Channels
academy
amazon
arm
azure
cabpr
chinese
ci-cd
danish
deutsch
developer
elemental
epinio
espanol
events
extensions
fleet
français
gcp
general
harvester
harvester-dev
hobbyfarm
hypper
japanese
k3d
k3os
k3s
k3s-contributor
kim
kubernetes
kubewarden
lima
logging
longhorn-dev
longhorn-storage
masterclass
mesos
mexico
nederlands
neuvector-security
office-hours
one-point-x
onlinemeetup
onlinetraining
opni
os
ozt
phillydotnet
portugues
rancher-desktop
rancher-extensions
rancher-setup
rancher-wrangler
random
rfed_ara
rio
rke
rke2
russian
s3gw
service-mesh
storage
submariner
supermicro-sixsq
swarm
terraform-controller
terraform-provider-rancher2
terraform-provider-rke
theranchcast
training-0110
training-0124
training-0131
training-0207
training-0214
training-1220
ukranian
v16-v21-migration
vsphere
windows
neuvector-security
- f
full-lawyer-94872
03/05/2023, 3:01 AMHello Team, found some confusions while checking some workloads in monitor mode. - f
full-lawyer-94872
03/05/2023, 3:01 AMScenario 1: - f
full-lawyer-94872
03/05/2023, 3:01 AMCheck network rule id: 27 in below screenshot - f
full-lawyer-94872
03/05/2023, 3:02 AMScreenshot 2023-03-05 at 05.50.46.png - f
full-lawyer-94872
03/05/2023, 3:03 AMIt was first reported as a violation in security events while running in monitor mode and as it's a valid connections, I just added it as a rule. - f
full-lawyer-94872
03/05/2023, 3:04 AMHowever when checking the rest of the rules, you can also notice that there was already a rule for this connection by id: 25444. - f
full-lawyer-94872
03/05/2023, 3:05 AMid: 27 is more specific than id: 25444, but still how could this be detected as a violation when the connection is already in allow list? - f
full-lawyer-94872
03/05/2023, 3:06 AM========================= - f
full-lawyer-94872
03/05/2023, 3:06 AMScenario 2: - f
full-lawyer-94872
03/05/2023, 3:08 AMCheck network rule id: 25 in below screenshot. - f
full-lawyer-94872
03/05/2023, 3:08 AMScreenshot 2023-03-05 at 05.58.32.png - f
full-lawyer-94872
03/05/2023, 3:09 AMIt was first reported as a violation in security events while running in monitor mode and as it's a valid connections, I just added it as a rule. However when checking the rest of the rules, you can also notice that there was already a rule for this connection by id: 2.kq- 3
- 21
- f
full-lawyer-94872
03/05/2023, 3:10 AMHow could this too be detected as a violation when the connection is already in allow list? - f
full-lawyer-94872
03/07/2023, 10:48 AMBTW, I would also like to know who exactly does this rule check, is it the enforcer ? - q
quaint-candle-18606
03/07/2023, 8:31 PMYes, Enforcers👍 1 - f
full-lawyer-94872
03/07/2023, 11:16 PMBTW, there have been some controller memory pressure issues in the cluster for sometime now, - f
full-lawyer-94872
03/07/2023, 11:16 PMCould that lead to this type of issue? - f
full-lawyer-94872
03/07/2023, 11:27 PMScreenshot 2023-03-08 at 04.54.56.pngq- 2
- 14
- k
kind-church-47495
03/08/2023, 1:32 PMAnyone able to help explain the delta in vulnerabilities reported under Assets -> Nodes and Security Risks -> Vulnerabilities? I show the count for the first page at 1811 high/ 1393 mediums and then there's only 200 highs / 145 mediums for the same node under security risks. the count also jumped up by like 400 after running an update... so that was strange as well.q- 2
- 4
- f
full-lawyer-94872
03/13/2023, 3:32 PMFolks, just seeing this confusion in between network rules and the graph on K8s api server connections. - f
full-lawyer-94872
03/13/2023, 3:32 PMScreenshot 2023-03-13 at 05.24.13.png - f
full-lawyer-94872
03/13/2023, 3:34 PMIn above screenshot, you could see that there is only one network rule detected for K8s api server connections where as if I check the network graph at the same time, you could observe the following. - f
full-lawyer-94872
03/13/2023, 3:35 PMScreenshot 2023-03-13 at 05.20.52.png - f
full-lawyer-94872
03/13/2023, 3:36 PMThe graph shows multiple K8s api server connections than the one that appear under network rules. - f
full-lawyer-94872
03/13/2023, 3:36 PMIs this a bug? - f
full-lawyer-94872
03/13/2023, 3:37 PMBTW, the version I am currently on is V5.1.1 - f
full-lawyer-94872
03/14/2023, 2:21 PMAlso the action seems to be 'open' instead of the usual 'allow' action and the connection does not seem to hold a rule id too - f
full-lawyer-94872
03/14/2023, 2:21 PMScreenshot 2023-03-14 at 19.45.16.png - f
full-lawyer-94872
03/14/2023, 2:25 PMIs this expected and are K8s api server connections actually allowed and open by default? - f
full-lawyer-94872
03/22/2023, 4:06 AMHi Team, for a K8s cluster with ~20 nodes, each running ~100 pods, how should we plan on scaling the controller pods? Also is it ok to set up an HPA for this instead of going into a set of statically scaled up controllers?
Title
f
full-lawyer-94872
03/22/2023, 4:06 AMHi Team, for a K8s cluster with ~20 nodes, each running ~100 pods, how should we plan on scaling the controller pods? Also is it ok to set up an HPA for this instead of going into a set of statically scaled up controllers?
View count: 1