From d680f9099c38ef58bf91f5e9b5a86e7ea929c897 Mon Sep 17 00:00:00 2001 From: Ivan Milchev Date: Thu, 28 Jul 2022 13:43:51 +0200 Subject: [PATCH] =?UTF-8?q?=F0=9F=A7=B9=20Optimize=20only=20errors=20from?= =?UTF-8?q?=20scan=20API=20when=20running=20a=20kubernetes=20resources=20s?= =?UTF-8?q?can=20(#472)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Ivan Milchev --- .../k8s_v1alpha2_mondooauditconfig_minimal.yaml | 7 ++++--- controllers/k8s_scan/container_image/resources.go | 6 +++--- controllers/k8s_scan/resources.go | 2 +- pkg/mondooclient/client.go | 12 +++++++++++- 4 files changed, 19 insertions(+), 8 deletions(-) diff --git a/config/samples/k8s_v1alpha2_mondooauditconfig_minimal.yaml b/config/samples/k8s_v1alpha2_mondooauditconfig_minimal.yaml index 931716b4a..d3e3648a4 100644 --- a/config/samples/k8s_v1alpha2_mondooauditconfig_minimal.yaml +++ b/config/samples/k8s_v1alpha2_mondooauditconfig_minimal.yaml @@ -7,11 +7,12 @@ spec: mondooCredsSecretRef: name: mondoo-client kubernetesResources: - enable: false - nodes: enable: true + containerImageScanning: true + nodes: + enable: false admission: - enable: true + enable: false certificateProvisioning: # Could be "cert-manager", "openshift" or "manual" mode: cert-manager diff --git a/controllers/k8s_scan/container_image/resources.go b/controllers/k8s_scan/container_image/resources.go index b111f2c3b..53dd3d2cb 100644 --- a/controllers/k8s_scan/container_image/resources.go +++ b/controllers/k8s_scan/container_image/resources.go @@ -78,11 +78,11 @@ func CronJob(image, integrationMrn string, m v1alpha2.MondooAuditConfig) *batchv Args: containerArgs, Resources: corev1.ResourceRequirements{ Limits: corev1.ResourceList{ - corev1.ResourceCPU: resource.MustParse("200m"), - corev1.ResourceMemory: resource.MustParse("100Mi"), + corev1.ResourceCPU: resource.MustParse("100m"), + corev1.ResourceMemory: resource.MustParse("30Mi"), }, Requests: corev1.ResourceList{ - corev1.ResourceCPU: resource.MustParse("100m"), + corev1.ResourceCPU: resource.MustParse("50m"), corev1.ResourceMemory: resource.MustParse("20Mi"), }, }, diff --git a/controllers/k8s_scan/resources.go b/controllers/k8s_scan/resources.go index 41e72cf2c..5698a796a 100644 --- a/controllers/k8s_scan/resources.go +++ b/controllers/k8s_scan/resources.go @@ -76,7 +76,7 @@ func CronJob(image, integrationMrn string, m v1alpha2.MondooAuditConfig) *batchv Resources: corev1.ResourceRequirements{ Limits: corev1.ResourceList{ corev1.ResourceCPU: resource.MustParse("100m"), - corev1.ResourceMemory: resource.MustParse("100Mi"), + corev1.ResourceMemory: resource.MustParse("30Mi"), }, Requests: corev1.ResourceList{ corev1.ResourceCPU: resource.MustParse("50m"), diff --git a/pkg/mondooclient/client.go b/pkg/mondooclient/client.go index 86b9bd616..c9e8806d0 100644 --- a/pkg/mondooclient/client.go +++ b/pkg/mondooclient/client.go @@ -247,6 +247,7 @@ const ScanKubernetesResourcesEndpoint = "/Scan/Run" func (s *mondooClient) ScanKubernetesResources(ctx context.Context, integrationMrn string, scanContainerImages bool) (*ScanResult, error) { url := s.ApiEndpoint + ScanKubernetesResourcesEndpoint scanJob := ScanJob{ + ReportType: ReportType_ERROR, Inventory: inventory.MondooInventory{ Spec: inventory.MondooInventorySpec{ Assets: []inventory.Asset{ @@ -293,8 +294,17 @@ func (s *mondooClient) ScanKubernetesResources(ctx context.Context, integrationM return out, nil } +type ReportType int + +const ( + ReportType_NONE ReportType = 0 + ReportType_ERROR ReportType = 1 + ReportType_FULL ReportType = 2 +) + type ScanJob struct { - Inventory inventory.MondooInventory `json:"inventory"` + Inventory inventory.MondooInventory `json:"inventory"` + ReportType ReportType `protobuf:"varint,22,opt,name=report_type,json=reportType,proto3,enum=mondoo.policy.scan.ReportType" json:"report_type,omitempty"` } func NewClient(opts ClientOptions) Client {