diff --git a/CHANGELOG.md b/CHANGELOG.md index 6791477458a8c..644f075632b0b 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -25,6 +25,7 @@ Please avoid adding duplicate information across this changelog and JIRA/doc inp - ROX-11592: Support to Get / Update / Mutate / Remove of groups via the `props` field and without the `props.id` field being set in the `/v1/groups` endpoint have been removed. - The unused "ComplianceRunSchedule" resource has been removed. +- ROX-13034: Central reaches out to scanner `scanner..svc` now to respect OpenShift's `NO_PROXY` configuration. ### Deprecated Features diff --git a/central/imageintegration/store/defaults.go b/central/imageintegration/store/defaults.go index 3fa4144bc9c7b..3b91dc29e1bb3 100644 --- a/central/imageintegration/store/defaults.go +++ b/central/imageintegration/store/defaults.go @@ -4,15 +4,10 @@ import ( "fmt" "github.com/stackrox/rox/generated/storage" - "github.com/stackrox/rox/pkg/env" "github.com/stackrox/rox/pkg/scanners" "github.com/stackrox/rox/pkg/scanners/clairify" ) -var ( - scannerEndpoint = fmt.Sprintf("scanner.%s.svc", env.Namespace.Setting()) -) - // DefaultImageIntegrations are the default public registries var DefaultImageIntegrations = []*storage.ImageIntegration{ { @@ -126,7 +121,7 @@ var ( }, IntegrationConfig: &storage.ImageIntegration_Clairify{ Clairify: &storage.ClairifyConfig{ - Endpoint: fmt.Sprintf("https://%s:8080", scannerEndpoint), + Endpoint: fmt.Sprintf("https://%s:8080", clairify.GetScannerEndpoint()), }, }, } diff --git a/pkg/env/sensor.go b/pkg/env/sensor.go index fc28ca31918d1..14941f799e6f8 100644 --- a/pkg/env/sensor.go +++ b/pkg/env/sensor.go @@ -5,6 +5,7 @@ package env var ( // CentralEndpoint is used to provide Central's reachable endpoint to a sensor. CentralEndpoint = RegisterSetting("ROX_CENTRAL_ENDPOINT", WithDefault("central.stackrox.svc:443")) + // AdvertisedEndpoint is used to provide the Sensor with the endpoint it // should advertise to services that need to contact it, within its own cluster. AdvertisedEndpoint = RegisterSetting("ROX_ADVERTISED_ENDPOINT", WithDefault("sensor.stackrox.svc:443")) diff --git a/pkg/scanners/clairify/clairify.go b/pkg/scanners/clairify/clairify.go index a4e9db49b67b8..c175aae9f41b2 100644 --- a/pkg/scanners/clairify/clairify.go +++ b/pkg/scanners/clairify/clairify.go @@ -44,12 +44,16 @@ const ( var ( _ scannerTypes.Scanner = (*clairify)(nil) _ scannerTypes.ImageVulnerabilityGetter = (*clairify)(nil) -) -var ( - log = logging.LoggerForModule() + log = logging.LoggerForModule() + scannerEndpoint = fmt.Sprintf("scanner.%s.svc", env.Namespace.Setting()) ) +// GetScannerEndpoint returns the scanner endpoint with a configured namespace. env.ScannerGRPCEndpoint is only used by Sensor. +func GetScannerEndpoint() string { + return scannerEndpoint +} + // Creator provides the type scanners.Creator to add to the scanners Registry. func Creator(set registries.Set) (string, func(integration *storage.ImageIntegration) (scannerTypes.Scanner, error)) { return TypeString, func(integration *storage.ImageIntegration) (scannerTypes.Scanner, error) { @@ -144,9 +148,11 @@ func createGRPCConnectionToScanner(conf *storage.ClairifyConfig) (*grpc.ClientCo return nil, err } + // Checking for an empty endpoint can't be removed because of backward-compatibility. Existing image + // integrations are configured in the database on Central's startup and are not updated dynamically. endpoint := conf.GetGrpcEndpoint() if endpoint == "" { - endpoint = fmt.Sprintf("scanner.%s:8443", env.Namespace.Setting()) + endpoint = fmt.Sprintf("%s:8443", GetScannerEndpoint()) } // Note: it is possible we call `grpc.Dial` multiple times per endpoint,