Closed alekseytivonchik closed 5 months ago
UPD: after several days of Trivy operation, the reports were rotated and after that their number began to correspond to the number of workloads in target namespace
@alekseytivonchik have you added your own policies ?
@chen-keinan hello! Thanks for the reply. No, i didn't add a custom policies This is my values.yaml
@alekseytivonchik I have made few changes in regards with latest trivy-operator v0.21.1 do you mind upgrading to latest version and let me know if issue reproduce ?
@chen-keinan It is a great news. Of course, i will try to upgrade helm chart to the latest version. I will tell you about the result
@chen-keinan I upgraded trivy-operator helm chart to version:
version: 0.23.1
appVersion: 0.21.1
The problem is resolved. Node-collector's pod successfully starts. Thanks for the help!
Install Trivy-Operator via Helm chart
In Trivy-Operator logs see error (repeat many times):
2024-05-02T13:58:14Z ERROR Reconciler error {"controller": "job", "controllerGroup": "batch", "controllerKind": "Job", "Job": {"name":"node-collector-8488c5f87f","namespace":"trivy-systems"}, "namespace": "trivy-systems", "name": "node-collector-8488c5f87f", "reconcileID": "b1f619e8-762d-4f0c-af7f-f5e97f888aa9", "error": "failed to evaluate policies on Node : externalPolicies/file_88.rego:35: eval_conflict_error: functions must not produce multiple outputs for same inputs"} sigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).reconcileHandler /home/runner/go/pkg/mod/sigs.k8s.io/controller-runtime@v0.17.3/pkg/internal/controller/controller.go:329 sigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).processNextWorkItem /home/runner/go/pkg/mod/sigs.k8s.io/controller-runtime@v0.17.3/pkg/internal/controller/controller.go:266 sigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).Start.func2.2 /home/runner/go/pkg/mod/sigs.k8s.io/controller-runtime@v0.17.3/pkg/internal/controller/controller.go:22
What does this error mean and how to fix it? I don't know if this is related to the specified error, but I have 20 pods in the target namespace, while I received only 10 vulnerabilityreports:
Why so? It's been over 10 hours. No any jobs with report scaners, only node-collector job
My configs:
Environment: