Starboard and ImmagePullSecret discovery : Wilcard never match #1212
Comments
|
Maybe to change exacte comparaison to regexp match there : Line 52 in 2b59338 The the mapping from a container name to the Docker authentication credentials for the specified kube.ContainerImages and image pull Secrets can use wildcard or other regexp. I'm not a Go developer, it's just a guess :D |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Using private registry, ex xxx.jfrog.io
The secret used to pull images from this repos is formated as below
.dockerconfigjson: '{"auths": {"*.jfrog.io": {"username":"mylogin","password":"xxx","email":"foo@bar"}}}'When starboard launch the Job to scan the pod, there is not secret created, and the scan fail with this error
{"level":"error","ts":1654176088.1880994,"logger":"reconciler.vulnerabilityreport","msg":"Scan job container","job":"xxx-system/scan-vulnerabilityreport-f954d8cf","container":"xxx","status.reason":"Error","status.message":"2022-06-02T13:21:27.538Z\t\u001b[31mFATAL\u001b[0m\tscan error: unable to initialize a scanner: unable to initialize the docker scanner: 3 errors occurred:\n\t* unable to inspect the image (demo-api.jfrog.io/apidemo:v0.1): Cannot connect to the Docker daemon at unix:///var/run/docker.sock. Is the docker daemon running?\n\t* unable to initialize Podman client: no podman socket found: stat podman/podman.sock: no such file or directory\n\t* GET https://demo-api.jfrog.io/v2/apidemo/manifests/v0.1: UNAUTHORIZED: The client does not have permission for manifest; map[manifest...If a change the wildcard by the complete registry hostname ex : demo-api.jfrog.io, all works fine.
What did you expect to happen:
As docker, starboard should find the most similar host inside the imagePullSecret to try to pull image. and therefore work with wildcards expression.
Environment:
The text was updated successfully, but these errors were encountered: