I'm trying to build a docker container to run inspec-k8s but when executing Inspec I get the following error for all defined resources:
inspec exec mgmt -t k8s://
Profile: InSpec K8s Profile
Version: 0.1.0
Target: kubernetes://XXXXXXX:XXXX
× k8s-1.0: Validate built-in namespaces
× Control Source Code Error /srv/mgmt/controls/basics.rb:3
undefined method `k8sobject' for #<Inspec::Rule:0x00000000070f0788>
...
Profile Summary: 0 successful controls, 7 control failures, 0 controls skipped
Test Summary: 0 successful, 7 failures, 0 skipped
I'm using the following versions:
- inspec: 4.56.20
- inspec-bin: 4.56.20
- train-kubernetes: 0.1.10
- k8s-ruby: 0.10.5
I ensured = has been removed from plugins.json:
# cat ~/.inspec/plugins.json
{
"plugins_config_version": "1.0.0",
"plugins": [
{
"name": "train-kubernetes",
"version": "0.1.10"
}
]
I've ensured only one version of excon is installed:
# gem list |grep excon
excon (0.92.2)
faraday-excon (1.1.0)
Inspect detect:
# inspec detect -t k8s://
== Platform Details
Name: k8s
Families: cloud, api
Release: 0.1.10
The Dockerfile in question:
FROM chef/inspec:4.56.20
## Install dependencies
RUN apt-get update && \
apt install -y build-essential ruby-dev coreutils bash git
## Fix path issue.
RUN ln -s /bin/mkdir /usr/bin/mkdir
## Install kubernetes plugin
RUN gem install inspec-bin -v 4.56.20 --no-document --quiet
RUN gem install train-kubernetes
## Accept license
ENV CHEF_LICENSE=accept
RUN inspec plugin install train-kubernetes
## Fix version issue
RUN sed -ie 's#"= 0#"0#g' /root/.inspec/plugins.json
## Volume and workdir
VOLUME ["/srv"]
WORKDIR /srv
## Set entrypoint and command.
ENTRYPOINT ["inspec"]
CMD ["help"]
The tests in question:
control "k8s-1.0" do
impact 0.2
title "Validate built-in namespaces"
desc "The kube-system, kube-public and default namespaces should exist"
describe k8sobject(api: 'v1', type: 'namespaces', name: 'default') do
it { should exist }
end
describe k8sobject(api: 'v1', type: 'namespaces', name: 'kube-system') do
it { should exist }
end
describe k8sobject(api: 'v1', type: 'namespaces', name: 'kube-public') do
it { should exist }
end
end
I used version 4.56.20 because that is the latest version I could find for version 4.x for both inspec and inspec-bin. I also tried with version 5.18.15 of Inspec but that wouldn't even run.
If you need any more information please let me know.
I'm trying to build a docker container to run inspec-k8s but when executing Inspec I get the following error for all defined resources:
I'm using the following versions:
I ensured
=has been removed fromplugins.json:I've ensured only one version of excon is installed:
Inspect detect:
The Dockerfile in question:
The tests in question:
I used version
4.56.20because that is the latest version I could find for version 4.x for both inspec and inspec-bin. I also tried with version5.18.15of Inspec but that wouldn't even run.If you need any more information please let me know.