"Failed to resolve RBAC resources for defender" - Repeating defender ERRO in console logs.

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

"Failed to resolve RBAC resources for defender" - Repeating defender ERRO in console logs.

L0 Member

Every 15 minutes for several agents from different k8s clusters, such an error appears in the console:

 

ERRO 2022-01-30T21:38:05.885 pubsub_defender.go:2154 Failed to resolve RBAC resources for defender *defender_name*: {*k8s_cluster_name* {Get "https://10.233.0.1:443/apis/rbac.authorization.k8s.io/v1/roles": URLBlocked <nil>} { <nil>}} (failed to fetch RBAC resources: )

 

Everything else is working properly...

 

Perhaps this is due to "11 Monitor service accounts" (checkbox when installing the defender) and defender does not have enough rights for this? either agents are on specific nodes of the cluster on which they cannot access the head of k8s api and RBAC..?


Has anyone encountered a similar error, any ideas?

 

Thanks!

 

Prisma Cloud

2 REPLIES 2

L0 Member

We experience the same issue with Prisma Compute.

L0 Member

@DmitryKurakin  The error ""Failed to resolve RBAC resources for defender" you’re seeing is related to our k8s service account monitoring. 
This is a feature where periodically every 15 minutes each defender running as part of a daemon set fetches the k8s cluster’s RBAC resources: roles, cluster roles, role bindings, cluster role bindings.

This is used for example to show a list of roles and cluster roles for the service account associated with a container scanned by Prisma Cloud, in the container radar accessible under Radars > Containers.
As for why the error is happening, according to the error message when the defender tries to access the k8s API server to fetch the roles, it maybe due to insufficient permissions.

Another reason could be a proxy is used and its not defined properly in Prisma Cloud Defender settings.


Can you please raise a support case and one of our TAC engineer can help to debug this to find the exact cause.
Thanks

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!