From 0d90bd79df7e2b008e52c72253e7c5c06b8735f1 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Kai=20Sch=C3=A4fer?= Date: Wed, 5 Mar 2025 12:55:09 +0100 Subject: [PATCH 1/2] Allow configuration of imagePullSecret for all trivy components MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit In order to use private registries which require authentication it is needed to configure imagePullSecrets for all parts. Signed-off-by: Kai Schäfer --- CONTRIBUTORS.md | 3 ++- scanners/trivy/templates/trivy-database-cache.yaml | 4 ++++ scanners/trivy/templates/trivy-scan-type.yaml | 12 ++++++++++++ 3 files changed, 18 insertions(+), 1 deletion(-) diff --git a/CONTRIBUTORS.md b/CONTRIBUTORS.md index a187be1967..0105bd80dc 100644 --- a/CONTRIBUTORS.md +++ b/CONTRIBUTORS.md @@ -57,4 +57,5 @@ Committing with `git commit -s` will add the sign-off at the end of the commit m - Tobias Stenby Brixen - Eline Henriksen - Michael Kruggel -- Ochi Daiki \ No newline at end of file +- Ochi Daiki +- Kai Schäfer \ No newline at end of file diff --git a/scanners/trivy/templates/trivy-database-cache.yaml b/scanners/trivy/templates/trivy-database-cache.yaml index e0e8c10204..5e8e2bbaed 100644 --- a/scanners/trivy/templates/trivy-database-cache.yaml +++ b/scanners/trivy/templates/trivy-database-cache.yaml @@ -37,6 +37,10 @@ spec: labels: app: trivy-database spec: + {{- with .Values.imagePullSecrets }} + imagePullSecrets: + {{- toYaml . | nindent 8 }} + {{- end }} containers: - name: trivy-database image: "{{ .Values.scanner.image.repository }}:{{ .Values.scanner.image.tag | default .Chart.AppVersion }}" diff --git a/scanners/trivy/templates/trivy-scan-type.yaml b/scanners/trivy/templates/trivy-scan-type.yaml index ebe8d61d11..a5f5d000ec 100644 --- a/scanners/trivy/templates/trivy-scan-type.yaml +++ b/scanners/trivy/templates/trivy-scan-type.yaml @@ -154,6 +154,10 @@ spec: {{- end }} template: spec: + {{- with .Values.imagePullSecrets }} + imagePullSecrets: + {{- toYaml . | nindent 12 }} + {{- end }} restartPolicy: OnFailure affinity: {{- toYaml .Values.scanner.affinity | nindent 12 }} @@ -216,6 +220,10 @@ spec: {{- toYaml .Values.scanner.affinity | nindent 12 }} tolerations: {{- toYaml .Values.scanner.tolerations | nindent 12 }} + {{- with .Values.imagePullSecrets }} + imagePullSecrets: + {{- toYaml . | nindent 12 }} + {{- end }} containers: - name: trivy image: "{{ .Values.scanner.image.repository }}:{{ .Values.scanner.image.tag | default .Chart.AppVersion }}" @@ -267,6 +275,10 @@ spec: {{- end }} template: spec: + {{- with .Values.imagePullSecrets }} + imagePullSecrets: + {{- toYaml . | nindent 12 }} + {{- end }} restartPolicy: OnFailure affinity: {{- toYaml .Values.scanner.affinity | nindent 12 }} From 37668ff9a1c7c24911bb3abc3141a47bed3ba768 Mon Sep 17 00:00:00 2001 From: Jannik Hollenbach Date: Fri, 7 Mar 2025 15:21:36 +0100 Subject: [PATCH 2/2] Update helm snapshot with the now expected image pull secrets Signed-off-by: Jannik Hollenbach --- scanners/trivy/tests/__snapshot__/scanner_test.yaml.snap | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/scanners/trivy/tests/__snapshot__/scanner_test.yaml.snap b/scanners/trivy/tests/__snapshot__/scanner_test.yaml.snap index 4f0a017906..6cccc2d109 100644 --- a/scanners/trivy/tests/__snapshot__/scanner_test.yaml.snap +++ b/scanners/trivy/tests/__snapshot__/scanner_test.yaml.snap @@ -61,6 +61,8 @@ matches the snapshot: initialDelaySeconds: 5 periodSeconds: 10 successThreshold: 1 + imagePullSecrets: + - name: foo 3: | apiVersion: execution.securecodebox.io/v1 kind: ParseDefinition @@ -256,6 +258,8 @@ matches the snapshot: volumeMounts: [] - image: bar name: foo + imagePullSecrets: + - name: foo restartPolicy: OnFailure tolerations: - foo: bar @@ -307,6 +311,8 @@ matches the snapshot: volumeMounts: [] - image: bar name: foo + imagePullSecrets: + - name: foo restartPolicy: OnFailure tolerations: - foo: bar @@ -357,6 +363,8 @@ matches the snapshot: volumeMounts: [] - image: bar name: foo + imagePullSecrets: + - name: foo restartPolicy: OnFailure serviceAccountName: trivy-k8s tolerations: