Failed to list v1alpha1.VulnerabilityReport

[david-freistrom]

What steps did you take and what happened:

I utilized the report structs and functions of v1alpha1 API for my go-client
I installed trivy-operator via helm
I run my go app

$go run cmd/main.go 
W0403 13:05:23.648660 3645328 reflector.go:424] pkg/mod/k8s.io/client-go@v0.26.3/tools/cache/reflector.go:169: failed to list *v1alpha1.VulnerabilityReport: no kind "VulnerabilityReportList" is registered for the internal version of group "aquasecurity.github.io" in scheme "pkg/runtime/scheme.go:100"
E0403 13:05:23.648729 3645328 reflector.go:140] pkg/mod/k8s.io/client-go@v0.26.3/tools/cache/reflector.go:169: Failed to watch *v1alpha1.VulnerabilityReport: failed to list *v1alpha1.VulnerabilityReport: no kind "VulnerabilityReportList" is registered for the internal version of group "aquasecurity.github.io" in scheme "pkg/runtime/scheme.go:100"

What did you expect to happen:

Watch/List Report Objects in my Go app

Anything else you would like to add:

func WatchResources() {
	config, err := rest.InClusterConfig()
	if err != nil {
		kubeconfig := filepath.Join("~", ".kube", "config")
		if envvar := os.Getenv("KUBECONFIG"); len(envvar) > 0 {
			kubeconfig = envvar
		}
		config, err = clientcmd.BuildConfigFromFlags("", kubeconfig)
		if err != nil {
			fmt.Printf("The kubeconfig cannot be loaded: %v\n", err)
			os.Exit(1)
		}
	}

	err = v1alpha1.AddToScheme(scheme.Scheme)
	if err != nil {
		fmt.Printf("Error adding to Scheme: %v\n", err)
		os.Exit(1)
	}

	crdConfig := *config
	crdConfig.ContentConfig.GroupVersion = &v1alpha1.SchemeGroupVersion
	crdConfig.APIPath = "/apis"
	crdConfig.NegotiatedSerializer = serializer.NewCodecFactory(scheme.Scheme)
	crdConfig.UserAgent = rest.DefaultKubernetesUserAgent()

	client, err := rest.UnversionedRESTClientFor(&crdConfig)
	listWatcher := cache.NewListWatchFromClient(client, "vulnerabilityreports", metav1.NamespaceAll, fields.Everything())

	_, controller := cache.NewInformer(
		listWatcher,
		&v1alpha1.VulnerabilityReport{},
		1*time.Minute,
		cache.ResourceEventHandlerFuncs{
			AddFunc: func(obj interface{}) {
				fmt.Printf("VulnerabilityReport Added")
			},
			UpdateFunc: func(old interface{}, new interface{}) {
				fmt.Printf("VulnerabilityReport Updated")
			},
		},
	)
	controller.Run(wait.NeverStop)
}

Environment:

• Trivy-Operator version (use trivy-operator version): ghcr.io/aquasecurity/trivy-operator:0.12.1

• Kubernetes version (use kubectl version): Server Version: version.Info{Major:"1", Minor:"25", GitVersion:"v1.25.3", GitCommit:"434bfd82814af038ad94d62ebe59b133fcb50506", GitTreeState:"clean", BuildDate:"2022-10-25T19:35:11Z", GoVersion:"go1.19.2", Compiler:"gc", Platform:"linux/amd64"}

• OS (macOS 10.15, Windows 10, Ubuntu 19.10 etc): Fedora 36 x86_64

[chen-keinan]

@david-freistrom if you run the following command, you get results :

kubectl get vulnerabilityreports -n <namespace> -o yaml

Note reports are stored in etcd as single (VulnerabilityReport) no plural , so if you are watching for plural (VulnerabilityReportList) it will not work

[david-freistrom]

@chen-keinan Yes i will get it when I run kubectl. but here I use goclient. The plural form of the name is defined inside the CRD.
Th couriosity here is that I can read the Reports and parse them to extract the details from the CRs.
I do that already in another function exactly with the same client object and config. But If I use a Informer to watch the resources , it failed.

this works:

func GetVulnerabilityReports(client *rest.RESTClient) (interface{}, error) {
	reports := v1alpha1.VulnerabilityReportList{}
	err := client.
		Get().
		Resource("vulnerabilityreports").
		Do(context.Background()).
		Into(&reports)
	if err != nil {
		fmt.Printf("Error: %v\n", err)
	}
	return reports, err
}

By the way: The known types are already added to the scheme via v1alpha1.AddToScheme(scheme.Scheme):
addKnownTypes(scheme *runtime.Scheme)

[github-actions]

This issue is stale because it has been labeled with inactivity.

[cpotter302]

Hi @david-freistrom I am facing the same issue currently. There are no updates on the issue, did you manage to fix it?

[chen-keinan]

@david-freistrom @cpotter302 in the code it registered, let me know if you have any recommendations

[cpotter302]

Thanks for the quick response, could you clarify that a bit? I can see that the types get registered to the scheme, however it's still not working for me. That is the implementation of @david-freistrom from his GitLab repository: https://gitlab.com/freistrom/trivy-exporter. For now i could not verify that this is working either.
A small example would be really helpful :)

[cpotter302]

I manage to make it work by using the dynamic client package: Initiliaze the client with the rest config (stays the same)
like in the example of @david-freistrom. This doesn't fix the issue mentioned here but provides a workaround that seems work out. For more information on the package look here dynamicinformer

	// rest config 
	cfg.ContentConfig.GroupVersion = &trivytypes.SchemeGroupVersion
	cfg.UserAgent = rest.DefaultKubernetesUserAgent()
	cfg.NegotiatedSerializer = serializer.NewCodecFactory(scheme.Scheme)
	cfg.APIPath = "/apis"

	dynClient, err = dynamic.NewForConfig(cfg)

func main() {
	fac := dynamicinformer.NewFilteredDynamicSharedInformerFactory(dynClient, 0, v1.NamespaceAll, nil)
	informer := fac.ForResource(schema.GroupVersionResource{
		
		Group:    trivytypes.SchemeGroupVersion.Group,
		Version:  trivytypes.SchemeGroupVersion.Version,
		Resource: "vulnerabilityreports",
	}).Informer()

	informer.AddEventHandler(cache.ResourceEventHandlerFuncs{
		AddFunc: func(obj interface{}) {
                  //logic here
		},
		UpdateFunc: func(oldObj, newObj interface{}) {
                 //logic here
		},
	})

	informer.Run(wait.NeverStop)

}

[github-actions]

This issue is stale because it has been labeled with inactivity.

[Starttoaster]

I got this working for one of my projects earlier, which you might be able to use as an example: https://github.com/Starttoaster/trivy-operator-explorer/blob/main/internal/kube/client.go

Most importantly, to make a client:

import (
	"fmt"

	"github.com/aquasecurity/trivy-operator/pkg/apis/aquasecurity/v1alpha1"
	"k8s.io/client-go/kubernetes/scheme"
	"k8s.io/client-go/rest"
	"k8s.io/client-go/tools/clientcmd"
)

// InitClient initializes the Kubernetes client based on the provided configuration.
// If inCluster is true, it uses in-cluster configuration; otherwise, it uses the kubeconfig file.
// Either you need inCluster=true (in which the program is running in a Pod in the cluster), or you need to specify a kube config path
func InitClient(inCluster bool, kubeconfigPath string) (*rest.RESTClient, error) {
	var config *rest.Config
	var err error

	if inCluster {
		config, err = rest.InClusterConfig()
		if err != nil {
			return nil, fmt.Errorf("error getting in-cluster config: %w", err)
		}
	} else {
		config, err = clientcmd.BuildConfigFromFlags("", kubeconfigPath)
		if err != nil {
			return nil, fmt.Errorf("error getting out-of-cluster config: %w", err)
		}
	}

	err = v1alpha1.AddToScheme(scheme.Scheme)
	if err != nil {
		return nil, fmt.Errorf("error adding to scheme: %w", err)
	}

	crdConfig := *config
	crdConfig.ContentConfig.GroupVersion = &v1alpha1.SchemeGroupVersion
	crdConfig.APIPath = "/apis"
	crdConfig.NegotiatedSerializer = scheme.Codecs.WithoutConversion()
	crdConfig.UserAgent = rest.DefaultKubernetesUserAgent()

	clientset, err := rest.UnversionedRESTClientFor(&crdConfig)
	if err != nil {
		return nil, fmt.Errorf("error creating clientset from config: %w", err)
	}

	return clientset, nil
}

and then you can list VulnerabilityReports with the following function:

func GetVulnerabilityReportList(client *rest.RESTClient) (*v1alpha1.VulnerabilityReportList, error) {
	var list v1alpha1.VulnerabilityReportList
	err := client.
		Get().
		Resource("vulnerabilityreports").
		Do(context.TODO()).
		Into(&list)
	if err != nil {
		return nil, err
	}

	return &list, nil
}

[github-actions]

This issue is stale because it has been labeled with inactivity.