Flux: Turn off the docker scan option completely.

Created on 28 Aug 2019  路  9Comments  路  Source: fluxcd/flux

Describe the feature
I use flux cd as purely for GitOps, which means, i update my kubernetes configurations through the CI pipeline and which at the end updates the git with the appropriate changes. But when i go through i can still see lots of logs saying its scanning all my docker images and ignoring them. Are there a way to turn off the pod scanning for docker images and stop those specific logs, which is actually confusing.

What would the new user story look like?
How would the new interaction with Flux look like? E.g.

  1. User should able to turn on or off the docker scan options at a global level.
FAQ enhancement question
Source
picture ysaakpr
👍3

Most helpful comment

Exclude works for me, but still, I would like to have a flag which disables registry scans completely. If wildcard matching syntax ever broken - I'm fucked up :(.
Registry on/off flag would be bulletproof.

picture max-lobur on 17 Sep 2019
👍4

All 9 comments

You can disable the image scanning with --registry-exclude-image=* see the FAQ for more details: https://docs.fluxcd.io/en/stable/faq.html#can-i-disable-flux-registry-scanning

stefanprodan picture stefanprodan on 28 Aug 2019
👍1

@ysaakpr Let us know if this works for you, and we can close the issue (or just close if you're happy).

squaremo picture squaremo on 29 Aug 2019

Hi squaremo, it worked, but look through the code it's still scanning for all the deployed pods and matching with the given exclude glob. It would be an ideal case to disable the feature using another flag.

ysaakpr picture ysaakpr on 29 Aug 2019
👍2

@ysaakpr I see what you mean, OK. Switching scanning off would involve some code detangling (and some design -- for instance, would it make sense to be able to switch scanning off, but still have automated upgrades? ). Logically, though, it is a completely reasonable desideratum.

squaremo picture squaremo on 2 Sep 2019

how can I use registry-exclude-image to exclude multiple images?

runningman84 picture runningman84 on 3 Sep 2019

@runningman84 literally copied from the doc link posted above:

--registry-exclude-image=docker.io/*,quay.io/*

hiddeco picture hiddeco on 3 Sep 2019
👍1

Exclude works for me, but still, I would like to have a flag which disables registry scans completely. If wildcard matching syntax ever broken - I'm fucked up :(.
Registry on/off flag would be bulletproof.

max-lobur picture max-lobur on 17 Sep 2019
👍4

I think for time being we can add a flag --disable-image-scan and apply the exclude image internally, and later we could add more specific changes to this feature

ysaakpr picture ysaakpr on 18 Sep 2019
👍2

--registry-scanning=false was just added in #2745 , I will update the FAQ

2opremio picture 2opremio on 16 Jan 2020
🎉2
Was this page helpful?
0 / 5 - 0 ratings

Related issues

pmarkus picture pmarkus  路  4Comments
leroy0211 picture leroy0211  路  3Comments
brantb picture brantb  路  3Comments
Alphapage picture Alphapage  路  3Comments
errordeveloper picture errordeveloper  路  4Comments