fix: upgrade K8s client library to add Keep Alive to watches

Dockerfile

@@ -34,6 +34,9 @@ RUN chmod 755 /usr/bin/dumb-init
 RUN groupadd -g 10001 snyk
 RUN useradd -g snyk -d /srv/app -u 10001 snyk
 
+# @kubernetes/[email protected] started using net-keepalive, which requires the following packages to build modules
+RUN yum --disableplugin=subscription-manager install -y make gcc gcc-c++
+
 WORKDIR /srv/app
 
 COPY --chown=snyk:snyk --from=skopeo-build /usr/bin/skopeo /usr/bin/skopeo
@@ -50,6 +53,8 @@ RUN mkdir -p .config
 
 RUN npm install
 
+RUN yum remove -y make gcc gcc-c++
+
 # add the rest of the app files
 ADD --chown=snyk:snyk . .
 

package.json

@@ -33,7 +33,7 @@
     "lint": "eslint \"src/**/*.ts\" && (cd test && eslint \"**/*.ts\")"
   },
   "dependencies": {
-    "@kubernetes/client-node": "^0.14.0",
+    "@kubernetes/client-node": "^0.14.2",
     "@snyk/dep-graph": "^1.28.0",
     "async": "^3.2.0",
     "aws-sdk": "^2.867.0",

test/README.md

@@ -49,7 +49,7 @@ All integration tests require the Kubernetes-Monitor to be built into an image o
 The easiest way to achieve it is by running the `scripts/docker/build-image.sh` script.
 Please note that `docker` needs to be installed in order for this script to succeed.
 
-As part of these tests, we attempt pulling and scanning an image hosted on a private GCR registry. For this test case to work, one has to define the following environment variables: `GCR_IO_SERVICE_ACCOUNT`, `GCR_IO_DOCKERCFG`.
+As part of these tests, we attempt pulling and scanning an image hosted on a private GCR registry. For this test case to work, one has to define the following environment variables: `GCR_IO_SERVICE_ACCOUNT`, `GCR_IO_DOCKERCFG`, `DOCKER_HUB_RO_USERNAME`, `DOCKER_HUB_RO_PASSWORD`.
 
 Our integration tests may use different Kubernetes platforms to host the Kubernetes-Monitor. These platforms may use an existing cluster, or create a new one. Both decisions are based on the environment variables:
 * `TEST_PLATFORM` (`kind`, `kindolm`, `eks`)

test/fixtures/alpine-pod.yaml

@@ -6,6 +6,8 @@ metadata:
   labels:
     app: alpine
 spec:
+  imagePullSecrets:
+  - name: docker-io
   containers:
   - name: alpine
     image: alpine

test/fixtures/binaries-deployment.yaml

@@ -15,6 +15,8 @@ spec:
       labels:
         app: binaries
     spec:
+      imagePullSecrets:
+      - name: docker-io
       containers:
       - name: node
         image: node@sha256:215a9fbef4df2c1ceb7c79481d3cfd94ad8f1f0105bade39f3be907bf386c5e1

test/fixtures/centos-deployment.yaml

@@ -14,6 +14,8 @@ spec:
       labels:
         app.kubernetes.io/name: centos
     spec:
+      imagePullSecrets:
+      - name: docker-io
       containers:
       - image: centos:7
         imagePullPolicy: Always

test/fixtures/consul-deployment.yaml

@@ -15,6 +15,8 @@ spec:
       labels:
         app.kubernetes.io/name: consul
     spec:
+      imagePullSecrets:
+      - name: docker-io
       containers:
       - image: snyk/runtime-fixtures:consul
         imagePullPolicy: Always

test/fixtures/insecure-registries/push-dockerhub-image-to-local-registry.yaml

@@ -5,6 +5,8 @@ metadata:
 spec:
   template:
     spec:
+      imagePullSecrets:
+        - name: docker-io
       containers:
         - name: my-container
           image: golang:1.13.1-alpine3.10

test/fixtures/java-deployment.yaml

@@ -15,6 +15,8 @@ spec:
       labels:
         app.kubernetes.io/name: java
     spec:
+      imagePullSecrets:
+      - name: docker-io
       containers:
       - image: java:latest
         imagePullPolicy: Always

test/fixtures/nginx-replicationcontroller.yaml

@@ -13,6 +13,8 @@ spec:
       labels:
         app: nginx
     spec:
+      imagePullSecrets:
+      - name: docker-io
       containers:
       - name: nginx
         image: nginx

test/fixtures/proxying/tinyproxy-deployment.yaml

@@ -12,6 +12,8 @@ spec:
       labels:
         app: forwarding-proxy
     spec:
+      imagePullSecrets:
+      - name: docker-io
       containers:
       - name: forwarding-proxy
         image: snyk/runtime-fixtures:tinyproxy

test/fixtures/redis-deployment.yaml

@@ -15,6 +15,8 @@ spec:
       labels:
         app.kubernetes.io/name: redis
     spec:
+      imagePullSecrets:
+      - name: docker-io
       containers:
       - image: redis:latest
         imagePullPolicy: Always

test/fixtures/scratch-deployment.yaml

@@ -15,6 +15,8 @@ spec:
       labels:
         app.kubernetes.io/name: busybox
     spec:
+      imagePullSecrets:
+      - name: docker-io
       containers:
       - image: busybox:1.31.1
         imagePullPolicy: Always

test/helpers/kubectl.ts

@@ -89,7 +89,7 @@ export async function applyK8sYaml(pathToYamlDeployment: string, namespace?: str
 
 export async function createPodFromImage(name: string, image: string, namespace: string) {
   console.log(`Letting Kubernetes decide how to manage image ${image} with name ${name}`);
-  await exec(`./kubectl run ${name} --generator=run-pod/v1 --image=${image} -n ${namespace} -- sleep 999999999`);
+  await exec(`./kubectl run ${name} --image=${image} -n ${namespace} -- sleep 999999999`);
   console.log(`Done Letting Kubernetes decide how to manage image ${image} with name ${name}`);
 }