- k8s cluster is ready and kubeconfig(~/.kube/config) is properly configured that can be leveraged by kubectl tool
- Have the following enviroment variables setup:
- ANCHORE_CLI_URL (e.g. http://anchore-demo-anchore-engine-api.default.svc.cluster.local:8228/v1 or https://api.sysdigcloud.com/api/scanning/v1/anchore)
- ANCHORE_CLI_USER
- ANCHORE_CLI_PASS
run make deploy
run make clean
run make test
There is a 30 seconds timeout for the webhook validation, it will be limited for the image scanner to return scanning result for a new image. This is because the image scanner need to download the image, unfold the image, and then conduct scanning. There is also a request to the upstream to make the webhook timeout configurable. So if there is new image to deploy for the first time, the admission controller will deny the request if no result returns in 30 seconds. However, due to complexity of the deployment workflow, the environment variable REJECT_IF_TIMEOUT in the YAML file is used to tune the admission controller timeout behavior.