From ec7961341e396f47837e4f2703796c4f0942b5d7 Mon Sep 17 00:00:00 2001 From: Matthias Bertschy Date: Mon, 27 Jan 2025 08:47:51 +0100 Subject: [PATCH] always get ImageID from container statuses Signed-off-by: Matthias Bertschy --- pkg/containerwatcher/v1/container_watcher_private.go | 11 +++++++++-- pkg/utils/utils.go | 3 ++- 2 files changed, 11 insertions(+), 3 deletions(-) diff --git a/pkg/containerwatcher/v1/container_watcher_private.go b/pkg/containerwatcher/v1/container_watcher_private.go index a39a277f..f73d7635 100644 --- a/pkg/containerwatcher/v1/container_watcher_private.go +++ b/pkg/containerwatcher/v1/container_watcher_private.go @@ -103,14 +103,21 @@ func (ch *IGContainerWatcher) setSharedWatchedContainerData(container *container func (ch *IGContainerWatcher) getSharedWatchedContainerData(container *containercollection.Container) (*utils.WatchedContainerData, error) { watchedContainer := utils.WatchedContainerData{ ContainerID: container.Runtime.ContainerID, - ImageID: container.Runtime.ContainerImageDigest, - // we get ImageTag from the pod spec for consistency between different runtimes + // we get ImageID and ImageTag from the pod spec for consistency with operator } wl, err := ch.k8sClient.GetWorkload(container.K8s.Namespace, "Pod", container.K8s.PodName) if err != nil { return nil, fmt.Errorf("failed to get workload: %w", err) } + // make sure the pod is not pending (otherwise ImageID is empty in containerStatuses) + podStatus, err := wl.GetPodStatus() + if err != nil { + return nil, fmt.Errorf("failed to get pod status: %w", err) + } + if podStatus.Phase == "Pending" { + return nil, fmt.Errorf("pod is still pending") + } pod := wl.(*workloadinterface.Workload) // fill container type, index and names if watchedContainer.ContainerType == utils.Unknown { diff --git a/pkg/utils/utils.go b/pkg/utils/utils.go index a481a1ad..e5b7b1a0 100644 --- a/pkg/utils/utils.go +++ b/pkg/utils/utils.go @@ -260,7 +260,7 @@ func (watchedContainer *WatchedContainerData) SetContainerInfo(wl workloadinterf checkContainers := func(containers iter.Seq2[int, v1.Container], containerStatuses []v1.ContainerStatus, containerType ContainerType) error { var containersInfo []ContainerInfo for i, c := range containers { - normalizedImageName := NormalizeImageName(c.Image) // FIXME missing tag !!!! + normalizedImageName := NormalizeImageName(c.Image) containersInfo = append(containersInfo, ContainerInfo{ Name: c.Name, ImageTag: normalizedImageName, @@ -273,6 +273,7 @@ func (watchedContainer *WatchedContainerData) SetContainerInfo(wl workloadinterf watchedContainer.SeccompProfilePath = c.SecurityContext.SeccompProfile.LocalhostProfile } watchedContainer.ImageTag = normalizedImageName + watchedContainer.ImageID = containerStatuses[i].ImageID } } watchedContainer.ContainerInfos[containerType] = containersInfo