search

abahmed / kwatch

:eyes: monitor & detect crashes in your Kubernetes(K8s) cluster instantly
https://kwatch.dev
MIT License
944 stars 75 forks source link

Ignoring reasons and namespace not fully working? #311

Closed adamw-linadm closed 1 month ago

adamw-linadm commented 1 month ago

Describe the bug Ignoring patterns not working correctly

To Reproduce I have this config:

    ignoreFailedGracefulShutdown: true
    ignoreContainerNames:
      - b24depot-container-cron
    ignorePodNames:
      - scan-vulnerabilityreport-.*
    alert:
      slack:
        webhook: https://hooks.slack.com/services/XXX
    app:
      clusterName: testowy
      disableStartupMessage: true
      logFormatter: json
    namespaces:
      - "!trivy-system"
    reasons:
      - "!Completed"

and still I have alert trigger from ignored namespace and with ignored reason. Log with reason: Complited

{"level":"info","msg":"skip namespace trivy-system as in namespace forbid list","time":"2024-06-03T07:41:35Z"}
{"level":"info","msg":"skip namespace trivy-system as in namespace forbid list","time":"2024-06-03T07:41:36Z"}
{"level":"info","msg":"container only issue app-crawlers-project-0-c-0 app-crawlers-project-0-7b9cf895b4-8t666 app-crawlers-project-0-7b9cf895b4 Completed  0","time":"2024-06-03T07:41:38Z"}
{"level":"info","msg":"sending event: {PodName:app-crawlers-project-0-7b9cf895b4-8t666 ContainerName:app-crawlers-project-0-c-0 Namespace:parser Reason:Completed Events:[2024-06-03 07:41:37 +0000 UTC] Pulled Container image \"masked/image:version\" already present on machine\n[2024-06-03 07:41:37 +0000 UTC] Created Created container app-crawlers-project-0-c-0\n[2024-06-03 07:41:37 +0000 UTC] Started Started container app-crawlers-project-0-c-0 Logs: Labels:map[app:app-crawlers-project-0 app.kubernetes.io/app-instance:app app/network-policy.allowed-egress:true app/network-policy.allowed-egress-internal:true app/network-policy.allowed-egress-world:true pod-template-hash:7b9cf895b4]}","time":"2024-06-03T07:41:38Z"}
{"level":"info","msg":"skip namespace trivy-system as in namespace forbid list","time":"2024-06-03T07:41:50Z"}
{"level":"info","msg":"skip namespace trivy-system as in namespace forbid list","time":"2024-06-03T07:41:50Z"}

Log from namespace trivy-system and also from ignored pod name:

{"level":"info","msg":"skip namespace trivy-system as in namespace forbid list","time":"2024-06-03T07:56:20Z"}
{"level":"info","msg":"skip namespace trivy-system as in namespace forbid list","time":"2024-06-03T07:56:21Z"}
{"level":"info","msg":"skip namespace trivy-system as in namespace forbid list","time":"2024-06-03T07:56:25Z"}
{"level":"info","msg":"skip namespace trivy-system as in namespace forbid list","time":"2024-06-03T07:56:25Z"}
{"level":"info","msg":"skip namespace trivy-system as in namespace forbid list","time":"2024-06-03T07:56:26Z"}
{"level":"info","msg":"container only issue pl--initial-loads--initial-loads-1-c-2 scan-vulnerabilityreport-b865bd4db-bbxpq scan-vulnerabilityreport-b865bd4db Error  2","time":"2024-06-03T07:56:26Z"}
{"level":"info","msg":"sending event: {PodName:scan-vulnerabilityreport-b865bd4db-bbxpq ContainerName:pl--initial-loads--initial-loads-1-c-2 Namespace:trivy-system Reason:Error Events:[2024-06-03 07:51:26 +0000 UTC] Pulled Container image \"ghcr.io/aquasecurity/trivy:0.49.1\" already present on machine\n[2024-06-03 07:51:26 +0000 UTC] Created Created container c6e328d8-a6ae-475b-9c27-febcd8147636\n[2024-06-03 07:51:26 +0000 UTC] Started Started container c6e328d8-a6ae-475b-9c27-febcd8147636\n[2024-06-03 07:51:27 +0000 UTC] Pulled Container image \"ghcr.io/aquasecurity/trivy:0.49.1\" already present on machine\n[2024-06-03 07:51:27 +0000 UTC] Created Created container e66b6981-92f5-41d0-b068-1dd71fc51cda\n[2024-06-03 07:51:27 +0000 UTC] Started Started container e66b6981-92f5-41d0-b068-1dd71fc51cda\n[2024-06-03 07:51:36 +0000 UTC] Pulled Container image \"masked/image:version\" already present on machine\n[2024-06-03 07:51:36 +0000 UTC] Created Created container pl--initial-loads--initial-loads-1-c-0\n[2024-06-03 07:51:36 +0000 UTC] Started Started container pl--initial-loads--initial-loads-1-c-0\n[2024-06-03 07:51:36 +0000 UTC] Pulled Container image \"masked/image:version\" already present on machine\n[2024-06-03 07:51:36 +0000 UTC] Created Created container pl--initial-loads--initial-loads-1-c-1\n[2024-06-03 07:51:36 +0000 UTC] Started Started container pl--initial-loads--initial-loads-1-c-1\n[2024-06-03 07:51:36 +0000 UTC] Pulled Container image \"masked/image:version\" already present on machine\n[2024-06-03 07:51:36 +0000 UTC] Created Created container pl--initial-loads--initial-loads-1-c-2\n[2024-06-03 07:51:37 +0000 UTC] Started Started container pl--initial-loads--initial-loads-1-c-2\n[2024-06-03 07:51:37 +0000 UTC] Pulled Container image \"masked/image:version\" already present on machine\n[2024-06-03 07:51:37 +0000 UTC] Created Created container pl--initial-loads--initial-loads-1-c-3\n[2024-06-03 07:51:37 +0000 UTC] Started Started container pl--initial-loads--initial-loads-1-c-3\n[2024-06-03 07:51:37 +0000 UTC] Pulled Container image \"masked/image:version\" already present on machine\n[2024-06-03 07:51:37 +0000 UTC] Created Created container pl--initial-loads--initial-loads-1-c-4\n[2024-06-03 07:51:37 +0000 UTC] Started Started container pl--initial-loads--initial-loads-1-c-4\n[2024-06-03 07:51:37 +0000 UTC] Pulled Container image \"masked/image:version\" already present on machine\n[2024-06-03 07:51:37 +0000 UTC] Created Created container pl--initial-loads--initial-loads-1-c-5\n[2024-06-03 07:51:37 +0000 UTC] Started Started container pl--initial-loads--initial-loads-1-c-5\n[2024-06-03 07:51:37 +0000 UTC] Pulled Container image \"masked/image:version\" already present on machine Logs: Labels:map[app.kubernetes.io/managed-by:trivy-operator batch.kubernetes.io/controller-uid:64a783a2-1249-4ee1-b36e-318f678e4e84 batch.kubernetes.io/job-name:scan-vulnerabilityreport-b865bd4db controller-uid:64a783a2-1249-4ee1-b36e-318f678e4e84 job-name:scan-vulnerabilityreport-b865bd4db resource-spec-hash:6cff5bff94 trivy-operator.resource.kind:ReplicaSet trivy-operator.resource.name:pl--initial-loads--initial-loads-1-6cc4486775 trivy-operator.resource.namespace:parser vulnerabilityReport.scanner:Trivy]}","time":"2024-06-03T07:56:26Z"}

Expected behavior Not trigger alert, when event is from ignored namespace/reason or pod name

Actual behavior As logs showed, sends an alert from an event with a few ignored fields

Version/Commit 0.9.2

abahmed commented 1 month ago

@adamw-linadm Should be fixed in Release v0.9.3

adamw-linadm commented 1 month ago

@abahmed working well now, thanks :)