Merge pull request #265 from kubescape/reg-state

reg state

Author: refaelm92

admission/exporter/http_exporter.go

@@ -156,11 +156,53 @@ func (exporter *HTTPExporter) sendInAlertList(httpAlert apitypes.RuntimeAlert, p
 		logger.L().Error("failed to marshal HTTPAlertsList", helpers.Error(err))
 		return
 	}
-	bodyReader := bytes.NewReader(bodyBytes)
 
-	// send the HTTP request
-	req, err := http.NewRequest(exporter.config.Method,
-		exporter.config.URL+"/v1/runtimealerts", bodyReader)
+	exporter.exportMessage("runtimealerts", bodyBytes)
+}
+
+func (exporter *HTTPExporter) checkAlertLimit() bool {
+	exporter.alertCountLock.Lock()
+	defer exporter.alertCountLock.Unlock()
+
+	if exporter.alertCountStart.IsZero() {
+		exporter.alertCountStart = time.Now()
+	}
+
+	if time.Since(exporter.alertCountStart) > time.Minute {
+		exporter.alertCountStart = time.Now()
+		exporter.alertCount = 0
+		exporter.alertLimitNotified = false
+	}
+
+	exporter.alertCount++
+	return exporter.alertCount > exporter.config.MaxAlertsPerMinute
+}
+
+func (exporter *HTTPExporter) SendRegistryStatus(guid string, status apitypes.RegistryScanStatus, statusMessage string, time time.Time) {
+	updateRegistryStatusCRD := apitypes.GenericCRD[apitypes.ContainerImageRegistryScanStatusUpdate]{
+		Kind:       apitypes.RegistryScanStatusKind,
+		ApiVersion: "kubescape.io/v1",
+		Metadata:   apitypes.Metadata{},
+		Spec: apitypes.ContainerImageRegistryScanStatusUpdate{
+			GUID:              guid,
+			ScanStatus:        status,
+			ScanStatusMessage: statusMessage,
+			ScanTime:          time,
+		},
+	}
+
+	bodyBytes, err := json.Marshal(updateRegistryStatusCRD)
+	if err != nil {
+		logger.L().Error("failed to marshal updateRegistryStatusCRD", helpers.Error(err))
+		return
+	}
+
+	exporter.exportMessage(apitypes.RegistryScanStatusPath, bodyBytes)
+}
+
+func (exporter *HTTPExporter) exportMessage(path string, bodyBytes []byte) {
+	bodyReader := bytes.NewReader(bodyBytes)
+	req, err := http.NewRequest(exporter.config.Method, fmt.Sprintf("%s/v1/%s", exporter.config.URL, path), bodyReader)
 	if err != nil {
 		logger.L().Error("failed to create HTTP request", helpers.Error(err))
 		return
@@ -186,21 +228,3 @@ func (exporter *HTTPExporter) sendInAlertList(httpAlert apitypes.RuntimeAlert, p
 		logger.L().Error("failed to clear response body", helpers.Error(err))
 	}
 }
-
-func (exporter *HTTPExporter) checkAlertLimit() bool {
-	exporter.alertCountLock.Lock()
-	defer exporter.alertCountLock.Unlock()
-
-	if exporter.alertCountStart.IsZero() {
-		exporter.alertCountStart = time.Now()
-	}
-
-	if time.Since(exporter.alertCountStart) > time.Minute {
-		exporter.alertCountStart = time.Now()
-		exporter.alertCount = 0
-		exporter.alertLimitNotified = false
-	}
-
-	exporter.alertCount++
-	return exporter.alertCount > exporter.config.MaxAlertsPerMinute
-}

go.mod

@@ -5,7 +5,7 @@ go 1.23.0
 toolchain go1.23.2
 
 require (
-	github.com/armosec/armoapi-go v0.0.475
+	github.com/armosec/armoapi-go v0.0.481
 	github.com/armosec/cluster-notifier-api-go v0.0.5
 	github.com/armosec/registryx v0.0.22
 	github.com/armosec/utils-go v0.0.58

