feat(helm): allows users to define an existing secret for tokens (#2587)

Signed-off-by: cebidhem <cebidhem@pm.me>
2025-12-12 15:50:15 -08:00 · 2022-07-31 08:56:14 +02:00
parent d0ba59a44d
commit d0ca610a96
5 changed files with 12 additions and 2 deletions
--- a/helm/trivy/Chart.yaml
+++ b/helm/trivy/Chart.yaml
@@ -1,7 +1,7 @@
 apiVersion: v2
 name: trivy
-version: 0.4.16
-appVersion: 0.29.2
+version: 0.4.17
+appVersion: 0.30.4
 description: Trivy helm chart
 keywords:
  - scanner
--- a/helm/trivy/README.md
+++ b/helm/trivy/README.md
@@ -73,6 +73,7 @@ The following table lists the configurable parameters of the Trivy chart and the
 | `trivy.cache.redis.enabled`           | Enable Redis as caching backend                                         | `false` |
 | `trivy.cache.redis.url`               | Specify redis connection url, e.g. redis://redis.redis.svc:6379         | `` |
 | `trivy.serverToken`                   | The token to authenticate Trivy client with Trivy server                | `` |
+| `trivy.existingSecret`                | existingSecret if an existing secret has been created outside the chart. Overrides gitHubToken, registryUsername, registryPassword, serverToken | `` |
 | `trivy.podAnnotations`                | Annotations for pods created by statefulset                             | `{}` |
 | `service.name`                        | If specified, the name used for the Trivy service                       |     |
 | `service.type`                        | Kubernetes service type                                                 | `ClusterIP` |
--- a/helm/trivy/templates/secret.yaml
+++ b/helm/trivy/templates/secret.yaml
@@ -1,3 +1,4 @@
+{{- if not .Values.trivy.existingSecret }}
 apiVersion: v1
 kind: Secret
 metadata:
@@ -12,3 +13,4 @@ data:
  TRIVY_USERNAME: {{ .Values.trivy.registryUsername | default "" | b64enc | quote }}
  TRIVY_PASSWORD: {{ .Values.trivy.registryPassword | default "" | b64enc | quote }}
 {{- end -}}
+{{- end }}
--- a/helm/trivy/templates/statefulset.yaml
+++ b/helm/trivy/templates/statefulset.yaml
@@ -90,7 +90,11 @@ spec:
            - configMapRef:
                name: {{ include "trivy.fullname" . }}
            - secretRef:
+                {{- if not .Values.trivy.existingSecret }}
                name: {{ include "trivy.fullname" . }}
+                {{- else }}
+                name: {{ .Values.trivy.existingSecret }}
+                {{- end }}
          ports:
            - name: trivy-http
              containerPort: {{ .Values.service.port }}
--- a/helm/trivy/values.yaml
+++ b/helm/trivy/values.yaml
@@ -120,6 +120,9 @@ trivy:
  labels: {}
  # serverToken is the token to authenticate Trivy client with Trivy server.
  serverToken: ""
+  # existingSecret if an existing secret has been created outside the chart.
+  # Overrides gitHubToken, registryUsername, registryPassword, serverToken
+  existingSecret: ""

 service:
  # If specified, the name used for the Trivy service.