Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Split image repositories into registry and repository #1137

Merged
merged 6 commits into from
Apr 14, 2023
Merged

Split image repositories into registry and repository #1137

Show file tree
Hide file tree
Changes from 5 commits
Commits
Show all changes
6 commits
Select commit Hold shift + click to select a range
a900d52
Split image repositories into registry and repository
fhielpos Apr 3, 2023
28e0d2b
Run make generate-all
fhielpos Apr 5, 2023
0c51f57
Nest Trivy image values
fhielpos Apr 5, 2023
6c185b4
Update README with new Trivy image values
fhielpos Apr 5, 2023
03e79e0
Nest image values for Trivy
fhielpos Apr 5, 2023
6d1a2d2
Revert changes to README.md
fhielpos Apr 12, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
8 changes: 5 additions & 3 deletions deploy/helm/README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -110,9 +110,11 @@ The values of the `OPERATOR_NAMESPACE` and `OPERATOR_TARGET_NAMESPACES` determin

| CONFIGMAP KEY | DEFAULT | DESCRIPTION |
|------------------------------------------|------------------------------------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| `trivy.repository` | `ghcr.io/aquasecurity/trivy` | Repository of the Trivy image |
| `trivy.tag` | `0.36.0` | Version of the Trivy image |
| `trivy.imagePullSecret` | N/A | imagePullSecret is the secret name to be used when pulling trivy image from private registries example: `reg-secret`. It is the user responsibility to create the secret for the private registry in `trivy-operator` namespace. |
| `trivy.image.registry` | `ghcr.io` | Registry of the Trivy image |
---------------------|
| `trivy.image.repository` | `aquasecurity/trivy` | Repository of the Trivy image |
| `trivy.image.tag` | `0.36.0` | Version of the Trivy image |
| `trivy.image.imagePullSecret` | N/A | imagePullSecret is the secret name to be used when pulling trivy image from private registries example: `reg-secret`. It is the user responsibility to create the secret for the private registry in `trivy-operator` namespace. |
fhielpos marked this conversation as resolved.
Show resolved Hide resolved
| `trivy.dbRepository` | `ghcr.io/aquasecurity/trivy-db` | External OCI Registry to download the vulnerability database |
| `trivy.dbRepositoryInsecure` | `false` | The Flag to enable insecure connection for downloading trivy-db via proxy (air-gaped env) |
| `trivy.mode` | `Standalone` | Trivy client mode. Either `Standalone` or `ClientServer`. Depending on the active mode other settings might be applicable or required. |
Expand Down
14 changes: 7 additions & 7 deletions deploy/helm/templates/config.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -65,7 +65,7 @@ data:
{{- if .Values.operator.builtInTrivyServer }}
trivy.serverURL: {{ printf "http://%s.%s:%s" .Values.trivy.serverServiceName (include "trivy-operator.namespace" .) "4954" | quote }}
{{- end }}
node.collector.imageRef: "{{ .Values.nodeCollector.repository }}:{{ .Values.nodeCollector.tag }}"
node.collector.imageRef: "{{ .Values.nodeCollector.registry }}/{{ .Values.nodeCollector.repository }}:{{ .Values.nodeCollector.tag }}"
---
apiVersion: v1
kind: Secret
Expand All @@ -85,10 +85,10 @@ metadata:
labels:
{{- include "trivy-operator.labels" $ | nindent 4 }}
data:
trivy.repository: {{ required ".Values.trivy.repository is required" .Values.trivy.repository | quote }}
trivy.tag: {{ required ".Values.trivy.tag is required" .Values.trivy.tag | quote }}
{{- if .Values.trivy.imagePullSecret }}
trivy.imagePullSecret: {{ .Values.trivy.imagePullSecret | quote }}
trivy.repository: "{{ required ".Values.trivy.image.registry is required" .Values.trivy.image.registry }}/{{ required ".Values.trivy.image.repository is required" .Values.trivy.image.repository }}"
trivy.tag: {{ required ".Values.trivy.image.tag is required" .Values.trivy.image.tag | quote }}
{{- if .Values.trivy.image.imagePullSecret }}
trivy.imagePullSecret: {{ .Values.trivy.image.imagePullSecret | quote }}
{{- end }}
trivy.additionalVulnerabilityReportFields: {{ .Values.trivy.additionalVulnerabilityReportFields | quote}}
{{- if .Values.trivy.httpProxy }}
Expand All @@ -114,7 +114,7 @@ data:
{{- end }}
trivy.severity: {{ .Values.trivy.severity | quote }}
trivy.slow: {{ .Values.trivy.slow | quote }}
trivy.dbRepository: {{ .Values.trivy.dbRepository | quote }}
trivy.dbRepository: "{{ .Values.trivy.dbRegistry }}/{{ .Values.trivy.dbRepository }}"
trivy.command: {{ .Values.trivy.command | quote }}
{{- if .Values.trivy.skipDirs }}
trivy.skipDirs: {{ .Values.trivy.skipDirs | quote }}
Expand Down Expand Up @@ -177,7 +177,7 @@ data:
TRIVY_CACHE_DIR: "/home/scanner/.cache/trivy"
TRIVY_DEBUG: {{ .Values.trivy.debug | quote }}
TRIVY_SKIP_UPDATE: "false"
TRIVY_DB_REPOSITORY: {{ .Values.trivy.dbRepository | quote }}
TRIVY_DB_REPOSITORY: "{{ .Values.trivy.dbRegistry }}/{{ .Values.trivy.dbRepository }}"
{{- end }}
---
{{- if not .Values.trivy.existingSecret }}
Expand Down
2 changes: 1 addition & 1 deletion deploy/helm/templates/deployment.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -28,7 +28,7 @@ spec:
automountServiceAccountToken: {{ .Values.automountServiceAccountToken }}
containers:
- name: {{ .Chart.Name | quote }}
image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}"
image: "{{ .Values.image.registry }}/{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}"
{{- with .Values.image.pullPolicy }}
imagePullPolicy: {{ . }}
{{- end }}
Expand Down
2 changes: 1 addition & 1 deletion deploy/helm/templates/trivy-server.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -69,7 +69,7 @@ spec:
runAsUser: 65534
containers:
- name: main
image: "{{ .Values.trivy.repository }}:{{ .Values.trivy.tag }}"
image: "{{ .Values.trivy.image.registry }}/{{ .Values.trivy.image.repository }}:{{ .Values.trivy.image.tag }}"
imagePullPolicy: "IfNotPresent"
securityContext:
privileged: false
Expand Down
29 changes: 17 additions & 12 deletions deploy/helm/values.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -112,7 +112,8 @@ operator:
mergeRbacFindingWithConfigAudit: false

