Skip to content

Auto Discovery failed to fetch Scan for removed pod with no scans made before. #2699

New issue
New issue
Closed
Closed
Auto Discovery failed to fetch Scan for removed pod with no scans made before.#2699
Assignees
BorisShek
Labels
bugBugs
@paraddise

Description

@paraddise
paraddise
opened on Oct 8, 2024

🐞 Bug report

I deployed SCB Auto Discovery to kubernetes, annotated existing namespace with some pods in it. Then killed nginx pod and Auto Discovery service failed to fetch Scan and process another events.

Describe the bug

Secure Code Box auto discovery service tries to fetch ScheduledScan for pod with no scans made before.

Steps To Reproduce

Deploy auto-dicovery by instruction to namespace infra-securecodebox.
Annotate namespace that already has pods in it.

k annotate ns infra-securecodebox auto-discovery.securecodebox.io/enabled=true
k run -n infra-securecodebox --rm -it --image nginx:alpine3.17 nginx-test-scan --set config.containerAutoDiscovery.enabled=true

Expected behavior

Secure Code Box auto discovery service ignores deletion of pod with no scans.

System:

  • secureCodeBox: 4.9.0
  • Kubernetes Version: 1.30

Screenshots / Logs

Logs from auto-discovery container

2024-10-08T08:27:19Z    ERROR    controllers.ContainerScanController    Unable to fetch scan    {"name": "nginx-trivy-at-647c5c83418c19eef0cddc647b9899326e3081576390c4c", "error": "ScheduledScan.execution.securecodebox.io \"nginx-trivy-at-647c5c8
github.com/secureCodeBox/secureCodeBox/auto-discovery/kubernetes/controllers.(*ContainerScanReconciler).getOrphanedScanImageIDs
    /workspace/controllers/container_scan_controller.go:422
github.com/secureCodeBox/secureCodeBox/auto-discovery/kubernetes/controllers.(*ContainerScanReconciler).checkIfScansNeedToBeDeleted
    /workspace/controllers/container_scan_controller.go:406
github.com/secureCodeBox/secureCodeBox/auto-discovery/kubernetes/controllers.(*ContainerScanReconciler).Reconcile
    /workspace/controllers/container_scan_controller.go:84
sigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).Reconcile
    /go/pkg/mod/sigs.k8s.io/[email protected]/pkg/internal/controller/controller.go:114
sigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).reconcileHandler
    /go/pkg/mod/sigs.k8s.io/[email protected]/pkg/internal/controller/controller.go:311
sigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).processNextWorkItem
    /go/pkg/mod/sigs.k8s.io/[email protected]/pkg/internal/controller/controller.go:261
sigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).Start.func2.2
    /go/pkg/mod/sigs.k8s.io/[email protected]/pkg/internal/controller/controller.go:222

Additional context

Metadata

Metadata

Assignees

Labels

bugBugs

Type

No type

Projects

secureCodeBox

Status

Done

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions