https://live.paloaltonetworks.com/t5/prisma-cloud-discussions/quot-failed-to-resolve-rbac-resources-for-defender-quot/m-p/508540#M514 <P><a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/152993">@DmitryKurakin</a>&nbsp;&nbsp;<SPAN>The error ""Failed to resolve RBAC resources for defender"&nbsp;you’re seeing is related to our k8s service account monitoring.&nbsp;<BR /></SPAN><SPAN>This is a feature where periodically every 15 minutes each defender running as part of a daemon set fetches the k8s cluster’s RBAC resources: roles, cluster roles, role bindings, cluster role bindings.<BR /></SPAN><BR /><SPAN>This is used for example to show a list of roles and cluster roles for the service account associated with a container scanned by Prisma Cloud, in the container radar accessible under Radars &gt; Containers.</SPAN><BR /><SPAN>As for why the error is happening, according to the error message when the defender tries to access the k8s API server to fetch the roles, it maybe due to insufficient permissions.</SPAN></P> <P><SPAN>Another reason could be a proxy is used and its not defined properly in Prisma Cloud Defender settings.</SPAN></P> <P><SPAN><BR />Can you please raise a support case and one of our TAC engineer can help to debug this to find the&nbsp;exact&nbsp;cause.<BR />Thanks</SPAN></P> Tue, 12 Jul 2022 05:43:38 GMT pdhamenia 2022-07-12T05:43:38Z https://live.paloaltonetworks.com/t5/prisma-cloud-discussions/quot-failed-to-resolve-rbac-resources-for-defender-quot/m-p/462084#M445 <P>Every 15 minutes for several agents from different k8s clusters, such an error appears in the console:</P> <P>&nbsp;</P> <P>ERRO 2022-01-30T21:38:05.885 pubsub_defender.go:2154 Failed to resolve RBAC resources for defender *defender_name*: {*k8s_cluster_name* {Get "<A href="https://10.233.0.1:443/apis/rbac.authorization.k8s.io/v1/roles" target="_blank" rel="noopener">https://10.233.0.1:443/apis/rbac.authorization.k8s.io/v1/roles</A>": URLBlocked &lt;nil&gt;} { &lt;nil&gt;}} (failed to fetch RBAC resources: )</P> <P>&nbsp;</P> <P>Everything else is working properly...</P> <P>&nbsp;</P> <P>Perhaps this is due to "<SPAN class=""><SPAN class="">11&nbsp;</SPAN></SPAN><SPAN class="">Monitor service accounts"&nbsp;</SPAN>(checkbox when installing the defender) and defender does not have enough rights for this? either agents are on specific nodes of the cluster on which they cannot access the head of k8s api and RBAC..?</P> <P><BR />Has anyone encountered a similar error, any ideas?</P> <P>&nbsp;</P> <P>Thanks!</P> <P>&nbsp;</P> <P><LI-PRODUCT title="Prisma Cloud" id="Prisma_Cloud"></LI-PRODUCT></P> Thu, 28 Jul 2022 19:31:35 GMT https://live.paloaltonetworks.com/t5/prisma-cloud-discussions/quot-failed-to-resolve-rbac-resources-for-defender-quot/m-p/462084#M445 DmitryKurakin 2022-07-28T19:31:35Z https://live.paloaltonetworks.com/t5/prisma-cloud-discussions/quot-failed-to-resolve-rbac-resources-for-defender-quot/m-p/484472#M494 <P>We experience the same issue with Prisma Compute.</P> Tue, 03 May 2022 10:15:12 GMT https://live.paloaltonetworks.com/t5/prisma-cloud-discussions/quot-failed-to-resolve-rbac-resources-for-defender-quot/m-p/484472#M494 ElenaBel 2022-05-03T10:15:12Z https://live.paloaltonetworks.com/t5/prisma-cloud-discussions/quot-failed-to-resolve-rbac-resources-for-defender-quot/m-p/508540#M514 <P><a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/152993">@DmitryKurakin</a>&nbsp;&nbsp;<SPAN>The error ""Failed to resolve RBAC resources for defender"&nbsp;you’re seeing is related to our k8s service account monitoring.&nbsp;<BR /></SPAN><SPAN>This is a feature where periodically every 15 minutes each defender running as part of a daemon set fetches the k8s cluster’s RBAC resources: roles, cluster roles, role bindings, cluster role bindings.<BR /></SPAN><BR /><SPAN>This is used for example to show a list of roles and cluster roles for the service account associated with a container scanned by Prisma Cloud, in the container radar accessible under Radars &gt; Containers.</SPAN><BR /><SPAN>As for why the error is happening, according to the error message when the defender tries to access the k8s API server to fetch the roles, it maybe due to insufficient permissions.</SPAN></P> <P><SPAN>Another reason could be a proxy is used and its not defined properly in Prisma Cloud Defender settings.</SPAN></P> <P><SPAN><BR />Can you please raise a support case and one of our TAC engineer can help to debug this to find the&nbsp;exact&nbsp;cause.<BR />Thanks</SPAN></P> Tue, 12 Jul 2022 05:43:38 GMT https://live.paloaltonetworks.com/t5/prisma-cloud-discussions/quot-failed-to-resolve-rbac-resources-for-defender-quot/m-p/508540#M514 pdhamenia 2022-07-12T05:43:38Z