What steps did you take and what happened:
We had a Kubernetes cluster that was recently updated to Kubernetes v1.31.0 and had Trivy Operator v0.22 already running. After the upgrade, I noticed that the vulnerability reports were not being created anymore. Then I looked at the namespace and saw the scan jobs were not being cleaned up but they were all successful. I looked at the trivy-operator log and saw reconcile error stating: "unrecognized scan job condition: SuccessCriteriaMet". I have checked the Kubernetes documents and found the Job Success Policy is in beta for v1.31.0 and turned on by default .(https://kubernetes.io/docs/concepts/workloads/controllers/job/#success-policy)
What did you expect to happen:
After a successful job is complete, trivy-operator will clean up the jobs and create the reports as usual.
What steps did you take and what happened: We had a Kubernetes cluster that was recently updated to Kubernetes v1.31.0 and had Trivy Operator v0.22 already running. After the upgrade, I noticed that the vulnerability reports were not being created anymore. Then I looked at the namespace and saw the scan jobs were not being cleaned up but they were all successful. I looked at the trivy-operator log and saw reconcile error stating: "unrecognized scan job condition: SuccessCriteriaMet". I have checked the Kubernetes documents and found the Job Success Policy is in beta for v1.31.0 and turned on by default .(https://kubernetes.io/docs/concepts/workloads/controllers/job/#success-policy)
What did you expect to happen:
After a successful job is complete, trivy-operator will clean up the jobs and create the reports as usual.
Anything else you would like to add: To see new policy feature: https://kubernetes.io/docs/concepts/workloads/controllers/job/#success-policy The Job status conditions now have 2 conditions on a success: the first one is the
SuccessCriteriaMet
type and the second is theComplete
type.Environment:
trivy-operator version
): 0.22.0 (also ran with 0.18.5 as well)kubectl version
): 1.31.0