feat(helm): add sslCertDir parameter (#9697)

2025-12-12 07:40:48 -08:00 · 2025-12-09 23:15:31 +00:00
parent 18ecf75176
commit 879e4fca12
4 changed files with 16 additions and 0 deletions
--- a/helm/trivy/README.md
+++ b/helm/trivy/README.md
@@ -78,6 +78,7 @@ The following table lists the configurable parameters of the Trivy chart and the
 | `trivy.existingSecret`                | existingSecret if an existing secret has been created outside the chart. Overrides gitHubToken, registryUsername, registryPassword, serverToken | `` |
 | `trivy.podAnnotations`                | Annotations for pods created by statefulset                             | `{}` |
 | `trivy.extraEnvVars`                  | extraEnvVars to be set on the container                                 | `{}` |
+| `trivy.sslCertDir`                    | Can be used to override the system default locations for SSL certificate files directory, example: `/ssl/certs` | `` |
 | `service.name`                        | If specified, the name used for the Trivy service                       |     |
 | `service.type`                        | Kubernetes service type                                                 | `ClusterIP` |
 | `service.port`                        | Kubernetes service port                                                 | `4954`      |
--- a/helm/trivy/templates/configmap.yaml
+++ b/helm/trivy/templates/configmap.yaml
@@ -27,3 +27,6 @@ data:
 {{- with .Values.trivy.extraEnvVars }}
  {{- . | toYaml | nindent 2 }}
 {{- end }}
+{{- if .Values.trivy.sslCertDir }}
+  SSL_CERT_DIR: {{ .Values.trivy.sslCertDir | quote }}
+{{- end }}
--- a/helm/trivy/templates/statefulset.yaml
+++ b/helm/trivy/templates/statefulset.yaml
@@ -125,6 +125,11 @@ spec:
            - mountPath: /home/scanner/.cache
              name: data
              readOnly: false
+          {{- with .Values.trivy.sslCertDir }}
+            - mountPath: {{ . }}
+              name: ssl-cert-dir
+              readOnly: true
+          {{- end }}
          {{- if .Values.resources }}
          resources:
 {{ toYaml .Values.resources | indent 12 }}
@@ -136,3 +141,8 @@ spec:
        - name: data
          emptyDir: {}
        {{- end }}
+        {{- with .Values.trivy.sslCertDir }}
+        - name: ssl-cert-dir
+          hostPath:
+            path: {{ . }}
+        {{- end }}
--- a/helm/trivy/values.yaml
+++ b/helm/trivy/values.yaml
@@ -128,6 +128,8 @@ trivy:
  existingSecret: ""
  # extraEnvVars to be set on the container
  extraEnvVars: {}
+  # sslCertDir can be used to override the system default locations for SSL certificate files directory, example: /ssl/certs
+  sslCertDir: ""

 service:
  # If specified, the name used for the Trivy service.