Skip to content

Commit

Permalink
Vmclarity updates from repo (#21)
Browse files Browse the repository at this point in the history 
* Delete obsolete testplans page

* Updates content/docs/vmclarity/configuration.md from the project repo

* Updates from openclarity/vmclarity#916
  • Loading branch information
@fekete-robert
fekete-robert committed Nov 7, 2023
1 parent a6d71e6 commit 5f3cdda
Show file tree
Hide file tree
Showing 2 changed files with 33 additions and 118 deletions.
61 changes: 33 additions & 28 deletions content/docs/vmclarity/configuration.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -5,34 +5,39 @@ weight: 450

## Orchestrator

| Environment Variable | Required | Default | Description |
|-------------------------------------------|-----------|---------|----------------------------------------------|
| `DELETE_JOB_POLICY` | | | |
| `SCANNER_CONTAINER_IMAGE` | | | |
| `GITLEAKS_BINARY_PATH` | | | |
| `CLAM_BINARY_PATHCLAM_BINARY_PATH` | | | |
| `FRESHCLAM_BINARY_PATH` | | | |
| `ALTERNATIVE_FRESHCLAM_MIRROR_URL` | | | |
| `LYNIS_INSTALL_PATH` | | | |
| `SCANNER_VMCLARITY_BACKEND_ADDRESS` | | | |
| `EXPLOIT_DB_ADDRESS` | | | |
| `TRIVY_SERVER_ADDRESS` | | | |
| `TRIVY_SERVER_TIMEOUT` | | | |
| `GRYPE_SERVER_ADDRESS` | | | |
| `GRYPE_SERVER_TIMEOUT` | | | |
| `CHKROOTKIT_BINARY_PATH` | | | |
| `SCAN_CONFIG_POLLING_INTERVAL` | | | |
| `SCAN_CONFIG_RECONCILE_TIMEOUT` | | | |
| `SCAN_POLLING_INTERVAL` | | | |
| `SCAN_RECONCILE_TIMEOUT` | | | |
| `SCAN_TIMEOUT` | | | |
| `ASSET_SCAN_POLLING_INTERVAL` | | | |
| `ASSET_SCAN_RECONCILE_TIMEOUT` | | | |
| `ASSET_SCAN_PROCESSOR_POLLING_INTERVAL` | | | |
| `ASSET_SCAN_PROCESSOR_RECONCILE_TIMEOUT` | | | |
| `DISCOVERY_INTERVAL` | | | |
| `CONTROLLER_STARTUP_DELAY` | | | |
| `PROVIDER` | **yes** | `aws` | Provider used for Asset discovery and scans |
| Environment Variable | Required | Default | Values | Description |
|-----------------------------------------------------------------------------| -------- | ----------- | ------------------------------- |-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| `VMCLARITY_ORCHESTRATOR_PROVIDER` | **yes** | `aws` | `aws`, `azure`, `gcp`, `docker` | Provider used for _Asset_ discovery and scans. |
| `VMCLARITY_ORCHESTRATOR_APISERVER_ADDRESS` | **yes** | | | The URL for the _API Server_ used by the _Orchestrator_ to interact with the API. Example: `https://apiserver.example.com:8888/api` |
| `VMCLARITY_ORCHESTRATOR_HEALTHCHECK_ADDRESS` | | `:8082` | | Bind address to used by the _Orchestrator_ for `healthz` endpoint. Example: `localhost:8082` which will make the health endpoints be available at `localhost:8082/healthz/live` and `localhost:8082/healthz/ready`. |
| `VMCLARITY_ORCHESTRATOR_DISCOVERY_INTERVAL` | | `2m` | | How frequently the _Discovery_ perform discovery of _Assets_. |
| `VMCLARITY_ORCHESTRATOR_CONTROLLER_STARTUP_DELAY` | | `7s` | | The time interval to wait between cotroller startups. **Do NOT change this parameter unless you know what you are doing.** |
| `VMCLARITY_ORCHESTRATOR_ASSETSCAN_WATCHER_POLL_PERIOD` | | `15s` | | How frequently poll the API for events related _AssetScan_ objects. |
| `VMCLARITY_ORCHESTRATOR_ASSETSCAN_WATCHER_RECONCILE_TIMEOUT` | | `5m` | | Time period for reconciling a _AssetScan_ event is allowed to run. |
