cis-operator doesn't support Kubernetes cluster managed by Scaleway

rancher / cis-operator

Apache License 2.0

45 stars 28 forks source link

cis-operator doesn't support Kubernetes cluster managed by Scaleway #103

Open nbisson opened 3 years ago

nbisson commented 3 years ago

Hi, cis-operator works only with providers declared here : https://github.com/rancher/kubernetes-provider-detector/tree/master/providers Having a Kubernetes cluster managed by Scaleway, my cluster can't launch cis-operator. When executing, getting this error :

time="2021-07-23T09:33:28Z" level=info msg="Starting CIS-Operator"
time="2021-07-23T09:33:29Z" level=fatal msg="Error building controller: unknown provider"

Shouldn't the start be allowed even if the detection of the provider fails ?

Thank's.

xom4ek commented 2 years ago

Any news about this issue?

xom4ek commented 2 years ago

Found easy way for start cis-operator - just add label to any node in cluster

k label node MYNODE kubernetes.azure.com/cluster=""

Operator start think about this cluster "aks here" but its not a problem for start scaning and configuration profiles

manicole commented 2 years ago

Same here using OVHCloud managed Kubernetes cluster. Thanks for the trick @xom4ek !

Raph0773 commented 2 years ago

Hi @manicole !

What label did you put on OVH nodes ?

Thanks !

belaw commented 2 years ago

I'm getting this problem on a self hosted cluster (kubespray)

c-romeo commented 2 years ago

I'm getting this problem on a self hosted cluster (kubespray)

Hi @belaw! just applying @xom4ek fix solved the issue

k label node MYNODE kubernetes.azure.com/cluster=""

belaw commented 2 years ago

I'm getting this problem on a self hosted cluster (kubespray)

Hi @belaw! just applying @xom4ek fix solved the issue
k label node MYNODE kubernetes.azure.com/cluster=""

Hi @C-Romeo, thanks, I should have mentioned that I already figured that out 😁 and I just wanted to push this issue because the node label makes the cluster look like a cloud based cluster when you view it in Rancher.

ronhorton commented 1 year ago

The question on this one is, "do we want to implement a programatic version of the work around so that the operator doesn't fail when provider is unknown?" this issue was release noted (i'm verifying the veracity of that statement ;) ), and the workaround noted resolves the issue. https://github.com/rancher/cis-operator/issues/103#issuecomment-1222771391