Implement global values for image.registry (#1532)

aquasecurity · Oct 2, 2023 · b6c6da5 · b6c6da5
1 parent 47a03a9
commit b6c6da5
Show file tree

Hide file tree

Showing 7 changed files with 20 additions and 4 deletions.
diff --git a/deploy/helm/README.md b/deploy/helm/README.md
@@ -19,6 +19,7 @@ Keeps security report resources updated
 | compliance.reportType | string | `"summary"` | reportType this flag control the type of report generated (summary or all) |
 | excludeNamespaces | string | `""` | excludeNamespaces is a comma separated list of namespaces (or glob patterns) to be excluded from scanning. Only applicable in the all namespaces install mode, i.e. when the targetNamespaces values is a blank string. |
 | fullnameOverride | string | `""` | fullnameOverride override operator full name |
+| global.image.registry | string | `""` | global populates the same value for each instance of image.registry |
 | image.pullPolicy | string | `"IfNotPresent"` | pullPolicy set the operator pullPolicy |
 | image.pullSecrets | list | `[]` | pullSecrets set the operator pullSecrets |
 | image.registry | string | `"ghcr.io"` |  |

diff --git a/deploy/helm/templates/_helpers.tpl b/deploy/helm/templates/_helpers.tpl
@@ -70,3 +70,12 @@ Create the name of the service account to use.
 {{- define "trivy-operator.namespace" -}}
   {{- default .Release.Namespace .Values.operator.namespace }}
 {{- end }}
+
+{{/*
+Define the image registry to use if global values are set.
+*/}}
+{{- define "global.imageRegistry" -}}
+{{- if ((.Values.global).image).registry -}}
+  {{- .Values.global.image.registry }}
+{{- end }}
+{{- end }}
diff --git a/deploy/helm/templates/configmaps/operator.yaml b/deploy/helm/templates/configmaps/operator.yaml
@@ -70,7 +70,7 @@ data:
   {{- if .Values.operator.builtInTrivyServer }}
   trivy.serverURL: {{ printf "http://%s.%s:%s" .Values.trivy.serverServiceName (include "trivy-operator.namespace" .) "4954"  | quote }}
   {{- end }}
-  node.collector.imageRef: "{{ .Values.nodeCollector.registry }}/{{ .Values.nodeCollector.repository }}:{{ .Values.nodeCollector.tag }}"
+  node.collector.imageRef: "{{ include "global.imageRegistry" . | default .Values.nodeCollector.registry }}/{{ .Values.nodeCollector.repository }}:{{ .Values.nodeCollector.tag }}"
   {{- with .Values.nodeCollector.imagePullSecret }}
   node.collector.imagePullSecret: "{{ . }}"
   {{- end }}
diff --git a/deploy/helm/templates/configmaps/trivy.yaml b/deploy/helm/templates/configmaps/trivy.yaml
@@ -9,7 +9,7 @@ metadata:
   namespace: {{ include "trivy-operator.namespace" $ }}
   labels: {{- include "trivy-operator.labels" $ | nindent 4 }}
 data:
-  trivy.repository: "{{ required ".Values.trivy.image.registry is required" .Values.trivy.image.registry }}/{{ required ".Values.trivy.image.repository is required" .Values.trivy.image.repository }}"
+  trivy.repository: "{{ required ".Values.trivy.image.registry is required" ( include "global.imageRegistry" . | default .Values.trivy.image.registry ) }}/{{ required ".Values.trivy.image.repository is required" .Values.trivy.image.repository }}"
   trivy.tag: {{ required ".Values.trivy.image.tag is required" .Values.trivy.image.tag | quote }}
   {{- with .Values.trivy.image.imagePullSecret }}
   trivy.imagePullSecret: {{ . | quote }}

diff --git a/deploy/helm/templates/deployment.yaml b/deploy/helm/templates/deployment.yaml
@@ -28,7 +28,7 @@ spec:
       automountServiceAccountToken: {{ .Values.automountServiceAccountToken }}
       containers:
         - name: {{ .Chart.Name | quote }}
-          image: "{{ .Values.image.registry }}/{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}"
+          image: "{{ include "global.imageRegistry" . | default .Values.image.registry }}/{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}"
           {{- with .Values.image.pullPolicy }}
           imagePullPolicy: {{ . }}
           {{- end }}

diff --git a/deploy/helm/templates/trivy-server/statefulset.yaml b/deploy/helm/templates/trivy-server/statefulset.yaml
@@ -54,7 +54,7 @@ spec:
       {{- end }}
       containers:
         - name: trivy-server
-          image: "{{ .Values.trivy.image.registry }}/{{ .Values.trivy.image.repository }}:{{ .Values.trivy.image.tag }}"
+          image: "{{ include "global.imageRegistry" . | default .Values.trivy.image.registry }}/{{ .Values.trivy.image.repository }}:{{ .Values.trivy.image.tag }}"
           imagePullPolicy: "IfNotPresent"
           {{- with .Values.trivy.server.securityContext }}
           securityContext: {{- toYaml . | nindent 12 }}

diff --git a/deploy/helm/values.yaml b/deploy/helm/values.yaml
@@ -1,6 +1,12 @@
 # Default values for the trivy-operator Helm chart, these are used to render
 # the templates into valid k8s Resources.
 
+# -- global values provide a centralized configuration for 'image.registry', reducing the potential for errors.
+# If left blank, the chart will default to the individually set 'image.registry' values
+global:
+  image:
+    registry: ""
+
 # -- managedBy is similar to .Release.Service but allows to overwrite the value
 managedBy: Helm