Admission controller not getting admission audit events

Admission controller not getting admission audit events

2936
Created On 07/16/24 00:08 AM - Last Modified 03/11/25 22:35 PM


Symptom


Events are not generated for Admission audit after configuring the webhook.yaml using the documentation

  1. Error noted in API cloud watch logs on EKS 

Failed calling webhook, failing open validating-webhook.twistlock.com: failed calling webhook "validating-webhook.twistlock.com": failed to call webhook: Post "https://defender.twistlock-system.svc:443/enjkgj1vjak90fu4li2a5og8vk8z?timeout=10s": tls: failed to verify certificate: x509: certificate is valid for defender.twistlock.svc, not defender.twistlock-system.svc

  1. Error noted in API cloud watch logs on GKE

authorization.k8s.io/reason: "RBAC: allowed by ClusterRoleBinding "system:gke-common-webhooks" of ClusterRole "system:gke-common-webhooks" to User "system:gke-common-webhooks""failed-open.validating.webhook.admission.k8s.io/round_0_index_0: "validating-webhook.twistlock.com"

Environment


  • Prisma Cloud Compute Self Hosted
  • Prisma Cloud SaaS

Cause


The namespace for the webhook configuration and the deployed defenders needs to be same.

Resolution


  1. Redeploy the defenders after updating the namespace in UI.
  2. This can be done by going to Manage >Defenders >Manual deploy > Advanced settings > Enter the namespace of the Defender Daemon Set.
  3. Once deployed, Refer Validating Your Setup to validate the same.
Other users also viewed:
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA14u0000010zFbCAI&lang=en_US&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail

Choose Language