go.sum

@@ -139,8 +139,8 @@ github.com/armon/go-metrics v0.0.0-20180917152333-f0300d1749da/go.mod h1:Q73ZrmV
 github.com/armon/go-metrics v0.3.10/go.mod h1:4O98XIr/9W0sxpJ8UaYkvjk10Iff7SnFrb4QAOwNTFc=
 github.com/armon/go-radix v0.0.0-20180808171621-7fddfc383310/go.mod h1:ufUuZ+zHj4x4TnLV4JWEpy2hxWSpsRywHrMgIH9cCH8=
 github.com/armon/go-radix v1.0.0/go.mod h1:ufUuZ+zHj4x4TnLV4JWEpy2hxWSpsRywHrMgIH9cCH8=
-github.com/armosec/armoapi-go v0.0.475 h1:VM8OcG+etjyHru4fvK8CSqgLWhlzry8ae46LRjSzdys=
-github.com/armosec/armoapi-go v0.0.475/go.mod h1:TruqDSAPgfRBXCeM+Cgp6nN4UhJSbe7la+XDKV2pTsY=
+github.com/armosec/armoapi-go v0.0.481 h1:kr/6mmi5Ux69gGwzihX0IWpm0whkNcXVsbo3st7zHDk=
+github.com/armosec/armoapi-go v0.0.481/go.mod h1:TruqDSAPgfRBXCeM+Cgp6nN4UhJSbe7la+XDKV2pTsY=
 github.com/armosec/cluster-notifier-api-go v0.0.5 h1:UKY58ehKocKgtqzrawyaIHJa5paG9A4srv+4/6n+Ez4=
 github.com/armosec/cluster-notifier-api-go v0.0.5/go.mod h1:p5w9/zWIWwpi8W8mHGQdE6HuBb3AxXmZM9Rp//JWvx0=
 github.com/armosec/gojay v1.2.17 h1:VSkLBQzD1c2V+FMtlGFKqWXNsdNvIKygTKJI9ysY8eM=

main.go

@@ -115,8 +115,13 @@ func main() {
 		go servicehandler.DiscoveryServiceHandler(ctx, k8sApi, components.ServiceScanConfig.Interval)
 	}
 
+	exporter, err := exporters.InitHTTPExporter(*operatorConfig.HttpExporterConfig(), operatorConfig.ClusterName())
+	if err != nil {
+		logger.L().Ctx(ctx).Fatal("failed to initialize HTTP exporter", helpers.Error(err))
+	}
+
 	// setup main handler
-	mainHandler := mainhandler.NewMainHandler(operatorConfig, k8sApi)
+	mainHandler := mainhandler.NewMainHandler(operatorConfig, k8sApi, exporter)
 
 	if components.Components.Gateway.Enabled {
 		go func() { // open websocket connection to notification server
@@ -162,11 +167,6 @@ func main() {
 
 		addr := ":8443"
 
-		exporter, err := exporters.InitHTTPExporter(*operatorConfig.HttpExporterConfig(), operatorConfig.ClusterName())
-		if err != nil {
-			logger.L().Ctx(ctx).Fatal("failed to initialize HTTP exporter", helpers.Error(err))
-		}
-
 		// Create watchers
 		dWatcher := dynamicwatcher.NewWatchHandler(k8sApi, operatorConfig.SkipNamespace)
 

mainhandler/handlerequests.go

@@ -3,6 +3,7 @@ package mainhandler
 import (
 	"context"
 	"fmt"
+	exporters "github.com/kubescape/operator/admission/exporter"
 	"os"
 	"regexp"
 	"time"
@@ -48,6 +49,7 @@ type MainHandler struct {
 	commandResponseChannel *commandResponseChannelData
 	config                 config.IConfig
 	sendReport             bool
+	exporter               *exporters.HTTPExporter
 }
 
 type ActionHandler struct {
@@ -58,6 +60,7 @@ type ActionHandler struct {
 	commandResponseChannel *commandResponseChannelData
 	wlid                   string
 	sendReport             bool
+	exporter               *exporters.HTTPExporter
 }
 
 type waitFunc func(clusterConfig config.IConfig)
@@ -79,7 +82,7 @@ func init() {
 }
 
 // CreateWebSocketHandler Create ws-handler obj
-func NewMainHandler(config config.IConfig, k8sAPI *k8sinterface.KubernetesApi) *MainHandler {
+func NewMainHandler(config config.IConfig, k8sAPI *k8sinterface.KubernetesApi, exporter *exporters.HTTPExporter) *MainHandler {
 
 	commandResponseChannel := make(chan *CommandResponseData, 100)
 	limitedGoRoutinesCommandResponseChannel := make(chan *timerData, 10)
@@ -88,6 +91,7 @@ func NewMainHandler(config config.IConfig, k8sAPI *k8sinterface.KubernetesApi) *
 		commandResponseChannel: &commandResponseChannelData{commandResponseChannel: &commandResponseChannel, limitedGoRoutinesCommandResponseChannel: &limitedGoRoutinesCommandResponseChannel},
 		config:                 config,
 		sendReport:             config.EventReceiverURL() != "",
+		exporter:               exporter,
 	}
 	pool, _ := ants.NewPoolWithFunc(config.ConcurrencyWorkers(), func(i interface{}) {
 		j, ok := i.(utils.Job)
@@ -102,14 +106,15 @@ func NewMainHandler(config config.IConfig, k8sAPI *k8sinterface.KubernetesApi) *
 }
 
 // CreateWebSocketHandler Create ws-handler obj
-func NewActionHandler(config config.IConfig, k8sAPI *k8sinterface.KubernetesApi, sessionObj *utils.SessionObj, commandResponseChannel *commandResponseChannelData) *ActionHandler {
+func NewActionHandler(config config.IConfig, k8sAPI *k8sinterface.KubernetesApi, sessionObj *utils.SessionObj, commandResponseChannel *commandResponseChannelData, exporter *exporters.HTTPExporter) *ActionHandler {
 	return &ActionHandler{
 		reporter:               sessionObj.Reporter,
 		command:                sessionObj.Command,
 		k8sAPI:                 k8sAPI,
 		commandResponseChannel: commandResponseChannel,
 		config:                 config,
 		sendReport:             config.EventReceiverURL() != "",
+		exporter:               exporter,
 	}
 }
 
@@ -217,7 +222,7 @@ func (mainHandler *MainHandler) HandleSingleRequest(ctx context.Context, session
 	ctx, span := otel.Tracer("").Start(ctx, "mainHandler.HandleSingleRequest")
 	defer span.End()
 
-	actionHandler := NewActionHandler(mainHandler.config, mainHandler.k8sAPI, sessionObj, mainHandler.commandResponseChannel)
+	actionHandler := NewActionHandler(mainHandler.config, mainHandler.k8sAPI, sessionObj, mainHandler.commandResponseChannel, mainHandler.exporter)
 	actionHandler.reporter.SetActionName(string(sessionObj.Command.CommandName))
 	actionHandler.reporter.SendDetails("Handling single request", mainHandler.sendReport)
 
@@ -261,7 +266,7 @@ func (actionHandler *ActionHandler) runCommand(ctx context.Context, sessionObj *
 	case apis.TypeDeleteRegistryScanCronJob:
 		return actionHandler.deleteRegistryScanCronJob(ctx)
 	case apis.TypeScanRegistryV2:
-		return actionHandler.scanRegistriesV2(ctx, sessionObj)
+		return actionHandler.scanRegistriesV2AndUpdateStatus(ctx, sessionObj)
 	default:
 		logger.L().Ctx(ctx).Error(fmt.Sprintf("Command %s not found", c.CommandName))
 	}

mainhandler/imageregistryhandler.go

@@ -763,11 +763,6 @@ func (registryScan *registryScan) setRegistryInfoFromAuth(auth registryAuth, reg
 
 func (registryScan *registryScan) getRegistryConfig(registryInfo *armotypes.RegistryInfo) (string, error) {
 	configMap, err := registryScan.k8sAPI.GetWorkload(registryScan.config.Namespace(), "ConfigMap", registryScanConfigmap)
-	// in case of an error or missing configmap, fallback to the deprecated namespace
-	if err != nil || configMap == nil {
-		configMap, err = registryScan.k8sAPI.GetWorkload(armotypes.ArmoSystemNamespace, "ConfigMap", registryScanConfigmap)
-	}
-
 	if err != nil {
 		// if configmap not found, it means we will use all images and default depth
 		if strings.Contains(err.Error(), fmt.Sprintf("reason: configmaps \"%v\" not found", registryScanConfigmap)) {

mainhandler/vulnscan.go

@@ -159,41 +159,55 @@ func (actionHandler *ActionHandler) scanRegistries(ctx context.Context, sessionO
 	return actionHandler.scanRegistry(ctx, registryScan, sessionObj)
 }
 
-func (actionHandler *ActionHandler) scanRegistriesV2(ctx context.Context, sessionObj *utils.SessionObj) error {
-	ctx, span := otel.Tracer("").Start(ctx, "actionHandler.scanRegistries")
+func (actionHandler *ActionHandler) scanRegistriesV2AndUpdateStatus(ctx context.Context, sessionObj *utils.SessionObj) error {
+	ctx, span := otel.Tracer("").Start(ctx, "actionHandler.scanRegistriesV2")
 	defer span.End()
 
 	if !actionHandler.config.Components().Kubevuln.Enabled {
 		return errors.New("kubevuln is not enabled")
 	}
 
-	// send change status of registry to scanning
+	scanTime := time.Now()
 	imageRegistry, err := actionHandler.loadRegistryFromSessionObj(sessionObj)
 	if err != nil {
-		return fmt.Errorf("scanRegistriesV2 failed to load registry from sessionObj with err %v", err)
+		return fmt.Errorf("failed to load registry from sessionObj with err %v", err)
 	}
 
-	if err = actionHandler.loadRegistrySecret(ctx, sessionObj, imageRegistry); err != nil {
-		return fmt.Errorf("scanRegistriesV2 failed to load secret with err %v", err)
+	err = actionHandler.scanRegistriesV2(ctx, sessionObj, imageRegistry)
+	if err != nil {
+		actionHandler.exporter.SendRegistryStatus(imageRegistry.GetBase().GUID, apitypes.Failed, err.Error(), scanTime)
+		return err
+	}
+
+	actionHandler.exporter.SendRegistryStatus(imageRegistry.GetBase().GUID, apitypes.InProgress, "", scanTime)
+	return nil
+}
+
+func (actionHandler *ActionHandler) scanRegistriesV2(ctx context.Context, sessionObj *utils.SessionObj, imageRegistry apitypes.ContainerImageRegistry) error {
+	if err := actionHandler.loadRegistrySecret(ctx, sessionObj, imageRegistry); err != nil {
+		return fmt.Errorf("failed to load secret with err %v", err)
 	}
 
 	client, err := registryclients.GetRegistryClient(imageRegistry)
 	if err != nil {
-		return fmt.Errorf("scanRegistriesV2 failed to get registry client with err %v", err)
+		return fmt.Errorf("failed to get registry client with err %v", err)
 	}
 
 	images, err := client.GetImagesToScan(ctx)
 	if err != nil {
-		return fmt.Errorf("scanRegistriesV2 failed to get registry images to scan with err %v", err)
+		return fmt.Errorf("failed to get registry images to scan with err %v", err)
 	}
 
 	registryScanCMDList, err := actionHandler.getRegistryImageScanCommands(sessionObj, client, imageRegistry, images)
 	if err != nil {
-		return fmt.Errorf("scanRegistriesV2 failed to get registry images scan commands with err %v", err)
+		return fmt.Errorf("failed to get registry images scan commands with err %v", err)
 	}
 	sessionObj.Reporter.SendDetails(fmt.Sprintf("sending %d images from registry %v to vuln scan", len(registryScanCMDList), imageRegistry), actionHandler.sendReport)
+	if err = sendAllImagesToRegistryScan(ctx, actionHandler.config, registryScanCMDList); err != nil {
+		return fmt.Errorf("failed to send scan commands with err %v", err)
+	}
 
-	return sendAllImagesToRegistryScan(ctx, actionHandler.config, registryScanCMDList)
+	return nil
 }
 
 func (actionHandler *ActionHandler) loadRegistrySecret(ctx context.Context, sessionObj *utils.SessionObj, imageRegistry apitypes.ContainerImageRegistry) error {
@@ -229,6 +243,7 @@ func (actionHandler *ActionHandler) loadRegistryFromSessionObj(sessionObj *utils
 }
 
