Skip to content
This repository was archived by the owner on May 7, 2026. It is now read-only.

Schedule image scan#7

Merged
anjmao merged 3 commits into
mainfrom
schedule-img-scan
Aug 29, 2022
Merged

Schedule image scan#7
anjmao merged 3 commits into
mainfrom
schedule-img-scan

Conversation

@anjmao

@anjmao anjmao commented Aug 26, 2022

Copy link
Copy Markdown
Collaborator

No description provided.

Comment thread imagescan/scanner.go Outdated
Comment thread imagescan/scanner.go
Comment thread imagescan/subscriber.go
@anjmao anjmao force-pushed the schedule-img-scan branch from 316de97 to a0e2f6e Compare August 29, 2022 10:14
@anjmao anjmao merged commit 3f6e2c9 into main Aug 29, 2022
@anjmao anjmao deleted the schedule-img-scan branch August 29, 2022 10:26
ruckgy pushed a commit that referenced this pull request May 5, 2026
#1 Replace stale "line ~841" reference in OPERATOR_PRE_EXISTING comment
   with a section anchor — line numbers rot when the script grows.

#2 Tighten kent fast-path shape check from {agent, controller, castai,
   enabled} to {agent, controller} only. Hoisted into a shared
   KVISOR_DISCRIMINATOR constant used by both fast-path and recursive
   walk so they stay in sync. 'castai' (cluster identity stub) and
   'enabled' (too generic) could otherwise route flags into a future
   minimal stub.

#3 ch_query() now distinguishes kubectl-exec failure from empty result.
   Captures stderr to a tempfile and surfaces the first error line on
   failure ("Bronze probe failed (last clickhouse error: …)") instead
   of the misleading "Bronze empty after 180s — check OBI logs". Also
   adds an upfront SELECT 1 reachability check + LIMIT 1 on probes to
   defend against schema drift returning multi-row results.

#4 Phase 2 prerequisite-state read now uses trap-based cleanup and
   separate HELM_ERR / PY_ERR tempfiles, so the warn message can say
   "helm error: …" or "values parse error: …" rather than head -1ing a
   file that mixed both sources. trap 'rm -f' EXIT plugs the leak path
   under set -e.

#5 Kent override comment generalized — drop the verbatim
   "containers[1].volumeMounts[0].name: Not found" quote (pinned to
   current kubectl wording AND a specific container index) for
   "volumeMounts[N].name: Not found validation errors".

#6 Add a "Two-step lookup" preamble above the find_kvisor_path comment
   and a docstring change so a reader of the recursive walk realises
   the kent fast-path short-circuits before it ever runs.

#7 Add debug() calls in the new code paths (OPERATOR_PRE_EXISTING
   snapshot, Phase 2 prereq read result, kent autoscaler-disable
   injection, probe stage transitions) so --verbose surfaces "why did
   the script choose X" for the kent-specific logic.

#8 Demote manual-verification steps 1–5 from ### to #### and add an
   intro paragraph under "### Manual Verification" so the heading
   isn't immediately followed by another heading at the same level.

Verified end-to-end against the kent test cluster:
- dry-run shows all expected info lines including the new debug output
- script syntax (bash -n) clean
- markdown heading hierarchy under '## Verification' is now well-formed

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
ruckgy added a commit that referenced this pull request May 5, 2026
* feat: Adding Kent enterprise support

* doc: Adding Kent enterprise documentation

* PR review followup: address 8 review findings

#1 Replace stale "line ~841" reference in OPERATOR_PRE_EXISTING comment
   with a section anchor — line numbers rot when the script grows.

#2 Tighten kent fast-path shape check from {agent, controller, castai,
   enabled} to {agent, controller} only. Hoisted into a shared
   KVISOR_DISCRIMINATOR constant used by both fast-path and recursive
   walk so they stay in sync. 'castai' (cluster identity stub) and
   'enabled' (too generic) could otherwise route flags into a future
   minimal stub.

#3 ch_query() now distinguishes kubectl-exec failure from empty result.
   Captures stderr to a tempfile and surfaces the first error line on
   failure ("Bronze probe failed (last clickhouse error: …)") instead
   of the misleading "Bronze empty after 180s — check OBI logs". Also
   adds an upfront SELECT 1 reachability check + LIMIT 1 on probes to
   defend against schema drift returning multi-row results.

#4 Phase 2 prerequisite-state read now uses trap-based cleanup and
   separate HELM_ERR / PY_ERR tempfiles, so the warn message can say
   "helm error: …" or "values parse error: …" rather than head -1ing a
   file that mixed both sources. trap 'rm -f' EXIT plugs the leak path
   under set -e.

#5 Kent override comment generalized — drop the verbatim
   "containers[1].volumeMounts[0].name: Not found" quote (pinned to
   current kubectl wording AND a specific container index) for
   "volumeMounts[N].name: Not found validation errors".

#6 Add a "Two-step lookup" preamble above the find_kvisor_path comment
   and a docstring change so a reader of the recursive walk realises
   the kent fast-path short-circuits before it ever runs.

#7 Add debug() calls in the new code paths (OPERATOR_PRE_EXISTING
   snapshot, Phase 2 prereq read result, kent autoscaler-disable
   injection, probe stage transitions) so --verbose surfaces "why did
   the script choose X" for the kent-specific logic.

#8 Demote manual-verification steps 1–5 from ### to #### and add an
   intro paragraph under "### Manual Verification" so the heading
   isn't immediately followed by another heading at the same level.

Verified end-to-end against the kent test cluster:
- dry-run shows all expected info lines including the new debug output
- script syntax (bash -n) clean
- markdown heading hierarchy under '## Verification' is now well-formed

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>

---------

Co-authored-by: Gyorgy Ruck <gyorgy@cast.ai>
Co-authored-by: Claude Opus 4.7 <noreply@anthropic.com>
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants