From 6b29bf1c71007f76ca86c00a4e73c4fd2bfe5f7b Mon Sep 17 00:00:00 2001
From: Carlos Tolon <ctolon22@users.noreply.github.com>
Date: Mon, 11 Jan 2021 15:33:35 +0100
Subject: [PATCH] Added nodeSelector, affinity and tolerations to helm chart
 (#803)

* Added nodeSelector, affinity and tolerations to helm chart

* Updated helm README.md and bumped version
---
 helm/trivy/Chart.yaml                 |  2 +-
 helm/trivy/README.md                  |  3 +++
 helm/trivy/templates/statefulset.yaml | 12 ++++++++++++
 helm/trivy/values.yaml                | 12 ++++++++++++
 4 files changed, 28 insertions(+), 1 deletion(-)

diff --git a/helm/trivy/Chart.yaml b/helm/trivy/Chart.yaml
index c6aa5dc849..36aa78ca32 100644
--- a/helm/trivy/Chart.yaml
+++ b/helm/trivy/Chart.yaml
@@ -1,6 +1,6 @@
 apiVersion: v2
 name: trivy
-version: 0.4.1
+version: 0.4.2
 appVersion: "0.15.0"
 description: Trivy helm chart
 keywords:
diff --git a/helm/trivy/README.md b/helm/trivy/README.md
index 5e6013a96f..3c2cce6a3d 100644
--- a/helm/trivy/README.md
+++ b/helm/trivy/README.md
@@ -63,6 +63,9 @@ The following table lists the configurable parameters of the Trivy chart and the
 | `httpProxy`                           | The URL of the HTTP proxy server                                        |     |
 | `httpsProxy`                          | The URL of the HTTPS proxy server                                       |     |
 | `noProxy`                             | The URLs that the proxy settings do not apply to                        |     |
+| `nodeSelector`                        | Node labels for pod assignment                                              |     |
+| `affinity`                        | Affinity settings for pod assignment                                              |     |
+| `tolerations`                        | Tolerations for pod assignment                                              |     |
 
 The above parameters map to the env variables defined in [trivy](https://github.com/aquasecurity/trivy#configuration).
 
diff --git a/helm/trivy/templates/statefulset.yaml b/helm/trivy/templates/statefulset.yaml
index 36323a337c..61236f2b03 100644
--- a/helm/trivy/templates/statefulset.yaml
+++ b/helm/trivy/templates/statefulset.yaml
@@ -40,6 +40,18 @@ spec:
       imagePullSecrets:
         - name: {{ .Values.image.pullSecret }}
       {{- end }}
+      {{- if .Values.nodeSelector }}
+      nodeSelector:
+{{ toYaml .Values.nodeSelector | indent 8 }}
+      {{- end }}
+      {{- if .Values.tolerations }}
+      tolerations:
+{{ toYaml .Values.tolerations | indent 8 }}
+      {{- end }}
+      {{- if .Values.affinity }}
+      affinity:
+{{ toYaml .Values.affinity | indent 8 }}
+      {{- end }}
       containers:
         - name: main
           image: {{ template "trivy.imageRef" . }}
diff --git a/helm/trivy/values.yaml b/helm/trivy/values.yaml
index 3e8e2ef5b2..cef2bbf348 100644
--- a/helm/trivy/values.yaml
+++ b/helm/trivy/values.yaml
@@ -37,6 +37,18 @@ securityContext:
   privileged: false
   readOnlyRootFilesystem: true
 
+## Node labels for pod assignment
+## Ref: https://kubernetes.io/docs/user-guide/node-selection/
+nodeSelector: {}
+
+## Affinity settings for pod assignment
+## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/
+affinity: {}
+
+## Tolerations for pod assignment
+## Ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
+tolerations: []
+
 trivy:
   # debugMode the flag to enable Trivy debug mode
   debugMode: false