jetstack/version-checker

[BUG] SHA comparison issue with ```match-regex.version-checker.io```

Opened this issue · 0 comments

erwanval commented

Describe the bug
version-checker seems to not do the comparison properly sometimes, leading to the metrics stating it's not the latest while it is.
I haven't tested with other registries, but it happens with docker.io, and the annotation match-regex.version-checker.io.

Here is a simple pod to test that scenario:

apiVersion: v1
kind: Pod
metadata:
  creationTimestamp: null
  labels:
    run: test-pod
  annotations:
    match-regex.version-checker.io/test: ^\d+.\d+.\d+-glibc
  name: test-pod
spec:
  containers:
  - image: docker.io/busybox:1.36.1-glibc
    name: test
    args:
    - sh
    - -c
    - "sleep infinity"

docker.io/busybox:1.36.1-glibc is currently the latest of the -glibc suffix.

The produced metric has the following labels, and its value is 0:

version_checker_is_latest_version{container="version-checker", container_type="container", current_version="1.36.1-glibc@sha256:25e9fcbd3799fce9c0ec978303d35dbb18a6ffb1fc76fc9b181dd4e657e2cd13", endpoint="web", exported_container="test", exported_namespace="default", exported_pod="test-pod", image="docker.io/busybox", instance="100.64.6.176:8080", job="version-checker", latest_version="1.36.1-glibc@sha256:50aa4698fa6262977cff89181b2664b99d8a56dbca847bf62f2ef04854597cf8", namespace="infra", pod="version-checker-5757d8dc7-mw75h", service="version-checker"}

First thing to note is the current_version and latest_version contains the sha, so I assume it compares using the sha in that case, instead of just the tag. From my tests, I concluded that when the semVer doesn't match, version-checker immediately states it's not the latest (which makes sense). But when it matches, version-checker then compares using the sha. I'm not sure if I'm right about the behavior, nor if it's expected.
In any case, when the semVer match, and sha is compared, both values are differents. Looking in docker hub, the "current_version" is matching the "Index digest", while "latest_version" is matching "Manifest digest", which are both different for the same image. I suppose that's why the metrics returns 0.

To Reproduce
See above

Expected behavior
version-checker should return current version match the latest

Screenshots
ksnip_20240709-160208

Environment (please complete the following information):

  • Version-Checker: 0.7.0
  • Kubernetes: 1.29.1

Additional context
Add any other context about the problem here.