From 64a9cc9224ba0adf338fe124181763dca3c3d416 Mon Sep 17 00:00:00 2001 From: Simon Baeumer Date: Mon, 7 Nov 2022 09:33:00 +0100 Subject: [PATCH 1/6] X-Smart-Branch-Parent: master From d1e26edae6efe4dd06c2ac7080e36108fe977b7d Mon Sep 17 00:00:00 2001 From: Simon Baeumer Date: Tue, 18 Oct 2022 14:49:24 +0200 Subject: [PATCH 2/6] ROX-13034 - Fix gRPC scanner image integration endpoint --- pkg/scanners/clairify/clairify.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pkg/scanners/clairify/clairify.go b/pkg/scanners/clairify/clairify.go index a4e9db49b67b8..702ec963c170c 100644 --- a/pkg/scanners/clairify/clairify.go +++ b/pkg/scanners/clairify/clairify.go @@ -146,7 +146,7 @@ func createGRPCConnectionToScanner(conf *storage.ClairifyConfig) (*grpc.ClientCo endpoint := conf.GetGrpcEndpoint() if endpoint == "" { - endpoint = fmt.Sprintf("scanner.%s:8443", env.Namespace.Setting()) + endpoint = fmt.Sprintf("scanner.%s.svc:8443", env.Namespace.Setting()) } // Note: it is possible we call `grpc.Dial` multiple times per endpoint, From ae4918bf5678184eb6a675f72370c6a376bfabdf Mon Sep 17 00:00:00 2001 From: Simon Baeumer Date: Tue, 18 Oct 2022 17:31:20 +0200 Subject: [PATCH 3/6] trigger-ci From f496113e152e2a154ace6c5f30ece49927133ff9 Mon Sep 17 00:00:00 2001 From: Simon Baeumer Date: Tue, 25 Oct 2022 10:44:12 +0200 Subject: [PATCH 4/6] trigger-ci From 66a486a76d1a10ad532ea885ff7a34eb588fb4f3 Mon Sep 17 00:00:00 2001 From: Simon Baeumer Date: Tue, 25 Oct 2022 10:47:56 +0200 Subject: [PATCH 5/6] changelog --- CHANGELOG.md | 1 + 1 file changed, 1 insertion(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 6791477458a8c..644f075632b0b 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -25,6 +25,7 @@ Please avoid adding duplicate information across this changelog and JIRA/doc inp - ROX-11592: Support to Get / Update / Mutate / Remove of groups via the `props` field and without the `props.id` field being set in the `/v1/groups` endpoint have been removed. - The unused "ComplianceRunSchedule" resource has been removed. +- ROX-13034: Central reaches out to scanner `scanner..svc` now to respect OpenShift's `NO_PROXY` configuration. ### Deprecated Features From a1884901cfbfa5b8fa549dd4ed2d3d4953a31d43 Mon Sep 17 00:00:00 2001 From: Simon Baeumer Date: Wed, 2 Nov 2022 16:26:30 +0100 Subject: [PATCH 6/6] Move default scanner endpoint to different package to avoid import cycle --- central/imageintegration/store/defaults.go | 7 +------ pkg/env/sensor.go | 1 + pkg/scanners/clairify/clairify.go | 14 ++++++++++---- 3 files changed, 12 insertions(+), 10 deletions(-) diff --git a/central/imageintegration/store/defaults.go b/central/imageintegration/store/defaults.go index 3fa4144bc9c7b..3b91dc29e1bb3 100644 --- a/central/imageintegration/store/defaults.go +++ b/central/imageintegration/store/defaults.go @@ -4,15 +4,10 @@ import ( "fmt" "github.com/stackrox/rox/generated/storage" - "github.com/stackrox/rox/pkg/env" "github.com/stackrox/rox/pkg/scanners" "github.com/stackrox/rox/pkg/scanners/clairify" ) -var ( - scannerEndpoint = fmt.Sprintf("scanner.%s.svc", env.Namespace.Setting()) -) - // DefaultImageIntegrations are the default public registries var DefaultImageIntegrations = []*storage.ImageIntegration{ { @@ -126,7 +121,7 @@ var ( }, IntegrationConfig: &storage.ImageIntegration_Clairify{ Clairify: &storage.ClairifyConfig{ - Endpoint: fmt.Sprintf("https://%s:8080", scannerEndpoint), + Endpoint: fmt.Sprintf("https://%s:8080", clairify.GetScannerEndpoint()), }, }, } diff --git a/pkg/env/sensor.go b/pkg/env/sensor.go index fc28ca31918d1..14941f799e6f8 100644 --- a/pkg/env/sensor.go +++ b/pkg/env/sensor.go @@ -5,6 +5,7 @@ package env var ( // CentralEndpoint is used to provide Central's reachable endpoint to a sensor. CentralEndpoint = RegisterSetting("ROX_CENTRAL_ENDPOINT", WithDefault("central.stackrox.svc:443")) + // AdvertisedEndpoint is used to provide the Sensor with the endpoint it // should advertise to services that need to contact it, within its own cluster. AdvertisedEndpoint = RegisterSetting("ROX_ADVERTISED_ENDPOINT", WithDefault("sensor.stackrox.svc:443")) diff --git a/pkg/scanners/clairify/clairify.go b/pkg/scanners/clairify/clairify.go index 702ec963c170c..c175aae9f41b2 100644 --- a/pkg/scanners/clairify/clairify.go +++ b/pkg/scanners/clairify/clairify.go @@ -44,12 +44,16 @@ const ( var ( _ scannerTypes.Scanner = (*clairify)(nil) _ scannerTypes.ImageVulnerabilityGetter = (*clairify)(nil) -) -var ( - log = logging.LoggerForModule() + log = logging.LoggerForModule() + scannerEndpoint = fmt.Sprintf("scanner.%s.svc", env.Namespace.Setting()) ) +// GetScannerEndpoint returns the scanner endpoint with a configured namespace. env.ScannerGRPCEndpoint is only used by Sensor. +func GetScannerEndpoint() string { + return scannerEndpoint +} + // Creator provides the type scanners.Creator to add to the scanners Registry. func Creator(set registries.Set) (string, func(integration *storage.ImageIntegration) (scannerTypes.Scanner, error)) { return TypeString, func(integration *storage.ImageIntegration) (scannerTypes.Scanner, error) { @@ -144,9 +148,11 @@ func createGRPCConnectionToScanner(conf *storage.ClairifyConfig) (*grpc.ClientCo return nil, err } + // Checking for an empty endpoint can't be removed because of backward-compatibility. Existing image + // integrations are configured in the database on Central's startup and are not updated dynamically. endpoint := conf.GetGrpcEndpoint() if endpoint == "" { - endpoint = fmt.Sprintf("scanner.%s.svc:8443", env.Namespace.Setting()) + endpoint = fmt.Sprintf("%s:8443", GetScannerEndpoint()) } // Note: it is possible we call `grpc.Dial` multiple times per endpoint,