add cre-2025-0201

Author: lsibilla

rules/cre-2025-0026/aws-ebs-csi-driver-fails-to.yaml

@@ -39,11 +39,10 @@ rules:
   rule:
     set:
       event:
-        source: cre.log.ebs-csi-snapshotter
-      window: 1m
+        source: cre.log.aws.eks-nodeagent
+      window: 10s
       match:
+        - value: the server could not find the requested resource (get volumesnapshotcontents.snapshot.storage.k8s.io)
         - value: Unhandled Error
+        - regex: k8s.io/client-go@(.+)/tools/cache/reflector.go
         - value: Failed to watch *v1.VolumeSnapshotClass
-        - value: Failed to watch *v1.VolumeSnapshotContent
-        - value: the server could not find the requested resource (get volumesnapshotclasses.snapshot.storage.k8s.io)
-        - value: the server could not find the requested resource (get volumesnapshotcontents.snapshot.storage.k8s.io)

rules/cre-2025-0201/aws-ebs-csi-driver-fails-to.yaml

@@ -0,0 +1,46 @@
+rules:
+- cre:
+    id: CRE-2025-0201
+    severity: 3
+    title: The snapshot functionality of the AWS EBS CSI Driver is failing.
+    category: storage-problem
+    author: Prequel
+    description: |
+      The AWS EBS CSI driver, fails to list `VolumeSnapshotClass` and `VolumeSnapshotContent`.
+    cause: |
+      To manipulate snapshots of a Kubernetes `PersistentVolume` backed by the AWS EBS CSI driver, the installation of external-snapshotter is required.
+    tags:
+      - ebs
+      - csi
+      - aws
+      - storage
+      - public
+    mitigation: | 
+      - Install external-snapshotter
+    references:
+      - https://github.com/kubernetes-sigs/aws-ebs-csi-driver/issues/1447#issuecomment-1664682557
+      - https://github.com/kubernetes-csi/external-snapshotter
+    applications:
+      - name: aws-ebs-csi-driver
+        version:  1.26.1
+        imageUrl: public.ecr.aws/eks/aws-ebs-csi-driver:v1.25.0
+        containerName: ebs-csi-controller
+    impact: degraded volume snapshotting functionality
+    impactScore: 3
+    mitigationScore: 1
+    reports: 4
+  metadata:
+    kind: prequel
+    id: 3o6P1D452JrSTHb3449WcB
+    gen: 1
+  rule:
+    set:
+      event:
+        source: cre.log.ebs-csi-snapshotter
+      window: 1m
+      match:
+        - value: Unhandled Error
+        - value: Failed to watch *v1.VolumeSnapshotClass
+        - value: Failed to watch *v1.VolumeSnapshotContent
+        - value: the server could not find the requested resource (get volumesnapshotclasses.snapshot.storage.k8s.io)
+        - value: the server could not find the requested resource (get volumesnapshotcontents.snapshot.storage.k8s.io)

rules/cre-2025-0201/test.log

@@ -0,0 +1,3 @@
+E0413 23:38:00.000000       1 reflector.go:158] "Unhandled Error" err="k8s.io/client-go@v0.31.3/tools/cache/reflector.go:243: Failed to watch *v1.VolumeSnapshotContent: failed to list *v1.VolumeSnapshotContent: the server could not find the requested resource (get volumesnapshotcontents.snapshot.storage.k8s.io)" logger="UnhandledError"
+E0413 23:38:00.000002       1 reflector.go:158] "Unhandled Error" err="k8s.io/client-go@v0.31.3/tools/cache/reflector.go:243: Failed to watch *v1.VolumeSnapshotClass: failed to list *v1.VolumeSnapshotClass: the server could not find the requested resource (get volumesnapshotclasses.snapshot.storage.k8s.io)" logger="UnhandledError"
+E0413 23:38:00.874041       1 reflector.go:158] "Unhandled Error" err="k8s.io/client-go@v0.31.3/tools/cache/reflector.go:243: Failed to watch *v1.VolumeSnapshotClass: failed to list *v1.VolumeSnapshotClass: the server could not find the requested resource (get volumesnapshotclasses.snapshot.storage.k8s.io)" logger="UnhandledError"