Add support for registry scanner #100
Comments
|
@pauljegouic I have been in contact with the IBM Sysdig team here about your query. There are some internal discussions on this so will get back to you with some more info soon. However can you confirm the version of the module in which you saw this error so I can pass on the image version being used. Thanks |
|
it was the latest atm. We used : resource "helm_release" "scc_wp_registry_scanner" {
name = "sysdig-registry-scanner"
repository = "https://charts.sysdig.com"
chart = "registry-scanner"
version = "1.1.34"
namespace = "ibm-observe"
create_namespace = true
timeout = 600
wait = true
recreate_pods = true
force_update = true
reset_values = true
set {
name = "cronjob.schedule"
type = "string"
value = "*/1 * * * *"
}
set {
name = "config.secureBaseURL"
type = "string"
value = "https://${local.api_endpoint}"
}
set {
name = "config.secureAPIToken"
type = "string"
value = ibm_resource_key.scc_wp_resource_key.credentials["Sysdig Access Key"]
}
set {
name = "config.secureSkipTLS"
value = true
}
set {
name = "config.registryURL"
type = "string"
value = "https://private.${local.public_registry_name}"
}
set {
name = "config.registryUser"
type = "string"
value = "iamapikey"
}
set {
name = "config.registryPassword"
type = "string"
value = ibm_iam_service_api_key.api_key.apikey
}
set {
name = "config.registryType"
type = "string"
value = "icr"
}
set {
name = "config.icrIamApi"
type = "string"
value = "https://private.iam.cloud.ibm.com"
}
set {
name = "config.registryAccountId"
type = "string"
value = data.ibm_iam_account_settings.iam_account_settings.account_id
}
} |
|
@pauljegouic oh so this error isn't related to anything deployed by this module right? Looks like you are explicitly deploying the Is it possible to share in entire registry-scanner logs? If needed we can use our Slack channel to share. |
|
Yes I agree, this is not part of this module right now. But I expect this module in a near future to integrate various functionalities of sysdig secure. (sorry if I am wrong ^^) According to Sysdig team, our components are currently not supporting IBM authentication to interact with Workload Protection. But can you confirm that when you used a Sysdig api token everything worked ok? Yes, when using a Sysdig API Key tied to my user (get it into the sysdig UI), it works well. Let's talk about this into slack. |
|
OK going to leave this issue open then to track adding support to this module to deploy the registry-scanner. According to IBM Sysidg team, it should be a simple integration with a variable and calling the existing helm chart. |
Hello there,
Do you know if there is a way to generate a resource key tied to the workload protection that would work with Registry Scanner ? When informing the key provided to the WP agent, to the registry scanner, it fails during the retrieval of the vulnerability database.
Role used: Administrator (and Manager also for debug)
For example
We need to inform a user Sysdig Secure API Token to make it work.
Kind regards
The text was updated successfully, but these errors were encountered: