Description
Describe the bug
When the cluster has istio sidecar injection enabled the secureCodeBox cannot properly run its scans in the namespace as the jobs never terminate as the sidecar is still running even hours after the scan has completed.
Depending on the istio config this can also mess with the ability of the operator / lurcher / parsers to talk to the kubernetes API.
To Reproduce
Steps to reproduce the behavior:
- Start any scan in a istio injection enabled namespace
- Scan will never terminate
Expected behavior
Scans should work normally in istio enabled namespaces.
As a temporary workaround, or to wait untill proper sidecar support is added to kubernetes, it would be best to disable the injection via a "sidecar.istio.io/inject": "false"
pod label on scan, parse and hook pods, see: https://istio.io/latest/docs/setup/additional-setup/sidecar-injection/#automatic-sidecar-injection
Ideally the secureCodeBox Operator could support istio and other service meshes directly and proxy scanner traffic thought the sidecar.
System (please complete the following information):
- Kubernetes: any version
- Istio: any version
Metadata
Metadata
Assignees
Labels
Type
Projects
Status