From 5fc2edb4ed337eb3aedf81e176a32d197acbec13 Mon Sep 17 00:00:00 2001 From: Nithunikzz Date: Sat, 22 Jun 2024 08:50:34 +0530 Subject: [PATCH 1/4] trivy-version change --- dockerfiles/agent/kubviz/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/dockerfiles/agent/kubviz/Dockerfile b/dockerfiles/agent/kubviz/Dockerfile index f7edd817..9045a73d 100644 --- a/dockerfiles/agent/kubviz/Dockerfile +++ b/dockerfiles/agent/kubviz/Dockerfile @@ -17,7 +17,7 @@ COPY --from=builder /workspace/kubviz_agent . COPY --from=zegl/kube-score:v1.16.0 /usr/bin/kube-score /usr/bin/kube-score COPY --from=bitnami/kubectl:1.22.5 /opt/bitnami/kubectl/bin/kubectl /usr/local/bin/ COPY --from=busybox:1.35.0-uclibc /bin/sh /bin/sh -COPY --from=aquasec/trivy:latest /usr/local/bin/trivy /usr/local/bin/trivy +COPY --from=aquasec/trivy:v0.43.1 /usr/local/bin/trivy /usr/local/bin/trivy USER 65532:65532 From 518d4ec5e8649da5c40aa4da3bd7e4fde6e59bae Mon Sep 17 00:00:00 2001 From: Nithunikzz Date: Sat, 22 Jun 2024 08:54:15 +0530 Subject: [PATCH 2/4] trivy-version change --- dockerfiles/agent/kubviz/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/dockerfiles/agent/kubviz/Dockerfile b/dockerfiles/agent/kubviz/Dockerfile index 9045a73d..7307859e 100644 --- a/dockerfiles/agent/kubviz/Dockerfile +++ b/dockerfiles/agent/kubviz/Dockerfile @@ -17,7 +17,7 @@ COPY --from=builder /workspace/kubviz_agent . COPY --from=zegl/kube-score:v1.16.0 /usr/bin/kube-score /usr/bin/kube-score COPY --from=bitnami/kubectl:1.22.5 /opt/bitnami/kubectl/bin/kubectl /usr/local/bin/ COPY --from=busybox:1.35.0-uclibc /bin/sh /bin/sh -COPY --from=aquasec/trivy:v0.43.1 /usr/local/bin/trivy /usr/local/bin/trivy +COPY --from=aquasec/trivy:v0.43.0 /usr/local/bin/trivy /usr/local/bin/trivy USER 65532:65532 From ffca32df23dc829c0a2f2a455f15968718164777 Mon Sep 17 00:00:00 2001 From: Nithunikzz Date: Sat, 22 Jun 2024 09:12:17 +0530 Subject: [PATCH 3/4] trivy-version change --- dockerfiles/agent/kubviz/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/dockerfiles/agent/kubviz/Dockerfile b/dockerfiles/agent/kubviz/Dockerfile index 7307859e..8bdbf652 100644 --- a/dockerfiles/agent/kubviz/Dockerfile +++ b/dockerfiles/agent/kubviz/Dockerfile @@ -17,7 +17,7 @@ COPY --from=builder /workspace/kubviz_agent . COPY --from=zegl/kube-score:v1.16.0 /usr/bin/kube-score /usr/bin/kube-score COPY --from=bitnami/kubectl:1.22.5 /opt/bitnami/kubectl/bin/kubectl /usr/local/bin/ COPY --from=busybox:1.35.0-uclibc /bin/sh /bin/sh -COPY --from=aquasec/trivy:v0.43.0 /usr/local/bin/trivy /usr/local/bin/trivy +COPY --from=aquasec/trivy:0.43.1 /usr/local/bin/trivy /usr/local/bin/trivy USER 65532:65532 From 140e583262fe0a99a42db0fe7f3d90293b1261ac Mon Sep 17 00:00:00 2001 From: Nithunikzz Date: Sat, 22 Jun 2024 09:33:41 +0530 Subject: [PATCH 4/4] trivy fix --- .../plugins/kubepreupgrade/kubePreUpgrade.go | 30 +++++++++---------- 1 file changed, 15 insertions(+), 15 deletions(-) diff --git a/agent/kubviz/plugins/kubepreupgrade/kubePreUpgrade.go b/agent/kubviz/plugins/kubepreupgrade/kubePreUpgrade.go index 4fb00b35..f006f304 100644 --- a/agent/kubviz/plugins/kubepreupgrade/kubePreUpgrade.go +++ b/agent/kubviz/plugins/kubepreupgrade/kubePreUpgrade.go @@ -241,12 +241,12 @@ func getResults(configRest *rest.Config, kubeAPIs model.KubernetesAPIs) *model.R client, err := dynamic.NewForConfig(configRest) if err != nil { - log.Fatalf("Failed to create the K8s client while listing Deprecated objects: %s", err) + log.Printf("Failed to create the K8s client while listing Deprecated objects: %s", err) } disco, err := discovery.NewDiscoveryClientForConfig(configRest) if err != nil { - log.Fatalf("Failed to create the K8s Discovery client: %s", err) + log.Printf("Failed to create the K8s Discovery client: %s", err) } ResourceAndGV := DiscoverResourceNameAndPreferredGV(disco) @@ -292,11 +292,11 @@ func getResults(configRest *rest.Config, kubeAPIs model.KubernetesAPIs) *model.R } if apierrors.IsForbidden(err) { - log.Fatalf("Failed to list objects in the cluster. Permission denied! Please check if you have the proper authorization") + log.Printf("Failed to list objects in the cluster. Permission denied! Please check if you have the proper authorization") } if err != nil { - log.Fatalf("Failed communicating with k8s while listing objects. \nError: %v", err) + log.Printf("Failed communicating with k8s while listing objects. \nError: %v", err) } // Now let's see if there's a preferred API containing the same objects @@ -305,11 +305,11 @@ func getResults(configRest *rest.Config, kubeAPIs model.KubernetesAPIs) *model.R listPref, err := client.Resource(gvrPreferred).List(context.TODO(), metav1.ListOptions{}) if apierrors.IsForbidden(err) { - log.Fatalf("Failed to list objects in the cluster. Permission denied! Please check if you have the proper authorization") + log.Printf("Failed to list objects in the cluster. Permission denied! Please check if you have the proper authorization") } if err != nil && !apierrors.IsNotFound(err) { - log.Fatalf("Failed communicating with k8s while listing objects. \nError: %v", err) + log.Printf("Failed communicating with k8s while listing objects. \nError: %v", err) } // If len of the lists is the same we can "assume" they're the same list if len(list.Items) == len(listPref.Items) { @@ -337,10 +337,10 @@ func getResults(configRest *rest.Config, kubeAPIs model.KubernetesAPIs) *model.R resourcesList, err := disco.ServerPreferredResources() if err != nil { if apierrors.IsForbidden(err) { - log.Fatalf("Failed to list Server Resources. Permission denied! Please check if you have the proper authorization") + log.Printf("Failed to list Server Resources. Permission denied! Please check if you have the proper authorization") } - log.Fatalf("Failed communicating with k8s while discovering server resources. \nError: %v", err) + log.Printf("Failed communicating with k8s while discovering server resources. \nError: %v", err) } var ignoreObjects ignoreStruct = make(map[string]struct{}) for _, resources := range resourcesList { @@ -405,7 +405,7 @@ func populateCRDGroups(dynClient dynamic.Interface, version string, ignoreStruct return } if err != nil { - log.Fatalf("Failed to connect to K8s cluster to List CRDs: %s", err) + log.Printf("Failed to connect to K8s cluster to List CRDs: %s", err) } var empty struct{} for _, d := range crdList.Items { @@ -430,7 +430,7 @@ func populateAPIService(dynClient dynamic.Interface, version string, ignoreStruc return } if err != nil { - log.Fatalf("Failed to connect to K8s cluster to List API Services: %s", err) + log.Printf("Failed to connect to K8s cluster to List API Services: %s", err) } var empty struct{} for _, d := range apisvcList.Items { @@ -456,10 +456,10 @@ func DiscoverResourceNameAndPreferredGV(client *discovery.DiscoveryClient) Prefe return pr } if apierrors.IsForbidden(err) { - log.Fatalf("Failed to list objects for Name discovery. Permission denied! Please check if you have the proper authorization") + log.Printf("Failed to list objects for Name discovery. Permission denied! Please check if you have the proper authorization") } - log.Fatalf("Failed communicating with k8s while discovering the object preferred name and gv. Error: %v", err) + log.Printf("Failed communicating with k8s while discovering the object preferred name and gv. Error: %v", err) } for _, rl := range resourcelist { @@ -493,7 +493,7 @@ func getResources(dynClient dynamic.Interface, grk groupResourceKind) (schema.Gr gv, err := schema.ParseGroupVersion(grk.GroupVersion) if err != nil { - log.Fatalf("Failed to Parse GroupVersion of Resource: %s", err) + log.Printf("Failed to Parse GroupVersion of Resource: %s", err) } gvr := schema.GroupVersionResource{Group: gv.Group, Version: gv.Version, Resource: grk.ResourceName} @@ -503,11 +503,11 @@ func getResources(dynClient dynamic.Interface, grk groupResourceKind) (schema.Gr } if apierrors.IsForbidden(err) { - log.Fatalf("Failed to list Server Resources of type %s/%s/%s. Permission denied! Please check if you have the proper authorization", gv.Group, gv.Version, grk.ResourceKind) + log.Printf("Failed to list Server Resources of type %s/%s/%s. Permission denied! Please check if you have the proper authorization", gv.Group, gv.Version, grk.ResourceKind) } if err != nil { - log.Fatalf("Failed to List objects of type %s/%s/%s. \nError: %v", gv.Group, gv.Version, grk.ResourceKind, err) + log.Printf("Failed to List objects of type %s/%s/%s. \nError: %v", gv.Group, gv.Version, grk.ResourceKind, err) } return gvr, list