[go: nahoru, domu]
Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

ARM support ? #37

Open
nlamirault opened this issue Aug 31, 2018 · 4 comments
Open

ARM support ? #37

nlamirault opened this issue Aug 31, 2018 · 4 comments
Labels
enhancement New feature or request

Comments

@nlamirault
Copy link

Hi,
i would like to test kube-hunter on my ARM Kubernetes cluster using the Docker container.
I've got this error :

$ docker run -it --rm --network host aquasec/kube-hunter --token xxxxxxxxxxxxxxxxxxxxxxxx
Unable to find image 'aquasec/kube-hunter:latest' locally
latest: Pulling from aquasec/kube-hunter
be8881be8156: Pull complete 
44247e56d488: Pull complete 
9b1ccb116b10: Pull complete 
94c785725d8a: Pull complete 
ec04bd431296: Pull complete 
abdaeaf60dc8: Pull complete 
e6cf9354e1c2: Pull complete 
d80fd4a74001: Pull complete 
ae47b67b03da: Pull complete 
Digest: sha256:4d52303ee247ebabc18146de6728e30439a99f5be53f69b63a451acb7cdbab3d
Status: Downloaded newer image for aquasec/kube-hunter:latest
standard_init_linux.go:190: exec user process caused "exec format error"

I think it could comes from :

This container includes this source code, plus an additional (closed source) reporting plugin for uploading results into a report that can be viewed at kube-hunter.aquasec.com

Do you plan to support multiarch ?
@lizrice
Copy link
Contributor
lizrice commented Sep 6, 2018

We could certainly look into this if there is demand. For now you could run the tests from the source code - the only difference is that it won't report the results back to the website and you won't have the pretty report.

@handbrianc
Copy link

+1 for this request. It would be nice to be able to run this for raspberry pi's

Building from source on a raspberry pi has been problematic for me. I have been getting errors on not being able to open threads when trying to run the code. I am certain it is most likely my setup but it would be nice not to have fight through these types of issues to get meaningful value out of the software for these types of environments.

@lizrice lizrice added the enhancement New feature or request label Feb 15, 2019
@pothos
Copy link
pothos commented Dec 4, 2019
edited

You can build arm64 images as follows on your current x86 Linux environment:

Install the qemu-user-static package for your system which should include qemu-aarch64.
Then maybe do a sudo systemctl restart systemd-binfmt.service depending on your distribution.

Verify that Docker can now start ARM images:

docker run --rm arm64v8/python:3.7-alpine3.10 python3 -c 'print("hi")'

Run git apply, paste the following and press Ctrl-D to temporary select the ARM Python base Docker image explicitly:

diff --git a/Dockerfile b/Dockerfile
index e1d56aa..2ff7eef 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -1,4 +1,4 @@
-FROM python:3.7-alpine3.10 as builder
+FROM arm64v8/python:3.7-alpine3.10 as builder
 
 RUN apk add --no-cache \
     linux-headers \
@@ -12,7 +12,7 @@ RUN pip install -r /kube-hunter/requirements.txt -t /kube-hunter
 
 COPY . /kube-hunter
 
-FROM python:3.7-alpine3.10
+FROM arm64v8/python:3.7-alpine3.10
 
 RUN apk add --no-cache \
     tcpdump

Then build the Docker image as usual but tagged with a -arm64 suffix, i.e., aquasecurity/kube-hunter:latest-arm64.
Also retag the regular x86 image with a -amd64 suffix. Push both.

Now make sure you have "experimental": "enabled" in your ~/.docker/config.json (surrounded by { and } if the file is otherwise empty).

When all images are built on the respective architectures and pushed they can be combined through a manifest to build a multiarch image:

docker manifest create aquasecurity/kube-hunter:latest --amend aquasecurity/kube-hunter:latest-amd64 --amend aquasecurity/kube-hunter:latest-arm64
docker manifest annotate aquasecurity/kube-hunter:latest aquasecurity/kube-hunter:latest-amd64 --arch=amd64 --os=linux
docker manifest annotate aquasecurity/kube-hunter:latest aquasecurity/kube-hunter:latest-arm64 --arch=arm64 --os=linux
docker manifest push aquasecurity/kube-hunter:latest

py-go pushed a commit to py-go/kube-hunter that referenced this issue Aug 29, 2021
@lizrice
docs: Initial ideas (aquasecurity#37)
d6acea5
@chaunceyjiang
Copy link

+1 for this request.
/cc @lizrice

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
5 participants
@nlamirault @lizrice @pothos @handbrianc @chaunceyjiang