[BUG]: Kind/Name of result not existing for k8sgpt-operator

[jkleinlercher]

Checklist

• I've searched for similar issues and couldn't find anything matching
• I've included steps to reproduce the behavior

Affected Components

• K8sGPT (CLI)
• K8sGPT Operator

K8sGPT Version

v0.3.16

Kubernetes Version

v1.26.0

Host OS and its Version

No response

Steps to reproduce

1. run k8sgpt-operator from branch https://github.com/k8sgpt-ai/k8sgpt-operator/tree/feat/integration-support
2. specify in K8sGPT cr the following

    filters:
    - ConfigAuditReport
    integrations:
      trivy:
        enabled: true
        namespace: trivy-system
        skipInstall: true
    extraOptions:
      backstage:
        enabled: true

You will get an error in the reconciliation loop of the operator because when "backstage.enabled: true" the operator wants to retrieve a label from the original object of the result. For ConfigAuditReport and VulnerabilityReport the name of the result is a combination of two labels which represent the original namespace and original name of the analyzed resource by trivy.
Unfortunately the trivy ConfigAuditReport and VulnerabilityReport resource names are not the same as the original resource. So actually currently the kind is ConfigAuditReport or VulnerabilityReport but the resource name is the name of the original analyzed resource (e.g. Service or DaemonSet).

Example:

Analyzed resource by trivy:

kind: Service
namespace: kube-system
name: kube-dns

the ConfigAuditReport is this

kind: ConfigAuditReport 
namespace: kube-system
name: service-kube-dns

the K8sGPT Result is this:

spec.kind: ConfigAuditReport
spec.name: kube-system/kube-dns

Now the problem is that there is no kind "ConfigAuditReport" in Namespace "kube-system" with name "kube-dns".

Either we set in the K8sGPT result the spec.kind "Service" (which would be in the label trivy-operator.resource.kind of the ConfigAuditReport) and the name "kube-dns" or we set the spec.kind "ConfigAuditReport" with the name of the ConfigAuditReport resource.

Expected behaviour

Either we set in the K8sGPT result the spec.kind "Service" (which would be in the label trivy-operator.resource.kind of the ConfigAuditReport) and the name "kube-dns" or we set the spec.kind "ConfigAuditReport" with the name of the ConfigAuditReport resource.

I think the key question is if we want to reference the original resource where the problem happens or in the case if the trivy integration the resource of the trivy report.

Actual behaviour

The operator reconciliation loop fails with

2023-09-21T06:15:52Z    ERROR   Reconciler error        {"controller": "k8sgpt", "controllerGroup": "core.k8sgpt.ai", "controllerKind": "K8sGPT", "K8sGPT": {"name":"k8sgpt-sample","namespace":"sx-k8sgpt"}, "namespace": "sx-k8sgpt", "name": "k8sgpt-sample", "reconcileID": "df729d4d-e1d6-4857-9da8-64a1f7fe8544", "error": "configauditreports.aquasecurity.github.io \"svclb-traefik-a05c84e4\" not found"}
sigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).reconcileHandler
        /go/pkg/mod/sigs.k8s.io/controller-runtime@v0.15.0/pkg/internal/controller/controller.go:324
sigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).processNextWorkItem
        /go/pkg/mod/sigs.k8s.io/controller-runtime@v0.15.0/pkg/internal/controller/controller.go:265
sigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).Start.func2.2
        /go/pkg/mod/sigs.k8s.io/controller-runtime@v0.15.0/pkg/internal/controller/controller.go:226

Additional Information

No response

[jkleinlercher]

I will create a PR where the spec.kind will contain the kind of the original resource instead of ConfigurationAuditReport or VulnerabilityReport, but I am open for any discussion if another approach is better.

[AlexsJones]

I'm trying to get my head around this one, is there something simple I can do to repro without needing backstage?

[jkleinlercher]

@AlexsJones sorry for not responding. You don't need backstage for this. You can install trivy and then configure K8sGPT like in "Steps to reproduce" in #240 (comment) .
Then you will hopefully see some results CRs in the K8sGPT namespace and if you look at one you will see that .spec.kind is ConfigAuditReport and .spec.name is the name of an object which the configauditreport analyzed (e.g. a replicaset), but not the configauditreport itself.

So the kind is ConfigAuditReport but the name is the name of a replicaset the ConfigAuditReport was referencing.

In k8sgpt-ai/k8sgpt#678 I tried to set the kind to the original kind (which in that case would be a replicaset), but then the AI prompt would not be set for the ConfigAuditReport.

So my suggestions would be the keep the kind to "ConfigAuditReport" but then set the correct name of the ConfigAuditReport in https://github.com/k8sgpt-ai/k8sgpt/blob/main/pkg/integration/trivy/analyzer.go#L119-L120

[jkleinlercher]

@AlexsJones I now created the new PR k8sgpt-ai/k8sgpt#869 which should fix this issue. If you or @matthisholleville have time I would love to get a review