From f336adb12f38bbd2b7cd6cfe1323fd258bb316da Mon Sep 17 00:00:00 2001 From: Nithunikzz Date: Sat, 23 Sep 2023 17:45:19 +0530 Subject: [PATCH 01/19] added time --- agent/kubviz/trivy.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/agent/kubviz/trivy.go b/agent/kubviz/trivy.go index 46248c8a..55fab4e0 100644 --- a/agent/kubviz/trivy.go +++ b/agent/kubviz/trivy.go @@ -30,7 +30,7 @@ func executeCommandTrivy(command string) ([]byte, error) { } func RunTrivyK8sClusterScan(js nats.JetStreamContext) error { var report report.ConsolidatedReport - cmdString := "trivy k8s --report summary cluster --exclude-nodes kubernetes.io/arch:amd64 --timeout 20m -f json --cache-dir /tmp/.cache --debug" + cmdString := "trivy k8s --report summary cluster --exclude-nodes kubernetes.io/arch:amd64 --timeout 60m -f json --cache-dir /tmp/.cache --debug" // Log the command before execution log.Printf("Executing command: %s\n", cmdString) From 2ad76f00a305a450fd9f13488c4f1f57f2e26094 Mon Sep 17 00:00:00 2001 From: Nithunikzz Date: Sat, 23 Sep 2023 19:35:20 +0530 Subject: [PATCH 02/19] fix --- agent/kubviz/trivy.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/agent/kubviz/trivy.go b/agent/kubviz/trivy.go index 55fab4e0..34731c69 100644 --- a/agent/kubviz/trivy.go +++ b/agent/kubviz/trivy.go @@ -30,7 +30,7 @@ func executeCommandTrivy(command string) ([]byte, error) { } func RunTrivyK8sClusterScan(js nats.JetStreamContext) error { var report report.ConsolidatedReport - cmdString := "trivy k8s --report summary cluster --exclude-nodes kubernetes.io/arch:amd64 --timeout 60m -f json --cache-dir /tmp/.cache --debug" + cmdString := "trivy k8s --report summary cluster --exclude-nodes kubernetes.io/arch:amd64 --timeout 100m -f json --cache-dir /tmp/.cache" // Log the command before execution log.Printf("Executing command: %s\n", cmdString) From 53b9800324b8e6d121b7ab579e10a171b92b7f0d Mon Sep 17 00:00:00 2001 From: Nithunikzz Date: Sat, 23 Sep 2023 20:25:02 +0530 Subject: [PATCH 03/19] fix --- agent/kubviz/k8smetrics_agent.go | 38 ++++++++++++++++---------------- agent/kubviz/trivy.go | 2 +- 2 files changed, 20 insertions(+), 20 deletions(-) diff --git a/agent/kubviz/k8smetrics_agent.go b/agent/kubviz/k8smetrics_agent.go index 81ca71d1..8cef0799 100644 --- a/agent/kubviz/k8smetrics_agent.go +++ b/agent/kubviz/k8smetrics_agent.go @@ -68,14 +68,14 @@ func runTrivyScans(config *rest.Config, js nats.JetStreamContext) error { if err != nil { return err } - err = RunTrivyImageScans(config, js) - if err != nil { - return err - } - err = RunTrivySbomScan(config, js) - if err != nil { - return err - } + // err = RunTrivyImageScans(config, js) + // if err != nil { + // return err + // } + // err = RunTrivySbomScan(config, js) + // if err != nil { + // return err + // } return nil } @@ -118,19 +118,19 @@ func main() { go publishMetrics(clientset, js, clusterMetricsChan) go server.StartServer() collectAndPublishMetrics := func() { - err := outDatedImages(config, js) - LogErr(err) - err = KubePreUpgradeDetector(config, js) - LogErr(err) - err = GetAllResources(config, js) - LogErr(err) - err = RakeesOutput(config, js) - LogErr(err) + // err := outDatedImages(config, js) + // LogErr(err) + // err = KubePreUpgradeDetector(config, js) + // LogErr(err) + // err = GetAllResources(config, js) + // LogErr(err) + // err = RakeesOutput(config, js) + // LogErr(err) // getK8sEvents(clientset) - err = runTrivyScans(config, js) - LogErr(err) - err = RunKubeScore(clientset, js) + err := runTrivyScans(config, js) LogErr(err) + // err = RunKubeScore(clientset, js) + // LogErr(err) } collectAndPublishMetrics() diff --git a/agent/kubviz/trivy.go