Merge pull request #10 from stoehdoi/feature/support-secrets-in-scanner

Allow the use of secrets for scanner user and password
giantswarm · Dec 3, 2019 · d4d5977 · d4d5977
2 parents e12183e + 79b3960
commit d4d5977
Show file tree

Hide file tree

Showing 2 changed files with 23 additions and 0 deletions.
diff --git a/helm/aqua-app-scanner/templates/scanner-deployment.yaml b/helm/aqua-app-scanner/templates/scanner-deployment.yaml
@@ -32,12 +32,32 @@ spec:
       - name: scanner
         image: "{{ .Values.imageCredentials.repositoryUriPrefix }}/{{ .Values.image.repository }}:{{ .Values.image.tag }}"
         imagePullPolicy: "{{ .Values.image.pullPolicy }}"
+        {{- if .Values.secretName }}
+        env:
+        - name: SCANNER_USER
+          valueFrom:
+            secretKeyRef:
+              name: {{ .Values.secretName }}
+              key: {{ .Values.userKey }}
+        - name: SCANNER_PASSWORD
+          valueFrom:
+            secretKeyRef:
+              name: {{ .Values.secretName }}
+              key: {{ .Values.passwordKey }}
+        {{- end}}
         args:
         - "daemon"
+        {{- if .Values.secretName }}
+        - "--user"
+        - "$(SCANNER_USER)"
+        - "--password"
+        - "$(SCANNER_PASSWORD)"
+        {{- else }}
         - "--user"
         - "{{ required "Please specify a username associated with the Scanner role!" .Values.user }}"
         - "--password"
         - "{{ required "Please specify a password for a user associated with the Scanner role!" .Values.password }}"
+        {{- end }}
         - "--host"
         - "http://{{ .Values.server.serviceName }}:{{ .Values.server.port }}"
         volumeMounts:

diff --git a/helm/aqua-app-scanner/values.yaml b/helm/aqua-app-scanner/values.yaml
@@ -18,6 +18,9 @@ image:
 
 user:
 password:
+secretName: null
+userKey: null
+passwordKey: null
 replicaCount: 1
 livenessProbe: {}
 readinessProbe: {}