Skip to content

Commit

Permalink
update kubexns image reference to use floating tags (#306)
Browse files Browse the repository at this point in the history
  • Loading branch information
matheusfm authored Jul 31, 2024
1 parent 65c0983 commit 2af7393
Show file tree
Hide file tree
Showing 6 changed files with 13 additions and 3 deletions.
3 changes: 2 additions & 1 deletion charts/zora/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -138,7 +138,8 @@ The following table lists the configurable parameters of the Zora chart and thei
| scan.plugins.popeye.env | list | `[]` | List of environment variables to set in popeye container. |
| scan.plugins.popeye.envFrom | list | `[]` | List of sources to populate environment variables in popeye container. |
| kubexnsImage.repository | string | `"ghcr.io/undistro/kubexns"` | kubexns image repository |
| kubexnsImage.tag | string | `"v0.1.4"` | kubexns image tag |
| kubexnsImage.tag | string | `"v0.1"` | kubexns image tag |
| kubexnsImage.pullPolicy | string | `"Always"` | Image pull policy |
| customChecksConfigMap | string | `"zora-custom-checks"` | Custom checks ConfigMap name |
| httpsProxy | string | `""` | HTTPS proxy URL |
| noProxy | string | `"kubernetes.default.svc.*,127.0.0.1,localhost"` | Comma-separated list of URL patterns to be excluded from going through the proxy |
Expand Down
1 change: 1 addition & 0 deletions charts/zora/templates/operator/deployment.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -114,6 +114,7 @@ spec:
- --checks-configmap-namespace={{ .Release.Namespace }}
- --checks-configmap-name={{ .Values.customChecksConfigMap }}
- --kubexns-image={{ printf "%s:%s" .Values.kubexnsImage.repository .Values.kubexnsImage.tag }}
- --kubexns-pull-policy={{ .Values.kubexnsImage.pullPolicy }}
- --update-crds={{ .Values.updateCRDs | default .Release.IsUpgrade }}
- --inject-conversion={{ .Values.operator.webhook.enabled }}
- --webhook-service-name={{ $serviceName }}
Expand Down
4 changes: 3 additions & 1 deletion charts/zora/values.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -286,7 +286,9 @@ kubexnsImage:
# -- kubexns image repository
repository: ghcr.io/undistro/kubexns
# -- kubexns image tag
tag: v0.1.4
tag: v0.1
# -- Image pull policy
pullPolicy: Always

# -- Custom checks ConfigMap name
customChecksConfigMap: zora-custom-checks
Expand Down
3 changes: 3 additions & 0 deletions cmd/main.go
Original file line number Diff line number Diff line change
Expand Up @@ -80,6 +80,7 @@ func main() {
var checksConfigMapNamespace string
var checksConfigMapName string
var kubexnsImage string
var kubexnsPullPolicy string
var trivyPVC string
var trivyFSGroup int64
var updateCRDs bool
Expand Down Expand Up @@ -110,6 +111,7 @@ func main() {
flag.StringVar(&checksConfigMapNamespace, "checks-configmap-namespace", "zora-system", "Namespace of custom checks ConfigMap")
flag.StringVar(&checksConfigMapName, "checks-configmap-name", "zora-custom-checks", "Name of custom checks ConfigMap")
flag.StringVar(&kubexnsImage, "kubexns-image", "ghcr.io/undistro/kubexns:latest", "kubexns image")
flag.StringVar(&kubexnsPullPolicy, "kubexns-pull-policy", "Always", "kubexns image pull policy")
flag.StringVar(&trivyPVC, "trivy-db-pvc", "", "PersistentVolumeClaim name for Trivy DB")
flag.Int64Var(&trivyFSGroup, "trivy-db-fsgroup", 0, "PersistentVolumeClaim FSGroup for Trivy DB")
flag.BoolVar(&updateCRDs, "update-crds", false,
Expand Down Expand Up @@ -218,6 +220,7 @@ func main() {
OnUpdate: onClusterScanUpdate,
OnDelete: onClusterScanDelete,
KubexnsImage: kubexnsImage,
KubexnsPullPolicy: kubexnsPullPolicy,
TrivyPVC: trivyPVC,
TrivyFSGroup: &trivyFSGroup,
ChecksConfigMap: fmt.Sprintf("%s/%s", checksConfigMapNamespace, checksConfigMapName),
Expand Down
2 changes: 2 additions & 0 deletions internal/controller/zora/clusterscan_controller.go
Original file line number Diff line number Diff line change
Expand Up @@ -62,6 +62,7 @@ type ClusterScanReconciler struct {
ClusterRoleBindingName string
ServiceAccountName string
KubexnsImage string
KubexnsPullPolicy string
ChecksConfigMap string
TrivyPVC string
TrivyFSGroup *int64
Expand Down Expand Up @@ -218,6 +219,7 @@ func (r *ClusterScanReconciler) reconcile(ctx context.Context, clusterscan *v1al
ServiceAccountName: r.ServiceAccountName,
Suspend: notReadyErr != nil,
KubexnsImage: r.KubexnsImage,
KubexnsPullPolicy: r.KubexnsPullPolicy,
ChecksConfigMap: r.ChecksConfigMap,
TrivyPVC: r.TrivyPVC,
TrivyFSGroup: r.TrivyFSGroup,
Expand Down
3 changes: 2 additions & 1 deletion pkg/plugins/cronjob.go
Original file line number Diff line number Diff line change
Expand Up @@ -95,6 +95,7 @@ type CronJobMutator struct {
ServiceAccountName string
Suspend bool
KubexnsImage string
KubexnsPullPolicy string
ChecksConfigMap string
TrivyPVC string
TrivyFSGroup *int64
Expand Down Expand Up @@ -260,7 +261,7 @@ func (r *CronJobMutator) initContainer() corev1.Container {
{Name: "IGNORE_NOT_FOUND", Value: "true"},
},
VolumeMounts: []corev1.VolumeMount{customChecksVolume},
ImagePullPolicy: corev1.PullIfNotPresent,
ImagePullPolicy: corev1.PullPolicy(r.KubexnsPullPolicy),
Resources: r.Plugin.Spec.Resources,
SecurityContext: &corev1.SecurityContext{
RunAsNonRoot: pointer.Bool(true),
Expand Down

0 comments on commit 2af7393

Please sign in to comment.