github.com/devseccon/trivy@v0.47.1-0.20231123133102-bd902a0bd996/helm/trivy/templates/statefulset.yaml (about) 1 apiVersion: apps/v1 2 kind: StatefulSet 3 metadata: 4 name: {{ include "trivy.fullname" . }} 5 labels: 6 {{ include "trivy.labels" . | indent 4 }} 7 {{- with .Values.trivy.labels }} 8 {{- toYaml . | nindent 4 }} 9 {{- end }} 10 spec: 11 podManagementPolicy: "Parallel" 12 serviceName: {{ include "trivy.fullname" . }} 13 replicas: {{ .Values.replicaCount }} 14 selector: 15 matchLabels: 16 app.kubernetes.io/name: {{ include "trivy.name" . }} 17 app.kubernetes.io/instance: {{ .Release.Name }} 18 {{- if .Values.persistence.enabled }} 19 volumeClaimTemplates: 20 - metadata: 21 name: data 22 spec: 23 resources: 24 requests: 25 storage: {{ .Values.persistence.size }} 26 accessModes: 27 - {{ .Values.persistence.accessMode }} 28 storageClassName: {{ .Values.persistence.storageClass }} 29 {{- end }} 30 template: 31 metadata: 32 annotations: 33 checksum/config: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }} 34 {{- with .Values.podAnnotations }} 35 {{- . | toYaml | nindent 8 }} 36 {{- end }} 37 labels: 38 app.kubernetes.io/name: {{ include "trivy.name" . }} 39 app.kubernetes.io/instance: {{ .Release.Name }} 40 {{- with .Values.trivy.labels }} 41 {{- toYaml . | nindent 8 }} 42 {{- end }} 43 spec: 44 serviceAccountName: {{ include "trivy.fullname" . }} 45 automountServiceAccountToken: false 46 {{- if .Values.podSecurityContext }} 47 securityContext: 48 {{ toYaml .Values.podSecurityContext | indent 8 }} 49 {{- end }} 50 {{- if .Values.image.pullSecret }} 51 imagePullSecrets: 52 - name: {{ .Values.image.pullSecret }} 53 {{- end }} 54 {{- if .Values.nodeSelector }} 55 nodeSelector: 56 {{ toYaml .Values.nodeSelector | indent 8 }} 57 {{- end }} 58 {{- if .Values.tolerations }} 59 tolerations: 60 {{ toYaml .Values.tolerations | indent 8 }} 61 {{- end }} 62 {{- if .Values.affinity }} 63 affinity: 64 {{ toYaml .Values.affinity | indent 8 }} 65 {{- end }} 66 containers: 67 - name: main 68 image: {{ template "trivy.imageRef" . }} 69 imagePullPolicy: {{ .Values.image.pullPolicy | quote }} 70 {{- if .Values.securityContext }} 71 securityContext: 72 {{ toYaml .Values.securityContext | indent 12 }} 73 {{- end }} 74 args: 75 - server 76 {{- if .Values.trivy.registryCredentialsExistingSecret }} 77 env: 78 - name: TRIVY_USERNAME 79 valueFrom: 80 secretKeyRef: 81 name: {{ .Values.trivy.registryCredentialsExistingSecret }} 82 key: TRIVY_USERNAME 83 - name: TRIVY_PASSWORD 84 valueFrom: 85 secretKeyRef: 86 name: {{ .Values.trivy.registryCredentialsExistingSecret }} 87 key: TRIVY_PASSWORD 88 {{- end }} 89 envFrom: 90 - configMapRef: 91 name: {{ include "trivy.fullname" . }} 92 - secretRef: 93 {{- if not .Values.trivy.existingSecret }} 94 name: {{ include "trivy.fullname" . }} 95 {{- else }} 96 name: {{ .Values.trivy.existingSecret }} 97 {{- end }} 98 ports: 99 - name: trivy-http 100 containerPort: {{ .Values.service.port }} 101 livenessProbe: 102 httpGet: 103 scheme: HTTP 104 path: /healthz 105 port: trivy-http 106 initialDelaySeconds: 5 107 periodSeconds: 10 108 successThreshold: 1 109 failureThreshold: 10 110 readinessProbe: 111 httpGet: 112 scheme: HTTP 113 path: /healthz 114 port: trivy-http 115 initialDelaySeconds: 5 116 periodSeconds: 10 117 successThreshold: 1 118 failureThreshold: 3 119 volumeMounts: 120 - mountPath: /tmp 121 name: tmp-data 122 readOnly: false 123 - mountPath: /home/scanner/.cache 124 name: data 125 readOnly: false 126 {{- if .Values.resources }} 127 resources: 128 {{ toYaml .Values.resources | indent 12 }} 129 {{- end }} 130 volumes: 131 - name: tmp-data 132 emptyDir: {} 133 {{- if not .Values.persistence.enabled }} 134 - name: data 135 emptyDir: {} 136 {{- end }}