Failing to use starboard successfully in multi-architecture clusters

[danmanners]

Hey folks, I'm attempting to run kubectl starboard scan kubehunterreports in my cluster. However, I have both arm64 and amd64 nodes. There does not appear to be any way to use node-selectors of any sort.

Hitting backoff limit

➜  homelab-k3s-cluster git:(main) ✗ k starboard scan kubehunterreports
E0108 14:11:02.329485    8617 runnable_job.go:162] Container kube-hunter terminated with Error: standard_init_linux.go:228: exec user process caused: exec format error
error: running kube-hunter job: warning event received: Job has reached the specified backoff limit (BackoffLimitExceeded)

Can't use overrides

➜  homelab-k3s-cluster git:(main) ✗ k starboard scan kubehunterreports \
  --overrides='{"apiVersion":"v1","spec":{"nodeSelector":{"node-role.kubernetes.io/amd64":true"}}}'
error: unknown flag: --overrides

Are there any suggestions here? I'd really like to evaluate this tool. Otherwise, I'm also happy to submit a PR to build multi-architecture images with podman/buildah.

Thanks in advance!

[danielpacak]

Thank you for the feedback @danmanners Indeed you won't be able to schedule a Kube-hunter scan job on the ARM node because Kube-hunter itself does not support ARM. See aquasecurity/kube-hunter#37 for more details.

Regarding multi-architecture binaries and container images we could reuse issue #831. Notice that we us GoReleaser (not podman/buildah).

Having said that, the only (quick) solution might be adding a configurable node selector to kube-hunter scan jobs to schedule it only on the amd64 nodes. Is that something you'd like to contribute?