Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Ensure CIS scan works when there are Windows nodes in RKE2-provisioned cluster #36265

Closed
snasovich opened this issue Oct 25, 2021 · 6 comments
Closed

Ensure CIS scan works when there are Windows nodes in RKE2-provisioned cluster #36265

snasovich opened this issue Oct 25, 2021 · 6 comments
Assignees
@pennyscissors @MKlimuszka @SheilaghM
Labels
internal priority/1 status/dev-validate team/area3
Milestone
v2.6.4

Comments

@snasovich
Copy link
Collaborator

As per RKE2 <-> RKE1 provisioning parity requirements, we need to ensure CIS scans are not affected if there are Windows nodes present in RKE2-provisioned cluster. Note that there are no expectations of CIS scan actually working against Windows nodes, we just need to ensure a presence of Windows nodes doesn't result in failures.
@sgapanovich
Copy link

CIS scan app can't be successfully installed in a RKE1/RKE2 Windows cluster
Checked with:

  • RKE1 Windows 2019 (3 linux etcd, 2 linux cp, 1 linux worker, 3 windows workers)
  • RKE2 Windows 2022 (3 linux etcd, 2 linux cp, 1 linux worker, 1 windows worker)
    cis

@sirredbeard
Copy link

Charts need to be updated to target nodes properly.

@sirredbeard
Copy link

cc @SheilaghM

@sirredbeard sirredbeard transferred this issue from rancher/windows Jan 25, 2022
@sirredbeard sirredbeard added this to the v2.6.4 milestone Jan 25, 2022
@MKlimuszka MKlimuszka assigned sgapanovich and unassigned davidnuzik Feb 1, 2022
@aiyengar2 aiyengar2 mentioned this issue Feb 4, 2022
Closed
@deniseschannon
Copy link

Need to add

Tolerations - to support RKE1 windows clusters
Node Selectors - to support RKE2 windows clusters

for the components to be scheduled only on the linux nodes

see: #36403

@phillipsj phillipsj mentioned this issue Feb 23, 2022
Closed
@zube zube bot removed the [zube]: Need Info label Feb 23, 2022
@luthermonson
Copy link
Contributor

This issue is going to be superceded by a previous dashboard issue which captures everything and has all PRs linked up. You can see context rancher/dashboard#5137 (comment)

@zube zube bot reopened this Mar 9, 2022
@pennyscissors
Copy link
Contributor

Closing this since the Zube bot mistakenly re-opened.

@zube zube bot removed the [zube]: Done label Jun 23, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@pennyscissors pennyscissors

@MKlimuszka MKlimuszka

@SheilaghM SheilaghM

Labels
internal priority/1 status/dev-validate team/area3
Projects
RKE2 opened issues
Status: Done
Milestone
v2.6.4
Development

No branches or pull requests