From 0f0e1b9fe4444c71fe71e65a3be744038c320913 Mon Sep 17 00:00:00 2001 From: Jonathan King Date: Tue, 6 Feb 2024 09:50:06 -0500 Subject: [PATCH] clair: Use clair config merge (PROJQUAY-6577) - Use clair config merge method to join user provided config with Quay gnerated --- .../components/clair/clair.deployment.yaml | 24 ++++++++++--------- pkg/kustomize/secrets.go | 13 +++------- 2 files changed, 16 insertions(+), 21 deletions(-) diff --git a/kustomize/components/clair/clair.deployment.yaml b/kustomize/components/clair/clair.deployment.yaml index 75f82dc17..676572d4f 100644 --- a/kustomize/components/clair/clair.deployment.yaml +++ b/kustomize/components/clair/clair.deployment.yaml @@ -19,15 +19,15 @@ spec: affinity: podAntiAffinity: preferredDuringSchedulingIgnoredDuringExecution: - - weight: 100 - podAffinityTerm: - labelSelector: - matchExpressions: - - key: quay-component - operator: In - values: - - clair-app - topologyKey: "kubernetes.io/hostname" + - weight: 100 + podAffinityTerm: + labelSelector: + matchExpressions: + - key: quay-component + operator: In + values: + - clair-app + topologyKey: "kubernetes.io/hostname" containers: - image: quay.io/projectquay/clair:nightly imagePullPolicy: IfNotPresent @@ -65,6 +65,9 @@ spec: readOnly: true - mountPath: /clair/ name: config + - mountPath: /clair/config.yaml.d/01_user_config.yaml + name: config + subPath: 01_user_config.yaml - mountPath: /var/run/certs name: certificates startupProbe: @@ -105,8 +108,7 @@ spec: name: extra-ca-certs - secret: name: quay-config-tls - - configMap: + - configMap: name: cluster-service-ca - configMap: name: cluster-trusted-ca - diff --git a/pkg/kustomize/secrets.go b/pkg/kustomize/secrets.go index ce81b6d04..b72c8119e 100644 --- a/pkg/kustomize/secrets.go +++ b/pkg/kustomize/secrets.go @@ -370,11 +370,12 @@ func componentConfigFilesFor(log logr.Logger, qctx *quaycontext.QuayRegistryCont preSharedKey = config.(map[string]interface{})["SECURITY_SCANNER_V4_PSK"].(string) } - cfg, err := clairConfigFor(log, quay, quayHostname, preSharedKey, configFiles) + cfg, err := clairConfigFor(log, quay, quayHostname, preSharedKey) if err != nil { return nil, err } cfgFiles["config.yaml"] = cfg + cfgFiles["01_user_config.yaml"] = configFiles["clair-config.yaml"] cfgFiles["clair-db-host"] = []byte(strings.TrimSpace(strings.Join([]string{quay.GetName(), "clair-postgres"}, "-"))) return cfgFiles, nil @@ -384,7 +385,7 @@ func componentConfigFilesFor(log logr.Logger, qctx *quaycontext.QuayRegistryCont } // clairConfigFor returns a Clair v4 config with the correct values. -func clairConfigFor(log logr.Logger, quay *v1.QuayRegistry, quayHostname, preSharedKey string, configFiles map[string][]byte) ([]byte, error) { +func clairConfigFor(log logr.Logger, quay *v1.QuayRegistry, quayHostname, preSharedKey string) ([]byte, error) { // the default number for the clair's database connections pool is arbitralily defined to // 10 when the HPA component is unmanaged. If HPA is managed we have more control over the // max number running clair pods so we increase it to the magic number of 33. This number @@ -441,14 +442,6 @@ func clairConfigFor(log logr.Logger, quay *v1.QuayRegistry, quayHostname, preSha }, } - // Overwrite default values with user provided clair configuration. - if clairConfig, ok := configFiles["clair-config.yaml"]; ok { - err := yaml.Unmarshal(clairConfig, &cfg) - if err != nil { - return nil, err - } - } - return yaml.Marshal(cfg) }