RHACS: Keeping the violations intact even after deployments/or components deleted
Environment
- Red Hat Advanced Cluster Security for Kubernetes (RHACS)
- 4.6
Issue
-
When a deployment is deleted from the cluster, and a violation related to that deployment is triggered, the alert displays the following error:
There was an error fetching the deployment details. This deployment may no longer exist. Deployment with id 'xyz' does not exist: not found - A violation is not associated with metadata or context at the time of detection is not very useful as it is not traceable.
Resolution
- RHACS save some of the basic metadata about a deployment that triggers a violation in the violation record, for some technical and UX reasons.
- If the user needs all the information about the deleted deployment, one can reference the deployment object itself in Kubernetes to give them that detailed view.
- Once that deployment is no longer deployed, that extra information is not available, and only the basic information stored in the violation itself remains. (The violation itself will also be deleted at the end of its retention period.)
- The 'Keeping the violations intact even after deployments/or components deleted' feature is requested to be added into the RHACS.
- This is a known feature request reported and Red Hat Engineering team is looking into it.
- To get more details on it open a Support Ticket.
This solution is part of Red Hat’s fast-track publication program, providing a huge library of solutions that Red Hat engineers have created while supporting our customers. To give you the knowledge you need the instant it becomes available, these articles may be presented in a raw and unedited form.
Comments