Merged
Conversation
![mondoo-code-review[bot]](https://avatars.githubusercontent.com/in/2834902?s=60&v=4){kind=small}
There was a problem hiding this comment.
Renames CronJobs and centralizes shared code; EKS/AKS init containers still dump kubeconfig to logs.
Additional findings (file/line not in diff):
- 🟡
controllers/k8s_scan/resources.go:774— The GKE branch had itsDEBUG: generated kubeconfiglog removed (good — it could leak a bearer token), but EKS and AKS still havecat /etc/opt/mondoo/kubeconfig/kubeconfigwhich dumps the kubeconfig (potentially including tokens or credential-exec config) into container logs. Consider removing these debug statements to match the GKE branch, or replacing them with a non-sensitive confirmation message likeecho "Kubeconfig generated".
This comment has been minimized.
This comment has been minimized.
Contributor
This comment has been minimized.
This comment has been minimized.
This comment was marked as outdated.
This comment was marked as outdated.
Sorry, something went wrong.
This comment has been minimized.
This comment has been minimized.
This comment was marked as outdated.
This comment was marked as outdated.
Sorry, something went wrong.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment was marked as outdated.
This comment was marked as outdated.
Sorry, something went wrong.
…8s scans ✨ Implement cleanup of stale CronJobs in container and k8s scan handlers ✨ Add Workload Identity Federation support for container registry authentication and refactor related constants ✨ Update user manual with Workload Identity Federation setup instructions for GKE, EKS, and AKS ✨ Update wifInitContainer to generate kubeconfig with bearer token for GKE clusters 🧹 Refactor audit config tests to use dynamic cron job names for Kubernetes and container scans ✨ Enhance cron job name generation to handle long integration and cluster names 🧹 Fix cron job name validation to check for cluster name inclusion when not truncated
slntopp
force-pushed
the
mik/follow-up-integration-v13
branch
from
8f9c781 to
768639a
Compare
This comment was marked as outdated.
This comment was marked as outdated.
Sorry, something went wrong.
…ectors for consistency
slntopp
force-pushed
the
mik/follow-up-integration-v13
branch
from
03ffe30 to
b97450e
Compare
…figured for container image scanning
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
No description provided.