New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Image Scanner known hosts issue #797
Comments
The go-git library used by imagescan released a fix for the known hosts issue: go-git/go-git#548 Note: In fleet only imagescan uses go-git, but checking and cloning repos is done by shelling out to git. (Well there is also some test code that also uses go-git). |
There is no implemented way in Fleet at the moment to provide |
I am trying to use image scan feature.
I configured everything as indicated in the documentation, the CRD ImageScan is successfuly created and updated when I push new images to my Docker Registry ( Private ECR ).
However it looks like fleet cannot update my Git repository ( AWS Code Commit ). The following error appears in the fleet-controller logs:
level=error msg="error syncing 'fleet-local/fleet-server': handler image-sync: unable to find any valid known_hosts file, set SSH_KNOWN_HOSTS env variable, requeuing"
I found that the library used to clone the repo and to commit changes was https://github.com/go-git/go-git, the reason of this error seems to be that the lib is trying to find a known_hosts file but no valid file exists cf line 220 of this file https://github.com/go-git/go-git/blob/master/plumbing/transport/ssh/auth_method.go
I tried to add ´known_hosts´ in the ssh secret used when creating GitRepo crd, but it has no effect.
A workaround would be to mount a known_host file in the fleet-controller pod but it implies editing the helm chart.
Anyone has encoutered this issue ? I feel like its linked with SSH cloning of the repo, I will give it a try using https, if someone succeed to have it working with SSH I would be interested
I am using Fleet v0.3.8
Thanks
The text was updated successfully, but these errors were encountered: