Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

fix: Add extraEnv option to Helm chart #2288

Open
wants to merge 2 commits into
base: main
Choose a base branch
from
Open
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 1 addition & 0 deletions deploy/helm/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -19,6 +19,7 @@ Keeps security report resources updated
| compliance.reportType | string | `"summary"` | reportType this flag control the type of report generated (summary or all) |
| compliance.specs | list | `["k8s-cis-1.23","k8s-nsa-1.0","k8s-pss-baseline-0.1","k8s-pss-restricted-0.1"]` | specs is a list of compliance specs to be used by the cluster compliance scanner - k8s-cis-1.23 - k8s-nsa-1.0 - k8s-pss-baseline-0.1 - k8s-pss-restricted-0.1 - eks-cis-1.4 - rke2-cis-1.24 |
| excludeNamespaces | string | `""` | excludeNamespaces is a comma separated list of namespaces (or glob patterns) to be excluded from scanning. Only applicable in the all namespaces install mode, i.e. when the targetNamespaces values is a blank string. |
| extraEnv | list | `[]` | extraEnv is a list of extra environment variables for the trivy-operator. |
| fullnameOverride | string | `""` | fullnameOverride override operator full name |
| global | object | `{"image":{"registry":""}}` | global values provide a centralized configuration for 'image.registry', reducing the potential for errors. If left blank, the chart will default to the individually set 'image.registry' values |
| image.pullPolicy | string | `"IfNotPresent"` | pullPolicy set the operator pullPolicy |
Expand Down
5 changes: 4 additions & 1 deletion deploy/helm/templates/deployment.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -6,7 +6,7 @@ metadata:
{{- with .Values.operator.annotations }}
annotations: {{- toYaml . | nindent 4 }}
{{- end }}
labels:
labels:
{{- include "trivy-operator.labels" . | nindent 4 }}
{{- with .Values.operator.labels }}
{{- toYaml . | nindent 4 }}
Expand Down Expand Up @@ -50,6 +50,9 @@ spec:
value: {{ tpl .Values.targetWorkloads . | quote }}
- name: OPERATOR_SERVICE_ACCOUNT
value: {{ include "trivy-operator.serviceAccountName" . | quote }}
{{- with .Values.extraEnv }}
{{- toYaml . | nindent 12 }}
{{- end }}
envFrom:
- configMapRef:
name: trivy-operator-config
Expand Down
18 changes: 12 additions & 6 deletions deploy/helm/values.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -20,6 +20,9 @@ targetNamespaces: ""
# mode, i.e. when the targetNamespaces values is a blank string.
excludeNamespaces: ""

# -- extraEnv is a list of extra environment variables for the trivy-operator.
extraEnv: []

# -- targetWorkloads is a comma seperated list of Kubernetes workload resources
# to be included in the vulnerability and config-audit scans
# if left blank, all workload resources will be scanned
Expand Down Expand Up @@ -635,7 +638,8 @@ serviceAccount:
# -- podAnnotations annotations added to the operator's pod
podAnnotations: {}

podSecurityContext: {}
podSecurityContext:
{}
# fsGroup: 2000

# -- securityContext security context
Expand All @@ -658,7 +662,8 @@ volumes:
- name: cache-policies
emptyDir: {}

resources: {}
resources:
{}
# -- We usually recommend not to specify default resources and to leave this as a conscious
# choice for the user. This also increases chances charts run on environments with little
# resources, such as Minikube. If you do want to specify resources, uncomment the following
Expand All @@ -679,7 +684,8 @@ tolerations: []
affinity: {}

# -- priorityClassName set the operator priorityClassName
priorityClassName: ""
priorityClassName:
""

# -- automountServiceAccountToken the flag to enable automount for service account token
automountServiceAccountToken: true
Expand All @@ -690,8 +696,9 @@ policiesBundle:
# -- repository of the policies bundle
repository: aquasecurity/trivy-checks
# -- tag version of the policies bundle
tag: 0
# -- registryUser is the user for the registry
tag:
0
# -- registryUser is the user for the registry
registryUser: ~
# -- registryPassword is the password for the registry
registryPassword: ~
Expand All @@ -703,7 +710,6 @@ policiesBundle:
# -- insecure is the flag to enable insecure connection to the policy bundle registry
insecure: false


nodeCollector:
# -- useNodeSelector determine if to use nodeSelector (by auto detecting node name) with node-collector scan job
useNodeSelector: true
Expand Down
Loading