-
Bug
-
Resolution: Done
-
Critical
-
quay-v3.10.0
-
False
-
None
-
False
-
Quay Enterprise
-
-
Given the following Clair initial config bundle:
log_level: debug indexer: airgap: true scanner: repo: rhel-repository-scanner: repo2cpe_mapping_file: /data/cpe-map.json package: rhel_containerscanner: name2repos_mapping_file: /data/repo-man.json matcher: disable_updaters: true
the operator does not render the correct Clair config.yaml file and Clair remains in a crashloop status. This is the config that the operator created:
auth: psk: iss: - quay - clairctl key: QXh... http_listen_addr: :8080 indexer: airgap: true scanner: package: rhel_containerscanner: name2repos_mapping_file: /data/repo-man.json repo: rhel-repository-scanner: repo2cpe_mapping_file: /data/cpe-map.json log_level: debug matcher: disable_updaters: true metrics: name: prometheus notifier: connstring: host=quay-clair-postgres port=5432 dbname=postgres... delivery_interval: 1m0s migrations: true poll_interval: 5m0s webhook: callback: http://quay-clair-app/notifier/api/v1/notifications target: https://quay.apps.quay-reproducer.emea.aws.cee.support/secscan/notification
The file is missing all settings related to indexer and matcher. If I decide to add the connection string manually to the init config bundle, the operator is not reconciling the deployment:
quay-enterprise 0s Warning ConfigInvalid quayregistry/quay clairpostgres component marked as managed, but `configBundleSecret` contains required fields
Both clair and clairpostgres are set as managed: true. The support for custom configurations is crucial for disconnected deployments of Clair.
Operator version 3.10.1.
