Merge pull request #239 from ndegory/anchore-admission-controller-and…

…-eks

Anchore admission controller and EKS

stable/anchore-admission-controller/Chart.yaml

@@ -1,6 +1,6 @@
 apiVersion: v1
 name: anchore-admission-controller
-version: 0.4.3
+version: 0.4.4
 appVersion: 0.4.0
 description: A kubernetes admission controller for validating and mutating webhooks that operates against Anchore Engine to make access decisions and annotations
 home: https://github.com/anchore/kubernetes-admission-controller
@@ -10,4 +10,4 @@ maintainers:
   - name: btodhunter
     email: [email protected]
 icon: https://anchoreprd.wpengine.com/wp-content/uploads/2021/12/favicon.png
-kubeVersion: ^1.19.0
+kubeVersion: ^1.19.0-0

stable/anchore-admission-controller/README.md

@@ -75,11 +75,13 @@ It will remove kubernetes objects which are not removed by a helm delete. Pass t
 |---|---|---|---|
 |logVerbosity | int | 6 | log verbosity of controller, 1 = error, 2 warn, 3 debug....
 |---|---|---|---|
-|image | str | release tag | Tag including registry and repository for image to use 
+|image | str | release tag | Tag including registry and repository for image to use
 |---|---|---|---|
 |imagePullPolicy | str | IfNotPresent | Standard k8s pull policy setting
 |---|---|---|---|
-|service.name | str | anchoreadmissioncontroller | Name for the svc instance 
+|imagePullSecrets | array | [] | Image pull secrets
+|---|---|---|---|
+|service.name | str | anchoreadmissioncontroller | Name for the svc instance
 |---|---|---|---|
 |service.type | str | ClusterIp | Type to use for k8s service definition
 |---|---|---|---|
@@ -99,6 +101,8 @@ It will remove kubernetes objects which are not removed by a helm delete. Pass t
 |---|---|---|---|
 |requestAnalysis | boolean | true | Ask anchore to analyze an image that isn't already analyzed
 |---|---|---|---|
+|initCa.image | str | cfssl/cfssl:latest | Tag including registry and repository for the initCa image
+|---|---|---|---|
 |initCa.extraEnv | array | [] | Define custom environment variables to pass to init-ca pod |
 |---|---|---|---|
 

stable/anchore-admission-controller/templates/deployment.yaml

@@ -33,6 +33,12 @@ spec:
       - name: anchore-auth
         secret:
           secretName: {{ if .Values.existingCredentialsSecret }}{{ .Values.existingCredentialsSecret }}{{ else }}{{ template "anchore-admission-controller.fullname" . }}{{ end }}
+      {{- if .Values.imagePullSecrets }}
+      imagePullSecrets:
+      {{- range .Values.imagePullSecrets }}
+      - name: {{ . }}
+      {{- end }}
+      {{- end }}
       containers:
       - name: {{ .Chart.Name }}
         image: "{{ .Values.image }}"

stable/anchore-admission-controller/templates/init-ca/init-ca-hook.yaml

@@ -21,9 +21,15 @@ spec:
       - name: init-ca-script
         configMap:
           name: {{.Release.Name}}-init-ca
+      {{- if .Values.imagePullSecrets }}
+      imagePullSecrets:
+      {{- range .Values.imagePullSecrets }}
+      - name: {{ . }}
+      {{- end }}
+      {{- end }}
       containers:
       - name: create-ca
-        image:  "cfssl/cfssl:latest"
+        image:  "{{ .Values.initCa.image }}"
         command:
         - bash
         - -xe

stable/anchore-admission-controller/values.yaml

@@ -7,6 +7,10 @@ logVerbosity: 3
 
 image: "anchore/kubernetes-admission-controller:v0.4.0"
 imagePullPolicy: IfNotPresent
+# ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
+imagePullSecrets: []
+# imagePullSecrets:
+# - secretName
 
 service:
   name: anchoreadmissioncontroller
@@ -103,6 +107,7 @@ credentials: {}
 
 # Settings related to init-ca pod
 initCa:
+  image: cfssl/cfssl:latest
   # Define custom environment variables to pass to init-ca pod
   extraEnv: []
     # - name: FOO