policy-reporter: S3 Target error logs

Hi. I’m using policy-reporter:2.13.0 on K8S version v1.23.14-gke.1800. I’ve configured the exports to GCS buckets in the following way:

target:
  s3:
    secretRef: "policy-reporter-s3-export-access"
    region: "europe-west"
    endpoint: "https://storage.googleapis.com/"
    bucket: "kyverno-logs"
    pathStyle: false
    minimumPriority: "warning"
    sources: [ kyverno ]
    skipExistingOnStartup: true
    channels:
    - bucket: "kyverno-logs"
      filter:
        status:
          include: ["fail"]

I can see the reports in the S3 bucket and they are exported successfully. However, the policy-reporter pod is constantly reporting:

2023/03/09 11:48:00 [ERROR] S3 : S3 Upload error AccessDenied: Access denied.
        status code: 403, request id: , host id:  
2023/03/09 11:48:00 [ERROR] S3 : S3 Upload error AccessDenied: Access denied.
        status code: 403, request id: , host id:

and is spamming those logs all the time. It is weird because I can see the policy export in S3.

About this issue

  • Original URL
  • State: closed
  • Created a year ago
  • Comments: 15 (10 by maintainers)

Most upvoted comments

Hm as you see here:

https://github.com/kyverno/policy-reporter/blob/main/pkg/helper/gcp.go#L39

it only ask for Write/Read permissions and it only does write operations.

I check if I find something

+1
fjogeleit on Mar 22, 2023
Read more comments on GitHub
← policies: drop-cap-net-raw policy does not work as expected
policy-reporter: `secretRef` is not working for Grafana Loki →