-
Notifications
You must be signed in to change notification settings - Fork 35
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Issue with enabling cis-hardening addon #237
Comments
Hi, Thanks. |
Hi @LorenzoAstengo applogies for the late reply, I missed it. Thank you for reaching out and reporting this problem. This is a bug on the cis-hardening addon. Currently to skip the downloading kube-bench you need to do: sudo microk8s.enable cis-hardening --install-kubebench="" This issue has been fixed and in the next release 1.28.3 we will make sure the --install-kubebench="false" will also result in kubebench downloading being skipped. In the 1.29 release we will introduce a --skip-kubebench-installation flag for this purpose. Apologies for the inconvenience. |
Hi @ktsakalozos , Thank you! |
At this point there is no file to configure which CIS recommendations you want to apply and which ones to skip. The closest to that at this point would be to edit |
In Microk8s 1.28.3 following command works for me. microk8s kubectl enable cis-hardening:--install-kubebench=false Earlier following command worked for me, but it isn't working now with 1.28.3. microk8s kubectl enable cis-hardening:--install-kubebench='' |
Summary
I need to enable cis-hardening addon in an air-gapped microk8s cluster. As stated in the documentation, I have to disable the kube-bench download by setting the --install-kubebench flag to false. However, it doesn't seem to recognize the flag, as it keeps trying to download kube-bench from GitHub and fails.
What Should Happen Instead?
It should skip the kube-bench download, allowing me to complete the addon installation in an air-gapped environment.
Reproduction Steps
I've tried all this types of flags, but I got the same result:
microk8s kubectl enable cis-hardening --install-kubebench false
microk8s kubectl enable cis-hardening --install-kubebench False
microk8s kubectl enable cis-hardening --install-kubebench=false
microk8s kubectl enable cis-hardening --install-kubebench=False
Everytime the code goes trought the DownloadKubebench function, as it prints out the "Downloading kube-bench" message and then crashes contacting the kube-bench url.
Can you suggest a fix?
It seems to be an issue with the Click library not correctly interpreting the flag.
Thank you!
The text was updated successfully, but these errors were encountered: