Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

⭐️ cnspec v9 #873

Merged
merged 16 commits into from
Oct 4, 2023
Merged

⭐️ cnspec v9 #873

merged 16 commits into from
Oct 4, 2023

Conversation

imilchev
Copy link
Member

@imilchev imilchev commented Oct 2, 2023
edited
Loading

  • Add FEATURE_ENABLE_V9 feature flag
  • Update direct dependencies for cnquery and cnspec to v9
  • Fix tests
  • Update controller-runtime and k8s dependencies

@imilchev
integrate cnspec v9
cca1e52 
Signed-off-by: Ivan Milchev <[email protected]>
@imilchev
more v9 fixes
9ae767a 
Signed-off-by: Ivan Milchev <[email protected]>
@imilchev
use latest beta
cc92dcd 
Signed-off-by: Ivan Milchev <[email protected]>
@imilchev
handle http timeouts for scanapiclient and remove derecated k8s/utils…
8be39da 
…/pointer usages

Signed-off-by: Ivan Milchev <[email protected]>
@imilchev
always set score-threshold
889d993 
Signed-off-by: Ivan Milchev <[email protected]>
@imilchev
fix providertype issues
a69957b 
Signed-off-by: Ivan Milchev <[email protected]>
@imilchev
ignore autogenerated files for copyright check
f928da8 
Signed-off-by: Ivan Milchev <[email protected]>
@imilchev
fix tests
8d0c795 
Signed-off-by: Ivan Milchev <[email protected]>
@imilchev
increase scan api default memory limit
e5c2af2 
Signed-off-by: Ivan Milchev <[email protected]>
@imilchev imilchev marked this pull request as ready for review October 4, 2023 06:18
benr
benr previously approved these changes Oct 4, 2023
View reviewed changes
imilchev
imilchev commented Oct 4, 2023
View reviewed changes
pkg/utils/mondoo/container_image_resolver.go Outdated
"go.mondoo.com/mondoo-operator/pkg/imagecache"
"go.mondoo.com/mondoo-operator/pkg/version"
)

const (
CnspecImageV9 = "ghcr.io/mondoohq/mondoo-operator/cnspec"
CnspecTagV9 = "9.0.0-beta13-rootless"
Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

we don't have major version releases for cnspec v9 yet. Once we do the first official release these values can change to 9-rootless and 9-ubi-rootless

@imilchev
switch to beta15
3e22bd1 
Signed-off-by: Ivan Milchev <[email protected]>
@imilchev
push debug config
34e4bc2 
Signed-off-by: Ivan Milchev <[email protected]>
czunker
czunker reviewed Oct 4, 2023
View reviewed changes
Copy link
Contributor

@czunker czunker left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Code is LGTM. Need to give it a try.

cmd/mondoo-operator/garbage_collect/cmd.go
@@ -108,7 +109,7 @@ func GarbageCollectCmd(ctx context.Context, client scanapiclient.ScanApiClient,

if platformRuntime != "" {
switch platformRuntime {
case providers.RUNTIME_KUBERNETES_CLUSTER, providers.RUNTIME_DOCKER_IMAGE:
case "k8s", "docker-image":
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

nit: Should we use "container-image" instead of "docker-image"? It could be any OCI image.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

maybe change this once we enable v9 by default? don't want to change the current behaviour while still working with v8

controllers/scanapi/resources.go Show resolved Hide resolved
go.mod Show resolved Hide resolved
go.mod Show resolved Hide resolved
cmd/mondoo-operator/garbage_collect/cmd.go Show resolved Hide resolved
cmd/mondoo-operator/k8s_scan/cmd.go Show resolved Hide resolved
pkg/client/common/http.go Show resolved Hide resolved
pkg/utils/k8s/resources_requirements.go Show resolved Hide resolved
pkg/webhooks/handler/webhook.go Show resolved Hide resolved
This was referenced Oct 4, 2023
Closed
Closed
Merged
@czunker
Copy link
Contributor

czunker commented Oct 4, 2023

Also a nice drop in container image size:

ghcr.io/mondoohq/mondoo-operator         sha256-34e4bc26bf44ae1dddab394f5e9449664d6fe3a4.sig   cdaf3829f603   About an hour ago   57MB
ghcr.io/mondoohq/mondoo-operator         sha256-e12e501930d266193813587b9d208cf50a9382a1.sig   74f7351e02c6   8 days ago          246MB

@czunker czunker mentioned this pull request Oct 4, 2023
Closed
@czunker
Copy link
Contributor

czunker commented Oct 4, 2023

I tested it with v8 and v9 cnspec. Both are working.

I only came across the linked issue, which is unrelated to this PR.

czunker
czunker previously approved these changes Oct 4, 2023
View reviewed changes
@czunker
Copy link
Contributor

czunker commented Oct 4, 2023

Thanks @imilchev

@imilchev
update v9 version
cd40f5c 
Signed-off-by: Ivan Milchev <[email protected]>
czunker
czunker previously approved these changes Oct 4, 2023
View reviewed changes
@imilchev imilchev merged commit e7c728e into main Oct 4, 2023
19 of 21 checks passed
@imilchev imilchev deleted the ivan/cnspec-v9 branch October 4, 2023 14:40
@github-actions github-actions bot locked and limited conversation to collaborators Oct 4, 2023
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@czunker czunker czunker approved these changes

@benr benr benr left review comments

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@imilchev @czunker @benr