b/agent/kubviz/trivy.go index 34731c69..7de646b8 100644 --- a/agent/kubviz/trivy.go +++ b/agent/kubviz/trivy.go @@ -30,7 +30,7 @@ func executeCommandTrivy(command string) ([]byte, error) { } func RunTrivyK8sClusterScan(js nats.JetStreamContext) error { var report report.ConsolidatedReport - cmdString := "trivy k8s --report summary cluster --exclude-nodes kubernetes.io/arch:amd64 --timeout 100m -f json --cache-dir /tmp/.cache" + cmdString := "trivy k8s --report summary cluster --exclude-nodes kubernetes.io/arch:amd64 --timeout 40m -f json --cache-dir /tmp/.cache" // Log the command before execution log.Printf("Executing command: %s\n", cmdString) From 495d761d1ef86739ce30b34e5dd29f921092d64d Mon Sep 17 00:00:00 2001 From: Nithunikzz Date: Sat, 23 Sep 2023 22:16:17 +0530 Subject: [PATCH 04/19] fix --- agent/kubviz/trivy.go | 13 ++++++++++++- 1 file changed, 12 insertions(+), 1 deletion(-) diff --git a/agent/kubviz/trivy.go b/agent/kubviz/trivy.go index 7de646b8..20bb0f15 100644 --- a/agent/kubviz/trivy.go +++ b/agent/kubviz/trivy.go @@ -15,12 +15,23 @@ import ( ) func executeCommandTrivy(command string) ([]byte, error) { + ulimitCmd := exec.Command("/bin/sh", "-c", "ulimit -t 5 -v 500000") + var ulimitOut, ulimitErr bytes.Buffer + ulimitCmd.Stdout = &ulimitOut + ulimitCmd.Stderr = &ulimitErr + + err := ulimitCmd.Run() + + if err != nil { + log.Println("Execute ulimit Command Error", err.Error()) + return nil, err + } cmd := exec.Command("/bin/sh", "-c", command) var outc, errc bytes.Buffer cmd.Stdout = &outc cmd.Stderr = &errc - err := cmd.Run() + err = cmd.Run() if err != nil { log.Println("Execute Trivy Command Error", err.Error()) From 66ddff876966a1a5fb3f929daa4c3cc2cb999b7f Mon Sep 17 00:00:00 2001 From: Nithunikzz Date: Sat, 23 Sep 2023 22:25:53 +0530 Subject: [PATCH 05/19] fix --- agent/kubviz/trivy.go | 13 +------------ 1 file changed, 1 insertion(+), 12 deletions(-) diff --git a/agent/kubviz/trivy.go b/agent/kubviz/trivy.go index 20bb0f15..7de646b8 100644 --- a/agent/kubviz/trivy.go +++ b/agent/kubviz/trivy.go @@ -15,23 +15,12 @@ import ( ) func executeCommandTrivy(command string) ([]byte, error) { - ulimitCmd := exec.Command("/bin/sh", "-c", "ulimit -t 5 -v 500000") - var ulimitOut, ulimitErr bytes.Buffer - ulimitCmd.Stdout = &ulimitOut - ulimitCmd.Stderr = &ulimitErr - - err := ulimitCmd.Run() - - if err != nil { - log.Println("Execute ulimit Command Error", err.Error()) - return nil, err - } cmd := exec.Command("/bin/sh", "-c", command) var outc, errc bytes.Buffer cmd.Stdout = &outc cmd.Stderr = &errc - err = cmd.Run() + err := cmd.Run() if err != nil { log.Println("Execute Trivy Command Error", err.Error()) From dccf98d4912679f848c8c138201def04db0f4c3f Mon Sep 17 00:00:00 2001 From: Nithunikzz Date: Sat, 23 Sep 2023 22:38:47 +0530 Subject: [PATCH 06/19] fix --- agent/kubviz/trivy.go | 13 ++++++++++++- 1 file changed, 12 insertions(+), 1 deletion(-) diff --git a/agent/kubviz/trivy.go b/agent/kubviz/trivy.go index 7de646b8..20bb0f15 100644 --- a/agent/kubviz/trivy.go +++ b/agent/kubviz/trivy.go @@ -15,12 +15,23 @@ import ( ) func executeCommandTrivy(command string) ([]byte, error) { + ulimitCmd := exec.Command("/bin/sh", "-c", "ulimit -t 5 -v 500000") + var ulimitOut, ulimitErr bytes.Buffer + ulimitCmd.Stdout = &ulimitOut + ulimitCmd.Stderr = &ulimitErr + + err := ulimitCmd.Run() + + if err != nil { + log.Println("Execute ulimit Command Error", err.Error()) + return nil, err + } cmd := exec.Command("/bin/sh", "-c", command) var outc, errc bytes.Buffer cmd.Stdout = &outc cmd.Stderr = &errc - err := cmd.Run() + err = cmd.Run() if err != nil { log.Println("Execute Trivy Command Error", err.Error()) From b6e92f8c6bf79eec04d963cc7cca42f4195ff598 Mon Sep 17 00:00:00 2001 From: Nithunikzz Date: Sat, 23 Sep 2023 23:37:18 +0530 Subject: [PATCH 07/19] fix --- agent/kubviz/trivy.