kubevuln icon indicating copy to clipboard operation
kubevuln copied to clipboard

Published 20 hours ago verified publisher icon kubescape

[question] can't load config file using `CONFIG` env

Open anubhav06 opened this issue 1 year ago • 6 comments

Description

As mentioned in the README, we can load config file using the CONFIG env. However, we are unable to load config file path using the CONFIG environment variable. Kubevuln always defaults to searching the config file in the /etc/config path, even when we define a new path in the CONFIG env.

In order to run kubevuln:

  • We either add the config file named clusterData.json in the path /etc/config, the default path where kubevuln searches for it.
  • Or, we explicitly define a new path in the code here, where we want Kubevuln to search for the config file named clusterData.json, build kubevuln and then run it

If we follow any of the above 2 steps, then I am able to run it locally

Environment

OS: Ubuntu 20.04.4 LTS

Steps To Reproduce

Method 1:

  1. Build kubevuln using make
  2. Load config file using the CONFIG environment variable export CONFIG=path/to/clusterData.json

Method 2:

  1. Build the Docker image from the Dockerfile and run it using: docker run <kubevuln-built-image-name> -e CONFIG=path/to/clusterData.json

Additional Context

Is this an expected behavior or am I missing something?

anubhav06 avatar Jun 19 '23 17:06 anubhav06

  • I can build kubevuln as a standalone (confirmed by checking the endpoints).
  1. I used the snippet of clusterData.json given in the README, i.e., after replacing the accountID and clusterName. And saving the file in the expected location, i.e. /etc/config/clusterData.json 
{
"gatewayWebsocketURL": "127.0.0.1:8001",
"gatewayRestURL": "127.0.0.1:8002",
"kubevulnURL": "127.0.0.1:8080",
"kubescapeURL": "127.0.0.1:8080",
"eventReceiverRestURL": "https://report.armo.cloud",
"eventReceiverWebsocketURL": "wss://report.armo.cloud",
"rootGatewayURL": "wss://ens.euprod1.cyberarmorsoft.com/v1/waitfornotification",
"accountID": "*********************",
"clusterName": "******" 
}
  1. I also tried using another format of the clusterData.json through the command given below:
kubectl config view -o json
  • Although, I am unable to build the Docker image from the Dockerfile.

0xt3j4s avatar Jun 21 '23 09:06 0xt3j4s

Thank you for raising this issue. You can either manually edit the path here or contribute a fix :)

dwertent avatar Jun 30 '23 14:06 dwertent

@dwertent For a fix, what path should it be looking for?

0xt3j4s avatar Jul 01 '23 22:07 0xt3j4s

@anubhav06 @dwertent Please review my PR. Please suggest any improvements. Thank You.

siddhikhapare avatar Jul 25 '23 20:07 siddhikhapare

@anubhav06 why do you want to relocate the config, is it specific to your cluster? Maybe we can just drop the documentation instead...

matthyx avatar Aug 03 '23 05:08 matthyx

@matthyx The problem was that LoadConfig was unable to load config file path set by the CONFIG environment variable.

However, as david mentioned, we are able to run it by manually editing the path and then running it.

You can either manually edit the path here

So I believe if we just remove/update the documentation, that works.

anubhav06 avatar Aug 03 '23 06:08 anubhav06