 func (actionHandler *ActionHandler) getRegistryImageScanCommands(sessionObj *utils.SessionObj, client interfaces.RegistryClient, imageRegistry apitypes.ContainerImageRegistry, images map[string]string) ([]*apis.RegistryScanCommand, error) {
+	scanID := uuid.NewString()
 	registryScanCMDList := make([]*apis.RegistryScanCommand, 0, len(images))
 	for image, tag := range images {
 		repository := image
@@ -242,12 +257,14 @@ func (actionHandler *ActionHandler) getRegistryImageScanCommands(sessionObj *uti
 			ImageTag:    image + ":" + tag,
 			Session:     apis.SessionChain{ActionTitle: "vulnerability-scan", JobIDs: make([]string, 0), Timestamp: sessionObj.Reporter.GetTimestamp()},
 			Args: map[string]interface{}{
-				identifiers.AttributeRegistryName:  imageRegistry.GetDisplayName(),
-				identifiers.AttributeRepository:    repository,
-				identifiers.AttributeTag:           tag,
-				identifiers.AttributeUseHTTP:       false,
-				identifiers.AttributeSkipTLSVerify: false,
-				identifiers.AttributeSensor:        imageRegistry.GetBase().ClusterName,
+				identifiers.AttributeRegistryName:   imageRegistry.GetDisplayName(),
+				identifiers.AttributeRepository:     repository,
+				identifiers.AttributeTag:            tag,
+				identifiers.AttributeUseHTTP:        false,
+				identifiers.AttributeSkipTLSVerify:  false,
+				identifiers.AttributeSensor:         imageRegistry.GetBase().ClusterName,
+				identifiers.AttributeRegistryID:     imageRegistry.GetBase().GUID,
+				identifiers.AttributeRegistryScanID: scanID,
 			},
 		}
 		auth, err := client.GetDockerAuth()

watcher/commandswatcher_test.go

@@ -4,7 +4,6 @@ import (
 	"context"
 	_ "embed"
 	"encoding/json"
-	"github.com/armosec/armoapi-go/armotypes"
 	utilsmetadata "github.com/armosec/utils-k8s-go/armometadata"
 	"github.com/kubescape/backend/pkg/command"
 	"github.com/kubescape/backend/pkg/command/types/v1alpha1"
@@ -46,44 +45,44 @@ func TestRegistryCommandWatch(t *testing.T) {
 	var cmd unstructured.Unstructured
 	err := json.Unmarshal(createRegistryCommand, &cmd)
 	require.NoError(t, err)
-	_, err = k8sAPI.DynamicClient.Resource(v1alpha1.SchemaGroupVersionResource).Namespace(armotypes.KubescapeNamespace).Create(ctx, &cmd, v1.CreateOptions{})
+	_, err = k8sAPI.DynamicClient.Resource(v1alpha1.SchemaGroupVersionResource).Namespace("kubescape").Create(ctx, &cmd, v1.CreateOptions{})
 	require.NoError(t, err)
 
 	// let registry command handler consume the command
 	time.Sleep(time.Second * 10)
 
 	// verify resources are created
 	resourceName := "kubescape-registry-scan-2122797310"
-	configMap, err := k8sAPI.KubernetesClient.CoreV1().ConfigMaps(armotypes.KubescapeNamespace).Get(ctx, resourceName, v1.GetOptions{})
+	configMap, err := k8sAPI.KubernetesClient.CoreV1().ConfigMaps("kubescape").Get(ctx, resourceName, v1.GetOptions{})
 	require.NoError(t, err)
 	require.NotNil(t, configMap)
-	secret, err := k8sAPI.KubernetesClient.CoreV1().Secrets(armotypes.KubescapeNamespace).Get(ctx, resourceName, v1.GetOptions{})
+	secret, err := k8sAPI.KubernetesClient.CoreV1().Secrets("kubescape").Get(ctx, resourceName, v1.GetOptions{})
 	require.NoError(t, err)
 	require.NotNil(t, secret)
-	cronjob, err := k8sAPI.KubernetesClient.BatchV1().CronJobs(armotypes.KubescapeNamespace).Get(ctx, resourceName, v1.GetOptions{})
+	cronjob, err := k8sAPI.KubernetesClient.BatchV1().CronJobs("kubescape").Get(ctx, resourceName, v1.GetOptions{})
 	require.NoError(t, err)
 	require.NotNil(t, cronjob)
 
 	// delete existing command - usually done by the BE
-	err = k8sAPI.DynamicClient.Resource(v1alpha1.SchemaGroupVersionResource).Namespace(armotypes.KubescapeNamespace).Delete(ctx, "52601522-359f-4417-a140-cf60e57302f6", v1.DeleteOptions{})
+	err = k8sAPI.DynamicClient.Resource(v1alpha1.SchemaGroupVersionResource).Namespace("kubescape").Delete(ctx, "52601522-359f-4417-a140-cf60e57302f6", v1.DeleteOptions{})
 	require.NoError(t, err)
 
 	// send delete command
 	deleteCommandStr := strings.ReplaceAll(string(createRegistryCommand), string(command.OperatorCommandTypeCreateRegistry), string(command.OperatorCommandTypeDeleteRegistry))
 	err = json.Unmarshal([]byte(deleteCommandStr), &cmd)
 	require.NoError(t, err)
-	_, err = k8sAPI.DynamicClient.Resource(v1alpha1.SchemaGroupVersionResource).Namespace(armotypes.KubescapeNamespace).Create(ctx, &cmd, v1.CreateOptions{})
+	_, err = k8sAPI.DynamicClient.Resource(v1alpha1.SchemaGroupVersionResource).Namespace("kubescape").Create(ctx, &cmd, v1.CreateOptions{})
 	require.NoError(t, err)
 
 	// let registry command handler consume the command
 	time.Sleep(time.Second * 10)
 
 	// verify resources are deleted
-	_, err = k8sAPI.KubernetesClient.CoreV1().ConfigMaps(armotypes.KubescapeNamespace).Get(ctx, resourceName, v1.GetOptions{})
+	_, err = k8sAPI.KubernetesClient.CoreV1().ConfigMaps("kubescape").Get(ctx, resourceName, v1.GetOptions{})
 	require.ErrorContains(t, err, "not found")
-	_, err = k8sAPI.KubernetesClient.CoreV1().Secrets(armotypes.KubescapeNamespace).Get(ctx, resourceName, v1.GetOptions{})
+	_, err = k8sAPI.KubernetesClient.CoreV1().Secrets("kubescape").Get(ctx, resourceName, v1.GetOptions{})
 	require.ErrorContains(t, err, "not found")
-	_, err = k8sAPI.KubernetesClient.BatchV1().CronJobs(armotypes.KubescapeNamespace).Get(ctx, resourceName, v1.GetOptions{})
+	_, err = k8sAPI.KubernetesClient.BatchV1().CronJobs("kubescape").Get(ctx, resourceName, v1.GetOptions{})
 	require.ErrorContains(t, err, "not found")
 
 }
@@ -108,7 +107,7 @@ func setupEnvAndWatchers(t *testing.T, ctx context.Context, k8sAPI *k8sinterface
 	// add kubescape namespace
 	namespace := &corev1.Namespace{
 		ObjectMeta: v1.ObjectMeta{
-			Name: armotypes.KubescapeNamespace,
+			Name: "kubescape",
 		},
 	}
 	_, err = k8sAPI.KubernetesClient.CoreV1().Namespaces().Create(ctx, namespace, v1.CreateOptions{})
@@ -117,11 +116,11 @@ func setupEnvAndWatchers(t *testing.T, ctx context.Context, k8sAPI *k8sinterface
 	// add registry cronjob template
 	var cjTemplate corev1.ConfigMap
 	require.NoError(t, yaml.Unmarshal(registryTemplateConfiMap, &cjTemplate))
-	_, err = k8sAPI.KubernetesClient.CoreV1().ConfigMaps(armotypes.KubescapeNamespace).Create(ctx, &cjTemplate, v1.CreateOptions{})
+	_, err = k8sAPI.KubernetesClient.CoreV1().ConfigMaps("kubescape").Create(ctx, &cjTemplate, v1.CreateOptions{})
 	require.NoError(t, err)
 
 	// start watcher
-	operatorConfig := config.NewOperatorConfig(config.CapabilitiesConfig{}, utilsmetadata.ClusterConfig{}, &beUtils.Credentials{}, "", config.Config{Namespace: armotypes.KubescapeNamespace})
+	operatorConfig := config.NewOperatorConfig(config.CapabilitiesConfig{}, utilsmetadata.ClusterConfig{}, &beUtils.Credentials{}, "", config.Config{Namespace: "kubescape"})
 	commandWatchHandler := NewCommandWatchHandler(k8sAPI, operatorConfig)
 	registryCommandsHandler := NewRegistryCommandsHandler(ctx, k8sAPI, commandWatchHandler, operatorConfig)
 	go registryCommandsHandler.Start()