trivy operator throwing constantly reconcile errors #2137
Comments
|
@lkaluza-fadi Please clean up all scan-jobs and restart operator. kubectl delete jobs `kubectl get jobs -n trivy-system -o custom-columns=:.metadata.name` |
|
@chen-keinan After deleting the jobs, everything seems to be fine, but when the jobs were completed, the reconciliation errors returned. |
|
@lkaluza-fadi the is the pod stuck in status |
yes, thats correct. |
|
@lkaluza-fadi can you please get it output and sent it (you can send it to me in slack if you do not want to expose it here) kubectl logs pod <scan-pod-name> -n trivy-system |
unfortunately there are no pod logs anymore. |
|
@lkaluza-fadi are you able to reproduce it ? |
tried to reproduce it, but the logs are gone again |
|
is the pod is stuck in completed status ? if so , logs should be there |
|
@lkaluza-fadi do you get any reports ? |
|
@chen-keinan yes, just send it over to you via email. the email that you have in your profil mentioned. |
|
@lkaluza-fadi can you please do another check:
kubectl delete crd vulnerabilityreports.aquasecurity.github.io
kubectl delete crd exposedsecretreports.aquasecurity.github.io
kubectl delete crd configauditreports.aquasecurity.github.io
kubectl delete crd clusterconfigauditreports.aquasecurity.github.io
kubectl delete crd rbacassessmentreports.aquasecurity.github.io
kubectl delete crd infraassessmentreports.aquasecurity.github.io
kubectl delete crd clusterrbacassessmentreports.aquasecurity.github.io
kubectl delete crd clustercompliancereports.aquasecurity.github.io
kubectl delete crd clusterinfraassessmentreports.aquasecurity.github.io
kubectl delete crd sbomreports.aquasecurity.github.io
kubectl delete crd clustersbomreports.aquasecurity.github.io
kubectl delete crd clustervulnerabilityreports.aquasecurity.github.io
|
done that! |
|
and what changed so far is that the pods for the jobs are now gone after they are done. and for that reason the operator is not logging any reconcile errors any more. |
|
@lkaluza-fadi not sure I understand the question. are you getting reports after the change above ? |
|
@chen-keinan to wrap this up. the reconcile errors are back, but they are now a bit different so back to your question we are getting reports after then changes. but I think we are back to the beginning getting this reconcile error but now in a different flavor! |
|
@lkaluza-fadi I'll be happy to jump-in a zoom call to look at the issue, its very difficult to find what is wrong in your env. |
|
@chen-keinan iam fine with it when does it fit for you? |
|
@lkaluza-fadi find me on slack we can discuss schedule details there |
|
@lkaluza-fadi I mean find me via aqua security slack |
|
@chen-keinan I'm not using slack how do i do so? |
|
This seems related to #1792. |
|
Hi, I'm facing the same problem: is there any solution? |
|
My cluster starting to have the same issue. Already reinstalled trviy-operator. EDIT: Running on 1.31. Kubernetes SuccessPolicy changed. |
|
Same error: I am using the lastest helm chart 0.24.1 and I don't see any vulnerability or sbom reports. |
|
This issue is stale because it has been labeled with inactivity. |
github-actions
bot
added
the
lifecycle/stale
|
I am experiencing the same issue. Disabling the scanJobCompressLogs flag did not help. |
itaysk
removed
the
lifecycle/stale
|
Hey, Chart Version: "2.5.0" Helm Values: On of the error mesasges: |
Thanks for the report! |
What steps did you take and what happened:
Upgraded from helm version from 0.23.1 -> 0.23.3
What did you expect to happen:
That everything works smoothly
Anything else you would like to add:
This is the error that we get:
trivy-operator version): 0.21.3kubectl version): 1.28.9-gke.1000000The text was updated successfully, but these errors were encountered: