Failure to run on AKS cluster

[muandane]

Description

Environment

OS: it's container so what ever is the dockerfile set to, but the aks nodepool OS is on Ubuntu 22.04
Version: v3.0.3

Steps To Reproduce

Expected behavior

it should work, i tested kubescape on a k3s node with my armo accountID and secret which works without issues

Actual Behavior

Additional context

[muandane]

@EtienneDeneuve

[matthyx]

@muandane we have just released a new Chart to address this issue, can you try again?

[matthyx]

1.18.3 released 2 minutes ago

[muandane]

thanks @matthyx i dont get that erreur anymore, but i'm getting this instead is it because of kubescape not being fully compatible with AKS ?

[muandane]

does it have to do with 1 kubevuln pod being down due to ephemeral-storage limitation ?
Pod ephemeral local storage usage exceeds the total limit of containers 4Gi

[matthyx]

thanks @matthyx i dont get that erreur anymore, but i'm getting this instead is it because of kubescape not being fully compatible with AKS ?

It means we didn't detect you're running on AKS... you can try setting cloudProviderMetadata.cloudProviderEngine=aks

[matthyx]

does it have to do with 1 kubevuln pod being down due to ephemeral-storage limitation ? `Pod ephemeral local storage

kubevuln doesn't have to do with compliance scan, it's the component that does vulnerability scans... however it would be nice to have it running :)
on your cluster you don't have PV support?

[muandane]

I'm installing kubescape using flux, this is the values structure i'm giving flux

ps:

• i have also added the secrets to the kuebscape deployment but in a form a secret instead of passing them as stings using envFrom.secretRef
• for the PV yes my aks cluster supports it i added as you can see the storage class needed
• for the cloudProviderMetadata.cloudProviderEngine=aks i checked the chart locally and it's not used anywhere i think that's the issue

[matthyx]

right, this parameter was deprecated looooong ago... sorry
maybe you could try setting some of the AKS specific values cloudProviderMetadata.aks* from https://github.com/kubescape/helm-charts/tree/main/charts/kubescape-operator ?

[muandane]

yes i added all of them as a secret

[matthyx]

hmm, @dwertent any idea?

[dwertent]

I think this is because we dont get the cloud provider from the nodes.
I will change this behavior.

[dwertent]

I revisited the issue and found that Kubescape identifies the cloud provider.
Have you reviewed the documentation here? It mentions both User-Assigned Managed Identities and System-Assigned Managed Identities. Ensure that you have defined the correct one.