Channels
academy
amazon
arm
azure
cabpr
chinese
ci-cd
danish
deutsch
developer
elemental
epinio
espanol
events
extensions
fleet
français
gcp
general
harvester
harvester-dev
hobbyfarm
hypper
japanese
k3d
k3os
k3s
k3s-contributor
kim
kubernetes
kubewarden
lima
logging
longhorn-dev
longhorn-storage
masterclass
mesos
mexico
nederlands
neuvector-security
office-hours
one-point-x
onlinemeetup
onlinetraining
opni
os
ozt
phillydotnet
portugues
rancher-desktop
rancher-extensions
rancher-setup
rancher-wrangler
random
rfed_ara
rio
rke
rke2
russian
s3gw
service-mesh
storage
submariner
supermicro-sixsq
swarm
terraform-controller
terraform-provider-rancher2
terraform-provider-rke
theranchcast
training-0110
training-0124
training-0131
training-0207
training-0214
training-1220
ukranian
v16-v21-migration
vsphere
windows
Title
m
many-nightfall-1806
03/23/2023, 8:57 PMDoes anyone already installed NeuVector in Rancher Desktop?
I tried to install using the manifests and helm. For both methods the enforcer pod keeps crashing.
pod/neuvector-enforcer-pod-4qjdl 0/1 CrashLoopBackOff2023-03-23T20:48:43.574|INFO|AGT|main.waitForAdmission: Node admission is enabled
2023-03-23T20:48:43.574|INFO|AGT|main.waitForAdmission: Sending join request
2023-03-23T20:48:43.575|INFO|AGT|cluster.newGRPCClientTCP: Expected server name - cn=NeuVector
2023-03-23T20:48:43.578|INFO|AGT|main.waitForAdmission: Agent join request accepted
2023-03-23T20:48:43.581|INFO|AGT|main.main: Runtime storage driver - name=overlayfs
2023-03-23T20:48:43.581|INFO|AGT|dp.Open:
2023-03-23T20:48:43.596|INFO|AGT|probe.New:
2023-03-23T20:48:43.596|ERRO|AGT|probe.NewFileAccessCtrl: FA: Initialize - error=function not implemented
2023-03-23T20:48:43.596|INFO|AGT|probe.New: PROC: Process control is not supported
2023-03-23T20:48:43.605|INFO|AGT|main.(*Bench).RerunKube:
2023-03-23T20:48:43.608|ERRO|AGT|system.(*SystemTools).CheckHostProgram: Done - error=exit status 255 msg=Failed to run script: ret=1
2023-03-23T20:48:43.608|ERRO|AGT|main.(*Bench).checkRequiredHostProgs: - error=exit status 255 program=kubectl
2023-03-23T20:48:43.609|ERRO|AGT|main.(*Bench).RerunKube: Cannot run master node CIS benchmark - error=kubectl command not found.
2023-03-23T20:48:43.614|INFO|AGT|main.(*Bench).RerunKube: Not a kubernetes worker node
2023-03-23T20:48:43.618|ERRO|AGT|fsmon.NewFileWatcher: Open fanotify fail - error=function not implemented
2023-03-23T20:48:43.618|INFO|AGT|probe.(*Probe).netlinkProcMonitor: PROC: Start real-time process listener
2023-03-23T20:48:43.618|ERRO|AGT|main.main: Failed to open file monitor! - error=function not implemented
2023-03-23T20:48:43|MON|Process agent exit status 254, pid=9363
2023-03-23T20:48:43|MON|Process agent exit with non-recoverable return code. Monitor Exit!!
2023-03-23T20:48:43|MON|Kill dp with signal 15, pid=9362
Leave the cluster
2023-03-23T20:48:43|DEBU|dp0|dp_data_thr: dp thread exits
2023-03-23T20:48:43.651Z [INFO] agent.client: client starting leave
2023-03-23T20:48:44.237Z [INFO] agent.client.serf.lan: serf: EventMemberLeave: 10.42.0.10 10.42.0.10
2023-03-23T20:48:47.817Z [INFO] agent: Requesting shutdown
2023-03-23T20:48:47.817Z [INFO] agent.client: shutting down client
2023-03-23T20:48:47.840Z [INFO] agent: consul client down
2023-03-23T20:48:47.840Z [INFO] agent: shutdown complete
2023-03-23T20:48:47.840Z [INFO] agent: Stopping server: address=127.0.0.1:8500 network=tcp protocol=http
Graceful leave complete
2023-03-23T20:48:47.841Z [INFO] agent: Waiting for endpoints to shut down
2023-03-23T20:48:47.841Z [INFO] agent: Endpoints down
2023-03-23T20:48:47.841Z [INFO] agent: Exit code: code=0
2023-03-23T20:48:47|MON|Clean up.Events:
Type Reason Age From Message
---- ------ ---- ---- -------
Normal Scheduled 11m default-scheduler Successfully assigned neuvector/neuvector-enforcer-pod-4qjdl to lima-rancher-desktop
Normal Pulling 11m kubelet Pulling image "<http://docker.io/neuvector/enforcer:5.0.4|docker.io/neuvector/enforcer:5.0.4>"
Normal Pulled 10m kubelet Successfully pulled image "<http://docker.io/neuvector/enforcer:5.0.4|docker.io/neuvector/enforcer:5.0.4>" in 22.298088477s (22.298104263s including waiting)
Normal Created 7m50s (x5 over 10m) kubelet Created container neuvector-enforcer-pod
Normal Started 7m50s (x5 over 10m) kubelet Started container neuvector-enforcer-pod
Normal Pulled 6m4s (x5 over 10m) kubelet Container image "<http://docker.io/neuvector/enforcer:5.0.4|docker.io/neuvector/enforcer:5.0.4>" already present on machine
Warning BackOff 68s (x34 over 9m45s) kubelet Back-off restarting failed containerf
fast-garage-66093
03/23/2023, 9:04 PMI think the problem is that
fanotifyCan you open a bug for this on Github? I don't think this will be resolved until the Alpine issue is fixed in upstream, but at least we could test if this is the only issue preventing NeuVector from running.
m
many-nightfall-1806
03/23/2023, 9:13 PMHey @fast-garage-66093 thank you so much for your response. Sure I will open a bug in Github.
Not sure if you need the github issue reference,
https://github.com/rancher-sandbox/rancher-desktop/issues/4269
f
fast-garage-66093
03/24/2023, 5:25 PMI don't need the reference, I get email for all issues filed or updated 😄 But thank you for creating the issue!
m
many-nightfall-1806
03/24/2023, 5:25 PMGreat! Thank you for your help!