64 lines
1.9 KiB
YAML
64 lines
1.9 KiB
YAML
---
|
|
apiVersion: helm.toolkit.fluxcd.io/v2beta1
|
|
kind: HelmRelease
|
|
metadata:
|
|
name: trivy-operator
|
|
spec:
|
|
chart:
|
|
spec:
|
|
sourceRef:
|
|
kind: HelmRepository
|
|
name: "aqua"
|
|
chart: "trivy-operator"
|
|
version: "0.18.4"
|
|
interval: 10m
|
|
install:
|
|
{{- toYaml .Values.commons.helm.release.install | nindent 4 }}
|
|
test:
|
|
{{- toYaml .Values.commons.helm.release.test | nindent 4 }}
|
|
upgrade:
|
|
{{- toYaml .Values.commons.helm.release.upgrade | nindent 4 }}
|
|
interval: 10m
|
|
postRenderers:
|
|
- kustomize:
|
|
patchesJson6902:
|
|
- target:
|
|
group: monitoring.coreos.com
|
|
version: v1
|
|
kind: ServiceMonitor
|
|
name: trivy-operator
|
|
patch:
|
|
- op: "add"
|
|
path: "/spec/endpoints/0/metricRelabelings"
|
|
value:
|
|
- sourceLabels: [ "namespace" ]
|
|
targetLabel: "exported_namespace"
|
|
action: "replace"
|
|
- sourceLabels: []
|
|
targetLabel: "namespace"
|
|
replacement: {{ .Release.Namespace }}
|
|
action: "replace"
|
|
- sourceLabels: []
|
|
targetLabel: "alertmanagerInhibitDisable"
|
|
replacement: "true"
|
|
values:
|
|
trivy:
|
|
ignoreUnfixed: true
|
|
additionalVulnerabilityReportFields: "Description,Target,Class"
|
|
|
|
operator:
|
|
metricsVulnIdEnabled: true
|
|
scanJobsConcurrentLimit: {{ .Values.scans.concurrent }}
|
|
vulnerabilityScannerReportTTL: {{ .Values.scans.ttl }}
|
|
|
|
resources:
|
|
requests:
|
|
cpu: 100m
|
|
memory: 192Mi
|
|
limits:
|
|
memory: 768Mi
|
|
|
|
serviceMonitor:
|
|
enabled: {{ (.Capabilities.APIVersions.Has "monitoring.coreos.com/v1/ServiceMonitor") }}
|
|
labels:
|
|
{{- toYaml .Values.commons.prometheus.monitor.labels | nindent 8 }}
|