admin/aquasecurity-trivy
1
0
Fork 0
mirror of https://github.com/aquasecurity/trivy.git synced 2026-01-31 13:53:14 +08:00
Code Issues Packages Projects Releases Wiki Activity
Files
879e4fca12b53010e3b6a22fcb9c6e2b8eefad96
aquasecurity-trivy/helm/trivy/templates/statefulset.yaml
Kélian Saint-Bonnet 879e4fca12 feat(helm): add sslCertDir parameter (#9697)
2025-12-09 23:15:31 +00:00

149 lines
4.6 KiB
YAML
Raw Blame History

apiVersion: apps/v1
kind: StatefulSet
metadata:
name: {{ include "trivy.fullname" . }}
labels:
{{ include "trivy.labels" . | indent 4 }}
{{- with .Values.trivy.labels }}
{{- toYaml . | nindent 4 }}
{{- end }}
spec:
podManagementPolicy: "Parallel"
serviceName: {{ include "trivy.fullname" . }}
replicas: {{ .Values.replicaCount }}
selector:
matchLabels:
app.kubernetes.io/name: {{ include "trivy.name" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
{{- if .Values.persistence.enabled }}
volumeClaimTemplates:
- apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: data
spec:
resources:
requests:
storage: {{ .Values.persistence.size }}
accessModes:
- {{ .Values.persistence.accessMode }}
storageClassName: {{ .Values.persistence.storageClass }}
{{- end }}
template:
metadata:
annotations:
checksum/config: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }}
{{- with .Values.podAnnotations }}
{{- . | toYaml | nindent 8 }}
{{- end }}
labels:
app.kubernetes.io/name: {{ include "trivy.name" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
{{- with .Values.trivy.labels }}
{{- toYaml . | nindent 8 }}
{{- end }}
spec:
serviceAccountName: {{ include "trivy.fullname" . }}
automountServiceAccountToken: false
{{- if .Values.podSecurityContext }}
securityContext:
{{ toYaml .Values.podSecurityContext | indent 8 }}
{{- end }}
{{- if .Values.image.pullSecret }}
imagePullSecrets:
- name: {{ .Values.image.pullSecret }}
{{- end }}
{{- if .Values.nodeSelector }}
nodeSelector:
{{ toYaml .Values.nodeSelector | indent 8 }}
{{- end }}
{{- if .Values.tolerations }}
tolerations:
{{ toYaml .Values.tolerations | indent 8 }}
{{- end }}
{{- if .Values.affinity }}
affinity:
{{ toYaml .Values.affinity | indent 8 }}
{{- end }}
containers:
- name: main
image: {{ template "trivy.imageRef" . }}
imagePullPolicy: {{ .Values.image.pullPolicy | quote }}
{{- if .Values.securityContext }}
securityContext:
{{ toYaml .Values.securityContext | indent 12 }}
{{- end }}
args:
- server
{{- if .Values.trivy.registryCredentialsExistingSecret }}
env:
- name: TRIVY_USERNAME
valueFrom:
secretKeyRef:
name: {{ .Values.trivy.registryCredentialsExistingSecret }}
key: TRIVY_USERNAME
- name: TRIVY_PASSWORD
valueFrom:
secretKeyRef:
name: {{ .Values.trivy.registryCredentialsExistingSecret }}
key: TRIVY_PASSWORD
{{- end }}
envFrom:
- configMapRef:
name: {{ include "trivy.fullname" . }}
- secretRef:
{{- if not .Values.trivy.existingSecret }}
name: {{ include "trivy.fullname" . }}
{{- else }}
name: {{ .Values.trivy.existingSecret }}
{{- end }}
ports:
- name: trivy-http
containerPort: {{ .Values.service.port }}
livenessProbe:
httpGet:
scheme: HTTP
path: /healthz
port: trivy-http
initialDelaySeconds: 5
periodSeconds: 10
successThreshold: 1
failureThreshold: 10
readinessProbe:
httpGet:
scheme: HTTP
path: /healthz
port: trivy-http
initialDelaySeconds: 5
periodSeconds: 10
successThreshold: 1
failureThreshold: 3
volumeMounts:
- mountPath: /tmp
name: tmp-data
readOnly: false
- mountPath: /home/scanner/.cache
name: data
readOnly: false
{{- with .Values.trivy.sslCertDir }}
- mountPath: {{ . }}
name: ssl-cert-dir
readOnly: true
{{- end }}
{{- if .Values.resources }}
resources:
{{ toYaml .Values.resources | indent 12 }}
{{- end }}
volumes:
- name: tmp-data
emptyDir: {}
{{- if not .Values.persistence.enabled }}
- name: data
emptyDir: {}
{{- end }}
{{- with .Values.trivy.sslCertDir }}
- name: ssl-cert-dir
hostPath:
path: {{ . }}
{{- end }}
Reference in New Issue View Git Blame Copy Permalink