SERVER   MUTATING   BACKGROUNDAUDIT   MODE      OBSERVED MODE   STATUS   AGE
no-host-namespace-sharing   default         false      true              monitor   monitor         active   43m
no-privilege-escalation     default         true       true              monitor   monitor         active   43m
no-privileged-pod           default         false      true              monitor   monitor         active   43m
do-not-run-as-root          default         true       true              monitor   monitor         active   43m
do-not-share-host-paths     default         false      true              monitor   monitor         active   43m
drop-capabilities           default         true       true              monitor   monitor         active   43m

Issue is not present if I install kubewarden outside of rancher.

kravciak commented 1 year ago

Closing and moving info to https://github.com/kubewarden/kubewarden-controller/issues/518