Closed
Description
Describe the bug
To Reproduce
Steps to reproduce the behavior:
- Create a GKE cluster with this setting
gcp.project.gkeService.cluster.nodepool.config.sandboxConfig type="GVISOR" - Get access to the cluster via
gcloud container clusters get-credentials $(terraform output -raw gke_cluster_name) --region $(terraform output -raw region);(or when not using terraform, filling those variables as needed) - Try to access the cluster via
cnspec shell k8s - Get the error:
x unable to create runtime for asset error="rpc error: code = Unknown desc = failed to fetch api resource types from kubernetes: unable to retrieve the complete list of server APIs: metrics.k8s.io/v1beta1: stale GroupVersion discovery: metrics.k8s.io/v1beta1" asset=
FTL could not find an asset that we can connect to
Expected behavior
On a GKE cluster without this configuration gcp.project.gkeService.cluster.nodepool.config.sandboxConfig type="GVISOR" , the steps above work as desired. This should work too on a GVISOR sandbox cluster.
NOTE:
This might very well be cause by the limitations of a sand-boxed cluster:
https://cloud.google.com/kubernetes-engine/docs/concepts/sandbox-pods#limitations-incompatible
Screenshots or CLI Output
If applicable, add screenshots or the CLI output to help explain your problem.
Desktop (please complete the following information):
cnspec providers
k8s 11.1.50
Additional context
Add any other context about the problem here.