From 235d573e95529fc78563fc3b590d9b9bf042750a Mon Sep 17 00:00:00 2001 From: Alik Saring Date: Wed, 12 Oct 2022 09:29:02 -0400 Subject: [PATCH 1/2] used stored mount or device count for ignorevolumeless pods --- internal/monitor/node.go | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/internal/monitor/node.go b/internal/monitor/node.go index f63771eb..12d8e6ae 100644 --- a/internal/monitor/node.go +++ b/internal/monitor/node.go @@ -298,10 +298,10 @@ func (pm *PodMonitorType) nodeModeCleanupPods(node *v1.Node) bool { // Check containers to make sure they're not running. This uses the containerInfos map obtained above. pod := podInfo.Pod - // Get the PVs associated with this pod. - pvlist, err := K8sAPI.GetPersistentVolumesInPod(ctx, pod) - if err == nil && IgnoreVolumelessPods && len(pvlist) == 0 { - log.Infof("IgnoreVolumelessPods %t pvc count %d", IgnoreVolumelessPods, len(pvlist)) + + // ignore volumeless pods if needed + if IgnoreVolumelessPods && len(podInfo.Mounts) == 0 && len(podInfo.Devices) == 0 { + log.Infof("IgnoreVolumelessPods %t mount %d device %d", IgnoreVolumelessPods, len(podInfo.Mounts), len(podInfo.Devices)) return true } for _, containerStatus := range pod.Status.ContainerStatuses { From 8a75d99223391ef905d706bf1712921a89e7e6c2 Mon Sep 17 00:00:00 2001 From: Alik Saring Date: Wed, 12 Oct 2022 09:41:49 -0400 Subject: [PATCH 2/2] ignore cve for one we do not use --- .github/containerscan/allowedlist.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/containerscan/allowedlist.yaml b/.github/containerscan/allowedlist.yaml index 531da660..bd6b2908 100644 --- a/.github/containerscan/allowedlist.yaml +++ b/.github/containerscan/allowedlist.yaml @@ -12,6 +12,7 @@ general: - CVE-2022-0778 - CVE-2022-2526 - CVE-2022-27664 + - CVE-2022-40674 # Disputed CVEs - CVE-2019-1010022 - CVE-2022-26280