feat(helm): allows users to define an existing secret for tokens (#2587)

Signed-off-by: cebidhem <[email protected]>
aquasecurity · Jul 31, 2022 · d0ca610 · d0ca610
1 parent d0ba59a
commit d0ca610
Show file tree

Hide file tree

Showing 5 changed files with 12 additions and 2 deletions.
diff --git a/helm/trivy/Chart.yaml b/helm/trivy/Chart.yaml
@@ -1,7 +1,7 @@
 apiVersion: v2
 name: trivy
-version: 0.4.16
-appVersion: 0.29.2
+version: 0.4.17
+appVersion: 0.30.4
 description: Trivy helm chart
 keywords:
   - scanner

diff --git a/helm/trivy/README.md b/helm/trivy/README.md
@@ -73,6 +73,7 @@ The following table lists the configurable parameters of the Trivy chart and the
 | `trivy.cache.redis.enabled`           | Enable Redis as caching backend                                         | `false` |
 | `trivy.cache.redis.url`               | Specify redis connection url, e.g. redis://redis.redis.svc:6379         | `` |
 | `trivy.serverToken`                   | The token to authenticate Trivy client with Trivy server                | `` |
+| `trivy.existingSecret`                | existingSecret if an existing secret has been created outside the chart. Overrides gitHubToken, registryUsername, registryPassword, serverToken | `` |
 | `trivy.podAnnotations`                | Annotations for pods created by statefulset                             | `{}` |
 | `service.name`                        | If specified, the name used for the Trivy service                       |     |
 | `service.type`                        | Kubernetes service type                                                 | `ClusterIP` |

diff --git a/helm/trivy/templates/secret.yaml b/helm/trivy/templates/secret.yaml
@@ -1,3 +1,4 @@
+{{- if not .Values.trivy.existingSecret }}
 apiVersion: v1
 kind: Secret
 metadata:
@@ -12,3 +13,4 @@ data:
   TRIVY_USERNAME: {{ .Values.trivy.registryUsername | default "" | b64enc | quote }}
   TRIVY_PASSWORD: {{ .Values.trivy.registryPassword | default "" | b64enc | quote }}
 {{- end -}}
+{{- end }}
diff --git a/helm/trivy/templates/statefulset.yaml b/helm/trivy/templates/statefulset.yaml
@@ -90,7 +90,11 @@ spec:
             - configMapRef:
                 name: {{ include "trivy.fullname" . }}
             - secretRef:
+                {{- if not .Values.trivy.existingSecret }}
                 name: {{ include "trivy.fullname" . }}
+                {{- else }}
+                name: {{ .Values.trivy.existingSecret }}
+                {{- end }}
           ports:
             - name: trivy-http
               containerPort: {{ .Values.service.port }}

diff --git a/helm/trivy/values.yaml b/helm/trivy/values.yaml
@@ -120,6 +120,9 @@ trivy:
   labels: {}
   # serverToken is the token to authenticate Trivy client with Trivy server.
   serverToken: ""
+  # existingSecret if an existing secret has been created outside the chart.
+  # Overrides gitHubToken, registryUsername, registryPassword, serverToken
+  existingSecret: ""
 
 service:
   # If specified, the name used for the Trivy service.