edit trivy-operator templates for 2.0.0

devopstales · devopstales · commit 458f7003e133 · 2021-11-18T14:38:25.000+01:00
diff --git a/charts/trivy-operator/templates/deployment.yaml b/charts/trivy-operator/templates/deployment.yaml
@@ -32,6 +32,10 @@ spec:
         image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}"
         imagePullPolicy: {{ .Values.image.pullPolicy }}
         env:
+        - name: POD_NAMESPACE
+          valueFrom:
+            fieldRef:
+              fieldPath: metadata.namespace
 {{- if .Values.githubToken.enabled }}
         - name: GITHUB_TOKEN
           value: "{{ .Values.githubToken.token }}"
@@ -40,10 +44,15 @@ spec:
         - name: cache
           mountPath: "/home/trivy-operator/trivy-cache"
         ports:
-          - containerPort: 9115
+          - name: metric
+            containerPort: 9115
+            protocol: TCP
+          - name: https
+            containerPort: 8443
+            protocol: TCP
       volumes:
 {{- if .Values.storage.enabled }}
       - name: cache
         persistentVolumeClaim:
             claimName: {{ include "trivy-operator.fullname" . }}-trivy-cache
-{{- end }}
+{{- end }}
diff --git a/charts/trivy-operator/templates/service.yaml b/charts/trivy-operator/templates/service.yaml
@@ -10,7 +10,24 @@ spec:
     app: trivy-operator
     {{- include "trivy-operator.selectorLabels" . | nindent 4 }}
   ports:
-    - name: metrics
-      targetPort: TCP
+    - name: metric
       port: {{ .Values.monitoring.port }}
-      targetPort: 9115
+      protocol: TCP
+      targetPort: 9115
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: trivy-image-validator
+  labels:
+    app: trivy-operator
+    {{- include "trivy-operator.labels" . | nindent 4 }}
+spec:
+  selector:
+    app: trivy-operator
+    {{- include "trivy-operator.selectorLabels" . | nindent 4 }}
+  ports:
+    - name: webhook
+      targetPort: 8443
+      protocol: TCP
+      port: 443
diff --git a/charts/trivy-operator/templates/serviceaccount.yaml b/charts/trivy-operator/templates/serviceaccount.yaml
@@ -37,6 +37,17 @@ rules:
   - get
   - watch
   - list
+- apiGroups:
+  - "admissionregistration.k8s.io"
+  resources:
+  - mutatingwebhookconfigurations
+  - validatingwebhookconfigurations
+  verbs:
+  - create
+  - patch
+  - get
+  - watch
+  - list
 ---
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRoleBinding
