Add managed by label to required labels in service autodiscovery #1349
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
MegaLinter status:
|
| Descriptor | Linter | Files | Fixed | Errors | Elapsed time |
|---|---|---|---|---|---|
| golangci-lint | 1 | 1 | 3.26s | ||
| ✅ SPELL | misspell | 1 | 0 | 0.05s |
See errors details in artifact MegaLinter reports on CI Job page
Set VALIDATE_ALL_CODEBASE: true in mega-linter.yml to validate all sources, not only the diff
Member
|
As Max mentioned here, I also see no Also a conflict in UPGRADING.md needs also to be resolved :) Name: scan-juice-shop-at-350cf9a6ea37138b987a3968d046e61bcd3bb1-dkbkr
Namespace: default
Priority: 0
Service Account: lurker
Node: kind-control-plane/172.18.0.2
Start Time: Wed, 05 Oct 2022 16:16:19 +0200
Labels: app.kubernetes.io/managed-by=securecodebox
controller-uid=c0af3fee-431c-4c3a-af33-65a877b4caca
job-name=scan-juice-shop-at-350cf9a6ea37138b987a3968d046e61bcd3bb1-njqk7
Annotations: auto-discovery.securecodebox.io/ignore: true
sidecar.istio.io/inject: false
Status: Running
IP: 10.244.0.10
IPs:
IP: 10.244.0.10
Controlled By: Job/scan-juice-shop-at-350cf9a6ea37138b987a3968d046e61bcd3bb1-njqk7
Containers:
trivy:
Container ID: containerd://375fa828bf9ffc123895fbe854347bb639cc66f0d135e885e31d6960e53c5601
Image: docker.io/aquasec/trivy:0.30.4
Image ID: docker.io/aquasec/trivy@sha256:6cbcd67fcc486fb3c984a47ae6882a2f667703994966da6c2e6fe70af104d452
Port: <none>
Host Port: <none>
Command:
trivy
image
--no-progress
--format
json
--output
/home/securecodebox/trivy-results.json
docker.io/bkimminich/juice-shop@sha256:350cf9a6ea37138b987a3968d046e61bcd3bb18d2ec95290cfc6901bd6013826
State: Running
Started: Wed, 05 Oct 2022 16:16:33 +0200
Ready: True
Restart Count: 0
Environment: <none>
Mounts:
/home/securecodebox/ from scan-results (rw)
/var/run/secrets/kubernetes.io/serviceaccount from kube-api-access-w54ls (ro)
lurker:
Container ID: containerd://4ba24faafe0da49083138a220b17f543917e46ca7e420480f9bf60d2a1722411
Image: docker.io/securecodebox/lurker:sha-9785db50
Image ID: sha256:973381d0c0700ccb38ea06f3eed9068c8c48d942aaa0bdcd7e466425c49f801c
Port: <none>
Host Port: <none>
Args:
--container
trivy
--file
/home/securecodebox/trivy-results.json
--url
http://securecodebox-operator-minio.securecodebox-system.svc.cluster.local:9000/securecodebox/scan-730bd538-9d73-4eee-8692-cbc3f4fd6ba6/trivy-results.json?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=YOURACCESSKEY%2F20221005%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20221005T141619Z&X-Amz-Expires=43200&X-Amz-SignedHeaders=host&X-Amz-Signature=26b6ef71843ca34b3eef5f0d9656a52fd7b78fbdc1fd02ea49b404457021115a
State: Running
Started: Wed, 05 Oct 2022 16:16:33 +0200
Ready: True
Restart Count: 0
Limits:
cpu: 100m
memory: 100Mi
Requests:
cpu: 20m
memory: 20Mi
Environment:
NAMESPACE: default (v1:metadata.namespace)
Mounts:
/home/securecodebox/ from scan-results (ro)
/var/run/secrets/kubernetes.io/serviceaccount from kube-api-access-w54ls (ro)
Conditions:
Type Status
Initialized True
Ready True
ContainersReady True
PodScheduled True
Volumes:
scan-results:
Type: EmptyDir (a temporary directory that shares a pod's lifetime)
Medium:
SizeLimit: <unset>
kube-api-access-w54ls:
Type: Projected (a volume that contains injected data from multiple sources)
TokenExpirationSeconds: 3607
ConfigMapName: kube-root-ca.crt
ConfigMapOptional: <nil>
DownwardAPI: true
QoS Class: Burstable
Node-Selectors: <none>
Tolerations: node.kubernetes.io/not-ready:NoExecute op=Exists for 300s
node.kubernetes.io/unreachable:NoExecute op=Exists for 300s
Events:
Type Reason Age From Message
---- ------ ---- ---- -------
Normal Scheduled 2m9s default-scheduler Successfully assigned default/scan-juice-shop-at-350cf9a6ea37138b987a3968d046e61bcd3bb1-dkbkr to kind-control-plane
Normal Pulling 2m9s kubelet Pulling image "docker.io/aquasec/trivy:0.30.4"
Normal Pulled 116s kubelet Successfully pulled image "docker.io/aquasec/trivy:0.30.4" in 13.175216656s
Normal Created 116s kubelet Created container trivy
Normal Started 116s kubelet Started container trivy
Normal Pulled 116s kubelet Container image "docker.io/securecodebox/lurker:sha-9785db50" already present on machine
Normal Created 116s kubelet Created container lurker
Normal Started 116s kubelet Started container lurker
|
Contributor
Author
|
This PR is about lables of the scheduled scans itself, not pods. apiVersion: execution.securecodebox.io/v1
kind: ScheduledScan
metadata:
annotations:
defectdojo.securecodebox.io/engagement-name: juice-shop
defectdojo.securecodebox.io/engagement-version: v13.0.3
defectdojo.securecodebox.io/product-name: docker-desktop | default | juice-shop
defectdojo.securecodebox.io/product-tags: cluster/docker-desktop,namespace/default
creationTimestamp: "2022-10-05T16:31:42Z"
generation: 1
labels:
app.kubernetes.io/managed-by: securecodebox-autodiscovery
auto-discovery.securecodebox.io/target-port: "3000"
auto-discovery.securecodebox.io/target-service: juice-shop
name: juice-shop-service-port-3000
namespace: default
ownerReferences:
- apiVersion: v1
blockOwnerDeletion: true
controller: true
kind: Service
name: juice-shop
uid: 120aa80c-1c2e-412f-98eb-0d756d4445d5
resourceVersion: "980"
uid: cab1f655-b452-4539-98cf-77025252d5aa
spec:
interval: 168h0m0s
retriggerOnScanTypeChange: true
scanSpec:
parameters:
- -t
- http://juice-shop.default.svc:3000
scanType: zap-advanced-scan
status:
findings:
severities: {}
lastScheduleTime: "2022-10-05T16:31:42Z"
scanTypeHash: "15308950262926841447" |
Ilyesbdlala
previously approved these changes
Oct 6, 2022
Member
There was a problem hiding this comment.
LGTM. Just fix the merge conflict, and it's ready to merge.
db0f7de to
3080ee6
Compare
Signed-off-by: Simon Hülkenberg <simon.huelkenberg@iteratec.com>
Signed-off-by: Simon Hülkenberg <simon.huelkenberg@iteratec.com>
3080ee6 to
3eca5ac
Compare
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
fixes #1194