undefined method `k8sobjects' #24
Description
I'm trying to build a docker container to run inspec-k8s but when executing Inspec I get the following error for all defined resources:
inspec exec mgmt -t k8s://
Profile: InSpec K8s Profile
Version: 0.1.0
Target: kubernetes://XXXXXXX:XXXX
× k8s-1.0: Validate built-in namespaces
× Control Source Code Error /srv/mgmt/controls/basics.rb:3
undefined method `k8sobject' for #<Inspec::Rule:0x00000000070f0788>
...
Profile Summary: 0 successful controls, 7 control failures, 0 controls skipped
Test Summary: 0 successful, 7 failures, 0 skipped
I'm using the following versions:
- inspec: 4.56.20
- inspec-bin: 4.56.20
- train-kubernetes: 0.1.10
- k8s-ruby: 0.10.5
I ensured = has been removed from plugins.json:
# cat ~/.inspec/plugins.json
{
"plugins_config_version": "1.0.0",
"plugins": [
{
"name": "train-kubernetes",
"version": "0.1.10"
}
]
I've ensured only one version of excon is installed:
# gem list |grep excon
excon (0.92.2)
faraday-excon (1.1.0)
Inspect detect:
# inspec detect -t k8s://
== Platform Details
Name: k8s
Families: cloud, api
Release: 0.1.10
The Dockerfile in question:
FROM chef/inspec:4.56.20
## Install dependencies
RUN apt-get update && \
apt install -y build-essential ruby-dev coreutils bash git
## Fix path issue.
RUN ln -s /bin/mkdir /usr/bin/mkdir
## Install kubernetes plugin
RUN gem install inspec-bin -v 4.56.20 --no-document --quiet
RUN gem install train-kubernetes
## Accept license
ENV CHEF_LICENSE=accept
RUN inspec plugin install train-kubernetes
## Fix version issue
RUN sed -ie 's#"= 0#"0#g' /root/.inspec/plugins.json
## Volume and workdir
VOLUME ["/srv"]
WORKDIR /srv
## Set entrypoint and command.
ENTRYPOINT ["inspec"]
CMD ["help"]
The tests in question:
control "k8s-1.0" do
impact 0.2
title "Validate built-in namespaces"
desc "The kube-system, kube-public and default namespaces should exist"
describe k8sobject(api: 'v1', type: 'namespaces', name: 'default') do
it { should exist }
end
describe k8sobject(api: 'v1', type: 'namespaces', name: 'kube-system') do
it { should exist }
end
describe k8sobject(api: 'v1', type: 'namespaces', name: 'kube-public') do
it { should exist }
end
end
I used version 4.56.20 because that is the latest version I could find for version 4.x for both inspec and inspec-bin.
I also created a container with chef/inspec:5.22.52 (which has train-kubernetesincluded since version5.22.0according to the docs) but this also gives me thek8sobject` errror:
× k8s-1.0: Validate built-in namespaces
× Control Source Code Error /srv/mgmt/controls/basics.rb:3
undefined method `k8sobject' for #<Inspec::Rule:0x000078a3fc15bd28 @impact=0.2, @title="Validate built-in namespaces", @descriptions={:default=>"The kube-system, kube-public, kube-node-lease and default namespaces should exist"}, @refs=[], @tags={},
@resource_dsl=#<Module:0x000078a3fbfd9a40>, @__code=nil, @__block=#<Proc:0x000078a3fc15b620 /srv/mgmt/controls/basics.rb:3>, @__source_location={:ref=>"/srv/mgmt/controls/basics.rb", :line=>3}, @__rule_id="k8s-1.0", @__profile_id="inspec-ikp-mgmt", @__c
hecks=[["describe", ["Control Source Code Error"], #<Proc:0x000078a3fbe1edb8 /opt/inspec/embedded/lib/ruby/gems/3.1.0/gems/inspec-core-5.22.52/lib/inspec/rule.rb:454>]], @__skip_rule={}, @__merge_count=0, @__merge_changes=[], @__skip_only_if_eval=false,
@__na_rule={}, @__waiver_data=nil, @__file="/srv/mgmt/controls/basics.rb", @__group_title="Management cluster">```
If you need any more information please let me know.