时间戳

首页 > 解决方案 > clairctl 拒绝 tcp 连接

postgresql - clairctl 拒绝 tcp 连接

问题描述

从 2.1.5 -> 4.1.5 更新 Clair,服务似乎发生了很大变化。我在 kubernetes 的一个 pod 上运行 Clair v4,另一个 pod 上有一个 postgres 数据库。Clair pod 和数据库之间的连接似乎工作正常,因为它更新了日志中可见的 CVE 数据。

主要问题是,clairctl report nginx:latest例如在运行命令时,我收到一条错误消息

ERR  error="Get \"http://localhost:6060/indexer/api/v1/index_report/sha256:5e95e5eb8be4322e3b3652d737371705e56809ed8b307ad68ec59ddebaaf60e4\": dial tcp 127.0.0.1:6060: connect: connection refused"

这是我正在使用的 conf 和 kubernetes yaml-s

---
# config.yaml
log_level: debug-color
introspection_addr: ""
http_listen_addr: ":6000"
updaters: {}
indexer:
  connstring: 'postgresql://postgres:postgres@postgres/clair'
  scanlock_retry: 10
  layer_scan_concurrency: 5
  migrations: true
matcher:
  indexer_addr: http://localhost:6060/
  connstring: 'postgresql://postgres:postgres@postgres/clair'
  max_conn_pool: 100
  migrations: true
matchers:
  # names:
  # - crda
  # config:
  #   crda:
  #     url: https://f8a-analytics-preview-2445582058137.production.gw.apicast.io/?user_key=3e42fa66f65124e6b1266a23431e3d08
notifier:
  indexer_addr: http://localhost:6060/
  matcher_addr: http://localhost:6060/
  connstring: 'postgresql://postgres:postgres@postgres/clair'
  migrations: true
  delivery_interval: 5s
  poll_interval: 15s
  # webhook:
  #   target: "http://webhook/"
  #   callback: "http://clair-notifier/notifier/api/v1/notifications"
  amqp:
    direct: true
    exchange:
      name: ""
      type: "direct"
      durable: true
      auto_delete: false
    uris: ["amqp://guest:guest@clair-rabbitmq:5672/"]
    routing_key: "notifications"
    callback: "http://clair-notifier/notifier/api/v1/notifications"
# tracing and metrics config
trace:
  name: "jaeger"
  probability: 1
  jaeger:
    agent:
      endpoint: "jaeger:6831"
    service_name: "clair"
metrics:
  name: "prometheus"
---
# clair.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
  labels:
    quay-component: clair
  name: clair
spec:
  replicas: 1
  selector:
    matchLabels:
      app: clair
  template:
    metadata:
      labels:
        app: clair
    spec:
      containers:
      - name: clair
        image: quay.io/coreos/clair:v4.1.5
        imagePullPolicy: IfNotPresent
        env:
        - name: CLAIR_CONF
          value: /clair/config.yaml
        - name: CLAIR_MODE
          value: combo
        resources:
          limits:
            memory: "1000Mi"
            cpu: "2000m"
        ports:
        - containerPort: 8080
          name: clair-http
          protocol: TCP
        - containerPort: 6060
          name: clair-scanner
          protocol: TCP
        volumeMounts:
          - mountPath: /clair/
            name: config
      restartPolicy: Always
      volumes:
      - name: config
        secret:
          secretName: clair-config-secret

---
apiVersion: v1
kind: Service
metadata:
  name: clair
  labels:
    quay-component: clair
spec:
  ports:
  - name: clair-http
    port: 80
    protocol: TCP
    targetPort: 8080
  - name: clair-scanner
    port: 6060
    protocol: TCP
    targetPort: 6060
  selector:
    app: clair
  type: ClusterIP

---
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  name: clair
  annotations:
    ingress.kubernetes.io/ssl-redirect: "false"
spec:
  rules:
    - http:
        paths:
          - path: "/"
            backend:
              serviceName: clair
              servicePort: 80
---
# postgres.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
  name: postgres
  labels:
    app: postgres
spec:
  replicas: 1
  selector:
    matchLabels:
      app: postgres
  template:
    metadata:
      labels:
        app: postgres
    spec:
      containers:
      - name: postgres
        image: postgres:latest
        imagePullPolicy: 'IfNotPresent'
        ports:
          - containerPort: 5432
        env:
        - name: POSTGRES_USER
          value: "postgres"
        - name: POSTGRES_DB
          value: "clair"
        - name: POSTGRES_PASSWORD
          value: "postgres"

---
apiVersion: v1
kind: Service
metadata:
  name: postgres
  labels:
    app: postgres
spec:
  type: ClusterIP
  ports:
    - port: 5432
      protocol: TCP
      name: postgres
      targetPort: 5432
  selector:
    app: postgres

有谁知道为什么会发生这个错误。我确实尝试使用该--host标志,但返回了不同的错误消息

标签: postgresqlkubernetesclair

解决方案

推荐阅读