image:
repository: "ghcr.io/aquasecurity/trivy-operator"
registry: "ghcr.io"
repository: "aquasecurity/trivy-operator"
# tag is an override of the image tag, which is by default set by the
# appVersion field in Chart.yaml.
tag: ""
Expand Down Expand Up @@ -215,14 +216,16 @@ trivyOperator:
trivy:
# createConfig indicates whether to create config objects
createConfig: true

# repository of the Trivy image
repository: ghcr.io/aquasecurity/trivy
# tag version of the Trivy image
tag: 0.39.0
# imagePullSecret is the secret name to be used when pulling trivy image from private registries example : reg-secret
# It is the user responsibility to create the secret for the private registry in `trivy-operator` namespace
# imagePullSecret:
image:
# registry of the Trivy image
registry: ghcr.io
# repository of the Trivy image
repository: aquasecurity/trivy
# tag version of the Trivy image
tag: 0.39.0
# imagePullSecret is the secret name to be used when pulling trivy image from private registries example : reg-secret
# It is the user responsibility to create the secret for the private registry in `trivy-operator` namespace
# imagePullSecret:

# mode is the Trivy client mode. Either Standalone or ClientServer. Depending
# on the active mode other settings might be applicable or required.
Expand Down Expand Up @@ -348,8 +351,8 @@ trivy:
# Trivy client to Trivy server. Only applicable in ClientServer mode.
#
# serverCustomHeaders: "foo=bar"

dbRepository: "ghcr.io/aquasecurity/trivy-db"
dbRegistry: "ghcr.io"
dbRepository: "aquasecurity/trivy-db"

# The Flag to enable insecure connection for downloading trivy-db via proxy (air-gaped env)
#
Expand Down Expand Up @@ -453,8 +456,10 @@ priorityClassName: ""
automountServiceAccountToken: true

nodeCollector:
# registry of the node-collector image
registry: ghcr.io
# repository of the node-collector image
repository: ghcr.io/aquasecurity/node-collector
repository: aquasecurity/node-collector
# tag version of the node-collector image
tag: 0.0.6

Expand Down