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/agent/kubviz/trivy.go b/agent/kubviz/trivy.go index 20bb0f15..5e240daf 100644 --- a/agent/kubviz/trivy.go +++ b/agent/kubviz/trivy.go @@ -15,7 +15,7 @@ import ( ) func executeCommandTrivy(command string) ([]byte, error) { - ulimitCmd := exec.Command("/bin/sh", "-c", "ulimit -t 5 -v 500000") + ulimitCmd := exec.Command("/bin/sh", "-c", "ulimit -t unlimited -v unlimited") var ulimitOut, ulimitErr bytes.Buffer ulimitCmd.Stdout = &ulimitOut ulimitCmd.Stderr = &ulimitErr From 3ccc8e78da725da53edbd44a91f30bfe168dad82 Mon Sep 17 00:00:00 2001 From: Nithunikzz Date: Sun, 24 Sep 2023 06:56:20 +0530 Subject: [PATCH 08/19] fix --- agent/kubviz/trivy.go | 63 ++++++++++++++++++++++++++++--------------- model/trivy.go | 8 +++--- 2 files changed, 47 insertions(+), 24 deletions(-) diff --git a/agent/kubviz/trivy.go b/agent/kubviz/trivy.go index 5e240daf..e8395cdf 100644 --- a/agent/kubviz/trivy.go +++ b/agent/kubviz/trivy.go @@ -2,6 +2,7 @@ package main import ( "bytes" + "compress/gzip" "encoding/json" "log" exec "os/exec" @@ -15,23 +16,12 @@ import ( ) func executeCommandTrivy(command string) ([]byte, error) { - ulimitCmd := exec.Command("/bin/sh", "-c", "ulimit -t unlimited -v unlimited") - var ulimitOut, ulimitErr bytes.Buffer - ulimitCmd.Stdout = &ulimitOut - ulimitCmd.Stderr = &ulimitErr - - err := ulimitCmd.Run() - - if err != nil { - log.Println("Execute ulimit Command Error", err.Error()) - return nil, err - } cmd := exec.Command("/bin/sh", "-c", command) var outc, errc bytes.Buffer cmd.Stdout = &outc cmd.Stderr = &errc - err = cmd.Run() + err := cmd.Run() if err != nil { log.Println("Execute Trivy Command Error", err.Error()) @@ -39,6 +29,21 @@ func executeCommandTrivy(command string) ([]byte, error) { return outc.Bytes(), err } + +// Compress data using gzip +func compressData(data []byte) ([]byte, error) { + var compressedData bytes.Buffer + gz := gzip.NewWriter(&compressedData) + _, err := gz.Write(data) + if err != nil { + return nil, err + } + if err := gz.Close(); err != nil { + return nil, err + } + return compressedData.Bytes(), nil +} + func RunTrivyK8sClusterScan(js nats.JetStreamContext) error { var report report.ConsolidatedReport cmdString := "trivy k8s --report summary cluster --exclude-nodes kubernetes.io/arch:amd64 --timeout 40m -f json --cache-dir /tmp/.cache" @@ -70,24 +75,40 @@ func RunTrivyK8sClusterScan(js nats.JetStreamContext) error { log.Printf("Error occurred while Unmarshalling json for k8s cluster scan: %v", err) return err } - err = publishTrivyK8sReport(report, js) + + // Compress the Trivy scan report data + compressedReport, err := compressData([]byte(jsonPart)) + if err != nil { + log.Printf("Error compressing Trivy scan report: %v", err) + return err + } + + // Create a new TrivyReport struct with all the data + trivyReport := model.Trivy{ + ID: uuid.New().String(), + ClusterName: ClusterName, + Report: report, + CompressedReport: compressedReport, + UncompressedReport: []byte(jsonPart), + } + + // Publish the TrivyReport + err = publishTrivyK8sReport(trivyReport, js) if err != nil { return err } return nil } -func publishTrivyK8sReport(report report.ConsolidatedReport, js nats.JetStreamContext) error { - metrics := model.Trivy{ - ID: uuid.New().String(), - ClusterName: ClusterName, - Report: report, - } - metricsJson, _ := json.Marshal(metrics) +func publishTrivyK8sReport(trivyReport model.Trivy, js nats.JetStreamContext) error { + // Create a