Merge pull request #469 from kubescape/norun

always get ImageID from container statuses
kubescape · Jan 27, 2025 · dc1994f · dc1994f
2 parents 621c9b9 + ec79613
commit dc1994f
Show file tree

Hide file tree

Showing 2 changed files with 11 additions and 3 deletions.
diff --git a/pkg/containerwatcher/v1/container_watcher_private.go b/pkg/containerwatcher/v1/container_watcher_private.go
@@ -103,14 +103,21 @@ func (ch *IGContainerWatcher) setSharedWatchedContainerData(container *container
 func (ch *IGContainerWatcher) getSharedWatchedContainerData(container *containercollection.Container) (*utils.WatchedContainerData, error) {
 	watchedContainer := utils.WatchedContainerData{
 		ContainerID: container.Runtime.ContainerID,
-		ImageID:     container.Runtime.ContainerImageDigest,
-		// we get ImageTag from the pod spec for consistency between different runtimes
+		// we get ImageID and ImageTag from the pod spec for consistency with operator
 	}
 
 	wl, err := ch.k8sClient.GetWorkload(container.K8s.Namespace, "Pod", container.K8s.PodName)
 	if err != nil {
 		return nil, fmt.Errorf("failed to get workload: %w", err)
 	}
+	// make sure the pod is not pending (otherwise ImageID is empty in containerStatuses)
+	podStatus, err := wl.GetPodStatus()
+	if err != nil {
+		return nil, fmt.Errorf("failed to get pod status: %w", err)
+	}
+	if podStatus.Phase == "Pending" {
+		return nil, fmt.Errorf("pod is still pending")
+	}
 	pod := wl.(*workloadinterface.Workload)
 	// fill container type, index and names
 	if watchedContainer.ContainerType == utils.Unknown {

diff --git a/pkg/utils/utils.go b/pkg/utils/utils.go
@@ -260,7 +260,7 @@ func (watchedContainer *WatchedContainerData) SetContainerInfo(wl workloadinterf
 	checkContainers := func(containers iter.Seq2[int, v1.Container], containerStatuses []v1.ContainerStatus, containerType ContainerType) error {
 		var containersInfo []ContainerInfo
 		for i, c := range containers {
-			normalizedImageName := NormalizeImageName(c.Image) // FIXME missing tag !!!!
+			normalizedImageName := NormalizeImageName(c.Image)
 			containersInfo = append(containersInfo, ContainerInfo{
 				Name:     c.Name,
 				ImageTag: normalizedImageName,
@@ -273,6 +273,7 @@ func (watchedContainer *WatchedContainerData) SetContainerInfo(wl workloadinterf
 					watchedContainer.SeccompProfilePath = c.SecurityContext.SeccompProfile.LocalhostProfile
 				}
 				watchedContainer.ImageTag = normalizedImageName
+				watchedContainer.ImageID = containerStatuses[i].ImageID
 			}
 		}
 		watchedContainer.ContainerInfos[containerType] = containersInfo