Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly

Appearance settings

Scan Jobs hang if Cluster / Namespace uses Istio #132

Copy link
Copy link
Open
@J12934

Description

@J12934
Issue body actions

Describe the bug

When the cluster has istio sidecar injection enabled the secureCodeBox cannot properly run its scans in the namespace as the jobs never terminate as the sidecar is still running even hours after the scan has completed.

Depending on the istio config this can also mess with the ability of the operator / lurcher / parsers to talk to the kubernetes API.

To Reproduce
Steps to reproduce the behavior:

  1. Start any scan in a istio injection enabled namespace
  2. Scan will never terminate

Expected behavior

Scans should work normally in istio enabled namespaces.

As a temporary workaround, or to wait untill proper sidecar support is added to kubernetes, it would be best to disable the injection via a "sidecar.istio.io/inject": "false"pod label on scan, parse and hook pods, see: https://istio.io/latest/docs/setup/additional-setup/sidecar-injection/#automatic-sidecar-injection

Ideally the secureCodeBox Operator could support istio and other service meshes directly and proxy scanner traffic thought the sidecar.

System (please complete the following information):

  • Kubernetes: any version
  • Istio: any version

Metadata

Metadata

Assignees

No one assigned

    Labels

    Type

    No type

    Projects

    Status

    Backlog
    Show more project fields

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions

      Morty Proxy This is a proxified and sanitized view of the page, visit original site.