New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Have optional result server #590

Open

Vincent056 wants to merge 1 commit into master from disable_result

Vincent056 commented Aug 14, 2024 •

edited

Loading

Adding a Disabled filed in ScanSetting.Spec.RawResultStorage.Disabled, defaulting to false, if setting to true we will not create a result server to store the arf report.

[vincent@node compliance-operator]$ oc get scansetting default -o yaml
apiVersion: compliance.openshift.io/v1alpha1
kind: ScanSetting
maxRetryOnTimeout: 3
metadata:
  creationTimestamp: "2024-08-15T03:38:11Z"
  generation: 2
  name: default
  namespace: openshift-compliance
  resourceVersion: "5259950"
  uid: 7f066043-772e-4c8b-a681-104ffec96a0c
rawResultStorage:
  disabled: true
  nodeSelector:
    node-role.kubernetes.io/master: ""
  pvAccessModes:
  - ReadWriteOnce
  rotation: 3
  size: 1Gi
  tolerations:
  - effect: NoSchedule
    key: node-role.kubernetes.io/master
    operator: Exists
  - effect: NoExecute
    key: node.kubernetes.io/not-ready
    operator: Exists
    tolerationSeconds: 300
  - effect: NoExecute
    key: node.kubernetes.io/unreachable
    operator: Exists
    tolerationSeconds: 300
  - effect: NoSchedule
    key: node.kubernetes.io/memory-pressure
    operator: Exists
roles:
- master
- worker
scanTolerations:
- operator: Exists
schedule: 0 1 * * *
showNotApplicable: false
strictNodeScan: true
suspend: false
timeout: 30m

openshift-ci bot requested review from BhargaviGudi and yuumasato

August 14, 2024 22:56

openshift-ci bot commented Aug 14, 2024

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: Vincent056

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

~~OWNERS~~ [Vincent056]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

openshift-ci bot added the approved label

Vincent056 force-pushed the disable_result branch 3 times, most recently from 6b9593b to c015320 Compare

August 15, 2024 00:28

github-actions bot commented Aug 15, 2024

🤖 To deploy this PR, run the following command:

make catalog-deploy CATALOG_IMG=ghcr.io/complianceascode/compliance-operator-catalog:590

Vincent056 force-pushed the disable_result branch from c015320 to 2163edc Compare

August 15, 2024 00:39

github-actions bot commented Aug 15, 2024

🤖 To deploy this PR, run the following command:

make catalog-deploy CATALOG_IMG=ghcr.io/complianceascode/compliance-operator-catalog:590

3 similar comments

github-actions bot commented Aug 15, 2024

🤖 To deploy this PR, run the following command:

make catalog-deploy CATALOG_IMG=ghcr.io/complianceascode/compliance-operator-catalog:590

github-actions bot commented Aug 15, 2024

🤖 To deploy this PR, run the following command:

make catalog-deploy CATALOG_IMG=ghcr.io/complianceascode/compliance-operator-catalog:590

github-actions bot commented Aug 15, 2024

🤖 To deploy this PR, run the following command:

make catalog-deploy CATALOG_IMG=ghcr.io/complianceascode/compliance-operator-catalog:590

Vincent056 force-pushed the disable_result branch from 2163edc to a1bbb4d Compare

August 15, 2024 04:23

github-actions bot commented Aug 15, 2024

🤖 To deploy this PR, run the following command:

make catalog-deploy CATALOG_IMG=ghcr.io/complianceascode/compliance-operator-catalog:590


          Have optional result server

d08ef94

Adding a Disabled filed in ScanSetting.Spec.RawResultStorage.Disabled, defaulting to false, if setting to true we will not create result server to store arf report.

Vincent056 force-pushed the disable_result branch from a1bbb4d to d08ef94 Compare

August 15, 2024 07:50

github-actions bot commented Aug 15, 2024

🤖 To deploy this PR, run the following command:

make catalog-deploy CATALOG_IMG=ghcr.io/complianceascode/compliance-operator-catalog:590-d08ef9452b3a5e348ab0393dfaa1959590074d7c

Vincent056 requested a review from rhmdnd

August 15, 2024 08:03

Collaborator

xiaojiey commented Aug 15, 2024

verification pass with CATALOG_IMG=ghcr.io/complianceascode/compliance-operator-catalog:590-d08ef9452b3a5e348ab0393dfaa1959590074d7c:

% oc get ss disable-rawresultstorage  -o=jsonpath={.rawResultStorage.disabled}
true%                                                                                                                                                                                    
% cat ssb_test_raw_result_storage.yaml 
apiVersion: compliance.openshift.io/v1alpha1
kind: ScanSettingBinding
metadata:
  name: stig-compliance
  namespace: openshift-compliance
profiles:
  - name: ocp4-stig-node
    kind: Profile
    apiGroup: compliance.openshift.io/v1alpha1
  - name: ocp4-stig
    kind: Profile
    apiGroup: compliance.openshift.io/v1alpha1
  - name: rhcos4-stig
    kind: Profile
    apiGroup: compliance.openshift.io/v1alpha1
settingsRef:
  name: disable-rawresultstorage
  kind: ScanSetting
  apiGroup: compliance.openshift.io/v1alpha1
% oc apply -f ssb_test_raw_result_storage.yaml 
scansettingbinding.compliance.openshift.io/stig-compliance created
% oc get suite -w
NAME              PHASE     RESULT
stig-compliance   RUNNING   NOT-AVAILABLE
stig-compliance   RUNNING   NOT-AVAILABLE
stig-compliance   RUNNING   NOT-AVAILABLE
stig-compliance   RUNNING   NOT-AVAILABLE
stig-compliance   RUNNING   NOT-AVAILABLE
stig-compliance   RUNNING   NOT-AVAILABLE
stig-compliance   RUNNING   NOT-AVAILABLE
stig-compliance   AGGREGATING   NOT-AVAILABLE
stig-compliance   AGGREGATING   NOT-AVAILABLE
stig-compliance   DONE          NON-COMPLIANT
stig-compliance   DONE          NON-COMPLIANT
^C%                                                                                                                                                                                      
% oc get pv
No resources found
% oc get pvc
No resources found in openshift-compliance namespace.
% oc get pv
No resources found

rhmdnd added this to the 1.7.0 milestone

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels