Kubernetes/k8s-configs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
dbc288fae5d236392f3bb03b5cb2bfda29ac53be
k8s-configs/clusters/k8s-avroid-office.prod.local/namespaces/avroid-prod/security/trivy-operator/values-ovveride.yaml
Denis Patrakeev dbc288fae5 [DO-1600] fix resources trivy_operator (!41) 
[DO-1600]

Reviewed-on: https://git.avroid.tech/K8s/k8s-configs/pulls/41
2025-02-25 12:14:36 +03:00

86 lines
2.8 KiB
YAML
Raw Blame History

# Default values for the trivy-operator Helm chart, these are used to render
# the templates into valid k8s Resources.
# -- global values provide a centralized configuration for 'image.registry', reducing the potential for errors.
# If left blank, the chart will default to the individually set 'image.registry' values
global:
image:
registry: "harbor.avroid.tech/docker-hub-proxy"
# -- managedBy is similar to .Release.Service but allows to overwrite the value
managedBy: argocd
operator:
# -- replicas the number of replicas of the operator's pod
replicas: 2
image:
registry: "harbor.avroid.tech/docker-hub-proxy"
repository: "aquasec/trivy-operator"
# -- Prometheus ServiceMonitor configuration -- to install the trivy operator with the ServiceMonitor
# you must have Prometheus already installed and running. If you do not have Prometheus installed, enabling this will
# have no effect.
serviceMonitor:
# -- enabled determines whether a serviceMonitor should be deployed
enabled: true
trivyOperator:
# -- scanJobNodeSelector nodeSelector to be applied to the scanner pods so that they can run on nodes with matching labels
scanJobNodeSelector:
node-role.kubernetes.io/worker: ""
trivy:
image:
# -- registry of the Trivy image
registry: harbor.avroid.tech/docker-hub-proxy
# -- mode is the Trivy client mode. Either Standalone or ClientServer. Depending
# on the active mode other settings might be applicable or required.
mode: ClientServer
# -- resources resource requests and limits for scan job containers
resources:
requests:
cpu: 100m
memory: 100M
# ephemeralStorage: "2Gi"
limits:
cpu: 1
memory: 3Gi
# ephemeralStorage: "2Gi"
# -- serverURL is the endpoint URL of the Trivy server. Required in ClientServer mode.
#
serverURL: "http://trivy:4954"
# -- serverInsecure is the flag to enable insecure connection to the Trivy server.
serverInsecure: true
compliance:
cron: 0 */5 * * *
resources:
# -- We usually recommend not to specify default resources and to leave this as a conscious
# choice for the user. This also increases chances charts run on environments with little
# resources, such as Minikube. If you do want to specify resources, uncomment the following
# lines, adjust them as necessary, and remove the curly braces after 'resources:'.
limits:
cpu: 100m
memory: 128Mi
requests:
cpu: 500m
memory: 512Mi
# -- nodeSelector set the operator nodeSelector
nodeSelector:
node-role.kubernetes.io/worker: ""
policiesBundle:
# -- registry of the policies bundle
registry: harbor.avroid.tech/docker-hub-proxy
nodeCollector:
# -- useNodeSelector determine if to use nodeSelector (by auto detecting node name) with node-collector scan job
useNodeSelector: false
Reference in New Issue View Git Blame Copy Permalink