public_git
/
ckotzbauer_helm-charts
mirror of https://github.com/ckotzbauer/helm-charts.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

update vulnerability-operator 

Signed-off-by: Christian Kotzbauer <git@ckotzbauer.de>
This commit is contained in:
Christian Kotzbauer 2023-03-14 18:42:12 +01:00
parent 2f9d6df29f
commit b840579897
5 changed files with 32 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
charts/vulnerability-operator/Chart.yaml
View File

@ -1,8 +1,8 @@
apiVersion: v2 apiVersion: v2
description: Scans SBOMs for vulnerabilities description: Scans SBOMs for vulnerabilities
name: vulnerability-operator name: vulnerability-operator
version: 0.16.0 version: 0.17.0
appVersion: 0.15.0 appVersion: 0.16.0
home: https://github.com/ckotzbauer/vulnerability-operator home: https://github.com/ckotzbauer/vulnerability-operator
sources: sources:
- https://github.com/ckotzbauer/vulnerability-operator - https://github.com/ckotzbauer/vulnerability-operator

3
charts/vulnerability-operator/README.md
View File

@ -31,11 +31,12 @@ The following table lists the configurable parameters of the vulnerability-opera
| Parameter | Description | Default | | Parameter | Description | Default |
| -------------------------------------- | ------------------------------------------------- | --------------------------------------------- | | -------------------------------------- | ------------------------------------------------- | --------------------------------------------- |
| `image.repository` | container image repository | `ghcr.io/ckotzbauer/vulnerability-operator` | | `image.repository` | container image repository | `ghcr.io/ckotzbauer/vulnerability-operator` |
| `image.tag` | container image tag | `0.14.1` | | `image.tag` | container image tag | `0.16.0` |
| `image.pullPolicy` | container image pull policy | `IfNotPresent` | | `image.pullPolicy` | container image pull policy | `IfNotPresent` |
| `args` | argument object for cli-args | `{}` | | `args` | argument object for cli-args | `{}` |
| `envVars` | environment variables | `{}` | | `envVars` | environment variables | `{}` |
| `ignoreRules` | Grype ignore-rules | `""` | | `ignoreRules` | Grype ignore-rules | `""` |
| `filterConfig` | Specify ignore- and audit-rules | `""` |
| `nodeSelector` | node labels for pod assignment | `{}` | | `nodeSelector` | node labels for pod assignment | `{}` |
| `tolerations` | node tolerations for pod assignment | `[]` | | `tolerations` | node tolerations for pod assignment | `[]` |
| `affinity` | node affinity for pod assignment | `{}` | | `affinity` | node affinity for pod assignment | `{}` |

8
charts/vulnerability-operator/templates/configmap.yaml
View File

@ -1,4 +1,4 @@
{{- if .Values.ignoreRules }} {{- if or .Values.ignoreRules .Values.filterConfig }}
apiVersion: v1 apiVersion: v1
kind: ConfigMap kind: ConfigMap
metadata: metadata:
@ -6,6 +6,12 @@ metadata:
labels: labels:
{{- include "app.labels" . | nindent 4 }} {{- include "app.labels" . | nindent 4 }}
data: data:
{{- if .Values.ignoreRules }}
grype.yaml: | grype.yaml: |
{{ .Values.ignoreRules | indent 4 }} {{ .Values.ignoreRules | indent 4 }}
{{- end }} {{- end }}
{{- if .Values.filterConfig }}
filter-config.yaml: |
{{ .Values.filterConfig | indent 4 }}
{{- end }}
{{- end }}

7
charts/vulnerability-operator/templates/deployment.yaml
View File

@ -33,6 +33,9 @@ spec:
{{- if .Values.ignoreRules }} {{- if .Values.ignoreRules }}
- --grype-config-file=/vuln/grype.yaml - --grype-config-file=/vuln/grype.yaml
{{- end }} {{- end }}
{{- if .Values.filterConfig }}
- --filter-config-file=/vuln/filter-config.yaml
{{- end }}
env: env:
{{- if .Values.envVars }} {{- if .Values.envVars }}
{{ toYaml .Values.envVars | nindent 12 }} {{ toYaml .Values.envVars | nindent 12 }}
@ -60,7 +63,7 @@ spec:
name: work name: work
- mountPath: /tmp - mountPath: /tmp
name: tmp name: tmp
{{- if .Values.ignoreRules }} {{- if or .Values.ignoreRules .Values.filterConfig }}
- mountPath: /vuln - mountPath: /vuln
name: grype name: grype
{{- end }} {{- end }}
@ -72,7 +75,7 @@ spec:
{{- if .Values.extraVolumes }} {{- if .Values.extraVolumes }}
{{- toYaml .Values.extraVolumes | nindent 8 }} {{- toYaml .Values.extraVolumes | nindent 8 }}
{{- end }} {{- end }}
{{- if .Values.ignoreRules }} {{- if or .Values.ignoreRules .Values.filterConfig }}
- name: grype - name: grype
configMap: configMap:
name: {{ template "app.name" . }} name: {{ template "app.name" . }}

16
charts/vulnerability-operator/values.yaml
View File

@ -30,6 +30,22 @@ ignoreRules: ""
# - package: # - package:
# type: gem # type: gem
filterConfig: ""
# ignore:
# - vulnerability: GHSA-ggxm-pgc9-g7fp # rdoc
# context:
# - image: "*"
# namespace: gitlab-dev
# kind: Deployment
# name: gitlab-dev-server
# audit:
# - vulnerability: GHSA-fp4w-jxhp-m23p # bundler
# context:
# - image: "*"
# namespace: gitlab-dev
# kind: Deployment
# name: gitlab-dev-server
podAnnotations: {} podAnnotations: {}
resources: {} resources: {}