2020-05-24 01:10:15,194 - xtesting.ci.run_tests - INFO - Deployment description: +-------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------+ | ENV VAR | VALUE | +-------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------+ | CI_LOOP | daily | | DEBUG | true | | DEPLOY_SCENARIO | k8-nosdn-nofeature-noha | | INSTALLER_TYPE | unknown | | BUILD_TAG | 6XQD6IA7UVFQ | | NODE_NAME | lf-virtual1-5 | | TEST_DB_URL | http://testresults.opnfv.org/test/api/v1/results | | TEST_DB_EXT_URL | http://testresults.opnfv.org/test/api/v1/results | | S3_ENDPOINT_URL | https://storage.googleapis.com | | S3_DST_URL | s3://artifacts.opnfv.org/functest-kubernetes/6XQD6IA7UVFQ/functest-kubernetes-opnfv-functest-kubernetes-security-latest-kube_hunter-run-59 | | HTTP_DST_URL | http://artifacts.opnfv.org/functest-kubernetes/6XQD6IA7UVFQ/functest-kubernetes-opnfv-functest-kubernetes-security-latest-kube_hunter-run-59 | +-------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------+ 2020-05-24 01:10:15,200 - xtesting.ci.run_tests - DEBUG - No env file /var/lib/xtesting/conf/env_file found 2020-05-24 01:10:15,200 - xtesting.ci.run_tests - DEBUG - Test args: kube_hunter 2020-05-24 01:10:15,207 - xtesting.ci.run_tests - INFO - Loading test case 'kube_hunter'... 2020-05-24 01:10:15,563 - xtesting.ci.run_tests - INFO - Running test case 'kube_hunter'... 2020-05-24 01:10:15,611 - kubernetes.client.rest - DEBUG - response body: {"kind":"Job","apiVersion":"batch/v1","metadata":{"name":"kube-hunter","namespace":"default","selfLink":"/apis/batch/v1/namespaces/default/jobs/kube-hunter","uid":"7b6baedc-3d3a-4253-afda-e7a1310948a4","resourceVersion":"7172844","creationTimestamp":"2020-05-24T01:10:15Z","labels":{"controller-uid":"7b6baedc-3d3a-4253-afda-e7a1310948a4","job-name":"kube-hunter"},"managedFields":[{"manager":"OpenAPI-Generator","operation":"Update","apiVersion":"batch/v1","time":"2020-05-24T01:10:15Z","fieldsType":"FieldsV1","fieldsV1":{"f:spec":{"f:backoffLimit":{},"f:completions":{},"f:parallelism":{},"f:template":{"f:spec":{"f:containers":{"k:{\"name\":\"kube-hunter\"}":{".":{},"f:args":{},"f:command":{},"f:image":{},"f:imagePullPolicy":{},"f:name":{},"f:resources":{},"f:terminationMessagePath":{},"f:terminationMessagePolicy":{}}},"f:dnsPolicy":{},"f:restartPolicy":{},"f:schedulerName":{},"f:securityContext":{},"f:terminationGracePeriodSeconds":{}}}}}}]},"spec":{"parallelism":1,"completions":1,"backoffLimit":4,"selector":{"matchLabels":{"controller-uid":"7b6baedc-3d3a-4253-afda-e7a1310948a4"}},"template":{"metadata":{"creationTimestamp":null,"labels":{"controller-uid":"7b6baedc-3d3a-4253-afda-e7a1310948a4","job-name":"kube-hunter"}},"spec":{"containers":[{"name":"kube-hunter","image":"aquasec/kube-hunter","command":["python","kube-hunter.py"],"args":["--pod"],"resources":{},"terminationMessagePath":"/dev/termination-log","terminationMessagePolicy":"File","imagePullPolicy":"Always"}],"restartPolicy":"Never","terminationGracePeriodSeconds":30,"dnsPolicy":"ClusterFirst","securityContext":{},"schedulerName":"default-scheduler"}}},"status":{}} 2020-05-24 01:10:15,612 - functest_kubernetes.security.security - INFO - Job kube-hunter created 2020-05-24 01:10:15,613 - functest_kubernetes.security.security - DEBUG - create_namespaced_job: {'api_version': 'batch/v1', 'kind': 'Job', 'metadata': {'annotations': None, 'cluster_name': None, 'creation_timestamp': datetime.datetime(2020, 5, 24, 1, 10, 15, tzinfo=tzlocal()), 'deletion_grace_period_seconds': None, 'deletion_timestamp': None, 'finalizers': None, 'generate_name': None, 'generation': None, 'initializers': None, 'labels': {'controller-uid': '7b6baedc-3d3a-4253-afda-e7a1310948a4', 'job-name': 'kube-hunter'}, 'managed_fields': [{'api_version': 'batch/v1', 'fields': None, 'manager': 'OpenAPI-Generator', 'operation': 