-
Notifications
You must be signed in to change notification settings - Fork 76
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
No PolicyReport CRDs found #66
Comments
Policy Reporter uses The only thing I am wondering about is that it found to different CRD Version. The current stable Kyverno Release should use v1alpha1 |
Is there some additional information I can provide in order to better understand the potential issue?
|
Is there an issue? Do you don't get information from Policy Reporter? If its only the log entry you can ignore them because they were found a few seconds later. |
On some clusters, I am not seeing the data via the policy-reporter UI. I just wanted to get clarity on this error (now understood to be somewhat of a false positive). That said, it's very possible the work I'm currently doing with Network Policies is at the root of the problem. It might be good to add specifics about what ingress/egress traffic is needed to the project's README? |
As we've been discussing this, I figured I'd reopen and append what we've found:
|
I could reproduce this error with an deny network policy. Because policy reporter uses the Kubernetes API client, the policy reporter network policy has to allow egress traffic to the API Server (Port 6443). I updated the network policy and released it with your new features with 1.9.0. |
Thank you. Testing now... |
I've deployed chart 1.9.0 to 2 v1.19.9 clusters.
One is working, the other is not. What's interesting are the differences I'm seeing in the logs for the policy-reporter pod. Here's the few few lines from the working pod:
And now the problem child:
I've verified each of the 3 netpols are consistent on both clusters. I've also seen the same query results on each.
|
Is it possible that your Kubernetes API Server has a different port as 6443 or other/additional restrictions? I think the problem is still that the Kubernetes API Client can't connect. |
Release 1.9.1 has a new value |
Thank you for all the collaboration. Closing this as 1.9.2 is meeting all expectations on my end. |
Thank you for your contributions |
I am running 1.8.9 and see the following log entries when starting my policy-reporter pod. Is the ERROR legit?
The following CRDs exist on the system since this cluster is running Kyverno 1.4.2
The text was updated successfully, but these errors were encountered: