new deployment added to cluster #1372
-
|
Hello, I would appreciate knowing how the operator identifies a newly created deployment. During the initial installation, the operator scans all pods and replicas every 6 hours. If a new vulnerability is discovered, does the report change? Or does it delete the deployment every 6 hours and then recreate it? Additionally, when a new deployment is added to the cluster, does the operator have a watcher to detect it? Lastly, how are jobs triggered, and where are the cron job settings located? |
Beta Was this translation helpful? Give feedback.
Replies: 1 comment 2 replies
-
|
@galfrylich jobs are triggered based on reconcile loop , no cron job |
Beta Was this translation helpful? Give feedback.
-
|
thank you for the answer! |
Beta Was this translation helpful? Give feedback.
-
|
there is no scan every 6 hour. |
Beta Was this translation helpful? Give feedback.
@galfrylich
trivy-operatorhas implemented the operator pattern meaning it is watching and reconcile k8s resources based on events.every time new resource created , updated or deleted , the operator reconcile it and scan it.
once scan has completed a set of reported (vulnerability, misconfig, exposed secrets, sbom and many more ) are generated.
each report has ttl default: 24h , once ttl has exceeded the report will deleted and a new scan will be triggered as result of it and generate new report, this will make sure that the cluster report view is updated with vulndb.
jobs are triggered based on reconcile loop , no cron job