From b4ec37897e3f5b0e023f8ddb60a56706e74fd45f Mon Sep 17 00:00:00 2001 From: unglaublicherdude Date: Fri, 10 Feb 2023 14:13:55 +0100 Subject: [PATCH 1/3] makes the k8s api port configurable --- charts/gdscan/Chart.yaml | 2 +- charts/gdscan/templates/update.yaml | 2 +- charts/gdscan/values.yaml | 2 ++ 3 files changed, 4 insertions(+), 2 deletions(-) diff --git a/charts/gdscan/Chart.yaml b/charts/gdscan/Chart.yaml index 4bb5c56..9a85429 100644 --- a/charts/gdscan/Chart.yaml +++ b/charts/gdscan/Chart.yaml @@ -5,4 +5,4 @@ maintainers: - name: G DATA CyberDefense AG email: oem@gdata.de type: application -version: 0.7.1 +version: 0.7.2 diff --git a/charts/gdscan/templates/update.yaml b/charts/gdscan/templates/update.yaml index ff8a7d6..d37f091 100644 --- a/charts/gdscan/templates/update.yaml +++ b/charts/gdscan/templates/update.yaml @@ -81,5 +81,5 @@ spec: ingress: [] egress: - ports: - - port: 6443 + - port: {{ .Values.autoUpdate.k8sApiPort }} {{- end}} \ No newline at end of file diff --git a/charts/gdscan/values.yaml b/charts/gdscan/values.yaml index 3230cc0..48e605d 100644 --- a/charts/gdscan/values.yaml +++ b/charts/gdscan/values.yaml @@ -73,7 +73,9 @@ persistence: memory: false size: 5Gi storageClass: "" + autoUpdate: enabled: true # every hour schedule: "0 * * * *" + k8sApiPort: 6443 From 2eca7b6f09cbdd871112e049eecc7c8e3aba9683 Mon Sep 17 00:00:00 2001 From: unglaublicherdude Date: Mon, 13 Feb 2023 09:19:00 +0100 Subject: [PATCH 2/3] makes the networkPolicy optional --- charts/gdscan/templates/update.yaml | 4 +++- charts/gdscan/values.yaml | 4 +++- 2 files changed, 6 insertions(+), 2 deletions(-) diff --git a/charts/gdscan/templates/update.yaml b/charts/gdscan/templates/update.yaml index d37f091..9214af0 100644 --- a/charts/gdscan/templates/update.yaml +++ b/charts/gdscan/templates/update.yaml @@ -66,6 +66,7 @@ spec: {{- else }} - "deployment/{{ include "gdscan.fullname" . }}" {{- end }} +{{- if .Values.autoUpdate.networkPolicy.enabled }} --- apiVersion: networking.k8s.io/v1 kind: NetworkPolicy @@ -81,5 +82,6 @@ spec: ingress: [] egress: - ports: - - port: {{ .Values.autoUpdate.k8sApiPort }} + - port: {{ .Values.autoUpdate.networkPolicy.k8sApiPort }} +{{- end }} {{- end}} \ No newline at end of file diff --git a/charts/gdscan/values.yaml b/charts/gdscan/values.yaml index 48e605d..f007fde 100644 --- a/charts/gdscan/values.yaml +++ b/charts/gdscan/values.yaml @@ -78,4 +78,6 @@ autoUpdate: enabled: true # every hour schedule: "0 * * * *" - k8sApiPort: 6443 + networkPolicy: + enabled: true + k8sApiPort: 6443 From e9459a6e363e3663992333a64c8079f6447841d0 Mon Sep 17 00:00:00 2001 From: unglaublicherdude Date: Mon, 13 Feb 2023 13:52:52 +0100 Subject: [PATCH 3/3] makes the description of how to use the private registry more clear --- README.md | 14 +++++++++++++- 1 file changed, 13 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index 3a9cfba..67d2b32 100644 --- a/README.md +++ b/README.md @@ -18,7 +18,19 @@ The token has to be set in the `secret.dockerconfigjson` variable on deployment. ```yaml # Example values.yaml secret: - dockerconfigjson: $$_BASE64_ENCODED_TOKEN_$$ + dockerconfigjson: $$_BASE64_ENCODED_JSON_CONTAINING_TOKEN_$$ +``` + +Example of the dockerconfigjson + +```json +{ + "auths": { + "ghcr.io": { + "auth": "$$_BASE64_ENCODED_USERNAME_AND_TOKEN_$$" + } + } +} ``` 3. Add GD Scan repository: