✨ allow specifying container proxy settings (#1112)

* ✨ allow specifying container proxy settings Signed-off-by: Ivan Milchev <[email protected]> * fix issues Signed-off-by: Ivan Milchev <[email protected]> --------- Signed-off-by: Ivan Milchev <[email protected]>
mondoohq · May 14, 2024 · 1f7870d · 1f7870d
1 parent 1162cb0
commit 1f7870d
Show file tree

Hide file tree

Showing 16 changed files with 261 additions and 241 deletions.
diff --git a/api/v1alpha2/mondoooperatorconfig_types.go b/api/v1alpha2/mondoooperatorconfig_types.go
@@ -28,6 +28,8 @@ type MondooOperatorConfigSpec struct {
 	SkipContainerResolution bool `json:"skipContainerResolution,omitempty"`
 	// HttpProxy specifies a proxy to use for HTTP requests to the Mondoo Platform.
 	HttpProxy *string `json:"httpProxy,omitempty"`
+	// ContainerProxy specifies a proxy to use for container images.
+	ContainerProxy *string `json:"containerProxy,omitempty"`
 }
 
 type Metrics struct {

diff --git a/api/v1alpha2/zz_generated.deepcopy.go b/api/v1alpha2/zz_generated.deepcopy.go
diff --git a/cmd/mondoo-operator/garbage_collect/cmd.go b/cmd/mondoo-operator/garbage_collect/cmd.go
@@ -13,7 +13,7 @@ import (
 
 	"github.com/go-logr/logr"
 	"github.com/spf13/cobra"
-	"go.mondoo.com/cnspec/v10/policy/scan"
+	"go.mondoo.com/cnspec/v11/policy/scan"
 	"go.mondoo.com/mondoo-operator/pkg/client/scanapiclient"
 	"go.mondoo.com/mondoo-operator/pkg/utils/logger"
 	"k8s.io/utils/ptr"

diff --git a/config/crd/bases/k8s.mondoo.com_mondoooperatorconfigs.yaml b/config/crd/bases/k8s.mondoo.com_mondoooperatorconfigs.yaml
@@ -40,6 +40,10 @@ spec:
           spec:
             description: MondooOperatorConfigSpec defines the desired state of MondooOperatorConfig
             properties:
+              containerProxy:
+                description: ContainerProxy specifies a proxy to use for container
+                  images.
+                type: string
               httpProxy:
                 description: HttpProxy specifies a proxy to use for HTTP requests
                   to the Mondoo Platform.

diff --git a/controllers/container_image/deployment_handler.go b/controllers/container_image/deployment_handler.go
@@ -180,7 +180,7 @@ func (n *DeploymentHandler) syncConfigMap(ctx context.Context, clusterUid string
 		return false, err
 	}
 
-	desired, err := ConfigMap(integrationMrn, clusterUid, *n.Mondoo)
+	desired, err := ConfigMap(integrationMrn, clusterUid, *n.Mondoo, *n.MondooOperatorConfig)
 	if err != nil {
 		logger.Error(err, "failed to generate desired ConfigMap with inventory")
 		return false, err

diff --git a/controllers/container_image/resources.go b/controllers/container_image/resources.go
@@ -9,7 +9,7 @@ import (
 
 	// That's the mod k8s relies on https://github.com/kubernetes/kubernetes/blob/master/go.mod#L63
 
-	"go.mondoo.com/cnquery/v10/providers-sdk/v1/inventory"
+	"go.mondoo.com/cnquery/v11/providers-sdk/v1/inventory"
 	"go.mondoo.com/mondoo-operator/api/v1alpha2"
 	"go.mondoo.com/mondoo-operator/pkg/constants"
 	"go.mondoo.com/mondoo-operator/pkg/feature_flags"
@@ -204,8 +204,8 @@ func CronJobName(prefix string) string {
 	return fmt.Sprintf("%s%s", prefix, CronJobNameSuffix)
 }
 
-func ConfigMap(integrationMRN, clusterUID string, m v1alpha2.MondooAuditConfig) (*corev1.ConfigMap, error) {
-	inv, err := Inventory(integrationMRN, clusterUID, m)
+func ConfigMap(integrationMRN, clusterUID string, m v1alpha2.MondooAuditConfig, cfg v1alpha2.MondooOperatorConfig) (*corev1.ConfigMap, error) {
+	inv, err := Inventory(integrationMRN, clusterUID, m, cfg)
 	if err != nil {
 		return nil, err
 	}
@@ -223,7 +223,7 @@ func ConfigMapName(prefix string) string {
 	return fmt.Sprintf("%s%s", prefix, InventoryConfigMapBase)
 }
 
-func Inventory(integrationMRN, clusterUID string, m v1alpha2.MondooAuditConfig) (string, error) {
+func Inventory(integrationMRN, clusterUID string, m v1alpha2.MondooAuditConfig, cfg v1alpha2.MondooOperatorConfig) (string, error) {
 	inv := &inventory.Inventory{
 		Metadata: &inventory.ObjectMeta{
 			Name: "mondoo-k8s-containers-inventory",
@@ -258,6 +258,12 @@ func Inventory(integrationMRN, clusterUID string, m v1alpha2.MondooAuditConfig)
 		}
 	}
 
+	if cfg.Spec.ContainerProxy != nil {
+		for i := range inv.Spec.Assets {
+			inv.Spec.Assets[i].Connections[0].Options["container-proxy"] = *cfg.Spec.ContainerProxy
+		}
+	}
+
 	invBytes, err := yaml.Marshal(inv)
 	if err != nil {
 		return "", err

diff --git a/controllers/mondoooperatorconfig_controller.go b/controllers/mondoooperatorconfig_controller.go
@@ -59,8 +59,8 @@ func (r *MondooOperatorConfigReconciler) Reconcile(ctx context.Context, req ctrl
 		return ctrl.Result{}, nil
 	}
 
-	if config.Spec.HttpProxy != nil {
-		urlParsed, err := url.Parse(*config.Spec.HttpProxy)
+	if config.Spec.ContainerProxy != nil {
+		urlParsed, err := url.Parse(*config.Spec.ContainerProxy)
 		if err != nil {
 			return ctrl.Result{}, err
 		}

diff --git a/controllers/nodes/resources.go b/controllers/nodes/resources.go
@@ -19,7 +19,7 @@ import (
 
 	// That's the mod k8s relies on https://github.com/kubernetes/kubernetes/blob/master/go.mod#L63
 
-	"go.mondoo.com/cnquery/v10/providers-sdk/v1/inventory"
+	"go.mondoo.com/cnquery/v11/providers-sdk/v1/inventory"
 	"go.mondoo.com/mondoo-operator/api/v1alpha2"
 	"go.mondoo.com/mondoo-operator/controllers/scanapi"
 	"go.mondoo.com/mondoo-operator/pkg/constants"