Merge pull request #14 from GDATASoftwareAG/13-networkpolicy-prevents…

…-update-job-to-access-kubernetes-api-server makes the k8s api port configurable
GDATASoftwareAG · Feb 13, 2023 · 17d37ee · 17d37ee
2 parents 94dc2c6 + e9459a6
commit 17d37ee
Show file tree

Hide file tree

Showing 4 changed files with 21 additions and 3 deletions.
diff --git a/README.md b/README.md
@@ -18,7 +18,19 @@ The token has to be set in the `secret.dockerconfigjson` variable on deployment.
 ```yaml
 # Example values.yaml
 secret: 
-    dockerconfigjson: $$_BASE64_ENCODED_TOKEN_$$
+    dockerconfigjson: $$_BASE64_ENCODED_JSON_CONTAINING_TOKEN_$$
+```
+
+Example of the dockerconfigjson
+
+```json
+{
+    "auths": {
+            "ghcr.io": {
+                    "auth": "$$_BASE64_ENCODED_USERNAME_AND_TOKEN_$$"
+            }
+    }
+}
 ```
 
 3. Add GD Scan repository:

diff --git a/charts/gdscan/Chart.yaml b/charts/gdscan/Chart.yaml
@@ -5,4 +5,4 @@ maintainers:
   - name: G DATA CyberDefense AG
     email: oem@gdata.de
 type: application
-version: 0.7.1
+version: 0.7.2
diff --git a/charts/gdscan/templates/update.yaml b/charts/gdscan/templates/update.yaml
@@ -66,6 +66,7 @@ spec:
 {{- else }}
                 - "deployment/{{ include "gdscan.fullname" . }}"
 {{- end }}
+{{- if .Values.autoUpdate.networkPolicy.enabled }}
 ---
 apiVersion: networking.k8s.io/v1
 kind: NetworkPolicy
@@ -81,5 +82,6 @@ spec:
   ingress: []
   egress:
     - ports:
-        - port: 6443
+        - port: {{ .Values.autoUpdate.networkPolicy.k8sApiPort }}
+{{- end }}
 {{- end}}
diff --git a/charts/gdscan/values.yaml b/charts/gdscan/values.yaml
@@ -73,7 +73,11 @@ persistence:
   memory: false
   size: 5Gi
   storageClass: ""
+
 autoUpdate:
   enabled: true
   # every hour
   schedule: "0 * * * *"
+  networkPolicy:
+    enabled: true
+    k8sApiPort: 6443