Skip to content

Auto Discovery failed to fetch Scan for removed pod with no scans made before. #2699

Closed
Closed
Auto Discovery failed to fetch Scan for removed pod with no scans made before.#2699
Assignees
BorisShek
Labels
bugBugs
@paraddise

Description

@paraddise
paraddise
opened on Oct 8, 2024

🐞 Bug report

I deployed SCB Auto Discovery to kubernetes, annotated existing namespace with some pods in it. Then killed nginx pod and Auto Discovery service failed to fetch Scan and process another events.

Describe the bug

Secure Code Box auto discovery service tries to fetch ScheduledScan for pod with no scans made before.

Steps To Reproduce

Deploy auto-dicovery by instruction to namespace infra-securecodebox.
Annotate namespace that already has pods in it.

k annotate ns infra-securecodebox auto-discovery.securecodebox.io/enabled=true
k run -n infra-securecodebox --rm -it --image nginx:alpine3.17 nginx-test-scan --set config.containerAutoDiscovery.enabled=true

Expected behavior

Secure Code Box auto discovery service ignores deletion of pod with no scans.

System:

  • secureCodeBox: 4.9.0
  • Kubernetes Version: 1.30

Screenshots / Logs

Logs from auto-discovery container

2024-10-08T08:27:19Z    ERROR    controllers.ContainerScanController    Unable to fetch scan    {"name": "nginx-trivy-at-647c5c83418c19eef0cddc647b9899326e3081576390c4c", "error": "ScheduledScan.execution.securecodebox.io \"nginx-trivy-at-647c5c8
github.com/secureCodeBox/secureCodeBox/auto-discovery/kubernetes/controllers.(*ContainerScanReconciler).getOrphanedScanImageIDs
    /workspace/controllers/container_scan_controller.go:422
github.com/secureCodeBox/secureCodeBox/auto-discovery/kubernetes/controllers.(*ContainerScanReconciler).checkIfScansNeedToBeDeleted
    /workspace/controllers/container_scan_controller.go:406
github.com/secureCodeBox/secureCodeBox/auto-discovery/kubernetes/controllers.(*ContainerScanReconciler).Reconcile
    /workspace/controllers/container_scan_controller.go:84
sigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).Reconcile
    /go/pkg/mod/sigs.k8s.io/controller-runtime@v0.18.2/pkg/internal/controller/controller.go:114
sigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).reconcileHandler
    /go/pkg/mod/sigs.k8s.io/controller-runtime@v0.18.2/pkg/internal/controller/controller.go:311
sigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).processNextWorkItem
    /go/pkg/mod/sigs.k8s.io/controller-runtime@v0.18.2/pkg/internal/controller/controller.go:261
sigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).Start.func2.2
    /go/pkg/mod/sigs.k8s.io/controller-runtime@v0.18.2/pkg/internal/controller/controller.go:222

Additional context

Metadata

Metadata

Assignees

Labels

bugBugs

Type

No type

Fields

No fields configured for issues without a type.

Projects

secureCodeBox

Status

Done

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions