feat: Add option to config to set runtime socket address #831
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
sozercan
reviewed
Aug 14, 2023
There was a problem hiding this comment.
why are we adding a new api version
There was a problem hiding this comment.
I wasn't sure if it was merited here or not. I don't mind adding the changes to v1alpha2 instead
There was a problem hiding this comment.
that should be fine as long as we default if users don't specify. wdyt?
There was a problem hiding this comment.
v1alpha3 defaults to containerd and the default containerd socket address. If it's a version prior to v1alpha3 and something other than containerd is specified, then it'll use the default socket address for that runtime.
pmengelbert
force-pushed
the
feat/containerd.sock
branch
from
bf42518 to
bf83254
Compare
This change will enable us to specify the runtime socket address. The values do not propagate yet; this just introduces the necessary backward-compatible struct. Signed-off-by: Peter Engelbert <pmengelbert@gmail.com>
v1alpha1 -> unversioned unversioned -> v1alpha1 v1alpha2 -> unversioned unversioned -> v1alpha2 All of these needed ManagerConfig conversions because we are now allowing for the specification of the `runtimeSocketAddress`, and not just the name of the `runtime`. Signed-off-by: Peter Engelbert <pmengelbert@gmail.com>
`runtimeConfig.manager.runtimeSocketAddress` can now be specified. `runtimeConfig.manager.runtime` is now deprecated. Signed-off-by: Peter Engelbert <pmengelbert@gmail.com>
Signed-off-by: Peter Engelbert <pmengelbert@gmail.com>
Because trivy's behavior switches on the name of the runtime, it has to be supplied at the time trivy runs. To specify the address, there are 3 different environment variables that trivy will check in order to find the socket, depending on the runtime. In the case of the crio runtime, an exact address cannot be specified (or rather, trivy won't understand it). Trivy will always look for the podman address at $XDG_RUNTIME_DIR/podman/podman.sock . While the value of XDG_RUNTIME_DIR can be changed, the exact socket address can't be. Signed-off-by: Peter Engelbert <pmengelbert@gmail.com>
pmengelbert
force-pushed
the
feat/containerd.sock
branch
from
bf83254 to
cdeaefd
Compare
|
Superseded by #930 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
What this PR does / why we need it:
Which issue(s) this PR fixes (optional, using
fixes #<issue number>(, fixes #<issue_number>, ...)format, will close the issue(s) when the PR gets merged):Fixes #647