Uploaded image for project: 'Project Quay'
  1. Project Quay
  2. PROJQUAY-6577

Quay operator does not render proper Clair config.yaml if customization is applied

XMLWordPrintable

    • False
    • None
    • False
    • Quay Enterprise
    • 0

      Given the following Clair initial config bundle:

      log_level: debug
      indexer: 
        airgap: true
        scanner: 
          repo: 
            rhel-repository-scanner: 
              repo2cpe_mapping_file: /data/cpe-map.json
          package: 
            rhel_containerscanner: 
              name2repos_mapping_file: /data/repo-man.json
      matcher: 
        disable_updaters: true
      

      the operator does not render the correct Clair config.yaml file and Clair remains in a crashloop status. This is the config that the operator created:

      auth: 
          psk: 
              iss: 
                  - quay
                  - clairctl
              key: QXh...
      http_listen_addr: :8080
      indexer: 
          airgap: true
          scanner: 
              package: 
                  rhel_containerscanner: 
                      name2repos_mapping_file: /data/repo-man.json
              repo: 
                  rhel-repository-scanner: 
                      repo2cpe_mapping_file: /data/cpe-map.json
      log_level: debug
      matcher: 
          disable_updaters: true
      metrics: 
          name: prometheus
      notifier: 
          connstring: host=quay-clair-postgres port=5432 dbname=postgres...
          delivery_interval: 1m0s
          migrations: true
          poll_interval: 5m0s
          webhook: 
              callback: http://quay-clair-app/notifier/api/v1/notifications
              target: https://quay.apps.quay-reproducer.emea.aws.cee.support/secscan/notification
      

      The file is missing all settings related to indexer and matcher. If I decide to add the connection string manually to the init config bundle, the operator is not reconciling the deployment:

      quay-enterprise                                    0s          Warning   ConfigInvalid                                quayregistry/quay                                                                  clairpostgres component marked as managed, but `configBundleSecret` contains required fields
      

      Both clair and clairpostgres are set as managed: true. The support for custom configurations is crucial for disconnected deployments of Clair.
      Operator version 3.10.1.

            jonathankingfc Jonathan King
            rhn-support-ibazulic Ivan Bazulic
            Votes:
            0 Vote for this issue
            Watchers:
            10 Start watching this issue

              Created:
              Updated:
              Resolved: