Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Error running CIS scan through rancher after upgrading rke2 version #798

Closed
rancher-max opened this issue Mar 17, 2021 · 2 comments
Closed
Labels
kind/bug Something isn't working

Comments

@rancher-max
Copy link
Contributor

Description:
Running a CIS scan on an upgraded rke2 cluster in rancher fails to receive the results from worker nodes, and therefore the scan times out and shows a status of Error. Verified this error happens on both Centos8 and Ubuntu.

Steps

  1. Deploy an rke2 cluster with 3 servers, 2 workers, and import to rancher (used v1.9.7+rke2r1)
  2. Upgrade cluster through rancher to v1.19.8+rke2r1
  3. Navigate to cluster dashboard, deploy CIS app from the marketplace, and run a scan

Logs and Helpful Info:
The scan never completes, even though the scan logs from all 5 running sonobuoy-rancher-kube-bench-daemon-set pods show it has completed: level=info msg="Detected done file, transmitting result file" resultFile=/tmp/results/kb.tar.gz.

The security-scan-runner-scan pod shows that it never received an update from the worker pods:

time="2021-03-17T21:16:06Z" level=info msg="received aggregator request" client_cert=rancher-kube-bench node=server1 plugin_name=rancher-kube-bench
time="2021-03-17T21:16:06Z" level=info msg="received aggregator request" client_cert=rancher-kube-bench node=server2 plugin_name=rancher-kube-bench
time="2021-03-17T21:16:06Z" level=info msg="received aggregator request" client_cert=rancher-kube-bench node=server3 plugin_name=rancher-kube-bench
@rancher-max rancher-max added the kind/bug Something isn't working label Mar 17, 2021
@rancher-max rancher-max changed the title Running CIS scan through after upgrading rke2 version fails to complete Error running CIS scan through rancher after upgrading rke2 version Mar 17, 2021
@brandond
Copy link
Member

Is this in CIS mode? Wondering if we're battling network policy again.

@rancher-max
Copy link
Contributor Author

Closing as this isn't relevant anymore

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
kind/bug Something isn't working
Projects
None yet
Development

No branches or pull requests

2 participants