Clairv4 cannot get vulnerability reports in distributed mode.

Question

Clairv4 cannot get vulnerability reports in distributed mode.

bluefriday opened this issue 3 years ago · comments

Description of Problem / Feature Request

I'm intersted in clairv4
Firstly, I ran clairv4 in combo mode with kubernetes cluster.
In this case, I could scan and report with vulnerability (I used api).

But, with distributed mode (same kubernetes cluster), I cannot receive vulnerability report even though can scan :(

Expected Outcome

The API allows you to scan for image vulnerabilities and receive vulnerability reports.

Actual Outcome

The API allows you to scan for image vulnerabilities, but does not receive vulnerability reports.

NAME                                         READY   STATUS    RESTARTS   AGE
deployment-clair-indexer-56c7c456b8-lzvcf    1/1     Running   0          45h
deployment-clair-matcher-79cb7d7ddd-5ggp5    1/1     Running   0          9m58s
deployment-clair-notifier-64dfb6955d-tw588   1/1     Running   0          45h
deployment-indexer-db-64f6b59656-tk545       1/1     Running   0          3d23h
deployment-matcher-db-7879676d4d-lfmnz       1/1     Running   0          3d23h
deployment-notifier-db-c5b7d94f8-lj7sq       1/1     Running   0          3d23h

root@localhost:~/#
curl -X GET "http://<<MY_CLIAR_INGRESS>>/matcher/api/v1/vulnerability_report/sha256:876...497"
{"code":"internal-server-error","message":"experienced a server side error: failed to do request: Get \"/indexer/api/v1/index_report/sha256:876...497\": unsupported protocol scheme \"\""}

indexer config

    introspection_addr: :8089
    http_listen_addr: :6060
    log_level: debug
    indexer:
      connstring: host=svc-indexer-db port=5432 dbname=clair user=postgres password=postgres sslmode=disable
      scanlock_retry: 10
      layer_scan_concurrency: 5
      migrations: true

matcher config

    introspection_addr: :8089
    http_listen_addr: :6060
    log_level: debug
    matcher:
      connstring: host=svc-matcher-db port=5432 dbname=clair user=postgres password=postgres sslmode=disable
      max_conn_pool: 100
      migrations: true
      indexer_addr: svc-clair-indexer
      disable_updaters: true

Environment

Clair version/image: v4.3.4 (i tried v4.3.2 too)
Clair client name/version: clairctl version 0.2.0
Host OS: CentOS Linux 7
Kernel (e.g. uname -a): 3.10.0-957.el7.x86_64
Kubernetes version (use kubectl version): v1.22.0
Network/Firewall setup: X

Hank Donnay · Answer 1 · Sat Nov 13 2021 00:31:48 GMT+0800 (China Standard Time)

It looks like the matcher config doesn't have a real URL for the indexer.

bluefriday · Answer 2 · Wed Nov 17 2021 15:45:16 GMT+0800 (China Standard Time)

It looks like the matcher config doesn't have a real URL for the indexer.
I fixed the issue by setting it up as you said.
thank you.