-
Notifications
You must be signed in to change notification settings - Fork 16
/
trivy-dojo-report-operator.yaml
229 lines (229 loc) · 6.7 KB
/
trivy-dojo-report-operator.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
---
# Source: trivy-dojo-report-operator/templates/rbac.yaml
apiVersion: v1
kind: ServiceAccount
metadata:
name: telekom-mms-trivy-dojo-report-operator-account
labels:
helm.sh/chart: trivy-dojo-report-operator-0.8.4
app.kubernetes.io/name: trivy-dojo-report-operator
app.kubernetes.io/instance: telekom-mms
app.kubernetes.io/version: "0.8.4"
app.kubernetes.io/managed-by: Helm
annotations:
{}
---
# Source: trivy-dojo-report-operator/templates/secret.yaml
apiVersion: v1
kind: Secret
metadata:
name: telekom-mms-trivy-dojo-report-operator-defect-dojo-api-credentials
labels:
helm.sh/chart: trivy-dojo-report-operator-0.8.4
app.kubernetes.io/name: trivy-dojo-report-operator
app.kubernetes.io/instance: telekom-mms
app.kubernetes.io/version: "0.8.4"
app.kubernetes.io/managed-by: Helm
stringData:
apiKey: "YOUR_DEFECTDOJO_API_KEY"
url: "YOUR_DEFECTDOJO_URL"
type: Opaque
---
# Source: trivy-dojo-report-operator/templates/rbac.yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: telekom-mms-trivy-dojo-report-operator-role-cluster
labels:
helm.sh/chart: trivy-dojo-report-operator-0.8.4
app.kubernetes.io/name: trivy-dojo-report-operator
app.kubernetes.io/instance: telekom-mms
app.kubernetes.io/version: "0.8.4"
app.kubernetes.io/managed-by: Helm
rules:
- apiGroups:
- aquasecurity.github.io
resources:
- vulnerabilityreports
- rbacassessmentreports
- configauditreports
- infraassessmentreports
- exposedsecretreports
verbs:
- list
- watch
- patch
- get
- apiGroups:
- apiextensions.k8s.io
resources:
- customresourcedefinitions
verbs:
- list
- watch
- apiGroups:
- ""
resources:
- namespaces
verbs:
- list
- watch
- apiGroups:
- ""
resources:
- events
verbs:
- create
---
# Source: trivy-dojo-report-operator/templates/rbac.yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: telekom-mms-trivy-dojo-report-operator-rolebinding-cluster
labels:
helm.sh/chart: trivy-dojo-report-operator-0.8.4
app.kubernetes.io/name: trivy-dojo-report-operator
app.kubernetes.io/instance: telekom-mms
app.kubernetes.io/version: "0.8.4"
app.kubernetes.io/managed-by: Helm
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: 'telekom-mms-trivy-dojo-report-operator-role-cluster'
subjects:
- kind: ServiceAccount
name: 'telekom-mms-trivy-dojo-report-operator-account'
namespace: 'default'
---
# Source: trivy-dojo-report-operator/templates/service.yaml
apiVersion: v1
kind: Service
metadata:
name: telekom-mms-trivy-dojo-report-operator-operator
labels:
helm.sh/chart: trivy-dojo-report-operator-0.8.4
app.kubernetes.io/name: trivy-dojo-report-operator
app.kubernetes.io/instance: telekom-mms
app.kubernetes.io/version: "0.8.4"
app.kubernetes.io/managed-by: Helm
spec:
type: ClusterIP
selector:
app.kubernetes.io/name: trivy-dojo-report-operator
app.kubernetes.io/instance: telekom-mms
ports:
- name: metrics
port: 80
protocol: TCP
targetPort: metrics
---
# Source: trivy-dojo-report-operator/templates/deployment.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
name: telekom-mms-trivy-dojo-report-operator-operator
labels:
helm.sh/chart: trivy-dojo-report-operator-0.8.4
app.kubernetes.io/name: trivy-dojo-report-operator
app.kubernetes.io/instance: telekom-mms
app.kubernetes.io/version: "0.8.4"
app.kubernetes.io/managed-by: Helm
spec:
replicas: 1
selector:
matchLabels:
application: trivy-dojo-report-operator
app.kubernetes.io/name: trivy-dojo-report-operator
app.kubernetes.io/instance: telekom-mms
template:
metadata:
labels:
application: trivy-dojo-report-operator
app.kubernetes.io/name: trivy-dojo-report-operator
app.kubernetes.io/instance: telekom-mms
spec:
containers:
- env:
- name: DEFECT_DOJO_API_KEY
valueFrom:
secretKeyRef:
key: apiKey
name: telekom-mms-trivy-dojo-report-operator-defect-dojo-api-credentials
optional: false
- name: DEFECT_DOJO_URL
valueFrom:
secretKeyRef:
key: url
name: telekom-mms-trivy-dojo-report-operator-defect-dojo-api-credentials
optional: false
- name: DEFECT_DOJO_ACTIVE
value: "true"
- name: DEFECT_DOJO_VERIFIED
value: "false"
- name: DEFECT_DOJO_CLOSE_OLD_FINDINGS
value: "false"
- name: DEFECT_DOJO_CLOSE_OLD_FINDINGS_PRODUCT_SCOPE
value: "false"
- name: DEFECT_DOJO_PUSH_TO_JIRA
value: "false"
- name: DEFECT_DOJO_MINIMUM_SEVERITY
value: "Info"
- name: DEFECT_DOJO_AUTO_CREATE_CONTEXT
value: "true"
- name: DEFECT_DOJO_DEDUPLICATION_ON_ENGAGEMENT
value: "true"
- name: DEFECT_DOJO_PRODUCT_TYPE_NAME
value: "Research and Development"
- name: DEFECT_DOJO_EVAL_PRODUCT_TYPE_NAME
value: "false"
- name: DEFECT_DOJO_ENV_NAME
value: "Development"
- name: DEFECT_DOJO_EVAL_ENV_NAME
value: "false"
- name: DEFECT_DOJO_TEST_TITLE
value: "Kubernetes"
- name: DEFECT_DOJO_EVAL_TEST_TITLE
value: "false"
- name: DEFECT_DOJO_ENGAGEMENT_NAME
value: "engagement"
- name: DEFECT_DOJO_EVAL_ENGAGEMENT_NAME
value: "false"
- name: DEFECT_DOJO_PRODUCT_NAME
value: "product"
- name: DEFECT_DOJO_EVAL_PRODUCT_NAME
value: "false"
- name: DEFECT_DOJO_SERVICE_NAME
value:
- name: DEFECT_DOJO_EVAL_SERVICE_NAME
value:
- name: DEFECT_DOJO_DO_NOT_REACTIVATE
value: "true"
- name: REPORTS
value: "vulnerabilityreports"
- name: KUBERNETES_CLUSTER_DOMAIN
value: "cluster.local"
image: ghcr.io/telekom-mms/docker-trivy-dojo-operator:0.8.4
livenessProbe:
httpGet:
path: /healthz
port: 8080
initialDelaySeconds: 5
periodSeconds: 30
name: trivy-dojo-report-operator
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
privileged: false
readOnlyRootFilesystem: true
runAsGroup: 1000
runAsUser: 1000
seccompProfile:
type: RuntimeDefault
securityContext:
fsGroup: 1000
fsGroupChangePolicy: Always
runAsNonRoot: true
# Additional volumes on the output Deployment definition.
serviceAccountName: telekom-mms-trivy-dojo-report-operator-account