cloudbeat icon indicating copy to clipboard operation
cloudbeat copied to clipboard

Published 20 hours ago verified publisher icon elastic

K8s watcher fail to be set resulting with no findings from kube-fetcher

Open uri-weisman opened this issue 10 months ago • 0 comments

Bug Description This bug is relevant for customers running KSPM on Kubernetes version v1.25 or higher. In k8s v1.25, Pod Security Policy (PSP) was removed, and setting a watcher for this resource will fail, as shown here.

If we fail to initialize a Kubernetes watcher for a specific resource, we stop running the kube-fetcher, resulting in no findings from this fetcher.

Preconditions KSPM integration installed on Kubernetes v1.25 or above.

Steps to Reproduce

  1. Run ELK stack + Elastic agent (version 8.13.x).
  2. Install the latest KSPM integration.
  3. Observe that no Kubernetes resources findings arrive.

Expected Behavior We should receive findings from all three fetchers (filesystem, process, kube).

Possible Solutions

  1. Continue setting other Kubernetes resource watchers even if one fails to be set.
  2. Determine the Kubernetes version we're running and set watchers only for the supported resources in this Kubernetes version.

uri-weisman avatar Apr 15 '24 10:04 uri-weisman