diff --git a/README.md b/README.md index 8a0f6c5fc..9594ed806 100644 --- a/README.md +++ b/README.md @@ -1,4 +1,4 @@ -# Helm Chart for Harbor +****# Helm Chart for Harbor **Notes:** The master branch is in heavy development, please use the other stable versions instead. A highly available solution for Harbor based on chart can be find [here](docs/High%20Availability.md). And refer to the [guide](docs/Upgrade.md) to upgrade the existing deployment. @@ -318,6 +318,7 @@ The following table lists the configurable parameters of the Harbor chart and th | `trivy.offlineScan` | The flag prevents Trivy from sending API requests to identify dependencies. | `false` | | `trivy.timeout` | The duration to wait for scan completion | `5m0s` | | `trivy.gitHubToken` | The GitHub access token to download [Trivy DB][trivy-db] (see [GitHub rate limiting][trivy-rate-limiting]) | | +| `trivy.gitHubTokenSecret` | The secret where GithubAccess token is set | | | `trivy.priorityClassName` | The priority class to run the pod as | | | **Notary** | | | | `notary.enabled` | Enable Notary? | `true` | diff --git a/templates/trivy/trivy-secret.yaml b/templates/trivy/trivy-secret.yaml index 84652c749..cedbe4cbb 100644 --- a/templates/trivy/trivy-secret.yaml +++ b/templates/trivy/trivy-secret.yaml @@ -8,5 +8,7 @@ metadata: type: Opaque data: redisURL: {{ include "harbor.redis.urlForTrivy" . | b64enc }} + {{- if not .Values.trivy.gitHubTokenSecret }} gitHubToken: {{ .Values.trivy.gitHubToken | default "" | b64enc | quote }} + {{- end }} {{- end }} diff --git a/templates/trivy/trivy-sts.yaml b/templates/trivy/trivy-sts.yaml index 78d915e32..1f9c9ca5c 100644 --- a/templates/trivy/trivy-sts.yaml +++ b/templates/trivy/trivy-sts.yaml @@ -72,7 +72,11 @@ spec: - name: "SCANNER_TRIVY_GITHUB_TOKEN" valueFrom: secretKeyRef: + {{- if not .Values.trivy.gitHubTokenSecret }} name: {{ template "harbor.trivy" . }} + {{- else }} + name: {{ .Values.trivy.gitHubTokenSecret }} + {{- end }} key: gitHubToken - name: "SCANNER_TRIVY_SEVERITY" value: {{ .Values.trivy.severity | quote }} diff --git a/values.yaml b/values.yaml index 813e82238..ae90e9e35 100644 --- a/values.yaml +++ b/values.yaml @@ -674,6 +674,8 @@ trivy: # You can create a GitHub token by following the instructions in # https://help.github.com/en/github/authenticating-to-github/creating-a-personal-access-token-for-the-command-line gitHubToken: "" + # You can also give the token via an existing secret. Key must be `gitHubToken`. + # gitHubTokenSecret: # skipUpdate the flag to disable Trivy DB downloads from GitHub # # You might want to set the value of this flag to `true` in test or CI/CD environments to avoid GitHub rate limiting issues.