Audit scanner used from rancher-ui shows all zeroes on policy reports.
Cluster has privileged pod in default namespace, it should show 5 passed 1 failed based on recommended polices.
To reproduce:
Install rancher 2.7.6. Then from rancher UI:
install kubewarden-ui from source (or 1.2.0)
install released kubewarden (v1.6.0) - enable recommended policies
from menu->preferences enable Include Prerelease versions
upgrade kubewarden-controller
upgrade kubewarden-crds
setup audit-scanner cronjob to run every minute
create privileged pod (should fail audit scanner check (no-privileged-pod)
~ k run privpod --image=nginx --privileged
~ k get policyreports.wgpolicyk8s.io -A
NAMESPACE NAME PASS FAIL WARN ERROR SKIP AGE
cattle-ui-plugin-system polr-ns-cattle-ui-plugin-system 0 0 0 0 0 61s
cattle-kubewarden-system polr-ns-cattle-kubewarden-system 0 0 0 0 0 60s
default polr-ns-default 0 0 0 0 0 6s
#
~ k get clusteradmissionpolicies.policies.kubewarden.io
NAME POLICY SERVER MUTATING BACKGROUNDAUDIT MODE OBSERVED MODE STATUS AGE
no-host-namespace-sharing default false true monitor monitor active 43m
no-privilege-escalation default true true monitor monitor active 43m
no-privileged-pod default false true monitor monitor active 43m
do-not-run-as-root default true true monitor monitor active 43m
do-not-share-host-paths default false true monitor monitor active 43m
drop-capabilities default true true monitor monitor active 43m
Issue is not present if I install kubewarden outside of rancher.
Audit scanner used from rancher-ui shows all zeroes on policy reports. Cluster has privileged pod in default namespace, it should show 5 passed 1 failed based on recommended polices.
To reproduce: Install rancher 2.7.6. Then from rancher UI:
Issue is not present if I install kubewarden outside of rancher.