-
Bug
-
Resolution: Unresolved
-
Major
-
None
-
quay-v3.11.0, quay-v3.9.6, quay-v3.8.15, quay-v3.10.4
-
False
-
None
-
False
-
Quay Enterprise
-
-
Description of problem:
CSO failed to create imagemanifestvulns when pod deployed from image manifestlist digest. Because vulnerabilitiy info is displayed in child manifest row, the manifest list displays null.
Version-Release number of selected component (if applicable):
$ oc get clusterversion
NAME VERSION AVAILABLE PROGRESSING SINCE STATUS
version 4.16.0-0.nightly-2024-03-06-073110
How reproducible:
Always
Steps to Reproduce:
- Install CSO on openshift 4.16
- Create a pod using image from quay.io
kind: Pod apiVersion: v1 spec: containers: image: 'quay.io/projectquay/quay-operator@sha256:e406f24b6d935867b6767f724201e2be772b4f81e000f51f649d092c7098bd22'
- Check imagemanifestvulns
Actual Results:
There is not imagemanifestvulns existing.
Expected Results:
imagemanifestvulns should be created
Additional Info
CSO pod logs:
level=info msg="Garbage collecting unreferenced ImageManifestVulns" key=dyan/quay-operator-tng-6c55d5b897-n4v4j level=info msg=scanning image=quay.io/projectquay/quay-operator@sha256:e406f24b6d935867b6767f724201e2be772b4f81e000f51f649d092c7098bd22 level=error msg="error scanning" err="failed to sync layer data: Image not scanned: unsupported"
Test pod info:
The imageID in containerStatuses is also not correct child manifest digest
$ oc describe pod Containers: quay-operator: Container ID: cri-o://c9cba62db80f9684c723f3395f498aee6d0e0062c0c5ef1a36b52c75c67784d8 Image: quay.io/projectquay/quay-operator@sha256:e406f24b6d935867b6767f724201e2be772b4f81e000f51f649d092c7098bd22 Image ID: c4fa165110f6fa931082c92ae7c33a5a5cf4400a764b273fd685eb1b6925e2d6 Port: <none> Host Port: <none> Command: /workspace/manager --namespace=$(WATCH_NAMESPACE) State: Running Started: Thu, 07 Mar 2024 16:22:20 +0800 Ready: True
