Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

clair is allways showing resut OK #138

Open
AllardKrings opened this issue Feb 10, 2024 · 1 comment
Open

clair is allways showing resut OK #138

AllardKrings opened this issue Feb 10, 2024 · 1 comment

Comments

@AllardKrings
Copy link

Hello,

i am strugling now for days with configuring CLAIR. I can call clair from the CLi clairctl and from QUAY when pushing an image. C:LAIR allways rsponds with ok and does not report any vulnerabilities.

It must have something to do with my configuration:
I run on a microk8s-cluster on ubutu 22.04 on amd

My config.yaml:

http_listen_addr: :8081
introspection_addr: :8088
log_level: debug
indexer:
� �connstring: host=postgres13.postgres.svc.cluster.local port=5432 dbname=clair user>
�� scanlock_retry: 10
�� layer_scan_concurrency: 5
�� migrations: true
matcher:
��indexer_addr: :8081
�� connstring: host=postgres13.postgres.svc.cluster.local port=5432 dbname=clair user>
�� max_conn_pool: 100
�� migrations: true
updaters:
�� sets:

  • "alpine"
  • "debian"
  • "ubuntu"
    matchers:
    names:
  • "alpine"
  • "debian"
  • "ubuntu"
    ��config: {}
    notifier:
    �� indexer_addr: :8081
    �� matcher_addr: :8081
    �� connstring: host=postgres13.postgres.svc.cluster.local port=5432 dbname=clair user>
    �� migrations: true
    �� delivery_interval: 10m
    �� poll_interval: 60m

This is my yaml:

apiVersion: apps/v1
kind: Deployment
metadata:
name: clair
namespace: quay
spec:
replicas: 1
selector:
matchLabels:
app: clair
template:
metadata:
labels:
app: clair
spec:
containers:
- image: quay.io/projectquay/clair:4.7.2
name: clairv4
ports:
- containerPort: 8081
name: endpoint
protocol: TCP
- containerPort: 8088
name: health
protocol: TCP
env:
- name: CLAIR_CONF
value: /clair/config.yaml
- name: CLAIR_MODE
value: combo
volumeMounts:
- mountPath: /clair/
name: clair
nodeSelector:
kubernetes.io/arch: amd64
volumes:
- name: clair
persistentVolumeClaim:
claimName: clair-pvc

apiVersion: v1
kind: Service
metadata:
name: clair
namespace: quay
spec:
ports:

  • name: endpoint
    port: 8081
    nodePort: 30081
    protocol: TCP
    targetPort: 8081
  • name: health
    port: 8088
    nodePort: 30088
    protocol: TCP
    targetPort: 8088
    selector:
    app: clair
    type: NodePort
    status:
    loadBalancer: {}

apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: clair-pvc
namespace: quay
spec:
accessModes:

  • ReadWriteMany
    resources:
    requests:
    storage: 1Gi
    storageClassName: ""
    volumeMode: Filesystem
    volumeName: clair-pv

apiVersion: v1
kind: PersistentVolume
metadata:
name: clair-pv
spec:
accessModes:

  • ReadWriteMany
    capacity:
    storage: 1Gi
    mountOptions:
  • hard
  • nfsvers=4.1
    nfs:
    path: /mnt/nfs_share/clair
    server: 192.168.2.110
    persistentVolumeReclaimPolicy: Retain
    volumeMode: Filesystem

Anybody any sugfgestions?
@nfb
Copy link

nfb commented Feb 10, 2024

This project doesn't have compatibility with clair 4 and will throw errors when pointed at clair 4.7.2 as you have done in your deployment.
It sounds like you're having issues with clairctl which is maintained in https://github.com/quay/clair

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@nfb @AllardKrings