Clairv4 cannot get vulnerability reports in distributed mode.
bluefriday opened this issue · comments
Description of Problem / Feature Request
I'm intersted in clairv4
Firstly, I ran clairv4 in combo mode with kubernetes cluster.
In this case, I could scan and report with vulnerability (I used api).
But, with distributed mode (same kubernetes cluster), I cannot receive vulnerability report even though can scan :(
Expected Outcome
The API allows you to scan for image vulnerabilities and receive vulnerability reports.
Actual Outcome
The API allows you to scan for image vulnerabilities, but does not receive vulnerability reports.
NAME READY STATUS RESTARTS AGE
deployment-clair-indexer-56c7c456b8-lzvcf 1/1 Running 0 45h
deployment-clair-matcher-79cb7d7ddd-5ggp5 1/1 Running 0 9m58s
deployment-clair-notifier-64dfb6955d-tw588 1/1 Running 0 45h
deployment-indexer-db-64f6b59656-tk545 1/1 Running 0 3d23h
deployment-matcher-db-7879676d4d-lfmnz 1/1 Running 0 3d23h
deployment-notifier-db-c5b7d94f8-lj7sq 1/1 Running 0 3d23h
root@localhost:~/#
curl -X GET "http://<<MY_CLIAR_INGRESS>>/matcher/api/v1/vulnerability_report/sha256:876...497"
{"code":"internal-server-error","message":"experienced a server side error: failed to do request: Get \"/indexer/api/v1/index_report/sha256:876...497\": unsupported protocol scheme \"\""}
indexer config
introspection_addr: :8089
http_listen_addr: :6060
log_level: debug
indexer:
connstring: host=svc-indexer-db port=5432 dbname=clair user=postgres password=postgres sslmode=disable
scanlock_retry: 10
layer_scan_concurrency: 5
migrations: true
matcher config
introspection_addr: :8089
http_listen_addr: :6060
log_level: debug
matcher:
connstring: host=svc-matcher-db port=5432 dbname=clair user=postgres password=postgres sslmode=disable
max_conn_pool: 100
migrations: true
indexer_addr: svc-clair-indexer
disable_updaters: true
Environment
- Clair version/image: v4.3.4 (i tried v4.3.2 too)
- Clair client name/version: clairctl version 0.2.0
- Host OS: CentOS Linux 7
- Kernel (e.g.
uname -a
): 3.10.0-957.el7.x86_64 - Kubernetes version (use
kubectl version
): v1.22.0 - Network/Firewall setup: X
It looks like the matcher config doesn't have a real URL for the indexer.
It looks like the matcher config doesn't have a real URL for the indexer.
I fixed the issue by setting it up as you said.
thank you.