From 4f4ea6d4cd4db9e351f3b66ecbbd4c89375cf442 Mon Sep 17 00:00:00 2001 From: Christian Kotzbauer Date: Tue, 26 Apr 2022 09:14:15 +0200 Subject: [PATCH] feat: add sbom-operator job-image feature Signed-off-by: Christian Kotzbauer --- charts/sbom-operator/Chart.yaml | 2 +- charts/sbom-operator/README.md | 5 +++-- .../sbom-operator/templates/clusterrole.yaml | 18 ++++++++++++++++++ charts/sbom-operator/templates/deployment.yaml | 14 ++++++++++++++ charts/sbom-operator/values.yaml | 2 ++ 5 files changed, 38 insertions(+), 3 deletions(-) diff --git a/charts/sbom-operator/Chart.yaml b/charts/sbom-operator/Chart.yaml index cb903e5..7f851f9 100644 --- a/charts/sbom-operator/Chart.yaml +++ b/charts/sbom-operator/Chart.yaml @@ -1,7 +1,7 @@ apiVersion: v2 description: Catalogue all images of a Kubernetes cluster to multiple targets with Syft name: sbom-operator -version: 0.9.0 +version: 0.9.1 appVersion: 0.9.0 home: https://github.com/ckotzbauer/sbom-operator sources: diff --git a/charts/sbom-operator/README.md b/charts/sbom-operator/README.md index 179eb96..f3c71fa 100644 --- a/charts/sbom-operator/README.md +++ b/charts/sbom-operator/README.md @@ -41,8 +41,9 @@ The following table lists the configurable parameters of the sbom-operator chart | `podAnnotations` | annotations to add to each pod | `{}` | | `resources` | pod resource requests & limits | See [values.yaml](values.yaml) | | `securityContext` | container securityContext | See [values.yaml](values.yaml) | -| `serviceAccount.create` | Should we create a ServiceAccount | `true` | -| `serviceAccount.name` | Name of the ServiceAccount to use | null | +| `serviceAccount.create` | Should we create a ServiceAccount | `true` | +| `serviceAccount.name` | Name of the ServiceAccount to use | null | +| `jobImageMode` | Whether or not a job-image is used. | `false` | Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. For example, diff --git a/charts/sbom-operator/templates/clusterrole.yaml b/charts/sbom-operator/templates/clusterrole.yaml index 97e0b30..6f75068 100644 --- a/charts/sbom-operator/templates/clusterrole.yaml +++ b/charts/sbom-operator/templates/clusterrole.yaml @@ -25,3 +25,21 @@ rules: verbs: - get - update +{{- if .Values.jobImageMode }} +- apiGroups: + - "" + resources: + - secrets + verbs: + - get + - create + - delete +- apiGroups: + - batch + resources: + - jobs + verbs: + - get + - create + - delete +{{- end }} diff --git a/charts/sbom-operator/templates/deployment.yaml b/charts/sbom-operator/templates/deployment.yaml index c452a62..2bc4a5e 100644 --- a/charts/sbom-operator/templates/deployment.yaml +++ b/charts/sbom-operator/templates/deployment.yaml @@ -34,6 +34,20 @@ spec: {{- if .Values.envVars }} {{ toYaml .Values.envVars | nindent 12 }} {{- end }} + {{- if .Values.jobImageMode }} + - name: POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: POD_UID + valueFrom: + fieldRef: + fieldPath: metadata.uid + {{- end }} securityContext: {{ toYaml .Values.securityContext | indent 12 }} resources: diff --git a/charts/sbom-operator/values.yaml b/charts/sbom-operator/values.yaml index 27ed47e..a6693b3 100644 --- a/charts/sbom-operator/values.yaml +++ b/charts/sbom-operator/values.yaml @@ -13,6 +13,8 @@ envVars: {} podAnnotations: {} +jobImageMode: false + resources: {} # requests: # cpu: 500m