DB error: failed to download vulnerability DB / Get \"https://ghcr.io/v2/\": dial tcp 140.82.121.33:443: connect: connection refused.

[sheeeng]

What steps did you take and what happened:

{
  "level": "error",
  "ts": "2024-04-19T12:07:34Z",
  "logger": "reconciler.scan job",
  "msg": "Scan job container",
  "job": "trivy/scan-vulnerabilityreport-8cd79b",
  "container": "e472375a-1193-468f-942b-59ab3c475ab8",
  "status.reason": "Error",
  "status.message": "2024-04-19T12:07:30.522Z\t\u001b[34mINFO\u001b[0m\tNeed to update DB\n2024-04-19T12:07:30.522Z\t\u001b[34mINFO\u001b[0m\tDB Repository: ghcr.io/aquasecurity/trivy-db\n2024-04-19T12:07:30.522Z\t\u001b[34mINFO\u001b[0m\tDownloading DB...\n2024-04-19T12:07:30.563Z\t\u001b[31mFATAL\u001b[0m\tinit error: DB error: failed to download vulnerability DB: database download error: OCI repository error: 1 error occurred:\n\t* Get \"https://ghcr.io/v2/\": dial tcp 140.82.121.33:443: connect: connection refused\n\n\n",
  "stacktrace": "github.com/aquasecurity/trivy-operator/pkg/vulnerabilityreport/controller.(*ScanJobController).completedContainers\n\t/home/runner/work/trivy-operator/trivy-operator/pkg/vulnerabilityreport/controller/scanjob.go:353\ngithub.com/aquasecurity/trivy-operator/pkg/vulnerabilityreport/controller.(*ScanJobController).SetupWithManager.(*ScanJobController).reconcileJobs.func1\n\t/home/runner/work/trivy-operator/trivy-operator/pkg/vulnerabilityreport/controller/scanjob.go:80\nsigs.k8s.io/controller-runtime/pkg/reconcile.Func.Reconcile\n\t/home/runner/go/pkg/mod/sigs.k8s.io/controller-runtime@v0.17.2/pkg/reconcile/reconcile.go:113\nsigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).Reconcile\n\t/home/runner/go/pkg/mod/sigs.k8s.io/controller-runtime@v0.17.2/pkg/internal/controller/controller.go:119\nsigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).reconcileHandler\n\t/home/runner/go/pkg/mod/sigs.k8s.io/controller-runtime@v0.17.2/pkg/internal/controller/controller.go:316\nsigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).processNextWorkItem\n\t/home/runner/go/pkg/mod/sigs.k8s.io/controller-runtime@v0.17.2/pkg/internal/controller/controller.go:266\nsigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).Start.func2.2\n\t/home/runner/go/pkg/mod/sigs.k8s.io/controller-runtime@v0.17.2/pkg/internal/controller/controller.go:227"
}

What did you expect to happen:

The jobs can download vulnerability database.

Anything else you would like to add:

Any further debugging advice is much appreciated. 🙏

Environment:

• Trivy-Operator version (use trivy-operator version): 0.21.4
• Kubernetes version (use kubectl version): v1.30.0
• OS (macOS 10.15, Windows 10, Ubuntu 19.10 etc): macOS 14.4.1 (23E224)

[chen-keinan]

@sheeeng are you running on air-gapped env ?

[sheeeng]

@sheeeng are you running on air-gapped env ?

@chen-keinan, no.

[chen-keinan]

@sheeeng could be temp issue or its happen every time ?

do you mind sharing your configurations (config maps), feel free to remove sensitive data

[chen-keinan]

@sheeeng any update on this issue ?

[sheeeng]

Sorry that I did not further investigate this issue.

The default is Standalone mode.

The alternative ClientServer mode is used to workaround this issue.

operator:
  builtInTrivyServer: true
trivy:
  mode: "ClientServer"