I installed neuvector with just basically clicking next to install

CrashLoopBackOff (back-off 5m0s restarting failed container=neuvector-enforcer-pod pod=neuvector-enforcer-pod-vtmpc_cattle-neuvector-system(1db089c5-7240-46a1-a172-b836dda0a353)) | Last state: Terminated with 255: Error, started: Fri, Jan 31 2025 5:43:42 am, finished: Fri, Jan 31 2025 5:43:45 am

kubectl get pods -A
NAMESPACE NAME READY STATUS RESTARTS AGE
cattle-fleet-system fleet-agent-0 2/2 Running 0 12h
cattle-neuvector-system neuvector-cert-upgrader-job-x52rs 0/1 Completed 0 8h
cattle-neuvector-system neuvector-controller-pod-b7b5dbf6b-47pqr 1/1 Running 0 9h
cattle-neuvector-system neuvector-controller-pod-b7b5dbf6b-5d9hl 1/1 Running 0 9h
cattle-neuvector-system neuvector-controller-pod-b7b5dbf6b-b7mt5 1/1 Running 0 9h
cattle-neuvector-system neuvector-enforcer-pod-n4m2h 1/1 Running 0 9h
cattle-neuvector-system neuvector-enforcer-pod-vtmpc 0/1 CrashLoopBackOff 109 (4m29s ago) 9h
cattle-neuvector-system neuvector-manager-pod-fbff84457-9vt7h 1/1 Running 0 9h
cattle-neuvector-system neuvector-scanner-pod-db69c548b-fqkwr 1/1 Running 0 9h
cattle-neuvector-system neuvector-scanner-pod-db69c548b-l7jtp 1/1 Running 0 9h
cattle-neuvector-system neuvector-scanner-pod-db69c548b-srfp4 1/1 Running 0 9h
cattle-system cattle-cluster-agent-86d96fc8c6-ckjk6 1/1 Running 0 12h
cattle-system cattle-cluster-agent-86d96fc8c6-z9h8z 1/1 Running 0 12h
cattle-system dashboard-shell-84lm4 2/2 Running 0 23s
cattle-system rancher-webhook-5fb9469c5-rfsrp 1/1 Running 0 12h
cattle-system system-upgrade-controller-5fb67f585d-82mkb 1/1 Running 0 12h
kube-system coredns-ccb96694c-4ztfw 1/1 Running 1 (31h ago) 39h
kube-system helm-install-traefik-crd-vwn54 0/1 Completed 0 39h
kube-system helm-install-traefik-xjccb 0/1 Completed 1 39h
kube-system local-path-provisioner-5cf85fd84d-2thzs 1/1 Running 1 (31h ago) 39h
kube-system metrics-server-5985cbc9d7-8nqkq 1/1 Running 1 (31h ago) 39h
kube-system svclb-traefik-2fbc9b2a-jm8sw 2/2 Running 2 (24h ago) 30h
kube-system svclb-traefik-2fbc9b2a-rkgbp 2/2 Running 2 (31h ago) 39h
kube-system traefik-5886b4f947-jdb7w 1/1 Running 1 (31h ago) 39h

resolved, I ran an upgrade on neuvector and my crash has ceased

The verbose output from kubectl auth can-i gives us a bit more detail about what’s happening:

• Config Loaded: The configuration is loaded from /etc/rancher/k3s/k3s.yaml, which is expected in a [k3s environment](

• API Calls: There are two significant API calls:

  • A GET request to fetch the certificates.k8s.io/v1 API, which succeeds with a 200 OK response, indicating the API is available.

  • A POST request to selfsubjectaccessreviews in the authorization.k8s.io/v1 API, which creates a review with a 201 Created response. This is where Kubernetes checks if the user (in this case, the service account) has the requested permission.

Despite these successful API interactions, the final result is no, indicating the service account does not have permission to create CertificateSigningRequests.

That being said where do i set the permissions of this cronjob that neuvector sets up upon install? Any help would be appreciated.