OCP4: Quay Container Security Operator impacts etcd storage due to high rate of imagemanifestvulns on large clusters
Issue
- OpenShift etcd database is constantly exceeding threshold in size for defragmentation.
- Thousands of objects are created of type:
/kubernetes.io/secscan.quay.redhat.com/imagemanifestvulns//sha256. - Observe constant defrag being issued on etcd database
- Observe that a significant portion of etcd storage is consumed by
imagemanifestvulns
objects that may appear as duplicates. - Etcd performance may be degraded
Environment
- Red Hat OpenShift Container Platform (RHOCP 4.x)
- Quay Container Security Operator
Subscriber exclusive content
A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.