public_git
/
ckotzbauer_helm-charts
mirror of https://github.com/ckotzbauer/helm-charts.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

update chart to 0.3.0 

Signed-off-by: Christian Kotzbauer <git@ckotzbauer.de>
This commit is contained in:
Christian Kotzbauer 2022-03-09 16:55:52 +01:00
parent 9cf3ff7f18
commit b5a4228148
6 changed files with 62 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
charts/vulnerability-operator/Chart.yaml
View File

@ -1,8 +1,8 @@
apiVersion: v2 apiVersion: v2
description: Scans SBOMs for vulnerabilities description: Scans SBOMs for vulnerabilities
name: vulnerability-operator name: vulnerability-operator
version: 0.2.0 version: 0.3.0
appVersion: 0.2.0 appVersion: 0.3.0
home: https://github.com/ckotzbauer/vulnerability-operator home: https://github.com/ckotzbauer/vulnerability-operator
sources: sources:
- https://github.com/ckotzbauer/vulnerability-operator - https://github.com/ckotzbauer/vulnerability-operator

3
charts/vulnerability-operator/README.md
View File

@ -31,10 +31,11 @@ The following table lists the configurable parameters of the vulnerability-opera
| Parameter | Description | Default | | Parameter | Description | Default |
| -------------------------------------- | ------------------------------------------------- | --------------------------------------------- | | -------------------------------------- | ------------------------------------------------- | --------------------------------------------- |
| `image.repository` | container image repository | `ghcr.io/ckotzbauer/vulnerability-operator` | | `image.repository` | container image repository | `ghcr.io/ckotzbauer/vulnerability-operator` |
| `image.tag` | container image tag | `0.2.0` | | `image.tag` | container image tag | `0.3.0` |
| `image.pullPolicy` | container image pull policy | `IfNotPresent` | | `image.pullPolicy` | container image pull policy | `IfNotPresent` |
| `args` | argument object for cli-args | `{}` | | `args` | argument object for cli-args | `{}` |
| `envVars` | environment variables | `{}` | | `envVars` | environment variables | `{}` |
| `ignoreRules` | Grype ignore-rules | `""` |
| `nodeSelector` | node labels for pod assignment | `{}` | | `nodeSelector` | node labels for pod assignment | `{}` |
| `tolerations` | node tolerations for pod assignment | `[]` | | `tolerations` | node tolerations for pod assignment | `[]` |
| `affinity` | node affinity for pod assignment | `{}` | | `affinity` | node affinity for pod assignment | `{}` |

15
charts/vulnerability-operator/templates/clusterrole.yaml
View File

@ -11,3 +11,18 @@ rules:
- pods - pods
verbs: verbs:
- list - list
- apiGroups:
- apps
resources:
- deployments
- replicasets
- statefulsets
- daemonsets
verbs:
- get
- apiGroups:
- batch
resources:
- jobs
verbs:
- get

11
charts/vulnerability-operator/templates/configmap.yaml Normal file
View File

@ -0,0 +1,11 @@
{{- if .Values.ignoreRules }}
apiVersion: v1
kind: ConfigMap
metadata:
name: {{ template "app.name" . }}
labels:
{{- include "app.labels" . | nindent 4 }}
data:
grype.yaml: |
{{ .Values.ignoreRules | indent 4 }}
{{- end }}

10
charts/vulnerability-operator/templates/deployment.yaml
View File

@ -30,6 +30,9 @@ spec:
- --{{ $key }} - --{{ $key }}
{{- end }} {{- end }}
{{- end }} {{- end }}
{{- if .Values.ignoreRules }}
- --grype-config-file=/vuln/grype.yaml
{{- end }}
env: env:
{{- if .Values.envVars }} {{- if .Values.envVars }}
{{ toYaml .Values.envVars | nindent 12 }} {{ toYaml .Values.envVars | nindent 12 }}
@ -57,11 +60,18 @@ spec:
name: work name: work
- mountPath: /tmp - mountPath: /tmp
name: tmp name: tmp
- mountPath: /vuln
name: grype
volumes: volumes:
- name: work - name: work
emptyDir: {} emptyDir: {}
- name: tmp - name: tmp
emptyDir: {} emptyDir: {}
{{- if .Values.ignoreRules }}
- name: grype
configMap:
name: {{ template "app.name" . }}
{{- end }}
{{- with .Values.nodeSelector }} {{- with .Values.nodeSelector }}
nodeSelector: nodeSelector:
{{ toYaml . | indent 8 }} {{ toYaml . | indent 8 }}

22
charts/vulnerability-operator/values.yaml
View File

@ -11,6 +11,28 @@ args: {}
envVars: {} envVars: {}
#ignoreRules: ""
ignoreRules: |
ignore:
- vulnerabilities: CVE-XXXXXX
- vulnerabilities: CVE-YYYYYY
# ignore:
# # This is the full set of supported rule fields:
# - vulnerability: CVE-2008-4318
# fix-state: unknown
# package:
# name: libcurl
# version: 1.5.1
# type: npm
# location: "/usr/local/lib/node_modules/**"
#
# # We can make rules to match just by vulnerability ID:
# - vulnerability: CVE-2017-41432
#
# # ...or just by a single package field:
# - package:
# type: gem
podAnnotations: {} podAnnotations: {}
resources: {} resources: {}