'Update', 'time': datetime.datetime(2020, 5, 24, 1, 10, 15, tzinfo=tzlocal())}], 'name': 'kube-hunter', 'namespace': 'default', 'owner_references': None, 'resource_version': '7172844', 'self_link': '/apis/batch/v1/namespaces/default/jobs/kube-hunter', 'uid': '7b6baedc-3d3a-4253-afda-e7a1310948a4'}, 'spec': {'active_deadline_seconds': None, 'backoff_limit': 4, 'completions': 1, 'manual_selector': None, 'parallelism': 1, 'selector': {'match_expressions': None, 'match_labels': {'controller-uid': '7b6baedc-3d3a-4253-afda-e7a1310948a4'}}, 'template': {'metadata': {'annotations': None, 'cluster_name': None, 'creation_timestamp': None, 'deletion_grace_period_seconds': None, 'deletion_timestamp': None, 'finalizers': None, 'generate_name': None, 'generation': None, 'initializers': None, 'labels': {'controller-uid': '7b6baedc-3d3a-4253-afda-e7a1310948a4', 'job-name': 'kube-hunter'}, 'managed_fields': None, 'name': None, 'namespace': None, 'owner_references': None, 'resource_version': None, 'self_link': None, 'uid': None}, 'spec': {'active_deadline_seconds': None, 'affinity': None, 'automount_service_account_token': None, 'containers': [{'args': ['--pod'], 'command': ['python', 'kube-hunter.py'], 'env': None, 'env_from': None, 'image': 'aquasec/kube-hunter', 'image_pull_policy': 'Always', 'lifecycle': None, 'liveness_probe': None, 'name': 'kube-hunter', 'ports': None, 'readiness_probe': None, 'resources': {'limits': None, 'requests': None}, 'security_context': None, 'stdin': None, 'stdin_once': None, 'termination_message_path': '/dev/termination-log', 'termination_message_policy': 'File', 'tty': None, 'volume_devices': None, 'volume_mounts': None, 'working_dir': None}], 'dns_config': None, 'dns_policy': 'ClusterFirst', 'enable_service_links': None, 'host_aliases': None, 'host_ipc': None, 'host_network': None, 'host_pid': None, 'hostname': None, 'image_pull_secrets': None, 'init_containers': None, 'node_name': None, 'node_selector': None, 'preemption_policy': None, 'priority': None, 'priority_class_name': None, 'readiness_gates': None, 'restart_policy': 'Never', 'runtime_class_name': None, 'scheduler_name': 'default-scheduler', 'security_context': {'fs_group': None, 'run_as_group': None, 'run_as_non_root': None, 'run_as_user': None, 'se_linux_options': None, 'supplemental_groups': None, 'sysctls': None, 'windows_options': None}, 'service_account': None, 'service_account_name': None, 'share_process_namespace': None, 'subdomain': None, 'termination_grace_period_seconds': 30, 'tolerations': None, 'volumes': None}}, 'ttl_seconds_after_finished': None}, 'status': {'active': None, 'completion_time': None, 'conditions': None, 'failed': None, 'start_time': None, 'succeeded': None}} 2020-05-24 01:10:40,751 - functest_kubernetes.security.security - INFO - kube-hunter started in 25.19 sec 2020-05-24 01:10:40,789 - kubernetes.client.rest - DEBUG - response body: {"kind":"PodList","apiVersion":"v1","metadata":{"selfLink":"/api/v1/namespaces/default/pods","resourceVersion":"7172952"},"items":[{"metadata":{"name":"kube-hunter-g5lbm","generateName":"kube-hunter-","namespace":"default","selfLink":"/api/v1/namespaces/default/pods/kube-hunter-g5lbm","uid":"fbda73a3-2fc2-475b-9f1a-25d5ba2854d3","resourceVersion":"7172950","creationTimestamp":"2020-05-24T01:10:15Z","labels":{"controller-uid":"7b6baedc-3d3a-4253-afda-e7a1310948a4","job-name":"kube-hunter"},"ownerReferences":[{"apiVersion":"batch/v1","kind":"Job","name":"kube-hunter","uid":"7b6baedc-3d3a-4253-afda-e7a1310948a4","controller":true,"blockOwnerDeletion":true}],"managedFields":[{"manager":"kube-controller-manager","operation":"Update","apiVersion":"v1","time":"2020-05-24T01:10:15Z","fieldsType":"FieldsV1","fieldsV1":{"f:metadata":{"f:generateName":{},"f:labels":{".":{},"f:controller-uid":{},"f:job-name":{}},"f:ownerReferences":{".":{},"k:{\"uid\":\"7b6baedc-3d3a-4253-afda-e7a1310948a4\"}":{".":{},"f:apiVersion":{},"f:blockOwnerDeletion":{},"f:controller":{},"f:kind":{},"f:name":{},"f:uid":{}}}},"f:spec":{"f:containers":{"k:{\"name\":\"kube-hunter\"}":{".":{},"f:args":{},"f:command":{},"f:image":{},"f:imagePullPolicy":{},"f:name":{},"f:resources":{},"f:terminationMessagePath":{},"f:terminationMessagePolicy":{}}},"f:dnsPolicy":{},"f:enableServiceLinks":{},"f:restartPolicy":{},"f:schedulerName":{},"f:securityContext":{},"f:terminationGracePeriodSeconds":{}}}},{"manager":"kubelet","operation":"Update","apiVersion":"v1","time":"2020-05-24T01:10:40Z","fieldsType":"FieldsV1","fieldsV1":{"f:status":{"f:conditions":{"k:{\"type\":\"ContainersReady\"}":{".":{},"f:lastProbeTime":{},"f:lastTransitionTime":{},"f:reason":{},"f:status":{},"f:type":{}},"k:{\"type\":\"Initialized\"}":{".":{},"f:lastProbeTime":{},"f:lastTransitionTime":{},"f:reason":{},"f:status":{},"f:type":{}},"k:{\"type\":\"Ready\"}":{".":{},"f:lastProbeTime":{},"f:lastTransitionTime":{},"f:reason":{},"f:status":{},"f:type":{}}},"f:containerStatuses":{},"f:hostIP":{},"f:phase":{},"f:podIP":{},"f:podIPs":{".":{},"k:{\"ip\":\"10.244.2.13\"}":{".":{},"f:ip":{}}},"f:startTime":{}}}}]},"spec":{"volumes":[{"name":"default-token-7tl2n","secret":{"secretName":"default-token-7tl2n","defaultMode":420}}],"containers":[{"name":"kube-hunter","image":"aquasec/kube-hunter","command":["python","kube-hunter.py"],"args":["--pod"],"resources":{},"volumeMounts":[{"name":"default-token-7tl2n","readOnly":true,"mountPath":"/var/run/secrets/kubernetes.io/serviceaccount"}],"terminationMessagePath":"/dev/termination-log","terminationMessagePolicy":"File","imagePullPolicy":"Always"}],"restartPolicy":"Never","terminationGracePeriodSeconds":30,"dnsPolicy":"ClusterFirst","serviceAccountName":"default","serviceAccount":"default","nodeName":"latest-worker2","securityContext":{},"schedulerName":"default-scheduler","tolerations":[{"key":"node.kubernetes.io/not-ready","operator":"Exists","effect":"NoExecute","tolerationSeconds":300},{"key":"node.kubernetes.io/unreachable","operator":"Exists","effect":"NoExecute","tolerationSeconds":300}],"priority":0,"enableServiceLinks":true},"status":{"phase":"Succeeded","conditions":[{"type":"Initialized","status":"True","lastProbeTime":null,"lastTransitionTime":"2020-05-24T01:10:15Z","reason":"PodCompleted"},{"type":"Ready","status":"False","lastProbeTime":null,"lastTransitionTime":"2020-05-24T01:10:40Z","reason":"PodCompleted"},{"type":"ContainersReady","status":"False","lastProbeTime":null,"lastTransitionTime":"2020-05-24T01:10:40Z","reason":"PodCompleted"},{"type":"PodScheduled","status":"True","lastProbeTime":null,"lastTransitionTime":"2020-05-24T01:10:15Z"}],"hostIP":"172.17.0.12","podIP":"10.244.2.13","podIPs":[{"ip":"10.244.2.13"}],"startTime":"2020-05-24T01:10:15Z","containerStatuses":[{"name":"kube-hunter","state":{"terminated":{"exitCode":0,"reason":"Completed","startedAt":"2020-05-24T01:10:22Z","finishedAt":"2020-05-24T01:10:39Z","containerID":"containerd://3229f80d7fc4f303d4e7fc0804a0b79ca06def1db629bbd5760bba7e53b133cf"}},"lastState":{},"ready":false,"restartCount":0,"image":"docker.io/aquasec/kube-hunter:latest","imageID":"docker.io/aquasec/kube-hunter@sha256:5a7b70d343cfaeff79f6e6a8f473983a5eb7ca52f723aa8aa226aad4ee5b96e3","containerID":"containerd://3229f80d7fc4f303d4e7fc0804a0b79ca06def1db629bbd5760bba7e53b133cf","started":false}],"qosClass":"BestEffort"}}]} 2020-05-24 01:10:40,804 - kubernetes.client.rest - DEBUG - response body: 2020-05-24 01:10:26,775 INFO kube_hunter.modules.report.collector Started hunting 2020-05-24 01:10:26,776 INFO kube_hunter.modules.report.collector Discovering Open Kubernetes Services 2020-05-24 01:10:26,786 INFO kube_hunter.modules.report.collector Found vulnerability "Read access to pod's service account token" in Local to Pod (kube-hunter-g5lbm) 2020-05-24 01:10:26,787 INFO kube_hunter.modules.report.collector Found vulnerability "CAP_NET_RAW Enabled" in Local to Pod (kube-hunter-g5lbm) 2020-05-24 01:10:26,788 INFO kube_hunter.modules.report.collector Found vulnerability "Access to pod's secrets" in Local to Pod (kube-hunter-g5lbm) 2020-05-24 01:10:27,223 INFO kube_hunter.modules.report.collector Found open service "API Server" at 10.96.0.1:443 2020-05-24 01:10:27,265 INFO kube_hunter.modules.report.collector Found open service "Kubelet API" at 10.244.2.1:10250 2020-05-24 01:10:27,275 INFO kube_hunter.modules.report.collector Found vulnerability "K8s Version Disclosure" in 10.96.0.1:443 2020-05-24 01:10:27,278 INFO kube_hunter.modules.report.collector Found vulnerability "Access to API using service account token" in 10.96.0.1:443 Nodes +-------------+------------+ | TYPE | LOCATION | +-------------+------------+ | Node/Master | 10.244.2.1 | +-------------+------------+ | Node/Master | 10.96.0.1 | +-------------+------------+ Detected Services +-------------+------------------+----------------------+ | SERVICE | LOCATION | DESCRIPTION | +-------------+------------------+----------------------+ | Kubelet API | 10.244.2.1:10250 | The Kubelet is the | | | | main component in | | | | every Node, all pod | | | | operations goes | | | | through the kubelet | +-------------+------------------+----------------------+ | API Server | 10.96.0.1:443 | The API server is in | | | | charge of all | | | | operations on the | | | | cluster. | +-------------+------------------+----------------------+ Vulnerabilities For further information about a vulnerability, search its ID in: https://github.com/aquasecurity/kube-hunter/tree/master/docs/_kb +--------+----------------------+----------------------+----------------------+----------------------+----------------------+ | ID | LOCATION | CATEGORY | VULNERABILITY | DESCRIPTION | EVIDENCE | +--------+----------------------+----------------------+----------------------+----------------------+----------------------+ | KHV005 | 10.96.0.1:443 | Information | Access to API using | The API Server port | b'{"kind":"APIVersio | | | | Disclosure | service account | is accessible. | ns","versions":["v1" | | | | | token | Depending on | ... | | | | | | your RBAC settings | | | | | | | this could expose | | | | | | | access to or control | | | | | | | of your cluster. | | +--------+----------------------+----------------------+----------------------+----------------------+----------------------+ | KHV002 | 10.96.0.1:443 | Information | K8s Version | The kubernetes | v1.18.2 | | | | Disclosure | Disclosure | version could be | | | | | | | obtained from the | | | | | | | /version endpoint | | +--------+----------------------+----------------------+----------------------+----------------------+----------------------+ | None | Local to Pod (kube- | Access Risk | CAP_NET_RAW Enabled | CAP_NET_RAW is | | | | hunter-g5lbm) | | | enabled by default | | | | | | | for pods. | | | | | | | If an attacker | | | | | | | manages to | | | | | | | compromise a pod, | | | | | | | they could | | | | | | | potentially take | | | | | | | advantage of this | | | | | | | capability to | | | | | | | perform network | | | | | | | attacks on other | | | | | | | pods running on the | | | | | | | same node | | +--------+----------------------+----------------------+----------------------+----------------------+----------------------+ | None | Local to Pod (kube- | Access Risk | Access to pod's | Accessing the pod's | ['/var/run/secrets/k | | | hunter-g5lbm) | | secrets | secrets within a | ubernetes.io/service | | | | | | compromised pod | ... | | | | | | might disclose | | | | | | | valuable data to a | | | | | | | potential attacker | | +--------+----------------------+----------------------+----------------------+----------------------+----------------------+ | KHV050 | Local to Pod (kube- | Access Risk | Read access to pod's | Accessing the pod | eyJhbGciOiJSUzI1NiIs | | | hunter-g5lbm) | | service account | service account | ImtpZCI6IlQxekJ1bVJS | | | | | token | token gives an | ... | | | | | | attacker the option | | | | | | | to use the server | | | | | | | API | | +--------+----------------------+----------------------+----------------------+----------------------+----------------------+ 2020-05-24 01:10:40,804 - functest_kubernetes.security.security - WARNING - 2020-05-24 01:10:26,775 INFO kube_hunter.modules.report.collector Started hunting 2020-05-24 01:10:26,776 INFO kube_hunter.modules.report.collector Discovering Open Kubernetes Services 2020-05-24 01:10:26,786 INFO kube_hunter.modules.report.collector Found vulnerability "Read access to pod's service account token" in Local to Pod (kube-hunter-g5lbm) 2020-05-24 01:10:26,787 INFO kube_hunter.modules.report.collector Found vulnerability "CAP_NET_RAW Enabled" in Local to Pod (kube-hunter-g5lbm) 2020-05-24 01:10:26,788 INFO kube_hunter.modules.report.collector Found vulnerability "Access to pod's secrets" in Local to Pod (kube-hunter-g5lbm) 2020-05-24 01:10:27,223 INFO kube_hunter.modules.report.collector Found open service "API Server" at 10.96.0.1:443 2020-05-24 01:10:27,265 INFO kube_hunter.modules.report.collector Found open service "Kubelet API" at 10.244.2.1:10250 2020-05-24 01:10:27,275 INFO kube_hunter.modules.report.collector Found vulnerability "K8s Version Disclosure" in 10.96.0.1:443 2020-05-24 01:10:27,278 INFO kube_hunter.modules.report.collector Found vulnerability "Access to API using service account token" in 10.96.0.1:443 Nodes +-------------+------------+ | TYPE | LOCATION | +-------------+------------+ | Node/Master | 10.244.2.1 | +-------------+------------+ | Node/Master | 10.96.0.1 | +-------------+------------+ Detected Services +-------------+------------------+----------------------+ | SERVICE | LOCATION | DESCRIPTION | +-------------+------------------+----------------------+ | Kubelet API | 10.244.2.1:10250 | The Kubelet is the | | | | main component in | | | | every Node, all pod | | | | operations goes | | | | through the kubelet | +-------------+------------------+----------------------+ | API Server | 10.96.0.1:443 | The API server is in | | | | charge of all | | | | operations on the | | | | cluster. | +-------------+------------------+----------------------+ Vulnerabilities For further information about a vulnerability, search its ID in: https://github.com/aquasecurity/kube-hunter/tree/master/docs/_kb +--------+----------------------+----------------------+----------------------+----------------------+----------------------+ | ID | LOCATION | CATEGORY | VULNERABILITY | DESCRIPTION | EVIDENCE | +--------+----------------------+----------------------+----------------------+----------------------+----------------------+ | KHV005 | 10.96.0.1:443 | Information | Access to API using | The API Server port | b'{"kind":"APIVersio | | | | Disclosure | service account | is accessible. | ns","versions":["v1" | | | | | token | Depending on | ... | | | | | | your RBAC settings | | | | | | | this could expose | | | | | | | access to or control | | | | | | | of your cluster. | | +--------+----------------------+----------------------+----------------------+----------------------+----------------------+ | KHV002 | 10.96.0.1:443 | Information | K8s Version | The kubernetes | v1.18.2 | | | | Disclosure | Disclosure | version could be | | | | | | | obtained from the | | | | | | | /version endpoint | | +--------+----------------------+----------------------+----------------------+----------------------+----------------------+ | None | Local to Pod (kube- | Access Risk | CAP_NET_RAW Enabled | CAP_NET_RAW is | | | | hunter-g5lbm) | | | enabled by default | | | | | | | for pods. | | | | | | | If an attacker | | | | | | | manages to | | | | | | | compromise a pod, | | | | | | | they could | | | | | | | potentially take | | | | | | | advantage of this | | | | | | | capability to | | | | | | | perform network | | | | | | | attacks on other | | | | | | | pods running on the | | | | | | | same node | | +--------+----------------------+----------------------+----------------------+----------------------+----------------------+ | None | Local to Pod (kube- | Access Risk | Access to pod's | Accessing the pod's | ['/var/run/secrets/k | | | hunter-g5lbm) | | secrets | secrets within a | ubernetes.io/service | | | | | | compromised pod | ... | | | | | | might disclose | | | | | | | valuable data to a | | | | | | | potential attacker | | +--------+----------------------+----------------------+----------------------+----------------------+----------------------+ | KHV050 | Local to Pod (kube- | Access Risk | Read access to pod's | Accessing the pod | eyJhbGciOiJSUzI1NiIs | | | hunter-g5lbm) | | service account | service account | ImtpZCI6IlQxekJ1bVJS | | | | | token | token gives an | ... | | | | | | attacker the option | | | | | | | to use the server | | | | | | | API | | +--------+----------------------+----------------------+----------------------+----------------------+----------------------+ 2020-05-24 01:10:40,804 - xtesting.ci.run_tests - INFO - Test result: +---------------------+------------------+------------------+----------------+ | TEST CASE | PROJECT | DURATION | RESULT | +---------------------+------------------+------------------+----------------+ | kube_hunter | functest | 00:25 | PASS | +---------------------+------------------+------------------+----------------+ 2020-05-24 01:10:40,851 - kubernetes.client.rest - DEBUG - response body: {"kind":"Pod","apiVersion":"v1","metadata":{"name":"kube-hunter-g5lbm","generateName":"kube-hunter-","namespace":"default","selfLink":"/api/v1/namespaces/default/pods/kube-hunter-g5lbm","uid":"fbda73a3-2fc2-475b-9f1a-25d5ba2854d3","resourceVersion":"7172953","creationTimestamp":"2020-05-24T01:10:15Z","deletionTimestamp":"2020-05-24T01:10:40Z","deletionGracePeriodSeconds":0,"labels":{"controller-uid":"7b6baedc-3d3a-4253-afda-e7a1310948a4","job-name":"kube-hunter"},"ownerReferences":[{"apiVersion":"batch/v1","kind":"Job","name":"kube-hunter","uid":"7b6baedc-3d3a-4253-afda-e7a1310948a4","controller":true,"blockOwnerDeletion":true}],"managedFields":[{"manager":"kube-controller-manager","operation":"Update","apiVersion":"v1","time":"2020-05-24T01:10:15Z","fieldsType":"FieldsV1","fieldsV1":{"f:metadata":{"f:generateName":{},"f:labels":{".":{},"f:controller-uid":{},"f:job-name":{}},"f:ownerReferences":{".":{},"k:{\"uid\":\"7b6baedc-3d3a-4253-afda-e7a1310948a4\"}":{".":{},"f:apiVersion":{},"f:blockOwnerDeletion":{},"f:controller":{},"f:kind":{},"f:name":{},"f:uid":{}}}},"f:spec":{"f:containers":{"k:{\"name\":\"kube-hunter\"}":{".":{},"f:args":{},"f:command":{},"f:image":{},"f:imagePullPolicy":{},"f:name":{},"f:resources":{},"f:terminationMessagePath":{},"f:terminationMessagePolicy":{}}},"f:dnsPolicy":{},"f:enableServiceLinks":{},"f:restartPolicy":{},"f:schedulerName":{},"f:securityContext":{},"f:terminationGracePeriodSeconds":{}}}},{"manager":"kubelet","operation":"Update","apiVersion":"v1","time":"2020-05-24T01:10:40Z","fieldsType":"FieldsV1","fieldsV1":{"f:status":{"f:conditions":{"k:{\"type\":\"ContainersReady\"}":{".":{},"f:lastProbeTime":{},"f:lastTransitionTime":{},"f:reason":{},"f:status":{},"f:type":{}},"k:{\"type\":\"Initialized\"}":{".":{},"f:lastProbeTime":{},"f:lastTransitionTime":{},"f:reason":{},"f:status":{},"f:type":{}},"k:{\"type\":\"Ready\"}":{".":{},"f:lastProbeTime":{},"f:lastTransitionTime":{},"f:reason":{},"f:status":{},"f:type":{}}},"f:containerStatuses":{},"f:hostIP":{},"f:phase":{},"f:podIP":{},"f:podIPs":{".":{},"k:{\"ip\":\"10.244.2.13\"}":{".":{},"f:ip":{}}},"f:startTime":{}}}}]},"spec":{"volumes":[{"name":"default-token-7tl2n","secret":{"secretName":"default-token-7tl2n","defaultMode":420}}],"containers":[{"name":"kube-hunter","image":"aquasec/kube-hunter","command":["python","kube-hunter.py"],"args":["--pod"],"resources":{},"volumeMounts":[{"name":"default-token-7tl2n","readOnly":true,"mountPath":"/var/run/secrets/kubernetes.io/serviceaccount"}],"terminationMessagePath":"/dev/termination-log","terminationMessagePolicy":"File","imagePullPolicy":"Always"}],"restartPolicy":"Never","terminationGracePeriodSeconds":30,"dnsPolicy":"ClusterFirst","serviceAccountName":"default","serviceAccount":"default","nodeName":"latest-worker2","securityContext":{},"schedulerName":"default-scheduler","tolerations":[{"key":"node.kubernetes.io/not-ready","operator":"Exists","effect":"NoExecute","tolerationSeconds":300},{"key":"node.kubernetes.io/unreachable","operator":"Exists","effect":"NoExecute","tolerationSeconds":300}],"priority":0,"enableServiceLinks":true},"status":{"phase":"Succeeded","conditions":[{"type":"Initialized","status":"True","lastProbeTime":null,"lastTransitionTime":"2020-05-24T01:10:15Z","reason":"PodCompleted"},{"type":"Ready","status":"False","lastProbeTime":null,"lastTransitionTime":"2020-05-24T01:10:40Z","reason":"PodCompleted"},{"type":"ContainersReady","status":"False","lastProbeTime":null,"lastTransitionTime":"2020-05-24T01:10:40Z","reason":"PodCompleted"},{"type":"PodScheduled","status":"True","lastProbeTime":null,"lastTransitionTime":"2020-05-24T01:10:15Z"}],"hostIP":"172.17.0.12","podIP":"10.244.2.13","podIPs":[{"ip":"10.244.2.13"}],"startTime":"2020-05-24T01:10:15Z","containerStatuses":[{"name":"kube-hunter","state":{"terminated":{"exitCode":0,"reason":"Completed","startedAt":"2020-05-24T01:10:22Z","finishedAt":"2020-05-24T01:10:39Z","containerID":"containerd://3229f80d7fc4f303d4e7fc0804a0b79ca06def1db629bbd5760bba7e53b133cf"}},"lastState":{},"ready":false,"restartCount":0,"image":"docker.io/aquasec/kube-hunter:latest","imageID":"docker.io/aquasec/kube-hunter@sha256:5a7b70d343cfaeff79f6e6a8f473983a5eb7ca52f723aa8aa226aad4ee5b96e3","containerID":"containerd://3229f80d7fc4f303d4e7fc0804a0b79ca06def1db629bbd5760bba7e53b133cf","started":false}],"qosClass":"BestEffort"}} 2020-05-24 01:10:40,852 - functest_kubernetes.security.security - DEBUG - delete_namespaced_pod: {'api_version': 'v1', 'code': None, 'details': None, 'kind': 'Pod', 'message': None, 'metadata': {'_continue': None, 'remaining_item_count': None, 'resource_version': '7172953', 'self_link': '/api/v1/namespaces/default/pods/kube-hunter-g5lbm'}, 'reason': None, 'status': "{'phase': 'Succeeded', 'conditions': [{'type': 'Initialized', " "'status': 'True', 'lastProbeTime': None, 'lastTransitionTime': " "'2020-05-24T01:10:15Z', 'reason': 'PodCompleted'}, {'type': " "'Ready', 'status': 'False', 'lastProbeTime': None, " "'lastTransitionTime': '2020-05-24T01:10:40Z', 'reason': " "'PodCompleted'}, {'type': 'ContainersReady', 'status': 'False', " "'lastProbeTime': None, 'lastTransitionTime': " "'2020-05-24T01:10:40Z', 'reason': 'PodCompleted'}, {'type': " "'PodScheduled', 'status': 'True', 'lastProbeTime': None, " "'lastTransitionTime': '2020-05-24T01:10:15Z'}], 'hostIP': " "'172.17.0.12', 'podIP': '10.244.2.13', 'podIPs': [{'ip': " "'10.244.2.13'}], 'startTime': '2020-05-24T01:10:15Z', " "'containerStatuses': [{'name': 'kube-hunter', 'state': " "{'terminated': {'exitCode': 0, 'reason': 'Completed', 'startedAt': " "'2020-05-24T01:10:22Z', 