You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Describe the bug
The output of k8s scan results can be misleading or hard to interpret, because assets of different types might have the same namespace/name identifier.
Eg a deployment "test" in namespace "my-namespace" and it's assigned service (also named "test"), both have the same cnspec output asset identifier of "Asset: my-namespace/test"
To Reproduce
Steps to reproduce the behavior:
have a k8s cluster available
run cnspec scan k8s -f mondoo-kubernetes-best-practices.mql.yaml > issue.txt
If you have a look at the "Kubernetes Service" objects, you will find that there are no checks specified for them (perfectly fine).
When you copy one service identifier and look for the detailed output of that asset, somewhere above in the file, you will see something like:
Asset: my-namespace/test
-----------------------------------------
error: rpc error: code = InvalidArgument desc = asset doesn't support any policies
If I didn't know that this is an asset of type "Kubernetes Service", I'd have no idea at what I'm looking.
Expected behavior
Please add the asset type somewhere in the output, maybe something like this:
Asset: (Kubernetes Service) my-namespace/test
-----------------------------------------
error: rpc error: code = InvalidArgument desc = asset doesn't support any policies
Screenshots or CLI Output
I cut one ouf our LAB cluster scans to the necessary parts:
# <- Kubernetes Deployment
Asset: my-namespace/test
---------------------------------------
Checks:
✓ Pass: 100 Container should request CPU
✓ Pass: 100 Pod should not define hostAliases
✕ Fail: 80 Container should configure a livenessProbe
✕ Fail: 80 Container should configure a readinessProbe
✓ Pass: 100 Deployments should not bind to a host port
✓ Pass: 100 Deployments should not run in the default namespace
✓ Pass: 100 Container should request memory
# <- Kubernetes Service
Asset: my-namespace/test
--------------------------------------------
error: rpc error: code = InvalidArgument desc = asset doesn't support any policies
Scanned xxx assets
Kubernetes Deployment
[80/100] my-namespace/test
Kubernetes Service
X my-namespace/test
Summary
=======
Score Distribution Asset Distribution
------------------ ------------------
A xxx assets Kubernetes StatefulSet xxx
B 5 assets Kubernetes CronJob xxx
C 0 assets Kubernetes Pod xxx
D 0 assets Kubernetes Cluster xxx
F 0 assets Kubernetes Deployment 1
X xxx assets Kubernetes Service 1
Kubernetes DaemonSet xxx
Kubernetes Ingress xxx
Kubernetes Job xxx
Desktop (please complete the following information):
not relevant
Additional context
none
The text was updated successfully, but these errors were encountered:
Describe the bug
The output of k8s scan results can be misleading or hard to interpret, because assets of different types might have the same namespace/name identifier.
Eg a deployment "test" in namespace "my-namespace" and it's assigned service (also named "test"), both have the same cnspec output asset identifier of "Asset: my-namespace/test"
To Reproduce
Steps to reproduce the behavior:
cnspec scan k8s -f mondoo-kubernetes-best-practices.mql.yaml> issue.txtIf you have a look at the "Kubernetes Service" objects, you will find that there are no checks specified for them (perfectly fine).
When you copy one service identifier and look for the detailed output of that asset, somewhere above in the file, you will see something like:
If I didn't know that this is an asset of type "Kubernetes Service", I'd have no idea at what I'm looking.
Expected behavior
Please add the asset type somewhere in the output, maybe something like this:
Screenshots or CLI Output
I cut one ouf our LAB cluster scans to the necessary parts:
Desktop (please complete the following information):
not relevant
Additional context
none
The text was updated successfully, but these errors were encountered: