feat: add sbom-operator job-image feature

Signed-off-by: Christian Kotzbauer <git@ckotzbauer.de>
2022-04-26 09:14:15 +02:00 · 2022-04-26 09:14:15 +02:00 · 4f4ea6d4cd
parent 7822aa3ed3
commit 4f4ea6d4cd
5 changed files with 38 additions and 3 deletions
--- a/charts/sbom-operator/Chart.yaml
+++ b/charts/sbom-operator/Chart.yaml
@ -1,7 +1,7 @@
 apiVersion: v2
 description: Catalogue all images of a Kubernetes cluster to multiple targets with Syft
 name: sbom-operator
-version: 0.9.0
+version: 0.9.1
 appVersion: 0.9.0
 home: https://github.com/ckotzbauer/sbom-operator
 sources:
--- a/charts/sbom-operator/README.md
+++ b/charts/sbom-operator/README.md
@ -41,8 +41,9 @@ The following table lists the configurable parameters of the sbom-operator chart
 | `podAnnotations`                       | annotations to add to each pod                    | `{}`                                     |
 | `resources`                            | pod resource requests & limits                    | See [values.yaml](values.yaml)           |
 | `securityContext`                      | container securityContext                         | See [values.yaml](values.yaml)           |
-| `serviceAccount.create`	             | Should we create a ServiceAccount	             | `true`                                   |
-| `serviceAccount.name`		             | Name of the ServiceAccount to use                 | null                                     |
+| `serviceAccount.create`                | Should we create a ServiceAccount                 | `true`                                   |
+| `serviceAccount.name`                  | Name of the ServiceAccount to use                 | null                                     |
+| `jobImageMode`                         | Whether or not a job-image is used.               | `false`                                  |

 Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. For example,

--- a/charts/sbom-operator/templates/clusterrole.yaml
+++ b/charts/sbom-operator/templates/clusterrole.yaml
@ -25,3 +25,21 @@ rules:
  verbs:
  - get
  - update
+{{- if .Values.jobImageMode }}
+- apiGroups:
+  - ""
+  resources:
+  - secrets
+  verbs:
+  - get
+  - create
+  - delete
+- apiGroups:
+  - batch
+  resources:
+  - jobs
+  verbs:
+  - get
+  - create
+  - delete
+{{- end }}
--- a/charts/sbom-operator/templates/deployment.yaml
+++ b/charts/sbom-operator/templates/deployment.yaml
@ -34,6 +34,20 @@ spec:
          {{- if .Values.envVars }}
            {{ toYaml .Values.envVars | nindent 12 }}
          {{- end }}
+          {{- if .Values.jobImageMode }}
+          - name: POD_NAMESPACE
+            valueFrom:
+              fieldRef:
+                fieldPath: metadata.namespace
+          - name: POD_NAME
+            valueFrom:
+              fieldRef:
+                fieldPath: metadata.name
+          - name: POD_UID
+            valueFrom:
+              fieldRef:
+                fieldPath: metadata.uid
+          {{- end }}
          securityContext:
 {{ toYaml .Values.securityContext | indent 12 }}
          resources:
--- a/charts/sbom-operator/values.yaml
+++ b/charts/sbom-operator/values.yaml
@ -13,6 +13,8 @@ envVars: {}

 podAnnotations: {}

+jobImageMode: false
+
 resources: {}
 #  requests:
 #    cpu: 500m