MicroK8s v1.31.0 revision 7178 missing addon CIS-hardening
Closed this issue · 2 comments
Summary
MicroK8s v1.31.0 revision 7178 missing addon CIS-hardening
See https://bugs.launchpad.net/canonical-identity-provider/+bug/2083079
What Should Happen Instead?
Addon should exist
Reproduction Steps
- microk8s status
- doesn't list addon
Introspection Report
Can you suggest a fix?
Load addon
Are you interested in contributing with a fix?
no
Also community addon doesn't load;
~ $ microk8s enable community
Infer repository core for addon community
Cloning into '/var/snap/microk8s/common/addons/community'...
fatal: detected dubious ownership in repository at '/snap/microk8s/current/addons/community/.git'
To add an exception for this directory, call:
git config --global --add safe.directory /snap/microk8s/current/addons/community/.git
fatal: Could not read from remote repository.
Please make sure you have the correct access rights
and the repository exists.
Traceback (most recent call last):
File "/snap/microk8s/7178/scripts/wrappers/addons.py", line 351, in
addons(prog_name="microk8s addons")
File "/snap/microk8s/7178/usr/lib/python3/dist-packages/click/core.py", line 764, in call
return self.main(*args, **kwargs)
File "/snap/microk8s/7178/usr/lib/python3/dist-packages/click/core.py", line 717, in main
rv = self.invoke(ctx)
File "/snap/microk8s/7178/usr/lib/python3/dist-packages/click/core.py", line 1137, in invoke
return _process_result(sub_ctx.command.invoke(sub_ctx))
File "/snap/microk8s/7178/usr/lib/python3/dist-packages/click/core.py", line 1137, in invoke
return _process_result(sub_ctx.command.invoke(sub_ctx))
File "/snap/microk8s/7178/usr/lib/python3/dist-packages/click/core.py", line 956, in invoke
return ctx.invoke(self.callback, **ctx.params)
File "/snap/microk8s/7178/usr/lib/python3/dist-packages/click/core.py", line 555, in invoke
return callback(*args, **kwargs)
File "/snap/microk8s/7178/scripts/wrappers/addons.py", line 207, in add
subprocess.check_call(cmd)
File "/snap/microk8s/7178/usr/lib/python3.8/subprocess.py", line 364, in check_call
raise CalledProcessError(retcode, cmd)
subprocess.CalledProcessError: Command '['/snap/microk8s/7178/git.wrapper', 'clone', '/snap/microk8s/current/addons/community', PosixPath('/var/snap/microk8s/common/addons/communited non-zero exit status 128.
~$ microk8s version
MicroK8s v1.31.0 revision 7178
Hey @djjeffr,
Is this node upgraded from an older version to v1.31? Doing a fresh install I can observe the addon in the list
microk8s is running
high-availability: no
datastore master nodes: 127.0.0.1:19001
datastore standby nodes: none
addons:
enabled:
dns # (core) CoreDNS
ha-cluster # (core) Configure high availability on the current node
helm # (core) Helm - the package manager for Kubernetes
helm3 # (core) Helm 3 - the package manager for Kubernetes
disabled:
cert-manager # (core) Cloud native certificate management
cis-hardening # (core) Apply CIS K8s hardening
community # (core) The community addons repository
dashboard # (core) The Kubernetes dashboard
gpu # (core) Alias to nvidia add-on
host-access # (core) Allow Pods connecting to Host services smoothly
hostpath-storage # (core) Storage class; allocates storage from host directory
ingress # (core) Ingress controller for external access
kube-ovn # (core) An advanced network fabric for Kubernetes
mayastor # (core) OpenEBS MayaStor
metallb # (core) Loadbalancer for your Kubernetes cluster
metrics-server # (core) K8s Metrics Server for API access to service metrics
minio # (core) MinIO object storage
nvidia # (core) NVIDIA hardware (GPU and network) support
observability # (core) A lightweight observability stack for logs, traces and metrics
prometheus # (core) Prometheus operator for monitoring and logging
rbac # (core) Role-Based Access Control for authorisation
registry # (core) Private image registry exposed on localhost:32000
rook-ceph # (core) Distributed Ceph storage using Rook
storage # (core) Alias to hostpath-storage add-on, deprecated
You might need to update the addons repository with microk8s addons repo update core.
For the community addons repo can you check the ownership of the /snap/microk8s/current/addons/community and /var/snap/microk8s/common/addons/community folders?
Thanks that worked.