search

blackducksoftware / perceivers

Kubernetes and openshift image discovery for OpsSight
Apache License 2.0
4 stars 7 forks source link

containers silently dropped from pod when unable to parse #46

Closed mattfenwick closed 6 years ago

mattfenwick commented 6 years ago

in pod/pkg/mapper/pod_mapper.go:

func NewPerceptorPodFromKubePod(kubePod *v1.Pod) (*perceptorapi.Pod, error) {
    containers := []perceptorapi.Container{}
    for _, newCont := range kubePod.Status.ContainerStatuses {
        if len(newCont.ImageID) > 0 {
            name, sha, err := docker.ParseImageIDString(newCont.ImageID)
            if err != nil {
                metrics.RecordError("pod_mapper", "unable to parse kubernetes imageID")
                return nil, fmt.Errorf("unable to parse kubernetes imageID string %s from pod %s/%s: %v", newCont.ImageID, kubePod.Namespace, kubePod.Name, err)
            }
            addedCont := perceptorapi.NewContainer(*perceptorapi.NewImage(name, sha, newCont.Image), newCont.Name)
            containers = append(containers, *addedCont)
        }
    }
    return perceptorapi.NewPod(kubePod.Name, string(kubePod.UID), kubePod.Namespace, containers), nil
}

When len(newCont.ImageID) is 0, the container will not be included in what's sent over to perceptor -- making perceptor think that the pod does not have that container.

Expected behavior:

rrati commented 6 years ago

So, the containers are silently dropped until they have valid data. I saw this kind of thing occur in my testing, but wasn't sure exactly the root case. It did appear that the image/pod got annotated at the end of the day with the correct information, so I chalked it up to a state in the system where the pod didn't have all the data it needed. I suspect that field is filled in once the pod is actually pulled to the node.

We should probably investigate why this is happening, but the end result we really care about is if that pod gets all the annotations it is supposed to receive.

Can you verify if the pod/image is correctly annotated once it has been scanned by perceptor?

mattfenwick commented 6 years ago

@rrati will do!