update chart to 0.3.0
Signed-off-by: Christian Kotzbauer <git@ckotzbauer.de>
This commit is contained in:
Christian Kotzbauer
parent
9cf3ff7f18
commit
b5a4228148
|
|
@ -1,8 +1,8 @@
|
|||
apiVersion: v2
|
||||
description: Scans SBOMs for vulnerabilities
|
||||
name: vulnerability-operator
|
||||
version: 0.2.0
|
||||
appVersion: 0.2.0
|
||||
version: 0.3.0
|
||||
appVersion: 0.3.0
|
||||
home: https://github.com/ckotzbauer/vulnerability-operator
|
||||
sources:
|
||||
- https://github.com/ckotzbauer/vulnerability-operator
|
||||
|
|
|
|||
|
|
@ -31,10 +31,11 @@ The following table lists the configurable parameters of the vulnerability-opera
|
|||
| Parameter | Description | Default |
|
||||
| -------------------------------------- | ------------------------------------------------- | --------------------------------------------- |
|
||||
| `image.repository` | container image repository | `ghcr.io/ckotzbauer/vulnerability-operator` |
|
||||
| `image.tag` | container image tag | `0.2.0` |
|
||||
| `image.tag` | container image tag | `0.3.0` |
|
||||
| `image.pullPolicy` | container image pull policy | `IfNotPresent` |
|
||||
| `args` | argument object for cli-args | `{}` |
|
||||
| `envVars` | environment variables | `{}` |
|
||||
| `ignoreRules` | Grype ignore-rules | `""` |
|
||||
| `nodeSelector` | node labels for pod assignment | `{}` |
|
||||
| `tolerations` | node tolerations for pod assignment | `[]` |
|
||||
| `affinity` | node affinity for pod assignment | `{}` |
|
||||
|
|
|
|||
|
|
@ -11,3 +11,18 @@ rules:
|
|||
- pods
|
||||
verbs:
|
||||
- list
|
||||
- apiGroups:
|
||||
- apps
|
||||
resources:
|
||||
- deployments
|
||||
- replicasets
|
||||
- statefulsets
|
||||
- daemonsets
|
||||
verbs:
|
||||
- get
|
||||
- apiGroups:
|
||||
- batch
|
||||
resources:
|
||||
- jobs
|
||||
verbs:
|
||||
- get
|
||||
|
|
|
|||
|
|
@ -0,0 +1,11 @@
|
|||
{{- if .Values.ignoreRules }}
|
||||
apiVersion: v1
|
||||
kind: ConfigMap
|
||||
metadata:
|
||||
name: {{ template "app.name" . }}
|
||||
labels:
|
||||
{{- include "app.labels" . | nindent 4 }}
|
||||
data:
|
||||
grype.yaml: |
|
||||
{{ .Values.ignoreRules | indent 4 }}
|
||||
{{- end }}
|
||||
|
|
@ -30,6 +30,9 @@ spec:
|
|||
- --{{ $key }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- if .Values.ignoreRules }}
|
||||
- --grype-config-file=/vuln/grype.yaml
|
||||
{{- end }}
|
||||
env:
|
||||
{{- if .Values.envVars }}
|
||||
{{ toYaml .Values.envVars | nindent 12 }}
|
||||
|
|
@ -57,11 +60,18 @@ spec:
|
|||
name: work
|
||||
- mountPath: /tmp
|
||||
name: tmp
|
||||
- mountPath: /vuln
|
||||
name: grype
|
||||
volumes:
|
||||
- name: work
|
||||
emptyDir: {}
|
||||
- name: tmp
|
||||
emptyDir: {}
|
||||
{{- if .Values.ignoreRules }}
|
||||
- name: grype
|
||||
configMap:
|
||||
name: {{ template "app.name" . }}
|
||||
{{- end }}
|
||||
{{- with .Values.nodeSelector }}
|
||||
nodeSelector:
|
||||
{{ toYaml . | indent 8 }}
|
||||
|
|
|
|||
|
|
@ -11,6 +11,28 @@ args: {}
|
|||
|
||||
envVars: {}
|
||||
|
||||
#ignoreRules: ""
|
||||
ignoreRules: |
|
||||
ignore:
|
||||
- vulnerabilities: CVE-XXXXXX
|
||||
- vulnerabilities: CVE-YYYYYY
|
||||
# ignore:
|
||||
# # This is the full set of supported rule fields:
|
||||
# - vulnerability: CVE-2008-4318
|
||||
# fix-state: unknown
|
||||
# package:
|
||||
# name: libcurl
|
||||
# version: 1.5.1
|
||||
# type: npm
|
||||
# location: "/usr/local/lib/node_modules/**"
|
||||
#
|
||||
# # We can make rules to match just by vulnerability ID:
|
||||
# - vulnerability: CVE-2017-41432
|
||||
#
|
||||
# # ...or just by a single package field:
|
||||
# - package:
|
||||
# type: gem
|
||||
|
||||
podAnnotations: {}
|
||||
|
||||
resources: {}
|
||||
|
|
|
|||
Loading…
Reference in New Issue