Trivy Operator is not compatible with Kubernetes v1.31.0

[cnwaldron]

What steps did you take and what happened:
We had a Kubernetes cluster that was recently updated to Kubernetes v1.31.0 and had Trivy Operator v0.22 already running. After the upgrade, I noticed that the vulnerability reports were not being created anymore. Then I looked at the namespace and saw the scan jobs were not being cleaned up but they were all successful. I looked at the trivy-operator log and saw reconcile error stating: "unrecognized scan job condition: SuccessCriteriaMet". I have checked the Kubernetes documents and found the Job Success Policy is in beta for v1.31.0 and turned on by default .(https://kubernetes.io/docs/concepts/workloads/controllers/job/#success-policy)

What did you expect to happen:

After a successful job is complete, trivy-operator will clean up the jobs and create the reports as usual.

Anything else you would like to add:
To see new policy feature: https://kubernetes.io/docs/concepts/workloads/controllers/job/#success-policy
The Job status conditions now have 2 conditions on a success: the first one is the SuccessCriteriaMet type and the second is the Complete type.

Environment:

• Trivy-Operator version (use trivy-operator version): 0.22.0 (also ran with 0.18.5 as well)
• Kubernetes version (use kubectl version): 1.31.0
• OS (macOS 10.15, Windows 10, Ubuntu 19.10 etc): RHEL 9.3

[FranAguiar]

Hello, any idea when a patch will be released?

[allanian]

+1

[amrap030]

+1

[dpolpa]

+1

[Jhonnyzeroones]

+1

[inikolovski]

+1

[Prates23]

+1

[Hacks4Snacks]

I haven't seen a response on whether or not this project is going to continue being supported and I don't really plan on maintaining a long-term fork, but if anyone needs 1.31.0 to work in the near-term you can take a look at the changes I've made to get it working (reference: https://github.com/Hacks4Snacks/trivy-operator).

[Jhonnyzeroones]

@Hacks4Snacks Do you have an image registry that I can pull? I noticed that https://ghcr.io/Hacks4Snacks/trivy-operator was not operational. Have you published images for this or should I build my own trivy-operator image.

[Hacks4Snacks]

@Hacks4Snacks Do you have an image registry that I can pull? I noticed that https://ghcr.io/Hacks4Snacks/trivy-operator was not operational. Have you published images for this or should I build my own trivy-operator image.

@Jhonnyzeroones I am not publishing artifacts to an image registry, I recommend building your own image.

[FranAguiar]

@Hacks4Snacks can you submit a PR with the fix? Not sure if is an option

[badgerspoke]

I've had a crack at a PR which appears to be working in my clusters.

[basdemirs]

@Hacks4Snacks Do you have an image registry that I can pull? I noticed that https://ghcr.io/Hacks4Snacks/trivy-operator was not operational. Have you published images for this or should I build my own trivy-operator image.

@Jhonnyzeroones I am not publishing artifacts to an image registry, I recommend building your own image.

Thanks @Hacks4Snacks

[Xeroxxx]

Is this project abandoned? Even the paid version does not seem to support 1.31 as its based on trivy-operator 0.20.1

[Kankarollo]

Can we do something to bump @badgerspoke PR that it will be reviewed quicker? It's a good blocker for our use cases and we don't know if we should wait or apply our own solution.

[itaysk]

@afdesk can you PTAL?

[simlecp]

Hello,

We face the same issue on chart target 0.23.3 and 0.23.1,

Do you know when will the fix be applied ?

Best regards,
SD.

[afdesk]

We face the same issue on chart target 0.23.3 and 0.23.1,

Do you know when will the fix be applied ?

Hello!
We understand it's a critical issue and trying to fix ASAP.
I hope it'll be resolved in a few days (on this week).

sorry for inconvenience!