Namespace selector is ignored

[evgkrsk]

Steps to reproduce:

• kubectl label ns default trivy-scan=true
• install devopstales/trivy-operator-2.3.0 chart in default ns with following values.yaml:

  env:
  vars:
  - name: LOG_LEVEL
    value: "DEBUG"
  namespaceScanner:
  crontab: "*/5 * * * *"
  namespaceSelector: "trivy-scan"
  clusterWide: false

Actual results:

• kubectl logs deploy/trivy-operator gets:

  [2022-02-07 05:59:00,399] kopf.activities.star [INFO    ] CRD already exists!!!
  [2022-02-07 05:59:00,399] kopf.activities.star [INFO    ] Activity 'startup_fn_crd' succeeded.
  [2022-02-07 05:59:10,719] kopf.activities.star [INFO    ] trivy cache created...
  [2022-02-07 05:59:10,719] kopf.activities.star [INFO    ] Activity 'startup_fn_trivy_cache' succeeded.
  [2022-02-07 05:59:10,720] kopf.activities.star [INFO    ] Prometheus Exporter started...
  [2022-02-07 05:59:10,720] kopf.activities.star [INFO    ] Activity 'startup_fn_prometheus_client' succeeded.
  [2022-02-07 05:59:10,720] kopf.activities.star [INFO    ] Loading cluster config
  [2022-02-07 05:59:10,722] kopf.activities.star [INFO    ] Generating a self-signed certificate for HTTPS.
  [2022-02-07 05:59:11,200] kopf.activities.star [INFO    ] validating webhook configuration already exists!!!
  [2022-02-07 05:59:11,201] kopf.activities.star [INFO    ] Activity 'configure' succeeded.
  [2022-02-07 05:59:11,202] kopf._core.engines.a [INFO    ] Initial authentication has been initiated.
  [2022-02-07 05:59:11,203] kopf.activities.auth [INFO    ] Activity 'login_via_client' succeeded.
  [2022-02-07 05:59:11,204] kopf._core.engines.a [INFO    ] Initial authentication has finished.
  [2022-02-07 05:59:11,361] kopf._core.reactor.o [WARNING ] Not enough permissions to watch for resources: changes (creation/deletion/updates) will not be noticed; the resources are only refreshed on operator restarts.
  [2022-02-07 05:59:11,467] kopf.objects         [INFO    ] [default/trivy-operator-main-config] NamespaceScanner Created
  [2022-02-07 06:00:11,783] kopf.objects         [INFO    ] [default/trivy-operator-main-config] Scanning Image: devopstales/trivy-operator:2.3
  [2022-02-07 06:00:11,783] kopf.objects         [INFO    ] [default/trivy-operator-main-config] Active Registry: None
  [2022-02-07 06:00:29,509] kopf.objects         [INFO    ] [default/trivy-operator-main-config] Scanning Image: k8s.gcr.io/ingress-nginx/kube-webhook-certgen@sha256:64d8c73dca984af206adf9d6d7e46aa550362b1d7a01f3a0a91b20cc67868660
  [2022-02-07 06:00:29,509] kopf.objects         [INFO    ] [default/trivy-operator-main-config] Active Registry: None
  [2022-02-07 06:00:34,583] kopf.objects         [INFO    ] [default/trivy-operator-main-config] Scanning Image: sha256:ae1a7201ec9545194b2889da30face5f2a7a45e2ba8c7479ac68c9a45a73a7eb
  [2022-02-07 06:00:34,583] kopf.objects         [INFO    ] [default/trivy-operator-main-config] Active Registry: None
  [2022-02-07 06:00:37,760] kopf.objects         [ERROR   ] [default/trivy-operator-main-config] TRIVY ERROR: return 1
  [2022-02-07 06:00:37,760] kopf.objects         [ERROR   ] [default/trivy-operator-main-config] Repository: Unauthorized authentication required
  [2022-02-07 06:00:37,760] kopf.objects         [INFO    ] [default/trivy-operator-main-config] Scanning Image: k8s.gcr.io/coredns/coredns:v1.8.6
  [2022-02-07 06:00:37,760] kopf.objects         [INFO    ] [default/trivy-operator-main-config] Active Registry: None
  [2022-02-07 06:00:41,703] kopf.objects         [INFO    ] [default/trivy-operator-main-config] Scanning Image: k8s.gcr.io/etcd:3.5.1-0
  [2022-02-07 06:00:41,705] kopf.objects         [INFO    ] [default/trivy-operator-main-config] Active Registry: None
  [2022-02-07 06:00:55,711] kopf.objects         [INFO    ] [default/trivy-operator-main-config] Scanning Image: k8s.gcr.io/kube-apiserver:v1.23.1
  [2022-02-07 06:00:55,711] kopf.objects         [INFO    ] [default/trivy-operator-main-config] Active Registry: None
  [2022-02-07 06:01:01,734] kopf.objects         [INFO    ] [default/trivy-operator-main-config] Scanning Image: k8s.gcr.io/kube-controller-manager:v1.23.1
  [2022-02-07 06:01:01,735] kopf.objects         [INFO    ] [default/trivy-operator-main-config] Active Registry: None
  ^[[2022-02-07 06:01:07,618] kopf.objects         [INFO    ] [default/trivy-operator-main-config] Scanning Image: k8s.gcr.io/kube-proxy:v1.23.1

Expected results:

• Scanning only trivy-operator's pod (single pod in ns default), not all pods in kube-system/ingress-nginx/...
• Expected kopf debug logs

[devopstales]

@evgkrsk I updated the helm chart and the image with a patch. It should be fix this problems. Please test it back.

[evgkrsk]

After applying patch from https://github.com/devopstales/helm-charts/pull/10 it works as expected, thanks!

But it is very inconvenient to (re)install charts chat changes content without version change. Please consider switching to semver-compatible version bumps during changes.

[devopstales]

Hi @evgkrsk I uderstand It is inconvenient for you, but with the version dump I keep hosting a previous version that is not working. Instad I replaced it with a working version. That is why I didn't updated the version.