greenbone / openvas-scanner

This repository contains the scanner component for Greenbone Community Edition.
https://greenbone.github.io/docs/
GNU General Public License v2.0
3.37k stars 621 forks source link

Nothing being served at "/" when deploying basic helm #1651

Closed jonathon2nd closed 5 months ago

jonathon2nd commented 5 months ago

Expected behavior

I expect it to open.

Actual behavior

404's but request made it to pod

Steps to reproduce

Deploy openvasd, with very basic configs. Disable mTLS and token, as it will be protected by CloudFlare ZeroTrust

GVM versions

v23.3.1 of helm chart image

Environment

Kubernetes Version: v1.27.8

Installation method / source: (packages, source installation)

v23.3.1 of helm chart image

Values

routing:
  enabled: false
service:
  type: ClusterIP
  port: 80

ingress:
  enabled: false
openvasd: 
  apikey: ""
  tls:
    certificates:
      deploy_server: false
      deploy_client: false

Logfiles

2024-06-03T22:14:24.708307896Z 2024-06-03T22:14:24.708208Z TRACE from_path{path="/" mode=Service}: openvasd::controller::entry: Unknown path="/"
2024-06-03T22:14:24.708329369Z 2024-06-03T22:14:24.708235Z DEBUG openvasd::controller::entry
: process call method=GET path="/"
Kraemii commented 5 months ago

Hello @jonathon2nd, thank you for interest! According to our specification at https://greenbone.github.io/scanner-api/ there is actually no endpoint for method=GET and path="/". What did you expected by this endpoint.

jonathon2nd commented 5 months ago

https://github.com/greenbone/openvas-scanner/tree/main/charts/openvasd#accessing-the-service

This made it seem like there would be a response at root.

I also see now that not all containers are being setup here in the helm chart: https://greenbone.github.io/docs/latest/22.4/container/index.html#docker-compose-file, this includes gsa.

nichtsfrei commented 5 months ago

The helm chart within this repository is only for the scanner API, not the vulnerability management part (GSA, GVMD,...) for those only docker-compose is available.

The curl example is utilizing HEAD which works on root. The reasoning to allow HEAD calls on root is to gain information about the feed and the API version, however since it is not a UI we didn't want to rely on root to be available to function.

That said you're right it might be a misleading example.

jonathon2nd commented 5 months ago

Hello! I wanted to let you know I have actually created a helm chart for the entirety of Greenbone Community Edition.

https://github.com/fpm-git/Greenbone-Community-Edition-Helm

We are currently using this in k8s with no issues in prod, already running scans on our hosts and taking actions.

I can not commit to supporting this beyond what we need to do to it, but if you like it, feel free to either point to it or take it and run with it.