From 9b69de7ba682c51534e41b548cd61f452065b612 Mon Sep 17 00:00:00 2001
From: Ivan Milchev <ivan@mondoo.com>
Date: Thu, 30 May 2024 10:20:57 +0200
Subject: [PATCH] =?UTF-8?q?=F0=9F=90=9B=20fix=20node=20scanning=20deployme?=
 =?UTF-8?q?nts=20update=20loop?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Signed-off-by: Ivan Milchev <ivan@mondoo.com>
---
 controllers/nodes/resources.go               | 10 ++++++----
 tests/integration/audit_config_base_suite.go |  6 ++++++
 2 files changed, 12 insertions(+), 4 deletions(-)

diff --git a/controllers/nodes/resources.go b/controllers/nodes/resources.go
index 0a173487..a6a745be 100644
--- a/controllers/nodes/resources.go
+++ b/controllers/nodes/resources.go
@@ -192,17 +192,19 @@ func UpdateDeployment(
 	}
 
 	dep.Labels = labels
-	dep.Annotations = map[string]string{
-		ignoreQueryAnnotationPrefix + "mondoo-kubernetes-security-deployment-runasnonroot": ignoreAnnotationValue,
+	if dep.Annotations == nil {
+		dep.Annotations = map[string]string{}
 	}
+	dep.Annotations[ignoreQueryAnnotationPrefix+"mondoo-kubernetes-security-deployment-runasnonroot"] = ignoreAnnotationValue
 	dep.Spec.Replicas = ptr.To(int32(1))
 	dep.Spec.Selector = &metav1.LabelSelector{
 		MatchLabels: labels,
 	}
 	dep.Spec.Template.Labels = labels
-	dep.Spec.Template.Annotations = map[string]string{
-		ignoreQueryAnnotationPrefix + "mondoo-kubernetes-security-pod-runasnonroot": ignoreAnnotationValue,
+	if dep.Spec.Template.Annotations == nil {
+		dep.Spec.Template.Annotations = map[string]string{}
 	}
+	dep.Spec.Template.Annotations[ignoreQueryAnnotationPrefix+"mondoo-kubernetes-security-pod-runasnonroot"] = ignoreAnnotationValue
 	dep.Spec.Template.Spec.PriorityClassName = m.Spec.Nodes.PriorityClassName
 	dep.Spec.Template.Spec.NodeSelector = map[string]string{
 		"kubernetes.io/hostname": node.Name,
diff --git a/tests/integration/audit_config_base_suite.go b/tests/integration/audit_config_base_suite.go
index 76e46460..b851de40 100644
--- a/tests/integration/audit_config_base_suite.go
+++ b/tests/integration/audit_config_base_suite.go
@@ -549,6 +549,12 @@ func (s *AuditConfigBaseSuite) testMondooAuditConfigNodesDeployments(auditConfig
 	status, err := s.integration.GetStatus(s.ctx)
 	s.NoError(err, "Failed to get status")
 	s.Equal("ACTIVE", status)
+
+	// Verify that the node scanning deployments aren't constantly updating
+	s.NoError(s.testCluster.K8sHelper.Clientset.List(s.ctx, deployments, listOpts))
+	for _, d := range deployments.Items {
+		s.Less(d.Generation, int64(10))
+	}
 }
 
 func (s *AuditConfigBaseSuite) testMondooAuditConfigAdmission(auditConfig mondoov2.MondooAuditConfig) {