JSON message for the TrivyReport + metricsJson, _ := json.Marshal(trivyReport) + + // Publish the JSON message to the specified NATS subject _, err := js.Publish(constants.TRIVY_K8S_SUBJECT, metricsJson) if err != nil { return err } - log.Printf("Trivy k8s cluster report with ID:%s has been published\n", metrics.ID) + log.Printf("Trivy k8s cluster report with ID:%s has been published\n", trivyReport.ID) return nil } diff --git a/model/trivy.go b/model/trivy.go index f7d564da..f031c5c3 100644 --- a/model/trivy.go +++ b/model/trivy.go @@ -3,7 +3,9 @@ package model import "github.com/aquasecurity/trivy/pkg/k8s/report" type Trivy struct { - ID string - ClusterName string - Report report.ConsolidatedReport + ID string + ClusterName string + Report report.ConsolidatedReport + CompressedReport []byte + UncompressedReport []byte } From c2ddbe1924c656258418fcf931e802e32359477e Mon Sep 17 00:00:00 2001 From: Nithunikzz Date: Sun, 24 Sep 2023 09:44:03 +0530 Subject: [PATCH 09/19] fix --- agent/kubviz/trivy.go | 54 ++++++++++--------------------------------- 1 file changed, 12 insertions(+), 42 deletions(-) diff --git a/agent/kubviz/trivy.go b/agent/kubviz/trivy.go index e8395cdf..75351981 100644 --- a/agent/kubviz/trivy.go +++ b/agent/kubviz/trivy.go @@ -2,7 +2,6 @@ package main import ( "bytes" - "compress/gzip" "encoding/json" "log" exec "os/exec" @@ -29,24 +28,9 @@ func executeCommandTrivy(command string) ([]byte, error) { return outc.Bytes(), err } - -// Compress data using gzip -func compressData(data []byte) ([]byte, error) { - var compressedData bytes.Buffer - gz := gzip.NewWriter(&compressedData) - _, err := gz.Write(data) - if err != nil { - return nil, err - } - if err := gz.Close(); err != nil { - return nil, err - } - return compressedData.Bytes(), nil -} - func RunTrivyK8sClusterScan(js nats.JetStreamContext) error { var report report.ConsolidatedReport - cmdString := "trivy k8s --report summary cluster --exclude-nodes kubernetes.io/arch:amd64 --timeout 40m -f json --cache-dir /tmp/.cache" + cmdString := "trivy k8s --report summary cluster --exclude-nodes kubernetes.io/arch:amd64 --timeout 20m -f json --cache-dir /tmp/.cache --debug" // Log the command before execution log.Printf("Executing command: %s\n", cmdString) @@ -57,6 +41,8 @@ func RunTrivyK8sClusterScan(js nats.JetStreamContext) error { // Handle errors and process the command output as needed if err != nil { log.Printf("Error executing command: %v\n", err) + log.Printf("Command output: %s\n", out) + } // Log the command output for debugging purposes log.Printf("Command output: %s\n", out) @@ -75,40 +61,24 @@ func RunTrivyK8sClusterScan(js nats.JetStreamContext) error { log.Printf("Error occurred while Unmarshalling json for k8s cluster scan: %v", err) return err } - - // Compress the Trivy scan report data - compressedReport, err := compressData([]byte(jsonPart)) - if err != nil { - log.Printf("Error compressing Trivy scan report: %v", err) - return err - } - - // Create a new TrivyReport struct with all the data - trivyReport := model.Trivy{ - ID: uuid.New().String(), - ClusterName: ClusterName, - Report: report, - CompressedReport: compressedReport, - UncompressedReport: []byte(jsonPart), - } - - // Publish the TrivyReport - err = publishTrivyK8sReport(trivyReport, js) + err = publishTrivyK8sReport(report, js) if err != nil { return err } return nil } -func publishTrivyK8sReport(trivyReport model.Trivy, js nats.JetStreamContext) error { - // Create a JSON message for the TrivyReport - metricsJson, _ := json.Marshal(trivyReport) - - // Publish the JSON message to the specified NATS subject +func publishTrivyK8sReport(report