gitea-mirror/trivy
1
0
Fork 0
mirror of https://github.com/aquasecurity/trivy.git synced 2025-12-12 07:40:48 -08:00
Code Issues Packages Projects Releases Wiki Activity

feat(helm): add sslCertDir parameter (#9697)

Browse Source
This commit is contained in:
Kélian Saint-Bonnet
2025-12-09 23:15:31 +00:00
committed by GitHub
parent 18ecf75176
commit 879e4fca12
4 changed files with 16 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
helm/trivy/README.md
View File

@@ -78,6 +78,7 @@ The following table lists the configurable parameters of the Trivy chart and the
| `trivy.existingSecret` | existingSecret if an existing secret has been created outside the chart. Overrides gitHubToken, registryUsername, registryPassword, serverToken | `` | | `trivy.existingSecret` | existingSecret if an existing secret has been created outside the chart. Overrides gitHubToken, registryUsername, registryPassword, serverToken | `` |
| `trivy.podAnnotations` | Annotations for pods created by statefulset | `{}` | | `trivy.podAnnotations` | Annotations for pods created by statefulset | `{}` |
| `trivy.extraEnvVars` | extraEnvVars to be set on the container | `{}` | | `trivy.extraEnvVars` | extraEnvVars to be set on the container | `{}` |
| `trivy.sslCertDir` | Can be used to override the system default locations for SSL certificate files directory, example: `/ssl/certs` | `` |
| `service.name` | If specified, the name used for the Trivy service | | | `service.name` | If specified, the name used for the Trivy service | |
| `service.type` | Kubernetes service type | `ClusterIP` | | `service.type` | Kubernetes service type | `ClusterIP` |
| `service.port` | Kubernetes service port | `4954` | | `service.port` | Kubernetes service port | `4954` |

3
helm/trivy/templates/configmap.yaml
View File

@@ -27,3 +27,6 @@ data:
{{- with .Values.trivy.extraEnvVars }} {{- with .Values.trivy.extraEnvVars }}
{{- . | toYaml | nindent 2 }} {{- . | toYaml | nindent 2 }}
{{- end }} {{- end }}
{{- if .Values.trivy.sslCertDir }}
SSL_CERT_DIR: {{ .Values.trivy.sslCertDir | quote }}
{{- end }}

10
helm/trivy/templates/statefulset.yaml
View File

@@ -125,6 +125,11 @@ spec:
- mountPath: /home/scanner/.cache - mountPath: /home/scanner/.cache
name: data name: data
readOnly: false readOnly: false
{{- with .Values.trivy.sslCertDir }}
- mountPath: {{ . }}
name: ssl-cert-dir
readOnly: true
{{- end }}
{{- if .Values.resources }} {{- if .Values.resources }}
resources: resources:
{{ toYaml .Values.resources | indent 12 }} {{ toYaml .Values.resources | indent 12 }}
@@ -136,3 +141,8 @@ spec:
- name: data - name: data
emptyDir: {} emptyDir: {}
{{- end }} {{- end }}
{{- with .Values.trivy.sslCertDir }}
- name: ssl-cert-dir
hostPath:
path: {{ . }}
{{- end }}

2
helm/trivy/values.yaml
View File

@@ -128,6 +128,8 @@ trivy:
existingSecret: "" existingSecret: ""
# extraEnvVars to be set on the container # extraEnvVars to be set on the container
extraEnvVars: {} extraEnvVars: {}
# sslCertDir can be used to override the system default locations for SSL certificate files directory, example: /ssl/certs
sslCertDir: ""
service: service:
# If specified, the name used for the Trivy service. # If specified, the name used for the Trivy service.