Fails to create metrics when cluster uses dockershim

Question

Fails to create metrics when cluster uses dockershim

nicholasdille opened this issue 2 years ago · 4 comments

In a cluster (still) using dockershim, the image ID is prefixed with docker-pullable:// by the runtime. As a consequence, the comparison in kubernetes.go#L74 fails for all images.

As a quick workaround, I removed the prefix from c.ImageID:

--- a/internal/vuln/kubernetes/kubernetes.go
+++ b/internal/vuln/kubernetes/kubernetes.go
@@ -2,6 +2,7 @@ package kubernetes

 import (
        "context"
+       "strings"

        "github.com/sirupsen/logrus"
        corev1 "k8s.io/api/core/v1"
@@ -71,7 +72,8 @@ func (client *KubeClient) GetContainersWithImage(imageID string) ([]ContainerInf
                statuses = append(statuses, p.Status.EphemeralContainerStatuses...)

                for _, c := range statuses {
-                       if c.ImageID == imageID {
+                       fixedImageID := strings.ReplaceAll(c.ImageID, "docker-pullable://", "")
+                       if fixedImageID == imageID {
                                infos = append(infos, ContainerInfo{
                                        Namespace:     p.Namespace,
                                        PodName:       p.Name,

If something like this makes sense as a patch, I'd happily create a PR. But I don't know if k8s.io/client-go offers something more elegant.

Answer 1 · 2022-12-14T08:38:30.000Z

@nicholasdille Thanks for the issue. I think this would be a good patch and I would be happy if you can create a PR for that.

Answer 2 · 2022-12-14T11:14:33.000Z

Thank for closing this so quickly. This is really appreciated 🙏

Answer 3 · 2022-12-14T13:50:19.000Z

I will cut a release in the evening. 👍

Answer 4 · 2022-12-14T17:14:24.000Z

0.14.1 is out.