-
Notifications
You must be signed in to change notification settings - Fork 5
Expand file tree
/
Copy pathvalues.yaml
More file actions
184 lines (165 loc) · 5.01 KB
/
values.yaml
File metadata and controls
184 lines (165 loc) · 5.01 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
image:
# -- The docker image repository to use
repository: devopstales/trivy-operator
# -- The docker image pull policy
pullPolicy: Always
# -- The docker image tag to use
tag: "2.5"
# -- Time Zone in container
TimeZone: UTC
# -- Log level
log_level: "INFO"
# INFO, HIGH, DEBUG
# -- list of secrets to use for imae pull
imagePullSecrets: []
# -- security options for the pod
podSecurityContext:
fsGroup: 10001
fsGroupChangePolicy: "OnRootMismatch"
serviceAccount:
# -- Enable serviceAccount creation
create: true
# -- serviceAccount annotations
annotations: {}
# -- Name of the serviceAccount
name: "trivy-operator"
# Dont try to download trivy db, run in air-gapped env:
offline:
# -- enable air-gapped mode
enabled: false
# -- repository to use for download trivy vuln db
db_repository: localhost:5000/trivy-db
# -- insecure repository
db_repository_insecure: False
cache:
# -- enable redis cache
enabled: false
monitoring:
# -- configure prometheus monitoring port
port: "9115"
# deploy service monitor
serviceMonitor:
# -- allow to override the namespace for serviceMonitor
enabled: false
# -- Name of the namespace for serviceMonitor
namespace: {}
labels:
# -- labels to match the serviceMonitorSelector of the Prometheus Resource
release: prometheus
# https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api.md#relabelconfig
# -- relabel config for serviceMonitor
relabelings: []
# see serviceMonitor.relabelings
# -- metricRelabeling config for serviceMonitor
metricRelabelings: []
grafana:
# -- namespace for configMap of grafana dashboards
namespace:
dashboards:
# -- Enable the deployment of grafana dashboards
enabled: true
# -- Label to find dashboards using the k8s sidecar
label: grafana_dashboard
# -- Label value to find dashboards using the k8s sidecar
value: "1"
folder:
# -- Annotation to enable folder storage using the k8s sidecar
annotation: grafana_folder
# -- Grafana folder in which to store the dashboards
name: Policy Reporter
persistence:
# -- Volumes for the pod
enabled: true
# -- Volumes mode
accessMode: "ReadWriteOnce"
# -- Volumes size
size: "1Gi"
# -- Volumes annotations
annotations: {}
## database data Persistent Volume Storage Class
## If defined, storageClassName: <storageClass>
## If set to "-", storageClassName: "", which disables dynamic provisioning
## If undefined (the default) or set to null, no storageClassName spec is
## set, choosing the default provisioner. (gp2 on AWS, standard on
## GKE, AWS & OpenStack)
##
# storageClass: "-"
# content foc ns-scan CRD
namespaceScanner:
crontab: "*/5 * * * *"
namespaceSelector: "trivy-scan"
clusterWide: false
integrations:
policyreport: false
# defectdojo:
# host: "https://defectdojo.k8s.intra"
# api_key: "xyz456ucdssd67sd67dsg"
# k8s-cluster-name: "eks-prod"
kube_bench_scnner:
image:
# -- The docker image repository to use
repository: devopstales/kube-bench-scnner
# -- The docker image pull policy
pullPolicy: Always
# -- The docker image tag to use
tag: "2.5"
clusterScanner:
# -- enable clusterScanner cr creation
enabled: false
# -- crontab for scheduled scan
crontab: "*/1 * * * *"
# -- kube-hunter scan profile
scanProfileName: "cis-1.23"
# -- configure defectdojo integration
integrations: {}
# defectdojo:
# host: "https://defectdojo.k8s.intra"
# api_key: "xyz456ucdssd67sd67dsg"
# k8s-cluster-name: "eks-prod"
admissionController:
# -- enable adission controller
enabled: false
# authentication informatin for trivy to use wen scan image
registryAuth:
# -- enable registry authentication
enabled: false
# -- list of image pull secrets for authentication
image_pull_secrets:
- regcred
## list containing the names of the image pull secrets
## you want to use from the operator namespace for image pulls
# registry:
# - name: docker.io
# username: "user"
# password: "password"
# github authentiation token for trivy database download
githubToken:
# -- enable github authentiation token
enabled: false
# -- github authentiation token value
token: ""
## Define which Nodes the Pods are scheduled on.
## ref: https://kubernetes.io/docs/user-guide/node-selection/
# -- Set the node selector for the pod.
nodeSelector: {}
## Tolerations for use with node taints
## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
# -- Set the tolerations for the pod.
tolerations: []
# - key: "key"
# operator: "Equal"
# value: "value"
# effect: "NoSchedule"
## Assign custom affinity rules to the trivy operator
## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/
# -- Set the affinity for the pod.
affinity: {}
# nodeAffinity:
# requiredDuringSchedulingIgnoredDuringExecution:
# nodeSelectorTerms:
# - matchExpressions:
# - key: kubernetes.io/e2e-az-name
# operator: In
# values:
# - e2e-az1
# - e2e-az2