Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Impossible to deploy CronJon (scheduler) if no providers are configured #502

Open
pierreblais opened this issue Sep 10, 2024 · 0 comments
Open

Impossible to deploy CronJon (scheduler) if no providers are configured #502

pierreblais opened this issue Sep 10, 2024 · 0 comments
Labels
bug Something isn't working

Comments

@pierreblais
Copy link

Description

I do a poc of kubescape, trying to deploy it on my cluster. I juste realise that no CronJobs were deployed on the cluster. That make scheduled scan doesn't works.

Environment

Kubescape operator Helm Chat: 1.21.2

Steps To Reproduce

Deploy the Helm chart with default values with capabilities.configurationScan: "enabled",

Expected behavior

As the are no option kubescapeScheduler.enabled or kubevulnScheduler.enabled on the values files, I'm expecting the CronJobs to be deployed.

Actual Behavior

The deployments of the CronJobs depends on:

charts/kubescape-operator/templates/kubescape-scheduler/cronjob.yaml

{{- if $components.kubescapeScheduler.enabled }}

https://github.com/kubescape/helm-charts/blob/f8f9d99e5ad6b86f4c1557979c5a5b9cceac593e/charts/kubescape-operator/templates/kubescape-scheduler/cronjob.yaml#L5C1-L6C1

components.kubescapeScheduler.enabled come from:

charts/kubescape-operator/templates/_common.tpl

kubescapeScheduler:
  enabled: {{ and $configurations.submit (eq .Values.capabilities.configurationScan "enable") }}

https://github.com/kubescape/helm-charts/blob/f8f9d99e5ad6b86f4c1557979c5a5b9cceac593e/charts/kubescape-operator/templates/_common.tpl#L53C1-L53C19

Values.capabilities.configurationScan are by default enabled but configurations.submit depends on:

charts/kubescape-operator/templates/_common.tpl

{{- $submit := not (empty .Values.server) -}}
submit: {{ $submit }}
  {{- if $submit -}}
    {{- if and (empty .Values.account) $createCloudSecret -}}
      {{- fail "submitting is enabled but value for account is not defined: please register at https://cloud.armosec.io to get yours and re-run with  --set account=<your Guid>" }}
    {{- end -}}
    {{- if and (empty .Values.accessKey) $createCloudSecret -}}
      {{- fail "submitting is enabled but value for accessKey is not defined: To obtain an access key, go to 'Settings' -> 'Agent Access Keys' at https://cloud.armosec.io and re-run with  --set accessKey=<your key>" }}
    {{- end -}}
    {{- if empty .Values.clusterName -}}
      {{- fail "value for clusterName is not defined: re-run with  --set clusterName=<your cluster name>" }}
    {{- end -}}
  {{- end -}}
{{- end -}}

helm-charts/charts/kubescape-operator/templates/_common.tpl

Line 29 in f8f9d99

submit: {{ $submit }}

So the deployment of scheduler depends on the presence of a Provider (server, account and accessKey)

I think this is an errors, providers and scheduler should or at least may be independent.

#Suggestion
I suggest to make the following change:

charts/kubescape-operator/templates/_common.tpl

kubescapeScheduler:
  enabled: {{ eq .Values.capabilities.configurationScan "enable" }}
@pierreblais pierreblais added the bug Something isn't working label Sep 10, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@pierreblais