Skip to content

danger count mismatch for oparesult #355

New issue
New issue
Open
Open
danger count mismatch for oparesult#355
Labels
kind/bugCategorizes issue or PR as related to a bug.
@jerry-jibu

Description

@jerry-jibu
jerry-jibu
opened on May 28, 2025

What happened:

inspectresut.status.level isn't consistent to opaResult from result html.

What you expected to happen:
inspectresut.status.level should have right danger count.

How to reproduce it (as minimally and precisely as possible):

corresponding inspect plan , rule and result CRs

[root@vm-0001 ~]# kubectl get inspectplans xj-local-4-1748263431-cluster -oyaml
apiVersion: kubeeye.kubesphere.io/v1alpha2
kind: InspectPlan
metadata:
  annotations:
    inspection.jibudata.com/rule-category: Cluster
    kubectl.kubernetes.io/last-applied-configuration: |
      {"metadata":{"name":"xj-local-4-1748263431-cluster","creationTimestamp":null,"labels":{"inspection.jibudata.com/inspect-cluster":"local","inspection.jibudata.com/inspect-job":"xj-local-4-1748263431","inspection.jibudata.com/rule-category":"Cluster","inspection.jibudata.com/rule-for-plan":"xj-local-4"},"annotations":{"inspection.jibudata.com/rule-category":"Cluster"}},"spec":{"timeout":"2m3s","ruleNames":[{"name":"xj-local-4-cluster"}]},"status":{}}
    kubeeye.kubesphere.io/join-rule-num: "1"
  creationTimestamp: "2025-05-26T12:43:52Z"
  finalizers:
  - kubeeye.finalizers.kubesphere.io
  generation: 1
  labels:
    inspection.jibudata.com/inspect-cluster: local
    inspection.jibudata.com/inspect-job: xj-local-4-1748263431
    inspection.jibudata.com/rule-category: Cluster
    inspection.jibudata.com/rule-for-plan: xj-local-4
    kubeeye.kubesphere.io/xj-local-4-cluster: xj-local-4-cluster
  name: xj-local-4-1748263431-cluster
  resourceVersion: "10786212"
  uid: 4bc74ee7-a2b0-401a-9fae-2870e0b1dbe7
spec:
  ruleNames:
  - name: xj-local-4-cluster
  timeout: 2m3s
status:
  TaskNames:
  - name: xj-local-4-1748263431-cluster-20250526-20-43
    taskStatus: Succeeded
  lastScheduleTime: "2025-05-26T12:43:52Z"
  lastTaskEndTime: "2025-05-26T12:44:02Z"
  lastTaskName: xj-local-4-1748263431-cluster-20250526-20-43
  lastTaskStartTime: "2025-05-26T12:43:52Z"
  lastTaskStatus: Succeeded



[root@vm-0001 ~]# kubectl get inspectrules xj-local-4-cluster  -oyaml
apiVersion: kubeeye.kubesphere.io/v1alpha2
kind: InspectRule
metadata:
  annotations:
    kubectl.kubernetes.io/last-applied-configuration: |
      {"metadata":{"name":"xj-local-4-cluster","creationTimestamp":null,"labels":{"inspection.jibudata.com/inspect-cluster":"local","inspection.jibudata.com/rule-for-plan":"xj-local-4"}},"spec":{"opas":[{"name":"AbnormalEventsRule","rule":"package inspect.kubeeye\nimport rego.v1\n\ndeny contains msg if {\n    input.kind == \"Event\"\n    input.apiVersion == \"v1\"\n\n    input.metadata.namespace == \"kube-system\"\n\n    level := \"DANGER\"\n    Message := input.reason\n    Reason := input.message\n\n    input.type != \"Normal\"\n\n    msg := {\n        \"Name\": sprintf(\"%v\", [input.metadata.name]),\n        \"Namespace\": sprintf(\"%v\", [input.metadata.namespace]),\n        \"Type\": sprintf(\"%v\", [input.kind]),\n        \"Level\": sprintf(\"%v\", [level]),\n        \"Message\": sprintf(\"%v\", [input.message]),\n        \"Reason\": sprintf(\"%v\", [input.reason])\n    }\n}"}]},"status":{}}
    kubeeye.kubesphere.io/join-plan-num: "1"
  creationTimestamp: "2025-05-26T12:34:32Z"
  finalizers:
  - kubeeye.finalizers.kubesphere.io
  generation: 1
  labels:
    inspection.jibudata.com/inspect-cluster: local
    inspection.jibudata.com/rule-for-plan: xj-local-4
    kubeeye.kubesphere.io/xj-local-4-1748263431-cluster: xj-local-4-1748263431-cluster
  name: xj-local-4-cluster
  resourceVersion: "10786094"
  uid: 0e60b4b8-37b2-43a0-b02c-3b7b130df10d
spec:
  opas:
  - name: AbnormalEventsRule
    rule: |-
      package inspect.kubeeye
      import rego.v1

      deny contains msg if {
          input.kind == "Event"
          input.apiVersion == "v1"

          input.metadata.namespace == "kube-system"

          level := "DANGER"
          Message := input.reason
          Reason := input.message

          input.type != "Normal"

          msg := {
              "Name": sprintf("%v", [input.metadata.name]),
              "Namespace": sprintf("%v", [input.metadata.namespace]),
              "Type": sprintf("%v", [input.kind]),
              "Level": sprintf("%v", [level]),
              "Message": sprintf("%v", [input.message]),
              "Reason": sprintf("%v", [input.reason])
          }
      }
status:
  endImportTime: "2025-05-26T12:34:32Z"
  levelCount:
    warning: 1
  startImportTime: "2025-05-26T12:34:32Z"
  state: ImportComplete

[root@vm-0001 ~]# kubectl get inspecttask xj-local-4-1748263431-cluster-20250526-20-43 -oyaml
apiVersion: kubeeye.kubesphere.io/v1alpha2
kind: InspectTask
metadata:
  annotations:
    kubeeye.kubesphere.io/inspect-type: instant
  creationTimestamp: "2025-05-26T12:43:52Z"
  finalizers:
  - kubeeye.finalizers.kubesphere.io
  generation: 1
  labels:
    kubeeye.kubesphere.io/plan-name: xj-local-4-1748263431-cluster
  name: xj-local-4-1748263431-cluster-20250526-20-43
  ownerReferences:
  - apiVersion: kubeeye.kubesphere.io/v1alpha2
    blockOwnerDeletion: true
    controller: true
    kind: InspectPlan
    name: xj-local-4-1748263431-cluster
    uid: 4bc74ee7-a2b0-401a-9fae-2870e0b1dbe7
  resourceVersion: "10786213"
  uid: 491d4687-0fb9-43bb-818c-ed3ca185629c
spec:
  inspectPolicy: single
  ruleNames:
  - name: xj-local-4-cluster
  timeout: 2m3s
status:
  clusterInfo:
    namespacesCount: 14
    nodesCount: 1
    version: "1.28"
  duration: 10.664123288s
  endTimestamp: "2025-05-26T12:44:02Z"
  inspectRuleType:
  - component
  - opa
  jobPhase:
  - jobName: xj-local-4-1748263431-cluster-20250526-20-43-component-mzpt6
    phase: Succeeded
  - jobName: xj-local-4-1748263431-cluster-20250526-20-43-opa-qmxvm
    phase: Succeeded
  startTimestamp: "2025-05-26T12:43:52Z"
  status: Succeeded


[root@vm-0001 ~]# kubectl get inspectresults default-xj-local-4-1748263431-cluster-20250526-20-43-result -oyaml
apiVersion: kubeeye.kubesphere.io/v1alpha2
kind: InspectResult
metadata:
  annotations:
    kubeeye.kubesphere.io/task-inspect-policy: single
    kubeeye.kubesphere.io/task-start-time: "2025-05-26 20:43:52"
  creationTimestamp: "2025-05-26T12:44:02Z"
  finalizers:
  - kubeeye.finalizers.kubesphere.io
  generation: 1
  labels:
    kubeeye.kubesphere.io/plan-name: xj-local-4-1748263431-cluster
    kubeeye.kubesphere.io/task-name: xj-local-4-1748263431-cluster-20250526-20-43
  name: default-xj-local-4-1748263431-cluster-20250526-20-43-result
  ownerReferences:
  - apiVersion: kubeeye.kubesphere.io/v1alpha2
    blockOwnerDeletion: true
    controller: true
    kind: InspectTask
    name: xj-local-4-1748263431-cluster-20250526-20-43
    uid: 491d4687-0fb9-43bb-818c-ed3ca185629c
  resourceVersion: "10786209"
  uid: 569ab973-cc2c-470d-8f68-63a8248e8dc0
spec:
  inspectCluster:
    name: default
  inspectRuleTotal:
    component: 1
    opa: 1
  opaResult:
    extraInfo: {}
    scoreInfo: {}
status:
  complete: true
  duration: -7h59m49.357502921s
  level:
    danger: 0
    ignore: 0
    warning: 0
  policy: single
  taskEndTime: "2025-05-26 20:44:02"
  taskStartTime: "2025-05-26 20:43:52"

html result:
Image

default xlsx result:
default-xj-local-4-1748263431-cluster-20250526-20-43-result.xlsx

Anything else we need to know?:

Environment:

  • Kubeeye version: v1.0.6
  • Others: K8S v1.28.6

Metadata

Metadata

Assignees

No one assigned

    Labels

    kind/bugCategorizes issue or PR as related to a bug.

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions