Add option to force image check for disabled/suspended workloads

deckhouse · Oct 5, 2023 · 9206af7 · 9206af7
1 parent 908b3b0
commit 9206af7
Show file tree

Hide file tree

Showing 3 changed files with 7 additions and 1 deletion.
diff --git a/main.go b/main.go
@@ -35,6 +35,7 @@ func main() {
 	insecureSkipVerify := flag.Bool("skip-registry-cert-verification", false, "whether to skip registries' certificate verification")
 	defaultRegistry := flag.String("default-registry", "",
 		fmt.Sprintf("default registry to use in absence of a fully qualified image name, defaults to %q", name.DefaultRegistry))
+	checkDisabled := flag.Bool("check-disabled", false, "whether to force image check for disabled / suspended workloads")
 
 	flag.Parse()
 
@@ -77,6 +78,7 @@ func main() {
 		stopCh,
 		kubeClient,
 		*insecureSkipVerify,
+		*checkDisabled,
 		regexes,
 		*defaultRegistry,
 		*namespaceLabels,

diff --git a/pkg/registry_checker/checker.go b/pkg/registry_checker/checker.go
@@ -64,6 +64,7 @@ func NewRegistryChecker(
 	stopCh <-chan struct{},
 	kubeClient *kubernetes.Clientset,
 	skipVerify bool,
+	checkDisabled bool,
 	ignoredImages []regexp.Regexp,
 	defaultRegistry string,
 	namespaceLabel string,
@@ -195,6 +196,8 @@ func NewRegistryChecker(
 
 	rc.controllerIndexers.secretIndexer = rc.secretsInformer.Informer().GetIndexer()
 
+	rc.controllerIndexers.checkDisabled = checkDisabled
+
 	go informerFactory.Start(stopCh)
 	logrus.Info("Waiting for cache sync")
 	informerFactory.WaitForCacheSync(stopCh)

diff --git a/pkg/registry_checker/indexers.go b/pkg/registry_checker/indexers.go
@@ -28,6 +28,7 @@ type ControllerIndexers struct {
 	daemonSetIndexer      cache.Indexer
 	cronJobIndexer        cache.Indexer
 	secretIndexer         cache.Indexer
+	checkDisabled         bool
 }
 
 type controllerWithContainerInfos struct {
@@ -233,7 +234,7 @@ func (ci ControllerIndexers) GetContainerInfosForImage(image string) (ret []stor
 
 	for _, obj := range objs {
 		controllerWithInfos := obj.(*controllerWithContainerInfos)
-		if !ci.validCi(controllerWithInfos) {
+		if !ci.validCi(controllerWithInfos) && !ci.checkDisabled {
 			continue
 		}