Skip to content

Unable to Access Host Scanner Data in Air Gap Environment #637

New issue
New issue
Open
Open
Unable to Access Host Scanner Data in Air Gap Environment#637
Assignees
matthyx
Labels
bugSomething isn't working
@AdonisOkpidi

Description

@AdonisOkpidi
AdonisOkpidi
opened on Mar 7, 2025

Overview

In an AKS air-gapped environment, the host scanner fails to retrieve host information. The logs indicate errors where the scanner is unable to handle requests and fails to obtain cloud data.

Environment

  • OS: Windows
  • Kubescape Version: v1.26.2

Steps to Reproduce:

  1. Deploy Kubescape v1.26.2 in an air-gapped Kubernetes cluster.
  2. Attempt to view reports with the command kubectl get workloadconfigurationscans -A with the following prefix (Detailed host-scanner error list in screenshot):
  cniinfo
  controlplaneinfo
  kubeletinfo
  kubeproxyinfo

This will show no reports are generated which might be related to the host scanner errors.
3. Logs show "server is currently unable to handle the request" errors.
4. "DefaultAzureCredential authentication failed" despite no credentials being configured.
5. No host-scanner reports are generated as listed/highlighted in the screenshot belowImage

Expected behaviour and observations

Scan completes successfully with all host-scanner reports generated (This example is from GKE (non-air-gap) with kubescapeOffline: enable)

Image

Image

Image

nb: For GKE (non-air-gap), I am using the kubescapeOffline: enable with offline capabilities.

  • Using the same values.yaml
  • Host scanning works without credentials configured.
  • host-scanner reports are generated

Activity

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Metadata

Metadata

Assignees

Labels

bugSomething isn't working

Type

No type

Projects

Kubescaping

  • Status

    High Priority

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions