Closed AmaniBenAoun closed 9 months ago
Hi @AmaniBenAoun
Thanx for your ticket. First I will start with the second problem that is a duplicate for the #42 ticket. It seams I didn't foxed this back to the latest 2.5 image. But for the first error I need more information. What Trivy operator image version do sou use? What is the content of the NamespaceScanner object? Can you try to run the operator with DEBUG log level and upload the logs to here?
hi!
thanks for the reply. the versions we're using are version 2.5.0
for the trivy operator ( this one here) and for Defectdojo we're using version 1.6.93
(this one here)
Also, I was able to confirm that the errors were because the timeout
duration that is set to 5 min by default. When I reduced the number of namespaces to be scanned, I no longer had the errors and the operator was able to finish the scan in that time period with no problem.
My solution for this was to create multiple NamespaceScanner
objects and each of them with a different selector
so I can assign different namespaces to them. That fixed the errors and now everything runs as expected.
thanks again!
In the NamespaceScanner object you can change the timeout period. For a bigger cluster the default 5 minuter of course is not enough.
Hey 👋
We're using your Trivy-operator alongside DefectDojo to scan our cluster. Particularly, we're using the
namespaceScanner
. Both are installed via Helm and we're using the latest version. It was working fine when I added thetrivy-scan: "true"
label to a couple of namespaces, but when I added it to multiple namespaces it seems that the scan will need more than 5 min (which is the default value) to finish and therefore it fails after some time. with the error:kopf._cogs.clients.w [ERROR ] Request attempt #1/9 failed; will retry: GET https://*.*.*.*:443/apis/trivy-operator.devopstales.io/v1/namespace-scanners?watch=true&resourceVersion=2006420349 -> ServerDisconnectedError('Server disconnected')
Is there a way to override the default value of the timeout as in the duration to wait for scan completion?
Also, I see this error in the logs occasionally
[ERROR ] [security-scanning/trivy-operator-main-config] Handler 'create_fn' failed with an exception. Will retry. Traceback (most recent call last): File "/usr/local/lib/python3.8/site-packages/kopf/_core/actions/execution.py", line 279, in execute_handler_once result = await invoke_handler( File "/usr/local/lib/python3.8/site-packages/kopf/_core/actions/execution.py", line 374, in invoke_handler result = await invocation.invoke( File "/usr/local/lib/python3.8/site-packages/kopf/_core/actions/invocation.py", line 116, in invoke result = await fn(**kwargs) # type: ignore File "/trivy-operator.py", line 416, in create_fn pull_secret_decoder(tmp3, tagged_ns) File "/trivy-operator.py", line 238, in pull_secret_decoder secret_data = secret.data['.dockerconfigjson'] KeyError: '.dockerconfigjson'
thanks 🙏