'finishedAt': '2020-05-24T01:10:39Z', " "'containerID': " "'containerd://3229f80d7fc4f303d4e7fc0804a0b79ca06def1db629bbd5760bba7e53b133cf'}}, " "'lastState': {}, 'ready': False, 'restartCount': 0, 'image': " "'docker.io/aquasec/kube-hunter:latest', 'imageID': " "'docker.io/aquasec/kube-hunter@sha256:5a7b70d343cfaeff79f6e6a8f473983a5eb7ca52f723aa8aa226aad4ee5b96e3', " "'containerID': " "'containerd://3229f80d7fc4f303d4e7fc0804a0b79ca06def1db629bbd5760bba7e53b133cf', " "'started': False}], 'qosClass': 'BestEffort'}"} 2020-05-24 01:10:40,871 - kubernetes.client.rest - DEBUG - response body: {"kind":"Job","apiVersion":"batch/v1","metadata":{"name":"kube-hunter","namespace":"default","selfLink":"/apis/batch/v1/namespaces/default/jobs/kube-hunter","uid":"7b6baedc-3d3a-4253-afda-e7a1310948a4","resourceVersion":"7172955","creationTimestamp":"2020-05-24T01:10:15Z","deletionTimestamp":"2020-05-24T01:10:40Z","deletionGracePeriodSeconds":0,"labels":{"controller-uid":"7b6baedc-3d3a-4253-afda-e7a1310948a4","job-name":"kube-hunter"},"finalizers":["orphan"],"managedFields":[{"manager":"OpenAPI-Generator","operation":"Update","apiVersion":"batch/v1","time":"2020-05-24T01:10:15Z","fieldsType":"FieldsV1","fieldsV1":{"f:spec":{"f:backoffLimit":{},"f:completions":{},"f:parallelism":{},"f:template":{"f:spec":{"f:containers":{"k:{\"name\":\"kube-hunter\"}":{".":{},"f:args":{},"f:command":{},"f:image":{},"f:imagePullPolicy":{},"f:name":{},"f:resources":{},"f:terminationMessagePath":{},"f:terminationMessagePolicy":{}}},"f:dnsPolicy":{},"f:restartPolicy":{},"f:schedulerName":{},"f:securityContext":{},"f:terminationGracePeriodSeconds":{}}}}}},{"manager":"kube-controller-manager","operation":"Update","apiVersion":"batch/v1","time":"2020-05-24T01:10:40Z","fieldsType":"FieldsV1","fieldsV1":{"f:status":{"f:completionTime":{},"f:conditions":{".":{},"k:{\"type\":\"Complete\"}":{".":{},"f:lastProbeTime":{},"f:lastTransitionTime":{},"f:status":{},"f:type":{}}},"f:startTime":{},"f:succeeded":{}}}}]},"spec":{"parallelism":1,"completions":1,"backoffLimit":4,"selector":{"matchLabels":{"controller-uid":"7b6baedc-3d3a-4253-afda-e7a1310948a4"}},"template":{"metadata":{"creationTimestamp":null,"labels":{"controller-uid":"7b6baedc-3d3a-4253-afda-e7a1310948a4","job-name":"kube-hunter"}},"spec":{"containers":[{"name":"kube-hunter","image":"aquasec/kube-hunter","command":["python","kube-hunter.py"],"args":["--pod"],"resources":{},"terminationMessagePath":"/dev/termination-log","terminationMessagePolicy":"File","imagePullPolicy":"Always"}],"restartPolicy":"Never","terminationGracePeriodSeconds":30,"dnsPolicy":"ClusterFirst","securityContext":{},"schedulerName":"default-scheduler"}}},"status":{"conditions":[{"type":"Complete","status":"True","lastProbeTime":"2020-05-24T01:10:40Z","lastTransitionTime":"2020-05-24T01:10:40Z"}],"startTime":"2020-05-24T01:10:15Z","completionTime":"2020-05-24T01:10:40Z","succeeded":1}} 2020-05-24 01:10:40,872 - functest_kubernetes.security.security - DEBUG - delete_namespaced_deployment: {'api_version': 'batch/v1', 'code': None, 'details': None, 'kind': 'Job', 'message': None, 'metadata': {'_continue': None, 'remaining_item_count': None, 'resource_version': '7172955', 'self_link': '/apis/batch/v1/namespaces/default/jobs/kube-hunter'}, 'reason': None, 'status': "{'conditions': [{'type': 'Complete', 'status': 'True', " "'lastProbeTime': '2020-05-24T01:10:40Z', 'lastTransitionTime': " "'2020-05-24T01:10:40Z'}], 'startTime': '2020-05-24T01:10:15Z', " "'completionTime': '2020-05-24T01:10:40Z', 'succeeded': 1}"} 2020-05-24 01:10:41,182 - xtesting.core.testcase - DEBUG - Publishing /var/lib/xtesting/results/functest-kubernetes.log ('text/plain', None) 2020-05-24 01:10:41,370 - xtesting.core.testcase - DEBUG - Publishing /var/lib/xtesting/results/functest-kubernetes.debug.log ('text/plain', None)