diff --git a/agent/config/config.go b/agent/config/config.go index 632b3332..8e906ce1 100644 --- a/agent/config/config.go +++ b/agent/config/config.go @@ -8,16 +8,18 @@ import ( ) type AgentConfigurations struct { - SANamespace string `envconfig:"SA_NAMESPACE" default:"default"` - SAName string `envconfig:"SA_NAME" default:"default"` - OutdatedInterval string `envconfig:"OUTDATED_INTERVAL" default:"0"` - GetAllInterval string `envconfig:"GETALL_INTERVAL" default:"*/30 * * * *"` - KubeScoreInterval string `envconfig:"KUBESCORE_INTERVAL" default:"*/40 * * * *"` - RakkessInterval string `envconfig:"RAKKESS_INTERVAL" default:"*/50 * * * *"` - KubePreUpgradeInterval string `envconfig:"KUBEPREUPGRADE_INTERVAL" default:"*/60 * * * *"` - TrivyInterval string `envconfig:"TRIVY_INTERVAL" default:"*/10 * * * *"` - SchedulerEnable bool `envconfig:"SCHEDULER_ENABLE" default:"true"` - KuberHealthyEnable bool `envconfig:"KUBERHEALTHY_ENABLE" default:"true"` + SANamespace string `envconfig:"SA_NAMESPACE" default:"default"` + SAName string `envconfig:"SA_NAME" default:"default"` + OutdatedInterval string `envconfig:"OUTDATED_INTERVAL" default:"0"` + GetAllInterval string `envconfig:"GETALL_INTERVAL" default:"*/30 * * * *"` + KubeScoreInterval string `envconfig:"KUBESCORE_INTERVAL" default:"*/40 * * * *"` + RakkessInterval string `envconfig:"RAKKESS_INTERVAL" default:"*/50 * * * *"` + KubePreUpgradeInterval string `envconfig:"KUBEPREUPGRADE_INTERVAL" default:"*/60 * * * *"` + TrivyImageInterval string `envconfig:"TRIVY_IMAGE_INTERVAL" default:"*/10 * * * *"` + TrivySbomInterval string `envconfig:"TRIVY_SBOM_INTERVAL" default:"*/20 * * * *"` + TrivyClusterScanInterval string `envconfig:"TRIVY_CLUSTERSCAN_INTERVAL" default:"*/35 * * * *"` + SchedulerEnable bool `envconfig:"SCHEDULER_ENABLE" default:"true"` + KuberHealthyEnable bool `envconfig:"KUBERHEALTHY_ENABLE" default:"true"` } func GetAgentConfigurations() (serviceConf *AgentConfigurations, err error) { diff --git a/agent/kubviz/k8smetrics_agent.go b/agent/kubviz/k8smetrics_agent.go index 068360eb..d0c0c7f6 100644 --- a/agent/kubviz/k8smetrics_agent.go +++ b/agent/kubviz/k8smetrics_agent.go @@ -154,9 +154,7 @@ func main() { err = kubescore.RunKubeScore(clientset, js) events.LogErr(err) } - collectAndPublishMetrics() - if cfg.SchedulerEnable { // Assuming "cfg.Schedule" is a boolean indicating whether to schedule or not. scheduler := scheduler.InitScheduler(config, js, *cfg, clientset) diff --git a/agent/kubviz/scheduler/scheduler.go b/agent/kubviz/scheduler/scheduler.go index f56660bc..ccd9564e 100644 --- a/agent/kubviz/scheduler/scheduler.go +++ b/agent/kubviz/scheduler/scheduler.go @@ -144,12 +144,32 @@ func InitScheduler(config *rest.Config, js nats.JetStreamContext, cfg config.Age log.Fatal("failed to do job", err) } } - if cfg.TrivyInterval != "" && cfg.TrivyInterval != "0" { - sj, err := NewTrivyJob(config, js, cfg.TrivyInterval) + if cfg.TrivyImageInterval != "" && cfg.TrivyImageInterval != "0" { + sj, err := NewTrivyImagesJob(config, js, cfg.TrivyImageInterval) if err != nil { log.Fatal("no time interval", err) } - err = s.AddJob("Trivy", sj) + err = s.AddJob("Trivyimage", sj) + if err != nil { + log.Fatal("failed to do job", err) + } + } + if cfg.TrivySbomInterval != "" && cfg.TrivySbomInterval != "0" { + sj, err := NewTrivySbomJob(config, js, cfg.TrivySbomInterval) + if err != nil { + log.Fatal("no time interval", err) + } + err = s.AddJob("Trivysbom", sj) + if err != nil { + log.Fatal("failed to do job", err) + } + } + if cfg.TrivyClusterScanInterval != "" && cfg.TrivyClusterScanInterval != "0" { + sj, err := NewTrivyClusterScanJob(js, cfg.TrivyClusterScanInterval) + if err != nil { + log.Fatal("no time interval", err) + } + err = s.AddJob("Trivycluster", sj) if err != nil { log.Fatal("failed to do job", err) } diff --git a/agent/kubviz/scheduler/scheduler_watch.go b/agent/kubviz/scheduler/scheduler_watch.go index 9b338cf7..f2e769af 100644 --- a/agent/kubviz/scheduler/scheduler_watch.go +++ b/agent/kubviz/scheduler/scheduler_watch.go @@ -25,11 +25,21 @@ type KetallJob struct { js nats.JetStreamContext frequency string } -type TrivyJob struct { +type TrivyImageJob struct { config *rest.Config js nats.JetStreamContext frequency string } +type TrivySbomJob struct { + config *rest.Config + js nats.JetStreamContext + frequency string +} +type TrivyClusterScanJob struct { + //config *rest.Config + js nats.JetStreamContext + frequency string +} type RakkessJob struct { config *rest.Config js nats.JetStreamContext @@ -46,6 +56,55 @@ type KubescoreJob struct { frequency string } +func NewTrivySbomJob(config *rest.Config, js nats.JetStreamContext, frequency string) (*TrivySbomJob, error) { + return &TrivySbomJob{ + config: config, + js: js, + frequency: frequency, + }, nil +} +func (v *TrivySbomJob) CronSpec() string { + return v.frequency +} + +func (j *TrivySbomJob) Run() { + // Call the outDatedImages function with the provided config and js + err := trivy.RunTrivySbomScan(j.config, j.js) + events.LogErr(err) +} + +func NewTrivyClusterScanJob(js nats.JetStreamContext, frequency string) (*TrivyClusterScanJob, error) { + return &TrivyClusterScanJob{ + // config: config, + js: js, + frequency: frequency, + }, nil +} +func (v *TrivyClusterScanJob) CronSpec() string { + return v.frequency +} + +func (j *TrivyClusterScanJob) Run() { + // Call the outDatedImages function with the provided config and js + err := trivy.RunTrivyK8sClusterScan(j.js) + events.LogErr(err) +} +func NewTrivyImagesJob(config *rest.Config, js nats.JetStreamContext, frequency string) (*TrivyImageJob, error) { + return &TrivyImageJob{ + config: config, + js: js, + frequency: frequency, + }, nil +} +func (v *TrivyImageJob) CronSpec() string { + return v.frequency +} + +func (j *TrivyImageJob) Run() { + // Call the outDatedImages function with the provided config and js + err := trivy.RunTrivyImageScans(j.config, j.js) + events.LogErr(err) +} func NewOutDatedImagesJob(config *rest.Config, js nats.JetStreamContext, frequency string) (*OutDatedImagesJob, error) { return &OutDatedImagesJob{ config: config, @@ -128,23 +187,3 @@ func (j *RakkessJob) Run() { err := rakkess.RakeesOutput(j.config, j.js) events.LogErr(err) } -func NewTrivyJob(config *rest.Config, js nats.JetStreamContext, frequency string) (*TrivyJob, error) { - return &TrivyJob{ - config: config, - js: js, - frequency: frequency, - }, nil -} -func (v *TrivyJob) CronSpec() string { - return v.frequency -} - -func (j *TrivyJob) Run() { - // Call the Trivy function with the provided config and js - err := trivy.RunTrivySbomScan(j.config, j.js) - events.LogErr(err) - err = trivy.RunTrivyImageScans(j.config, j.js) - events.LogErr(err) - err = trivy.RunTrivyK8sClusterScan(j.js) - events.LogErr(err) -} diff --git a/charts/agent/Chart.yaml b/charts/agent/Chart.yaml index 25cca1a8..296eb7b5 100644 --- a/charts/agent/Chart.yaml +++ b/charts/agent/Chart.yaml @@ -15,7 +15,7 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 1.1.15 +version: 1.1.16 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to diff --git a/charts/agent/templates/deployment.yaml b/charts/agent/templates/deployment.yaml index db0c1603..675ff272 100644 --- a/charts/agent/templates/deployment.yaml +++ b/charts/agent/templates/deployment.yaml @@ -79,8 +79,12 @@ spec: value: "{{ .Values.schedule.rakkessInterval }}" - name: KUBEPREUPGRADE_INTERVAL value: "{{ .Values.schedule.kubepreupgradeInterval }}" - - name: TRIVY_INTERVAL - value: "{{ .Values.schedule.trivyInterval }}" + - name: TRIVY_IMAGE_INTERVAL + value: "{{ .Values.schedule.trivyimageInterval }}" + - name: TRIVY_SBOM_INTERVAL + value: "{{ .Values.schedule.trivysbomInterval }}" + - name: TRIVY_CLUSTERSCAN_INTERVAL + value: "{{ .Values.schedule.trivyclusterscanInterval }}" - name: IS_OPTEL_ENABLED value: "{{ .Values.opentelemetry.isEnabled }}" - name : OPTEL_URL diff --git a/charts/agent/values.yaml b/charts/agent/values.yaml index 38f991b3..6591ea22 100644 --- a/charts/agent/values.yaml +++ b/charts/agent/values.yaml @@ -184,7 +184,9 @@ schedule: kubescoreInterval: "@every 20h" rakkessInterval: "@every 21h" kubepreupgradeInterval: "@every 22h" - trivyInterval: "@every 24h" + trivyimageInterval: "@every 24h" + trivysbomInterval: "@every 16h" + trivyclusterscanInterval: "@every 17h" kuberhealthy: enabled: true