从 2.1.5 -> 4.1.5 更新 Clair,服务似乎发生了很大变化。我在 kubernetes 的一个 pod 上运行 Clair v4,另一个 pod 上有一个 postgres 数据库。Clair pod 和数据库之间的连接似乎工作正常,因为它更新了日志中可见的 CVE 数据。
主要问题是,clairctl report nginx:latest例如在运行命令时,我收到一条错误消息
ERR error="Get \"http://localhost:6060/indexer/api/v1/index_report/sha256:5e95e5eb8be4322e3b3652d737371705e56809ed8b307ad68ec59ddebaaf60e4\": dial tcp 127.0.0.1:6060: connect: connection refused"
这是我正在使用的 conf 和 kubernetes yaml-s
---
# config.yaml
log_level: debug-color
introspection_addr: ""
http_listen_addr: ":6000"
updaters: {}
indexer:
connstring: 'postgresql://postgres:postgres@postgres/clair'
scanlock_retry: 10
layer_scan_concurrency: 5
migrations: true
matcher:
indexer_addr: http://localhost:6060/
connstring: 'postgresql://postgres:postgres@postgres/clair'
max_conn_pool: 100
migrations: true
matchers:
# names:
# - crda
# config:
# crda:
# url: https://f8a-analytics-preview-2445582058137.production.gw.apicast.io/?user_key=3e42fa66f65124e6b1266a23431e3d08
notifier:
indexer_addr: http://localhost:6060/
matcher_addr: http://localhost:6060/
connstring: 'postgresql://postgres:postgres@postgres/clair'
migrations: true
delivery_interval: 5s
poll_interval: 15s
# webhook:
# target: "http://webhook/"
# callback: "http://clair-notifier/notifier/api/v1/notifications"
amqp:
direct: true
exchange:
name: ""
type: "direct"
durable: true
auto_delete: false
uris: ["amqp://guest:guest@clair-rabbitmq:5672/"]
routing_key: "notifications"
callback: "http://clair-notifier/notifier/api/v1/notifications"
# tracing and metrics config
trace:
name: "jaeger"
probability: 1
jaeger:
agent:
endpoint: "jaeger:6831"
service_name: "clair"
metrics:
name: "prometheus"
---
# clair.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
quay-component: clair
name: clair
spec:
replicas: 1
selector:
matchLabels:
app: clair
template:
metadata:
labels:
app: clair
spec:
containers:
- name: clair
image: quay.io/coreos/clair:v4.1.5
imagePullPolicy: IfNotPresent
env:
- name: CLAIR_CONF
value: /clair/config.yaml
- name: CLAIR_MODE
value: combo
resources:
limits:
memory: "1000Mi"
cpu: "2000m"
ports:
- containerPort: 8080
name: clair-http
protocol: TCP
- containerPort: 6060
name: clair-scanner
protocol: TCP
volumeMounts:
- mountPath: /clair/
name: config
restartPolicy: Always
volumes:
- name: config
secret:
secretName: clair-config-secret
---
apiVersion: v1
kind: Service
metadata:
name: clair
labels:
quay-component: clair
spec:
ports:
- name: clair-http
port: 80
protocol: TCP
targetPort: 8080
- name: clair-scanner
port: 6060
protocol: TCP
targetPort: 6060
selector:
app: clair
type: ClusterIP
---
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: clair
annotations:
ingress.kubernetes.io/ssl-redirect: "false"
spec:
rules:
- http:
paths:
- path: "/"
backend:
serviceName: clair
servicePort: 80
---
# postgres.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
name: postgres
labels:
app: postgres
spec:
replicas: 1
selector:
matchLabels:
app: postgres
template:
metadata:
labels:
app: postgres
spec:
containers:
- name: postgres
image: postgres:latest
imagePullPolicy: 'IfNotPresent'
ports:
- containerPort: 5432
env:
- name: POSTGRES_USER
value: "postgres"
- name: POSTGRES_DB
value: "clair"
- name: POSTGRES_PASSWORD
value: "postgres"
---
apiVersion: v1
kind: Service
metadata:
name: postgres
labels:
app: postgres
spec:
type: ClusterIP
ports:
- port: 5432
protocol: TCP
name: postgres
targetPort: 5432
selector:
app: postgres
有谁知道为什么会发生这个错误。我确实尝试使用该--host标志,但返回了不同的错误消息