Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Helm Chart - Allow custom volumes for built-in trivy server #2273

Open
gustavoromerobenitez opened this issue Sep 30, 2024 · 3 comments
Open

Helm Chart - Allow custom volumes for built-in trivy server #2273

gustavoromerobenitez opened this issue Sep 30, 2024 · 3 comments
Labels
kind/feature Categorizes issue or PR as related to a new feature. lifecycle/stale Denotes an issue or PR has remained open with no activity and will be auto-closed.

Comments

@gustavoromerobenitez
Copy link

While there are options to define custom volumes via the Helm chart for the operator and the scan jobs, there is no option to define custom volumes and volumeMounts for the built-in trivy server.

Use case example: Running the operator and built-in server behind a proxy that does SSL interception, it is necessary to trust the proxy certificate to allow the trivy built-in server to update its database. In this scenario, if the certificate is not trusted, the trivy server enters a CrashLoopBackOff state:

image

I have tried using the trivy.sslCertDir however that creates a hostPath volume which is not as flexible as other types of volume mounts, i.e.: ConfigMaps or Secrets. For instance, the host may not have the right certificates, which is my case. Ideally, the trusted signer certificates would be provided to the built-in trivy server via a ConfigMap or Secret mounted as a volume, i.e.:

volumes:
    - name: trusted-certs
      secret:
        defaultMode: 420
        secretName: trusted-certs
[...]
volumeMounts:
    - name: trusted-certs
      mountPath: /etc/ssl/certs/

The above snippet is in fact what it is possible to configure for the operator, but unfortunately not for the trivy built-in server.
@gustavoromerobenitez gustavoromerobenitez added the kind/feature Categorizes issue or PR as related to a new feature. label Sep 30, 2024
@teimyBr
Copy link

teimyBr commented Oct 24, 2024

Also to have this in the Trivy Operator would be nice for the policiesBundle

@teimyBr
Copy link

teimyBr commented Oct 24, 2024

#1675 this is also probably related

@github-actions GitHub Actions
Copy link

This issue is stale because it has been labeled with inactivity.

@github-actions github-actions bot added the lifecycle/stale Denotes an issue or PR has remained open with no activity and will be auto-closed. label Dec 24, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
kind/feature Categorizes issue or PR as related to a new feature. lifecycle/stale Denotes an issue or PR has remained open with no activity and will be auto-closed.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@gustavoromerobenitez @teimyBr