-
Notifications
You must be signed in to change notification settings - Fork 1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[SBOM] Use container runtime snapshotter by default on EKS and GKE #1553
base: main
Are you sure you want to change the base?
Conversation
daaf48e
to
f222b91
Compare
Hi @lebauce General question, have we investigated the possibility to handle it directly in the agent code base? Can we easily detect if we should run the snapshotter by default (maybe based on the kubelet or containerd configuration) or maybe try with the default method and fallback automatically with the snapshotter if we get the "missing layer" error when the agent tries to scan a container image. |
@clamoriniere |
Longer term solution could be to use the agent "overlayfs direct scan" mode which "only" requires mount /var/lib/containers and use by default |
But in that case, do we loose the image layer information to identify in which layer the package is part of? |
No, we don't lose this information as we still have one folder per layer |
f222b91
to
354a6da
Compare
What this PR does / why we need it:
Detect whether the agent is deployed on EKS or GKE and use the container runtime snapshotter in these cases.
Which issue this PR fixes
(optional, in
fixes #<issue number>(, fixes #<issue_number>, ...)
format, will close that issue when PR gets merged)Special notes for your reviewer:
Checklist
[Place an '[x]' (no spaces) in all applicable fields. Please remove unrelated fields.]
.github/helm-docs.sh
)CHANGELOG.md
has been updatedREADME.md
make update-test-baselines
)