Skip to content

Commit

Permalink
clair: Use clair config merge (PROJQUAY-6577)
Browse files Browse the repository at this point in the history 
- Use clair config merge method to join user provided config with Quay gnerated
  • Loading branch information
@jonathankingfc @openshift-merge-bot
jonathankingfc authored and openshift-merge-bot[bot] committed Feb 6, 2024
1 parent d2fa384 commit 0f0e1b9
Show file tree
Hide file tree
Showing 2 changed files with 16 additions and 21 deletions.
24 changes: 13 additions & 11 deletions kustomize/components/clair/clair.deployment.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -19,15 +19,15 @@ spec:
affinity:
podAntiAffinity:
preferredDuringSchedulingIgnoredDuringExecution:
- weight: 100
podAffinityTerm:
labelSelector:
matchExpressions:
- key: quay-component
operator: In
values:
- clair-app
topologyKey: "kubernetes.io/hostname"
- weight: 100
podAffinityTerm:
labelSelector:
matchExpressions:
- key: quay-component
operator: In
values:
- clair-app
topologyKey: "kubernetes.io/hostname"
containers:
- image: quay.io/projectquay/clair:nightly
imagePullPolicy: IfNotPresent
Expand Down Expand Up @@ -65,6 +65,9 @@ spec:
readOnly: true
- mountPath: /clair/
name: config
- mountPath: /clair/config.yaml.d/01_user_config.yaml
name: config
subPath: 01_user_config.yaml
- mountPath: /var/run/certs
name: certificates
startupProbe:
Expand Down Expand Up @@ -105,8 +108,7 @@ spec:
name: extra-ca-certs
- secret:
name: quay-config-tls
- configMap:
- configMap:
name: cluster-service-ca
- configMap:
name: cluster-trusted-ca

13 changes: 3 additions & 10 deletions pkg/kustomize/secrets.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -370,11 +370,12 @@ func componentConfigFilesFor(log logr.Logger, qctx *quaycontext.QuayRegistryCont
preSharedKey = config.(map[string]interface{})["SECURITY_SCANNER_V4_PSK"].(string)
}

cfg, err := clairConfigFor(log, quay, quayHostname, preSharedKey, configFiles)
cfg, err := clairConfigFor(log, quay, quayHostname, preSharedKey)
if err != nil {
return nil, err
}
cfgFiles["config.yaml"] = cfg
cfgFiles["01_user_config.yaml"] = configFiles["clair-config.yaml"]
cfgFiles["clair-db-host"] = []byte(strings.TrimSpace(strings.Join([]string{quay.GetName(), "clair-postgres"}, "-")))

return cfgFiles, nil
Expand All @@ -384,7 +385,7 @@ func componentConfigFilesFor(log logr.Logger, qctx *quaycontext.QuayRegistryCont
}

// clairConfigFor returns a Clair v4 config with the correct values.
func clairConfigFor(log logr.Logger, quay *v1.QuayRegistry, quayHostname, preSharedKey string, configFiles map[string][]byte) ([]byte, error) {
func clairConfigFor(log logr.Logger, quay *v1.QuayRegistry, quayHostname, preSharedKey string) ([]byte, error) {
// the default number for the clair's database connections pool is arbitralily defined to
// 10 when the HPA component is unmanaged. If HPA is managed we have more control over the
// max number running clair pods so we increase it to the magic number of 33. This number
Expand Down Expand Up @@ -441,14 +442,6 @@ func clairConfigFor(log logr.Logger, quay *v1.QuayRegistry, quayHostname, preSha
},
}

// Overwrite default values with user provided clair configuration.
if clairConfig, ok := configFiles["clair-config.yaml"]; ok {
err := yaml.Unmarshal(clairConfig, &cfg)
if err != nil {
return nil, err
}
}

return yaml.Marshal(cfg)
}

Expand Down

0 comments on commit 0f0e1b9

Please sign in to comment.