-
Notifications
You must be signed in to change notification settings - Fork 181
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
When a resource is deleted, a delete report of some other resource is sent instead of the deleted resource. #2110
Comments
@tokyowizard when report is delete it will get generated again if the resource which report was generated for still exist. |
I experience something similar as well. Sometimes delete is sent for resources that have not actually been deleted. Updates also seem to be sent for resources that are deleted. Example logs from my webhook server:
|
@eri-plint events are send for deleted report and not resources. |
@chen-keinan I think I understand that much. But for the report TTL, it is set for 24h, why would it be recreated after only ~20 minutes? I would buy that specific instance was just unlucky timing and not be related the issue with the delete requests being sent for the wrong reports. And I should maybe have been more clear that I mean the owning resources. For example I delete job A, but the delete request is sent for the report of job B, although job B (and it's associated report resources) still remain. I also noted that multiple delete requests seem to be sent for the same resource in a somewhat short succession, and often shortly after it is created. I don't know if that is relevant though, but it typically looks like the log below. In this case it was not the job foobar-htbzj that was deleted, the requests were sent when another job was deleted which is what I assume @tokyowizard described.
|
@eri-plint I'm not in details on how your prod. env operate, however I can explain how it works on the operator side and maybe it will help for you realize if we are missing anything is details or there is a bug in operatorץ
|
What steps did you take and what happened:
When setting
operator.webhookSendDeletedReports: true
and deleting a kubernetes resource, a delete report of some other resource, which still exists, is sent instead of a report of the deleted resource.Here's a summary of the commands:
Start up a kubernetes cluster using Docker Desktop. Install Docker Desktop and check "Enable Kubernetes" in the settings.
Install the trivy-operator using the helm chart.
In the
values.yaml
, enable the webhook and sending deleted reports. And just enable getting the Vulnerability reports.values.yaml
LOCAL_IP
with your local IP address. (e.g. On MacOS:ifconfig -l | xargs -n 1 ipconfig getifaddr
)trivy-server is running separately as standalone in the cluster.
Start up a webhook server to receive and view the payload of the deleted reports that were sent.
mock_server.py. Python code for the webhook server (tested with Python 3.11 and 3.12)
Apply a couple of jobs to the cluster.
jobs.yaml
Delete one of the jobs.
Check the logs of the webhook server to see the payload of the deleted report.
A payload of the deleted report was for some other pod instead of the
pod-with-vulnerabilities1
job.What did you expect to happen:
I expected a report of the deleted job to have been sent.
Anything else you would like to add:
[Miscellaneous information that will assist in solving the issue.]
Environment:
trivy-operator version
):0.21.1
kubectl version
):v1.29.2
14.4.1
The text was updated successfully, but these errors were encountered: