Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[🐛] kubernetes-monitor does not automatically delete project after deployment deletion despite logs indicating otherwise #1537

Open
Aeternitaas opened this issue Oct 16, 2024 · 0 comments
Open

[🐛] kubernetes-monitor does not automatically delete project after deployment deletion despite logs indicating otherwise #1537

Aeternitaas opened this issue Oct 16, 2024 · 0 comments

Comments

@Aeternitaas
Copy link

Aeternitaas commented Oct 16, 2024
edited
Loading

  • Version 2.16.0
  • Running on AWS EKS
  • Enterprise Plan

Expected behaviour

According to this documentation, there is a closed beta feature that says Snyk Projects should automatically be imported/deleted when a Deployment is created/deleted when running on an Enterprise plan.

Actual behaviour

The Snyk Project is imported perfectly fine upon creation of a new Kubernetes Deployment, however the deletion feature isn't working as intended. When a Kubernetes Deployment is deleted, the snyk-monitor kubectl logs reports:

snyk-monitor-xxx snyk-monitor {"name":"kubernetes-monitor","hostname":"snyk-monitor-xxx","pid":7,"level":30,"workloadName":"debug-deployment","workload":{"type":"Deployment","name":"debug deployment","namespace":"default"},"msg":"removing workloads from upstream","time":"2024-10-16T18:40:17.337Z","v":0}
snyk-monitor-xxx snyk-monitor {"name":"kubernetes-monitor","hostname":"snyk-monitor-xxx","pid":7,"level":30,"workloadLocator":{"type":"Deployment","name":"debug-deployment","namespace":"default","userLocator":"INTEGRATION_ID","cluster":"test-cluster"},"attempt":1,"msg":"workload deleted successfully","time":"2024-10-16T18:40:17.676Z","v":0}

Steps to reproduce

  1. Create a namespace called security if it isn't already created
  2. Install version 2.16.0 of the kubernetes-monitor with Helm. Rename the deployment to snyk-monitor and deploy it to the security namespace.
  3. Use the following ConfigMaps and attach it to the snyk-monitor deployment:
---
apiVersion: v1
kind: ConfigMap
metadata:
  name: snyk-monitor-excluded-namespaces
  namespace: security
  labels:
    app.kubernetes.io/name: snyk-monitor
    helm.sh/chart: snyk-monitor-2.16.0
    app.kubernetes.io/instance: snyk-monitor
    app.kubernetes.io/managed-by: Helm
data:
  excludedNamespaces: |-
    kube-node-lease
    kube-public
    kube-system
    admin
    security
---
apiVersion: v1
kind: ConfigMap
metadata:
  name: snyk-monitor-workload-policies
  namespace: security
  labels:
    app.kubernetes.io/name: snyk-monitor
    helm.sh/chart: snyk-monitor-2.16.0
    app.kubernetes.io/instance: snyk-monitor
    app.kubernetes.io/managed-by: Helm
data:
  workload-events.rego: |-
    package snyk

    orgs := ["<ADD_YOUR_ORG_ID_HERE>"]

    default workload_events = false

    workload_events {
      input.kind != "Job"
      input.kind != "Pod"
    }
  1. Create a test deployment with a vulnerability and wait for Snyk to create a Project.
  2. Verify that the Snyk Project has been created.
  3. Delete the Deployment and verify that the Project has not been deleted.

Screenshots

None
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@Aeternitaas