From 8aa282025b173db8d3fc9ac6da8a7bf934ce4a7e Mon Sep 17 00:00:00 2001 From: Bendik Paulsrud Date: Tue, 17 Jan 2023 13:08:30 +0100 Subject: [PATCH] add workload info to the pod template --- controllers/containerimagescan_controller_test.go | 2 ++ controllers/testdata/scan-job/expected-scan-job.yaml | 5 +++++ internal/trivy/scan_job.go | 5 +---- 3 files changed, 8 insertions(+), 4 deletions(-) diff --git a/controllers/containerimagescan_controller_test.go b/controllers/containerimagescan_controller_test.go index a6ca3d9a5..8c31957e6 100644 --- a/controllers/containerimagescan_controller_test.go +++ b/controllers/containerimagescan_controller_test.go @@ -80,6 +80,8 @@ var _ = Describe("ContainerImageScan controller", func() { job.Spec.Template.Labels[k] = "" case "job-name": job.Spec.Template.Labels[k] = "" + case stasv1alpha1.LabelStatnettControllerUID: + job.Spec.Template.Labels[k] = "" } } diff --git a/controllers/testdata/scan-job/expected-scan-job.yaml b/controllers/testdata/scan-job/expected-scan-job.yaml index 49ba63315..b07a8504a 100644 --- a/controllers/testdata/scan-job/expected-scan-job.yaml +++ b/controllers/testdata/scan-job/expected-scan-job.yaml @@ -29,6 +29,11 @@ spec: app.kubernetes.io/name: trivy controller-uid: job-name: + controller.statnett.no/namespace: replica-set + controller.statnett.no/uid: + workload.statnett.no/kind: Pod + workload.statnett.no/name: echo + workload.statnett.no/namespace: replica-set spec: affinity: nodeAffinity: diff --git a/internal/trivy/scan_job.go b/internal/trivy/scan_job.go index 7efa7539e..5d5c422a1 100644 --- a/internal/trivy/scan_job.go +++ b/internal/trivy/scan_job.go @@ -78,6 +78,7 @@ func (f *filesystemScanJobBuilder) ForCIS(cis *stasv1alpha1.ContainerImageScan) stasv1alpha1.LabelStatnettWorkloadName: truncateString(cis.Spec.Workload.Name, KubernetesLabelValueMaxLength), stasv1alpha1.LabelStatnettWorkloadNamespace: cis.Namespace, } + job.Spec.Template.Labels = job.Labels return job, nil } @@ -113,10 +114,6 @@ func (f *filesystemScanJobBuilder) newImageScanJob(spec stasv1alpha1.ContainerIm return nil, err } - job.Spec.Template.Labels = map[string]string{ - stasv1alpha1.LabelK8sAppName: stasv1alpha1.AppNameTrivy, - stasv1alpha1.LabelK8SAppManagedBy: stasv1alpha1.AppNameImageScanner, - } job.Spec.Template.Spec.InitContainers = []corev1.Container{f.initContainer()} job.Spec.Template.Spec.Containers = []corev1.Container{container} job.Spec.Template.Spec.Volumes = []corev1.Volume{