🧪 WIF test suite - EKS (AWS)

Author: slntopp

controllers/k8s_scan/resources.go

@@ -695,6 +695,9 @@ retry gcloud container clusters get-credentials "$CLUSTER_NAME" \
   --project "$PROJECT_ID" \
   --location "$CLUSTER_LOCATION"
 cp ~/.kube/config /etc/opt/mondoo/kubeconfig/kubeconfig
+echo "=== DEBUG: generated kubeconfig ==="
+cat /etc/opt/mondoo/kubeconfig/kubeconfig
+echo "=== END DEBUG ==="
 `
 		env = []corev1.EnvVar{
 			{Name: "HOME", Value: "/tmp"},
@@ -710,6 +713,9 @@ retry aws eks update-kubeconfig \
   --name "$CLUSTER_NAME" \
   --region "$AWS_REGION" \
   --kubeconfig /etc/opt/mondoo/kubeconfig/kubeconfig
+echo "=== DEBUG: generated kubeconfig ==="
+cat /etc/opt/mondoo/kubeconfig/kubeconfig
+echo "=== END DEBUG ==="
 `
 		env = []corev1.EnvVar{
 			{Name: "HOME", Value: "/tmp"},
@@ -741,10 +747,11 @@ retry az aks get-credentials \
 	}
 
 	return corev1.Container{
-		Name:    "generate-kubeconfig",
-		Image:   image,
-		Command: []string{"/bin/sh", "-c", script},
-		Env:     env,
+		Name:            "generate-kubeconfig",
+		Image:           image,
+		ImagePullPolicy: corev1.PullIfNotPresent,
+		Command:         []string{"/bin/sh", "-c", script},
+		Env:             env,
 		VolumeMounts: []corev1.VolumeMount{
 			{Name: "kubeconfig", MountPath: "/etc/opt/mondoo/kubeconfig"},
 			{Name: "temp", MountPath: "/tmp"},
@@ -863,9 +870,10 @@ kill $HELPER_PID 2>/dev/null || true
 `
 
 	return corev1.Container{
-		Name:    "fetch-spiffe-certs",
-		Image:   SPIFFEHelperImage,
-		Command: []string{"/bin/sh", "-c", script},
+		Name:            "fetch-spiffe-certs",
+		Image:           SPIFFEHelperImage,
+		ImagePullPolicy: corev1.PullIfNotPresent,
+		Command:         []string{"/bin/sh", "-c", script},
 		Env: []corev1.EnvVar{
 			{Name: "SOCKET_FILE", Value: socketFile},
 			{Name: "K8S_SERVER", Value: cluster.SPIFFEAuth.Server},