| `VMCLARITY_ORCHESTRATOR_ASSETSCAN_WATCHER_ABORT_TIMEOUT` | | `10m` | | Time period to wait for the _Scanner_ to gracefully stop on-going scan for _AssetScan_ before setting the state of the AssetScan to `Failed`. |
| `VMCLARITY_ORCHESTRATOR_ASSETSCAN_WATCHER_DELETE_POLICY` | | `Always` | `Always`, `Never`, `OnSuccess` | Whether to delete resources (disk snapshot, container snapshot/images) or not based on the status of the _AssetScan_. `Always` means the _AssetScan_ is deleted no matter if it failed or not. `Never` skip cleaning up the resources created for scanning. `OnSuccess` means that cleanup is happening only iun case the _AssetScan_ was successful. |
| `VMCLARITY_ORCHESTRATOR_ASSETSCAN_WATCHER_SCANNER_CONTAINER_IMAGE` | **yes** | | | The _Scanner_ container image used for running scans. |
| `VMCLARITY_ORCHESTRATOR_ASSETSCAN_WATCHER_SCANNER_FRESHCLAM_MIRROR` | | | | |
| `VMCLARITY_ORCHESTRATOR_ASSETSCAN_WATCHER_SCANNER_APISERVER_ADDRESS` | | | | The URL for the _API Server_ used by the _Scanner_ to interact with the API. Example: `https://apiserver.example.com:8888/api` |
| `VMCLARITY_ORCHESTRATOR_ASSETSCAN_WATCHER_SCANNER_EXPLOITSDB_ADDRESS` | | | | The URL for the _ExploitsDB Server_ used by the _Scanner_. |
| `VMCLARITY_ORCHESTRATOR_ASSETSCAN_WATCHER_SCANNER_TRIVY_SERVER_ADDRESS` | | | | The URL for the _Trivy Server_ used by the _Scanner_. |
| `VMCLARITY_ORCHESTRATOR_ASSETSCAN_WATCHER_SCANNER_TRIVY_SERVER_TIMEOUT` | | `5m` | | |
| `VMCLARITY_ORCHESTRATOR_ASSETSCAN_WATCHER_SCANNER_GRYPE_SERVER_ADDRESS` | | | | The URL for the _Grype Server_ used by the _Scanner_. |
| `VMCLARITY_ORCHESTRATOR_ASSETSCAN_WATCHER_SCANNER_GRYPE_SERVER_TIMEOUT` | | `2m` | | |
| `VMCLARITY_ORCHESTRATOR_ASSETSCAN_WATCHER_SCANNER_YARA_RULE_SERVER_ADDRESS` | | | | The URL for the _Yara Rule Server_ used by the _Scanner_. |
| `VMCLARITY_ORCHESTRATOR_SCANCONFIG_WATCHER_POLL_PERIOD` | | | | How frequently the _ScanConfig Watcher_ poll the API for events related _ScanConfig_ objects. |
| `VMCLARITY_ORCHESTRATOR_SCANCONFIG_WATCHER_RECONCILE_TIMEOUT` | | | | Time period which a reconciliation for a _ScanConfig_ event is allowed to run. |
| `VMCLARITY_ORCHESTRATOR_SCAN_WATCHER_POLL_PERIOD` | | | | How frequently the _AssetScan Watcher_ poll the API for events related _Scan_ objects. |
| `VMCLARITY_ORCHESTRATOR_SCAN_WATCHER_RECONCILE_TIMEOUT` | | | | Time period for reconciling a _Scan_ event is allowed to run. |
| `VMCLARITY_ORCHESTRATOR_SCAN_WATCHER_SCAN_TIMEOUT` | | | | Time period to wait for the _Scan_ finish before marked it's state as `Failed` with `Timeout` as a reason. |
| `VMCLARITY_ORCHESTRATOR_ASSETSCAN_PROCESSOR_POLL_PERIOD` | | | | How frequently the _AssetScan Processor_ poll the API for events related _AssetScan_ objects. |
| `VMCLARITY_ORCHESTRATOR_ASSETSCAN_PROCESSOR_RECONCILE_TIMEOUT` | | | | Time period for processing for a _AssetScan_ result is allowed to run. |
| `VMCLARITY_ORCHESTRATOR_ASSETSCAN_ESTIMATION_WATCHER_POLL_PERIOD` | | `5s` | | |
| `VMCLARITY_ORCHESTRATOR_ASSETSCAN_ESTIMATION_WATCHER_RECONCILE_TIMEOUT` | | `15s` | | |
| `VMCLARITY_ORCHESTRATOR_SCAN_ESTIMATION_WATCHER_POLL_PERIOD` | | `5s` | | |
| `VMCLARITY_ORCHESTRATOR_SCAN_ESTIMATION_WATCHER_RECONCILE_TIMEOUT` | | `2m` | | |
| `VMCLARITY_ORCHESTRATOR_SCAN_ESTIMATION_WATCHER_ESTIMATION_TIMEOUT` | | `48h` | | |


## Provider

Expand Down

0 comments on commit 5f3cdda

Please sign in to comment.