You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
What exactly is the point of the postStart lifecycle hook on the CVE updater (as defined in the cronjob)?
The Lifecycle Hook currently failes everytime in my cluster (see below, I assume a network related race condition) and thus prevents the CVE updater itself from running. If I remove the hook from the cronjob definition, the updater runs as expected. Does the annotation that would be set on the scanner pod by the lifecycle hook serve any purpose at all? Or can it be ignored?
Exec lifecycle hook ([/bin/sh -c /usr/bin/curl -kv -X PATCH -H "Authorization:Bearer $(cat /var/run/secrets/kubernetes.io/serviceaccount/token)" -H "Content-Type:application/strategic-merge-patch+json" -d '{"spec":{"template":{"metadata":{"annotations":{"kubectl.kubernetes.io/restartedAt":"'date +%Y-%m-%dT%H:%M:%S%z'"}}}}}' 'https://kubernetes.default/apis/apps/v1/namespaces/neuvector/deployments/neuvector-scanner-pod']) for Container "neuvector-updater-pod" in Pod "manual-update-jcrpp_neuvector(6413f830-e249-4049-85b3-9883355b7f32)" failed - error: command '/bin/sh -c /usr/bin/curl -kv -X PATCH -H "Authorization:Bearer $(cat /var/run/secrets/kubernetes.io/serviceaccount/token)" -H "Content-Type:application/strategic-merge-patch+json" -d '{"spec":{"template":{"metadata":{"annotations":{"kubectl.kubernetes.io/restartedAt":"'date +%Y-%m-%dT%H:%M:%S%z'"}}}}}' 'https://kubernetes.default/apis/apps/v1/namespaces/neuvector/deployments/neuvector-scanner-pod'' exited with 6: % Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0 0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0 0 0 0 0 0 0 0 0 --:--:-- 0:00:01 --:--:-- 0 0 0 0 0 0 0 0 0 --:--:-- 0:00:02 --:--:-- 0 0 0 0 0 0 0 0 0 --:--:-- 0:00:03 --:--:-- 0 0 0 0 0 0 0 0 0 --:--:-- 0:00:04 --:--:-- 0* Could not resolve host: kubernetes.default * Closing connection 0 curl: (6) Could not resolve host: kubernetes.default , message: " % Total % Received % Xferd Average Speed Time Time Time Current\n Dload Upload Total Spent Left Speed\n\r 0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0\r 0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0\r 0 0 0 0 0 0 0 0 --:--:-- 0:00:01 --:--:-- 0\r 0 0 0 0 0 0 0 0 --:--:-- 0:00:02 --:--:-- 0\r 0 0 0 0 0 0 0 0 --:--:-- 0:00:03 --:--:-- 0\r 0 0 0 0 0 0 0 0 --:--:-- 0:00:04 --:--:-- 0* Could not resolve host: kubernetes.default\n* Closing connection 0\ncurl: (6) Could not resolve host: kubernetes.default\n"
The text was updated successfully, but these errors were encountered:
What exactly is the point of the postStart lifecycle hook on the CVE updater (as defined in the cronjob)?
The Lifecycle Hook currently failes everytime in my cluster (see below, I assume a network related race condition) and thus prevents the CVE updater itself from running. If I remove the hook from the cronjob definition, the updater runs as expected. Does the annotation that would be set on the scanner pod by the lifecycle hook serve any purpose at all? Or can it be ignored?
Exec lifecycle hook ([/bin/sh -c /usr/bin/curl -kv -X PATCH -H "Authorization:Bearer $(cat /var/run/secrets/kubernetes.io/serviceaccount/token)" -H "Content-Type:application/strategic-merge-patch+json" -d '{"spec":{"template":{"metadata":{"annotations":{"kubectl.kubernetes.io/restartedAt":"'date +%Y-%m-%dT%H:%M:%S%z'"}}}}}' 'https://kubernetes.default/apis/apps/v1/namespaces/neuvector/deployments/neuvector-scanner-pod']) for Container "neuvector-updater-pod" in Pod "manual-update-jcrpp_neuvector(6413f830-e249-4049-85b3-9883355b7f32)" failed - error: command '/bin/sh -c /usr/bin/curl -kv -X PATCH -H "Authorization:Bearer $(cat /var/run/secrets/kubernetes.io/serviceaccount/token)" -H "Content-Type:application/strategic-merge-patch+json" -d '{"spec":{"template":{"metadata":{"annotations":{"kubectl.kubernetes.io/restartedAt":"'date +%Y-%m-%dT%H:%M:%S%z'"}}}}}' 'https://kubernetes.default/apis/apps/v1/namespaces/neuvector/deployments/neuvector-scanner-pod'' exited with 6: % Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0 0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0 0 0 0 0 0 0 0 0 --:--:-- 0:00:01 --:--:-- 0 0 0 0 0 0 0 0 0 --:--:-- 0:00:02 --:--:-- 0 0 0 0 0 0 0 0 0 --:--:-- 0:00:03 --:--:-- 0 0 0 0 0 0 0 0 0 --:--:-- 0:00:04 --:--:-- 0* Could not resolve host: kubernetes.default * Closing connection 0 curl: (6) Could not resolve host: kubernetes.default , message: " % Total % Received % Xferd Average Speed Time Time Time Current\n Dload Upload Total Spent Left Speed\n\r 0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0\r 0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0\r 0 0 0 0 0 0 0 0 --:--:-- 0:00:01 --:--:-- 0\r 0 0 0 0 0 0 0 0 --:--:-- 0:00:02 --:--:-- 0\r 0 0 0 0 0 0 0 0 --:--:-- 0:00:03 --:--:-- 0\r 0 0 0 0 0 0 0 0 --:--:-- 0:00:04 --:--:-- 0* Could not resolve host: kubernetes.default\n* Closing connection 0\ncurl: (6) Could not resolve host: kubernetes.default\n"
The text was updated successfully, but these errors were encountered: