New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Intermittent download issues #193
Comments
This 403 error occurs at the top of every command I perform within the container eg:
|
When it does work, the output is... odd: This is running
|
Hi @tim-sendible, this is the GitHub behavior since you reached the rate limit. Since you managed to scan successfully, the Kubescape caches the policies in
The Regarding the docker image, you can scan using docker but you need to make sure the docker container has access to your cluster. Otherwise, you can scan with the docker container yaml files/GitHub repositories e.g.
You can also scan from within the cluster using the cronJob, we will publish an official documentation ASAP, but for now please download the CronJob yaml, and remove the ConfigMap and the --submit from the command. |
Thanks @dwertent. That cache won't work, because it doesn't exist. Once a Kubernetes pod has completed its run, it destroys itself. I think the only workaround I have at this time is to somehow save the cache policies in persistent storage for future pods to use, which is really not a very kubernetes-friendly approach. Alternatively, is there a user-friendly option allowing me to change the policy download location? I could then try and mirror the policies locally to prevent github ratelimiting me. I am already basing my work on your cronjob (without the configmap or the volume), and the above error is what I'm getting as a result. |
@tim-sendible I agree with you, I experience the same behavior and it's very important to find a good and solid workaround.
Yes, you can download the policies using the download command ->
And run with
|
@dwertent ah of course. I had tried that, but was already being rate limited so didn't have any success. So it seems a half-sensible workaround for me is to create my own container that has these files pre-downloaded. This can tide me over while you guys come up with a more solid solution that doesn't hit github's rate limiting. Thanks. |
@tim-sendible In the Dockerfile you can add the For now, since you have issues downloading the policies, I published a new tag with the policies already downloaded :) Good luck. |
Thanks @dwertent. I have something that at least runs. Struggling to get this to work with individually-defined controlls (eg |
This is because you are running a single I see there is some confusion and I apologize. We constantly improve the command and documentation based on users feedback, so thank you for your feedback and please feel free to share any other feedback or ideas you have.
Indeed this is a different issue, we are working to improve this control since it's a very tricky test. |
When I get time, I don't mind helping with the docs or the examples. I'm not a good developer, but I can write things down :) |
Well that sounds great since I'm the apposite 😉 |
Kubescape downloads the release and does no longer use |
This is the v1.0.126 container running in eks 1.21. Running the command
kubescape scan framework nsa
If I wait an hour or two, one run will be successful, and then subsequent runs will fail again.
The text was updated successfully, but these errors were encountered: