Empty error message when target image registry in unreachable #2684
Description
What steps did you take and what happened:
I deployed an instance op the operator with the default helm chart and values.
In our environment, public registries are proxied so I added the proxies as mirrors to the values file.
After deploying the chart I saw errors showing up without any error message. I enabled debug logs but that did not make it any clearer.
These are the logs for a failing scan job with the empty error message.
2025-08-04T07:36:04Z ERROR reconciler.scan job Scan job container {"job": "services-tst/scan-vulnerabilityreport-54b47b7fb8", "container": "schedule-index", "status.reason": "Error", "status.message": ""}
github.com/aquasecurity/trivy-operator/pkg/vulnerabilityreport/controller.(*ScanJobController).completedContainers
/home/runner/work/trivy-operator/trivy-operator/pkg/vulnerabilityreport/controller/scanjob.go:448
github.com/aquasecurity/trivy-operator/pkg/vulnerabilityreport/controller.(*ScanJobController).SetupWithManager.(*ScanJobController).reconcileJobs.func1
/home/runner/work/trivy-operator/trivy-operator/pkg/vulnerabilityreport/controller/scanjob.go:85
sigs.k8s.io/controller-runtime/pkg/reconcile.TypedFunc[...].Reconcile
/home/runner/go/pkg/mod/sigs.k8s.io/[email protected]/pkg/reconcile/reconcile.go:134
sigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller[...]).Reconcile
/home/runner/go/pkg/mod/sigs.k8s.io/[email protected]/pkg/internal/controller/controller.go:119
sigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller[...]).reconcileHandler
/home/runner/go/pkg/mod/sigs.k8s.io/[email protected]/pkg/internal/controller/controller.go:340
sigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller[...]).processNextWorkItem
/home/runner/go/pkg/mod/sigs.k8s.io/[email protected]/pkg/internal/controller/controller.go:300
sigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller[...]).Start.func2.1
/home/runner/go/pkg/mod/sigs.k8s.io/[email protected]/pkg/internal/controller/controller.go:202
2025-08-04T07:36:04Z DEBUG reconciler.scan job Job complete {"job": "services-tst/scan-vulnerabilityreport-54b47b7fb8", "kind": "CronJob", "name": "[REDACTED]..."}
2025-08-04T07:36:04Z DEBUG reconciler.scan job VulnerabilityReports already exist {"job": "services-tst/scan-vulnerabilityreport-54b47b7fb8", "kind": "CronJob", "name": "[REDACTED]..."}
2025-08-04T07:36:04Z DEBUG reconciler.scan job Deleting complete scan job {"job": "services-tst/scan-vulnerabilityreport-54b47b7fb8", "kind": "CronJob", "name": "[REDACTED]..."}
2025-08-04T07:36:04Z ERROR reconciler.scan job Scan job container {"job": "services-tst/scan-vulnerabilityreport-54b47b7fb8", "container": "schedule-index", "status.reason": "Error", "status.message": ""}
github.com/aquasecurity/trivy-operator/pkg/vulnerabilityreport/controller.(*ScanJobController).completedContainers
/home/runner/work/trivy-operator/trivy-operator/pkg/vulnerabilityreport/controller/scanjob.go:448
github.com/aquasecurity/trivy-operator/pkg/vulnerabilityreport/controller.(*ScanJobController).SetupWithManager.(*ScanJobController).reconcileJobs.func1
/home/runner/work/trivy-operator/trivy-operator/pkg/vulnerabilityreport/controller/scanjob.go:85
sigs.k8s.io/controller-runtime/pkg/reconcile.TypedFunc[...].Reconcile
/home/runner/go/pkg/mod/sigs.k8s.io/[email protected]/pkg/reconcile/reconcile.go:134
sigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller[...]).Reconcile
/home/runner/go/pkg/mod/sigs.k8s.io/[email protected]/pkg/internal/controller/controller.go:119
sigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller[...]).reconcileHandler
/home/runner/go/pkg/mod/sigs.k8s.io/[email protected]/pkg/internal/controller/controller.go:340
sigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller[...]).processNextWorkItem
/home/runner/go/pkg/mod/sigs.k8s.io/[email protected]/pkg/internal/controller/controller.go:300
sigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller[...]).Start.func2.1
/home/runner/go/pkg/mod/sigs.k8s.io/[email protected]/pkg/internal/controller/controller.go:202
2025-08-04T07:36:04Z DEBUG reconciler.scan job Job complete {"job": "services-tst/scan-vulnerabilityreport-54b47b7fb8", "kind": "CronJob", "name": "[REDACTED]..."}
2025-08-04T07:36:04Z DEBUG reconciler.scan job VulnerabilityReports already exist {"job": "services-tst/scan-vulnerabilityreport-54b47b7fb8", "kind": "CronJob", "name": "[REDACTED]..."}
2025-08-04T07:36:04Z DEBUG reconciler.scan job Deleting complete scan job {"job": "services-tst/scan-vulnerabilityreport-54b47b7fb8", "kind": "CronJob", "name": "[REDACTED]..."}
2025-08-04T07:41:04Z ERROR reconciler.scan job Scan job container {"job": "services-tst/scan-vulnerabilityreport-54b47b7fb8", "container": "schedule-index", "status.reason": "Error", "status.message": ""}
github.com/aquasecurity/trivy-operator/pkg/vulnerabilityreport/controller.(*ScanJobController).completedContainers
/home/runner/work/trivy-operator/trivy-operator/pkg/vulnerabilityreport/controller/scanjob.go:448
github.com/aquasecurity/trivy-operator/pkg/vulnerabilityreport/controller.(*ScanJobController).SetupWithManager.(*ScanJobController).reconcileJobs.func1
/home/runner/work/trivy-operator/trivy-operator/pkg/vulnerabilityreport/controller/scanjob.go:85
sigs.k8s.io/controller-runtime/pkg/reconcile.TypedFunc[...].Reconcile
/home/runner/go/pkg/mod/sigs.k8s.io/[email protected]/pkg/reconcile/reconcile.go:134
sigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller[...]).Reconcile
/home/runner/go/pkg/mod/sigs.k8s.io/[email protected]/pkg/internal/controller/controller.go:119
sigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller[...]).reconcileHandler
/home/runner/go/pkg/mod/sigs.k8s.io/[email protected]/pkg/internal/controller/controller.go:340
sigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller[...]).processNextWorkItem
/home/runner/go/pkg/mod/sigs.k8s.io/[email protected]/pkg/internal/controller/controller.go:300
sigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller[...]).Start.func2.1
/home/runner/go/pkg/mod/sigs.k8s.io/[email protected]/pkg/internal/controller/controller.go:202
2025-08-04T07:41:04Z DEBUG reconciler.scan job Job complete {"job": "services-tst/scan-vulnerabilityreport-54b47b7fb8", "kind": "CronJob", "name": "[REDACTED]..."}
2025-08-04T07:41:04Z DEBUG reconciler.scan job VulnerabilityReports already exist {"job": "services-tst/scan-vulnerabilityreport-54b47b7fb8", "kind": "CronJob", "name": "[REDACTED]..."}
2025-08-04T07:41:04Z DEBUG reconciler.scan job Deleting complete scan job {"job": "services-tst/scan-vulnerabilityreport-54b47b7fb8", "kind": "CronJob", "name": "[REDACTED]..."}
2025-08-04T07:41:04Z DEBUG reconciler.scan job Ignoring cached job that must have been deleted {"job": {"name":"scan-vulnerabilityreport-54b47b7fb8","namespace":"services-tst"}}
Notice status.message is empty.
Eventually I cloned a scan job and removed the --output parameter from the trivy command to find out I did not define my docker.io mirror correctly as mentioned in #2671
Trivy was still trying to connect to index.docker.io which is not possible in our environment but there is no mention of this error in the error message.
What did you expect to happen:
The error reports the unreachability of the target image registry, specifying which registry trivy is trying to reach and why that fails.
Anything else you would like to add:
[Miscellaneous information that will assist in solving the issue.]
Environment:
- Trivy-Operator version (use
trivy-operator version): Helm chart version 0.29.3 with default operator version - Kubernetes version (use
kubectl version): Server Version: v1.32.4 - OS (macOS 10.15, Windows 10, Ubuntu 19.10 etc): Windows 10