clairctl
clairctl copied to clipboard
jgsqware
Clair, clairctl and Kubernetes
I am trying to use Clair and Clairctl in my Jenkins Pipeline which is running in Kubernetes. I have 3 containers within one pod:
- Jenkins Slave Container + clairctl
- Docker in Docker Container (DOCKER_HOST=localhost:2375)
- Clair Container - Talking to Hosted DB.
The Jenkins Slave has docker installed with DOCKER_HOST set to localhost:2375 I then try and run various clairctl commands and nothing quite works.
+ clairctl --config /etc/clairctl.yaml health
Clair: ✔
+ clairctl --config /etc/clairctl.yaml push --help
Upload a Docker image to Clair for further analysis
Usage:
clairctl push IMAGE [flags]
Flags:
-l, --local Use local images
Global Flags:
--config string config file (default is $HOME/clairctl.yml)
--log-level string log level [Panic,Fatal,Error,Warn,Info,Debug]
--no-clean Disable the temporary folder cleaning
+ clairctl --config /etc/clairctl.yaml --log-level Debug push gitlab.domain:4567/container_name:clairfun-20
2018-05-14 15:00:46.281362 D | config: Using config file: /etc/clairctl.yaml
2018-05-14 15:00:46.281497 D | dockerdist: Downloading manifest for gitlab.domain:4567/container_name:clairfun-20
2018-05-14 15:00:46.281563 D | dockerdist: Retrieving repository client
2018-05-14 15:00:46.456892 D | dockerdist: endpoint.TLSConfig.InsecureSkipVerify: false
client quit unexpectedly
2018-05-14 15:00:46.459792 C | cmd: retrieving manifest for "gitlab.domain:4567/container_name:clairfun-20": Only V2 repository are supported
+ true
+ clairctl --config /etc/clairctl.yaml --log-level Debug analyze gitlab.domain:4567/container_name:clairfun-20
2018-05-14 15:00:46.504477 D | config: Using config file: /etc/clairctl.yaml
2018-05-14 15:00:46.504593 D | dockerdist: Downloading manifest for gitlab.domain:4567/container_name:clairfun-20
2018-05-14 15:00:46.504667 D | dockerdist: Retrieving repository client
2018-05-14 15:00:46.637384 D | dockerdist: endpoint.TLSConfig.InsecureSkipVerify: false
client quit unexpectedly
2018-05-14 15:00:46.640092 C | cmd: retrieving manifest for "gitlab.domain:4567/container_name:clairfun-20": Only V2 repository are supported
+ true
+ clairctl --config /etc/clairctl.yaml report --help
Generate Docker Image vulnerabilities report as HTML or JSON
Usage:
clairctl report IMAGE [flags]
Flags:
-f, --format string Format for Report [html,json] (default "html")
-l, --local Use local images
-w, --whitelist string YAML Configuration file for severity whitelisting
Global Flags:
--config string config file (default is $HOME/clairctl.yml)
--log-level string log level [Panic,Fatal,Error,Warn,Info,Debug]
--no-clean Disable the temporary folder cleaning
+ clairctl --config /etc/clairctl.yaml --log-level Debug report gitlab.domain:4567/container_name:clairfun-20
2018-05-14 15:00:46.731933 D | config: Using config file: /etc/clairctl.yaml
2018-05-14 15:00:46.732057 D | dockerdist: Downloading manifest for gitlab.domain:4567/container_name:clairfun-20
2018-05-14 15:00:46.732128 D | dockerdist: Retrieving repository client
2018-05-14 15:00:46.868761 D | dockerdist: endpoint.TLSConfig.InsecureSkipVerify: false
client quit unexpectedly
2018-05-14 15:00:46.871785 C | cmd: retrieving manifest for "gitlab.domain:4567/container_name:clairfun-20": Only V2 repository are supported
+ true
+ clairctl --config /etc/clairctl.yaml --log-level Debug report --local --format json gitlab.domain:4567/container_name:clairfun-20
2018-05-14 15:00:46.915436 D | config: Using config file: /etc/clairctl.yaml
2018-05-14 15:00:46.915817 D | dockercli: docker image to save: gitlab.domain:4567/container_name:clairfun-20
2018-05-14 15:00:46.915825 D | dockercli: saving in: /tmp/clairctl/gitlab_so_etv_eld_ericsson_se_4567/container_name/clairfun-20/blobs
2018-05-14 15:00:51.258897 I | config: retrieving interface for local IP
2018-05-14 15:00:51.258919 D | config: no interface provided, looking for docker0
2018-05-14 15:00:51.259109 I | clair: using http://172.17.0.1:0/local as local url
2018-05-14 15:00:51.264568 E | clair: analysing layer [c485fc7c3d04] 1/10: receiving http error: 404
2018-05-14 15:00:51.266405 E | clair: analysing layer [2df3e6209541] 2/10: receiving http error: 404
2018-05-14 15:00:51.268667 E | clair: analysing layer [07cee7fbb256] 3/10: receiving http error: 404
2018-05-14 15:00:51.270527 E | clair: analysing layer [3f45f8e59a84] 4/10: receiving http error: 404
2018-05-14 15:00:51.272524 E | clair: analysing layer [8d035f29cd8f] 5/10: receiving http error: 404
2018-05-14 15:00:51.274762 E | clair: analysing layer [a5372e423523] 6/10: receiving http error: 404
2018-05-14 15:00:51.276627 E | clair: analysing layer [5e7a92f00a5a] 7/10: receiving http error: 404
2018-05-14 15:00:51.278637 E | clair: analysing layer [50067b5ad89f] 8/10: receiving http error: 404
2018-05-14 15:00:51.281229 E | clair: analysing layer [56bea3b78f9f] 9/10: receiving http error: 404
2018-05-14 15:00:51.298976 I | clair: analysing layer [45d88eda03f8] 10/10
JSON report at ./reports/json/analysis-gitlab.domain:4567-team-blue-mfsp-spark-mux-clairfun-20.json
2018-05-14 15:00:51.300168 D | config: cleaning temporary local repository
I think clairctl is successfully talking to the clair container on port 6060 I have pulled the images into the Jenkins Slave so Docker Client is running as expected as is the Docker In Docker container.
My confusion is why am I getting this error:
Only V2 repository are supported
My clairctl config file looks like this:
clair:
port: 6060
healthPort: 6061
uri: http://localhost
report:
path: ./reports
format: json
auth:
insecureSkipVerify: true
docker:
insecure-registries:
- "gitlab.domain:4567"
Not sure what I am doing wrong but I have tried this and using --local but with no progress. Any help / ideas would be much appreciated.
@djl197 Were you able to resolve this issue. I am about the try a similar setup except I was planning on having clair as a separate deployment.