report.ConsolidatedReport, js nats.JetStreamContext) error { + metrics := model.Trivy{ + ID: uuid.New().String(), + ClusterName: ClusterName, + Report: report, + } + metricsJson, _ := json.Marshal(metrics) _, err := js.Publish(constants.TRIVY_K8S_SUBJECT, metricsJson) if err != nil { return err } - log.Printf("Trivy k8s cluster report with ID:%s has been published\n", trivyReport.ID) + log.Printf("Trivy k8s cluster report with ID:%s has been published\n", metrics.ID) return nil } From 7a22dc22f6a79c97c8b9f7bb7e1c99988481f90c Mon Sep 17 00:00:00 2001 From: Nithunikzz Date: Sun, 24 Sep 2023 10:24:46 +0530 Subject: [PATCH 10/19] fix --- agent/kubviz/trivy.go | 2 ++ 1 file changed, 2 insertions(+) diff --git a/agent/kubviz/trivy.go b/agent/kubviz/trivy.go index 75351981..517544e4 100644 --- a/agent/kubviz/trivy.go +++ b/agent/kubviz/trivy.go @@ -5,6 +5,7 @@ import ( "encoding/json" "log" exec "os/exec" + "runtime/debug" "strings" "github.com/aquasecurity/trivy/pkg/k8s/report" @@ -42,6 +43,7 @@ func RunTrivyK8sClusterScan(js nats.JetStreamContext) error { if err != nil { log.Printf("Error executing command: %v\n", err) log.Printf("Command output: %s\n", out) + log.Printf("Stack trace: %v\n", string(debug.Stack())) } // Log the command output for debugging purposes From 9606e7498f57a11d7df972700538b46c16f974af Mon Sep 17 00:00:00 2001 From: Nithunikzz Date: Sun, 24 Sep 2023 17:57:52 +0530 Subject: [PATCH 11/19] fix --- agent/kubviz/trivy.go | 20 ++++++++++++++++++++ 1 file changed, 20 insertions(+) diff --git a/agent/kubviz/trivy.go b/agent/kubviz/trivy.go index 517544e4..29af2f1e 100644 --- a/agent/kubviz/trivy.go +++ b/agent/kubviz/trivy.go @@ -4,9 +4,12 @@ import ( "bytes" "encoding/json" "log" + "os" exec "os/exec" + "os/signal" "runtime/debug" "strings" + "syscall" "github.com/aquasecurity/trivy/pkg/k8s/report" "github.com/google/uuid" @@ -29,13 +32,21 @@ func executeCommandTrivy(command string) ([]byte, error) { return outc.Bytes(), err } +func cleanup() { + log.Println("Performing cleanup...") + // Add your cleanup logic here +} + func RunTrivyK8sClusterScan(js nats.JetStreamContext) error { var report report.ConsolidatedReport cmdString := "trivy k8s --report summary cluster --exclude-nodes kubernetes.io/arch:amd64 --timeout 20m -f json --cache-dir /tmp/.cache --debug" // Log the command before execution log.Printf("Executing command: %s\n", cmdString) + sigCh := make(chan os.Signal, 1) + // Register the signals to handle + signal.Notify(sigCh, syscall.SIGINT, syscall.SIGTERM) // Execute the command out, err := executeCommandTrivy(cmdString) @@ -67,6 +78,15 @@ func RunTrivyK8sClusterScan(js nats.JetStreamContext) error { if err != nil { return err } + go func() { + sig := <-sigCh + switch sig { + case syscall.SIGINT, syscall.SIGTERM: + log.Printf("Received termination signal: %v\n", sig) + cleanup() // Perform any necessary cleanup + os.Exit(1) // Exit with a non-zero status code + } + }() return nil } From 3e5f2f9a71d35b3f489445bd6fe7ec437ce5803d Mon Sep 17 00:00:00 2001 From: Nithunikzz Date: Tue, 26 Sep 2023 10:21:42 +0530 Subject: [PATCH 12/19] fix --- agent/kubviz/trivy.go | 24 ------------------------ 1 file changed, 24 deletions(-) diff --git a/agent/kubviz/trivy.go b/agent/kubviz/trivy.go index 29af2f1e..46248c8a 100644 --- a/agent/kubviz/trivy.go +++ b/agent/kubviz/trivy.go @@ -4,12 +4,8 @@ import ( "bytes" "encoding/json" "log" - "os" exec "os/exec" - "os/signal" - "runtime/debug" "strings" - "syscall" "github.com/aquasecurity/trivy/pkg/k8s/report" "github.com/google/uuid" @@ -32,30 +28,19 @@ func executeCommandTrivy(command string) ([]byte, error) { return outc.Bytes(), err } -func cleanup() { - log.Println("Performing cleanup...") - // Add your cleanup logic here -} - func RunTrivyK8sClusterScan(js nats.JetStreamContext) error { var report report.ConsolidatedReport cmdString := "trivy k8s --report summary cluster --exclude-nodes kubernetes.io/arch:amd64 --timeout 20m -f json --cache-dir /tmp/.cache --debug" // Log the command before execution log.Printf("Executing command: %s\n", cmdString) - sigCh := make(chan os.Signal, 1) - // Register the signals to handle - signal.Notify(sigCh, syscall.SIGINT, syscall.SIGTERM) // Execute the command out, err := executeCommandTrivy(cmdString) // Handle errors and process the command output as needed if err != nil { log.Printf("Error executing command: %v\n", err) - log.Printf("Command output: %s\n", out) - log.Printf("Stack trace: %v\n", string(debug.Stack())) - } // Log the command output for debugging purposes log.Printf("Command output: %s\n", out) @@ -78,15 +63,6 @@ func RunTrivyK8sClusterScan(js nats.JetStreamContext) error { if err != nil { return err } - go func() { - sig := <-sigCh - switch sig { - case syscall.SIGINT, syscall.SIGTERM: - log.Printf("Received termination signal: %v\n", sig) - cleanup() // Perform any necessary cleanup - os.Exit(1) // Exit with a non-zero status code - } - }() return nil } From a5ab558ebd822e5af081d1118d062a544497ded6 Mon Sep 17 00:00:00 2001 From: Nithunikzz Date: Tue, 26 Sep 2023 10:28:04 +0530 Subject: [PATCH 13/19] fix --- agent/kubviz/trivy.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/agent/kubviz/trivy.go b/agent/kubviz/trivy.go index 46248c8a..55fab4e0 100644 --- a/agent/kubviz/trivy.go +++ b/agent/kubviz/trivy.go @@ -30,7 +30,7 @@ func executeCommandTrivy(command string) ([]byte, error) { } func RunTrivyK8sClusterScan(js nats.JetStreamContext) error { var report report.ConsolidatedReport - cmdString := "trivy k8s --report summary cluster --exclude-nodes kubernetes.io/arch:amd64 --timeout 20m -f json --cache-dir /tmp/.cache --debug" + cmdString := "trivy k8s --report summary cluster --exclude-nodes kubernetes.io/arch:amd64 --timeout 60m -f json --cache-dir /tmp/.cache --debug" // Log the command before execution log.Printf("Executing command: %s\n", cmdString) From 91b3a6b625afbc8925af0ee9d6c8b68eb35d1d54 Mon Sep 17 00:00:00 2001 From: Nithunikzz Date: Fri, 29 Sep 2023 11:57:41 +0530 Subject: [PATCH 14/19] default values --- agent/config/config.go | 4 +-- agent/kubviz/k8smetrics_agent.go | 53 ++++++++++++++++---------------- 2 files changed, 28 insertions(+), 29 deletions(-) diff --git a/agent/config/config.go b/agent/config/config.go index e97b3e11..73fddddf 100644 --- a/agent/config/config.go +++ b/agent/config/config.go @@ -8,13 +8,13 @@ import ( type AgentConfigurations struct { SANamespace string `envconfig:"SA_NAMESPACE" default:"default"` SAName string `envconfig:"SA_NAME" default:"default"` - OutdatedInterval string `envconfig:"OUTDATED_INTERVAL" default:"@every 20m"` + OutdatedInterval string `envconfig:"OUTDATED_INTERVAL" default:"0"` GetAllInterval string `envconfig:"GETALL_INTERVAL" default:"*/30 * * * *"` KubeScoreInterval string `envconfig:"KUBESCORE_INTERVAL" default:"*/40 * * * *"` RakkessInterval string `envconfig:"RAKKESS_INTERVAL" default:"*/50 * * * *"` KubePreUpgradeInterval string `envconfig:"KUBEPREUPGRADE_INTERVAL" default:"*/60 * * * *"` TrivyInterval string `envconfig:"TRIVY_INTERVAL" default:"*/10 * * * *"` - SchedulerEnable bool `envconfig:"SCHEDULER_ENABLE" default:"false"` + SchedulerEnable bool `envconfig:"SCHEDULER_ENABLE" default:"true"` } func GetAgentConfigurations() (serviceConf *AgentConfigurations, err error) { diff --git a/agent/kubviz/k8smetrics_agent.go b/agent/kubviz/k8smetrics_agent.go index 8cef0799..b6fd68c9 100644 --- a/agent/kubviz/k8smetrics_agent.go +++ b/agent/kubviz/k8smetrics_agent.go @@ -64,18 +64,19 @@ var ( ) func runTrivyScans(config *rest.Config, js nats.JetStreamContext) error { - err := RunTrivyK8sClusterScan(js) + err := RunTrivyImageScans(config, js) if err != nil { return err } - // err = RunTrivyImageScans(config, js) - // if err != nil { - // return err - // } - // err = RunTrivySbomScan(config, js) - // if err != nil { - // return err - // } + err = RunTrivySbomScan(config, js) + if err != nil { + return err + } + err = RunTrivyK8sClusterScan(js) + if err != nil { + return err + } + return nil } @@ -118,25 +119,23 @@ func main() { go publishMetrics(clientset, js, clusterMetricsChan) go server.StartServer() collectAndPublishMetrics := func() { - // err := outDatedImages(config, js) - // LogErr(err) - // err = KubePreUpgradeDetector(config, js) - // LogErr(err) - // err = GetAllResources(config, js) - // LogErr(err) - // err = RakeesOutput(config, js) - // LogErr(err) + err := outDatedImages(config, js) + LogErr(err) + err = KubePreUpgradeDetector(config, js) + LogErr(err) + err = GetAllResources(config, js) + LogErr(err) + err = RakeesOutput(config, js) + LogErr(err) // getK8sEvents(clientset) - err := runTrivyScans(config, js) + err = runTrivyScans(config, js) LogErr(err) // err = RunKubeScore(clientset, js) // LogErr(err) } collectAndPublishMetrics() - if schedulingIntervalStr == "" { - schedulingIntervalStr = "20m" - } + if cfg.SchedulerEnable { // Assuming "cfg.Schedule" is a boolean indicating whether to schedule or not. scheduler := initScheduler(config, js, *cfg, clientset) @@ -301,7 +300,7 @@ func watchK8sEvents(clientset *kubernetes.Clientset, js nats.JetStreamContext) { func initScheduler(config *rest.Config, js nats.JetStreamContext, cfg config.AgentConfigurations, clientset *kubernetes.Clientset) (s *Scheduler) { log := logging.NewLogger() s = NewScheduler(log) - if cfg.OutdatedInterval != "" { + if cfg.OutdatedInterval != "" && cfg.OutdatedInterval != "0" { sj, err := NewOutDatedImagesJob(config, js, cfg.OutdatedInterval) if err != nil { log.Fatal("no time interval", err) @@ -311,7 +310,7 @@ func initScheduler(config *rest.Config, js nats.JetStreamContext, cfg config.Age log.Fatal("failed to do job", err) } } - if cfg.GetAllInterval != "" { + if cfg.GetAllInterval != "" && cfg.GetAllInterval != "0" { sj, err := NewKetallJob(config, js, cfg.GetAllInterval) if err != nil { log.Fatal("no time interval", err) @@ -321,7 +320,7 @@ func initScheduler(config *rest.Config, js nats.JetStreamContext, cfg config.Age log.Fatal("failed to do job", err) } } - if cfg.KubeScoreInterval != "" { + if cfg.KubeScoreInterval != "" && cfg.KubeScoreInterval != "0" { sj, err := NewKubescoreJob(clientset, js, cfg.KubeScoreInterval) if err != nil { log.Fatal("no time interval", err) @@ -331,7 +330,7 @@ func initScheduler(config *rest.Config, js nats.JetStreamContext, cfg config.Age log.Fatal("failed to do job", err) } } - if cfg.RakkessInterval != "" { + if cfg.RakkessInterval != "" && cfg.RakkessInterval != "0" { sj, err := NewRakkessJob(config, js, cfg.RakkessInterval) if err != nil { log.Fatal("no time interval", err) @@ -341,7 +340,7 @@ func initScheduler(config *rest.Config, js nats.JetStreamContext, cfg config.Age log.Fatal("failed to do job", err) } } - if cfg.KubePreUpgradeInterval != "" { + if cfg.KubePreUpgradeInterval != "" && cfg.KubePreUpgradeInterval != "0" { sj, err := NewKubePreUpgradeJob(config, js, cfg.KubePreUpgradeInterval) if err != nil { log.Fatal("no time interval", err) @@ -351,7 +350,7 @@ func initScheduler(config *rest.Config, js nats.JetStreamContext, cfg config.Age log.Fatal("failed to do job", err) } } - if cfg.TrivyInterval != "" { + if cfg.TrivyInterval != "" && cfg.TrivyInterval != "0" { sj, err := NewTrivyJob(config, js, cfg.TrivyInterval) if err != nil { log.Fatal("no time interval", err) From 0a99d0863c5525081db3310366b6bc5903960a76 Mon Sep 17 00:00:00 2001 From: Nithunikzz Date: Fri, 29 Sep 2023 14:36:18 +0530 Subject: [PATCH 15/19] default values --- agent/kubviz/scheduler_watch.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/agent/kubviz/scheduler_watch.go b/agent/kubviz/scheduler_watch.go index 90de3d25..6683816d 100644 --- a/agent/kubviz/scheduler_watch.go +++ b/agent/kubviz/scheduler_watch.go @@ -84,7 +84,7 @@ func (v *KubePreUpgradeJob) CronSpec() string { func (j *KubePreUpgradeJob) Run() { // Call the Kubepreupgrade function with the provided config and js - err := GetAllResources(j.config, j.js) + err := KubePreUpgradeDetector(j.config, j.js) LogErr(err) } From 0ce9e600aa39d7143354e4da2a966a4dd45f2826 Mon Sep 17 00:00:00 2001 From: Nithunikzz Date: Fri, 29 Sep 2023 14:41:50 +0530 Subject: [PATCH 16/19] default values --- agent/kubviz/k8smetrics_agent.go | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/agent/kubviz/k8smetrics_agent.go b/agent/kubviz/k8smetrics_agent.go index b6fd68c9..53928b5c 100644 --- a/agent/kubviz/k8smetrics_agent.go +++ b/agent/kubviz/k8smetrics_agent.go @@ -130,8 +130,8 @@ func main() { // getK8sEvents(clientset) err = runTrivyScans(config, js) LogErr(err) - // err = RunKubeScore(clientset, js) - // LogErr(err) + err = RunKubeScore(clientset, js) + LogErr(err) } collectAndPublishMetrics() From d425be9962e0e240cb96217fbcd8f6f0c6cf70f9 Mon Sep 17 00:00:00 2001 From: Nithunikzz Date: Fri, 29 Sep 2023 14:42:53 +0530 Subject: [PATCH 17/19] default values --- model/trivy.go | 8 +++----- 1 file changed, 3 insertions(+), 5 deletions(-) diff --git a/model/trivy.go b/model/trivy.go index f031c5c3..f7d564da 100644 --- a/model/trivy.go +++ b/model/trivy.go @@ -3,9 +3,7 @@ package model import "github.com/aquasecurity/trivy/pkg/k8s/report" type Trivy struct { - ID string - ClusterName string - Report report.ConsolidatedReport - CompressedReport []byte - UncompressedReport []byte + ID string + ClusterName string + Report report.ConsolidatedReport } From 49b02ac912342cc80c8d943f88671ba1de721387 Mon Sep 17 00:00:00 2001 From: Nithunikzz Date: Fri, 29 Sep 2023 14:47:57 +0530 Subject: [PATCH 18/19] default values --- agent/kubviz/k8smetrics_agent.go | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/agent/kubviz/k8smetrics_agent.go b/agent/kubviz/k8smetrics_agent.go index 53928b5c..b6fd68c9 100644 --- a/agent/kubviz/k8smetrics_agent.go +++ b/agent/kubviz/k8smetrics_agent.go @@ -130,8 +130,8 @@ func main() { // getK8sEvents(clientset) err = runTrivyScans(config, js) LogErr(err) - err = RunKubeScore(clientset, js) - LogErr(err) + // err = RunKubeScore(clientset, js) + // LogErr(err) } collectAndPublishMetrics() From e7844144dee17fd7f7aa1dfafa77db64037c1555 Mon Sep 17 00:00:00 2001 From: Nithunikzz Date: Fri, 29 Sep 2023 15:35:34 +0530 Subject: [PATCH 19/19] Fix --- agent/kubviz/k8smetrics_agent.go | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/agent/kubviz/k8smetrics_agent.go b/agent/kubviz/k8smetrics_agent.go index b6fd68c9..53928b5c 100644 --- a/agent/kubviz/k8smetrics_agent.go +++ b/agent/kubviz/k8smetrics_agent.go @@ -130,8 +130,8 @@ func main() { // getK8sEvents(clientset) err = runTrivyScans(config, js) LogErr(err) - // err = RunKubeScore(clientset, js) - // LogErr(err) + err = RunKubeScore(clientset, js) + LogErr(err) } collectAndPublishMetrics()