update zora chart

undistro · Feb 29, 2024 · 2dcead1 · 2dcead1
1 parent f4358b4
commit 2dcead1
Show file tree

Hide file tree

Showing 5 changed files with 7 additions and 2 deletions.
diff --git a/charts/zora/Chart.yaml b/charts/zora/Chart.yaml
@@ -17,7 +17,7 @@ name: zora
 description: A multi-plugin solution that reports misconfigurations and vulnerabilities by scanning your cluster at scheduled times.
 icon: https://zora-docs.undistro.io/v0.7/assets/logo.svg
 type: application
-version: 0.8.2
-appVersion: "v0.8.2"
+version: 0.8.3-rc1
+appVersion: "v0.8.3-rc1"
 sources:
   - https://github.com/undistro/zora
diff --git a/charts/zora/README.md b/charts/zora/README.md
@@ -118,6 +118,7 @@ The following table lists the configurable parameters of the Zora chart and thei
 | scan.plugins.trivy.image.tag | string | `"0.48.2"` | trivy plugin image tag |
 | scan.plugins.trivy.env | list | `[]` | List of environment variables to set in trivy container. |
 | scan.plugins.trivy.envFrom | list | `[]` | List of sources to populate environment variables in trivy container. |
+| scan.plugins.trivy.timeout | string | `"10m"` | Trivy timeout |
 | scan.plugins.popeye.skipInternalResources | bool | `false` | Specifies whether the following resources should be skipped by `popeye` scans. 1. resources from `kube-system`, `kube-public` and `kube-node-lease` namespaces; 2. kubernetes system reserved RBAC (prefixed with `system:`); 3. `kube-root-ca.crt` configmaps; 4. `default` namespace; 5. `default` serviceaccounts; 6. Helm secrets (prefixed with `sh.helm.release`); 7. Zora components. See `popeye` configuration file that is used for this case: https://github.com/undistro/zora/blob/main/charts/zora/templates/plugins/popeye-config.yaml |
 | scan.plugins.popeye.resources | object | `{"limits":{"cpu":"500m","memory":"500Mi"},"requests":{"cpu":"250m","memory":"256Mi"}}` | [Resources](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers) to add to `popeye` container |
 | scan.plugins.popeye.podAnnotations | object | `{}` | Annotations added to the popeye pods |

diff --git a/charts/zora/templates/operator/rbac.yaml b/charts/zora/templates/operator/rbac.yaml
@@ -102,6 +102,7 @@ rules:
   - serviceaccounts
   verbs:
   - create
+  - delete
   - get
   - list
   - patch

diff --git a/charts/zora/templates/plugins/trivy.yaml b/charts/zora/templates/plugins/trivy.yaml
@@ -61,6 +61,7 @@ spec:
         {{- if .Values.scan.plugins.trivy.ignoreUnfixed }}
         --ignore-unfixed \
         {{- end }}
+        --timeout={{ .Values.scan.plugins.trivy.timeout | quote }} \
         -o $(DONE_DIR)/results.json \
         cluster
 

diff --git a/charts/zora/values.yaml b/charts/zora/values.yaml
@@ -226,6 +226,8 @@ scan:
       envFrom: []
       #  - secretRef:
       #      name: trivy-credentials
+      # -- Trivy timeout
+      timeout: 10m
     popeye:
       # -- Specifies whether the following resources should be skipped by `popeye` scans.
       # 1. resources from `kube-system`, `kube-public` and `kube-node-lease` namespaces;
-Original file line number
+Diff line change
@@ Expand Up / @@ -102,6 +102,7 @@ rules: @@
       - serviceaccounts
       verbs:
       - create
+      - delete
       - get
       - list
       - patch
@@ Expand Down @@