---
apiVersion: helm.toolkit.fluxcd.io/v2beta1
kind: HelmRelease
metadata:
  name: trivy-operator
spec:
  chart:
    spec:
      sourceRef:
        kind: HelmRepository
        name: "aqua"
      chart: "trivy-operator"
      version: "0.18.4"
      interval: 10m
  install:
    {{- toYaml .Values.commons.helm.release.install | nindent 4 }}
  test:
    {{- toYaml .Values.commons.helm.release.test | nindent 4 }}
  upgrade:
    {{- toYaml .Values.commons.helm.release.upgrade | nindent 4 }}
  interval: 10m
  postRenderers:
    - kustomize:
        patchesJson6902:
         - target:
             group: monitoring.coreos.com
             version: v1
             kind: ServiceMonitor
             name: trivy-operator
           patch:
             - op: "add"
               path: "/spec/endpoints/0/metricRelabelings"
               value:
                 - sourceLabels: [ "namespace" ]
                   targetLabel: "exported_namespace"
                   action: "replace"
                 - sourceLabels: []
                   targetLabel: "namespace"
                   replacement: {{ .Release.Namespace }}
                   action: "replace"
                 - sourceLabels: []
                   targetLabel: "alertmanagerInhibitDisable"
                   replacement: "true"
  values:
    trivy:
      ignoreUnfixed: true
      additionalVulnerabilityReportFields: "Description,Target,Class"

    operator:
      metricsVulnIdEnabled: true
      scanJobsConcurrentLimit: {{ .Values.scans.concurrent }}
      vulnerabilityScannerReportTTL: {{ .Values.scans.ttl }}

    resources:
      requests:
        cpu: 100m
        memory: 192Mi
      limits:
        memory: 768Mi

    serviceMonitor:
      enabled: {{ (.Capabilities.APIVersions.Has "monitoring.coreos.com/v1/ServiceMonitor") }}
      labels:
        {{- toYaml .Values.commons.prometheus.monitor.labels | nindent 8 }}