Skip to content

Commit

Permalink
feat(registry-scanner): release 1.0.0 (#1049)
Browse files Browse the repository at this point in the history 
Co-authored-by: iru <[email protected]>
  • Loading branch information
@tembleking
tembleking and iru authored Apr 18, 2023
1 parent 1d9d102 commit 5848f76
Show file tree
Hide file tree
Showing 10 changed files with 26 additions and 23 deletions.
2 changes: 1 addition & 1 deletion charts/registry-scanner/Chart.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,7 @@ description: Sysdig Registry Scanner
type: application
home: https://sysdiglabs.github.io/registry-scanner/
icon: https://478h5m1yrfsa3bbe262u7muv-wpengine.netdna-ssl.com/wp-content/uploads/2019/02/Shovel_600px.png
version: 0.1.40
version: 1.0.0
appVersion: 0.2.28
maintainers:
- name: airadier
Expand Down
8 changes: 4 additions & 4 deletions charts/registry-scanner/README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -49,6 +49,7 @@ Deploy the registry scanner specify each parameter using the `--set key=value[,k

```bash
$ helm upgrade --install registry-scanner \
--version=1.0.0 \
--set config.secureBaseURL=<SYSDIG_SECURE_URL> \
--set config.secureAPIToken=<SYSDIG_SECURE_API_TOKEN> \
--set config.registryURL=<REGISTRY_URL> \
Expand All @@ -60,7 +61,7 @@ $ helm upgrade --install registry-scanner \
Alternatively, a YAML file that specifies the values for the parameters can be provided while installing the chart. For example,

```bash
$ helm install registry-scanner -f values.yaml sysdig/registry-scanner
$ helm install registry-scanner -f values.yaml --version=1.0.0 sysdig/registry-scanner
```


Expand Down Expand Up @@ -119,14 +120,13 @@ The following table lists the configurable parameters of the Sysdig Registry Sca
| config.filter.maxAgeDays | Based on its creation date, excludes images older than specified number of days.<br/>Maximum 365 | <code>90</code> |
| config.filter.maxTagsPerRepository | Based on its creation date, newer ones take precedence, maximum number of tags to scan per repository.<br/>Maximum 10 | <code>5</code> |
| config.filter.maxRepositoriesPerRegistry | Number of repositories to scan per registry.<br/>Maximum Value 1000 | <code>500</code> |
| config.scan.inlineScanImage | Override the default (if not specified) `quay.io/sysdig/secure-inline-scan:2` image for the inline scanner job. | <code>""</code> |
| config.scan.inlineScanImage | Override the default image for the inline scanner job. | <code>""</code> |
| config.scan.securityContext | Security context for Inline Scanner container. | <code>{}</code> |
| config.scan.jobs.ttlSecondsAfterFinished | TTL for scanner jobs | <code>600</code> |
| config.scan.jobs.resources.requests.memory | Resource request memory for scanner job | <code>500Mi</code> |
| config.scan.jobs.resources.requests.cpu | Resource request CPU for scanner job | <code>500m</code> |
| config.scan.jobs.resources.limits.memory | Resource limit memory for scanner job | <code>2Gi</code> |
| config.scan.jobs.temporaryVolumeSizeLimit | Size limit for the emptyDir volume used by the scanner job.<br/> This volume is used to store both the vulnerability database and the image to scan. | <code>2Gi</code> |
| config.scan.newVmScanner | true/false whether to activate the beta image scanning (experimental and unsupported) | <code>false</code> |
| ssl.ca.certs | For outbound connections <br/>List of PEM-encoded x509 certificate authority. | <code>[]</code> |
| customLabels | Additional labels to add to CronJob and Scanning Jobs. Custom labels to be added to kubernetes manifests of all resources created. | <code>{}</code> |
| proxy.httpProxy | URL of the proxy for HTTP connections, or empty if not using proxy (sets the http_proxy environment variable). | <code></code> |
Expand Down Expand Up @@ -156,13 +156,13 @@ The following table lists the configurable parameters of the Sysdig Registry Sca
| extraEnvVars | Extra environment variables to be set | <code>[]</code> |



### On-Prem deployment

Use the following command to deploy in an on-prem:

```bash
$ helm upgrade --install registry-scanner \
--version=1.0.0 \
--set config.secureBaseURL=<SYSDIG_SECURE_URL> \
--set config.secureAPIToken=<SYSDIG_SECURE_API_TOKEN> \
--set config.secureSkipTLS=true \
Expand Down
11 changes: 8 additions & 3 deletions charts/registry-scanner/README.tpl
View file
Original file line number Diff line number Diff line change
Expand Up @@ -47,6 +47,9 @@ Deploy the registry scanner specify each parameter using the `--set key=value[,k

```bash
$ helm upgrade --install {{ .Chart.Name }} \
{{- with .Chart.Version }}
--version={{.}} \
{{- end }}
--set config.secureBaseURL=<SYSDIG_SECURE_URL> \
--set config.secureAPIToken=<SYSDIG_SECURE_API_TOKEN> \
--set config.registryURL=<REGISTRY_URL> \
Expand All @@ -58,7 +61,7 @@ $ helm upgrade --install {{ .Chart.Name }} \
Alternatively, a YAML file that specifies the values for the parameters can be provided while installing the chart. For example,

```bash
$ helm install {{ .Chart.Name }} -f values.yaml sysdig/{{ .Chart.Name }}
$ helm install {{ .Chart.Name }} -f values.yaml {{- with .Chart.Version }} --version={{.}} {{- end }} sysdig/{{ .Chart.Name }}
```


Expand All @@ -80,7 +83,7 @@ $ helm uninstall {{ .Chart.Name }}

The command removes all the Kubernetes components associated with the chart and deletes the release.

{{ if .Chart.Values -}}
{{- if .Chart.Values }}

## Configuration

Expand All @@ -90,13 +93,15 @@ The following table lists the configurable parameters of the Sysdig Registry Sca

{{- end }}


### On-Prem deployment

Use the following command to deploy in an on-prem:

```bash
$ helm upgrade --install registry-scanner \
{{- with .Chart.Version }}
--version={{.}} \
{{- end }}
--set config.secureBaseURL=<SYSDIG_SECURE_URL> \
--set config.secureAPIToken=<SYSDIG_SECURE_API_TOKEN> \
--set config.secureSkipTLS=true \
Expand Down
2 changes: 0 additions & 2 deletions charts/registry-scanner/ci/test-aws-org-values.yaml.template
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,4 @@
config:
scan:
newVmScanner: true
secureAPIToken: ${SECURE_API_TOKEN}
registryType: ecr
aws:
Expand Down
2 changes: 0 additions & 2 deletions charts/registry-scanner/ci/test-aws-single-values.yaml.template
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,4 @@
config:
scan:
newVmScanner: true
secureAPIToken: ${SECURE_API_TOKEN}
registryType: ecr
registryURL: ${SYSDIG_AWS_QA_TARGET_ACCOUNT_ID}.dkr.ecr.us-east-1.amazonaws.com
Expand Down
2 changes: 0 additions & 2 deletions charts/registry-scanner/ci/test-jfrog-saas-values-with-custom-ca.yaml.template
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,4 @@
config:
scan:
newVmScanner: true
secureAPIToken: ${SECURE_API_TOKEN}
registryType: artifactory
registryURL: ${SYSDIG_JFROG_SAAS_QA_URL}
Expand Down
2 changes: 0 additions & 2 deletions charts/registry-scanner/ci/test-jfrog-saas-values.yaml.template
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,4 @@
config:
scan:
newVmScanner: true
secureAPIToken: ${SECURE_API_TOKEN}
registryType: artifactory
registryURL: ${SYSDIG_JFROG_SAAS_QA_URL}
Expand Down
12 changes: 12 additions & 0 deletions charts/registry-scanner/templates/NOTES.txt
View file
Original file line number Diff line number Diff line change
@@ -1,3 +1,15 @@
# ============================================================================================
# Info: Chart version {{ .Chart.Version }} has been installed with Registry Scanner {{ .Chart.AppVersion }}.
#
# The chart version follows SemVer (https://semver.org/), you can pin
# the chart version with --version=1, --version=1.0, --version=1.0.0, etc.
# Using --version=1 will ensure that you get the latest 1.x.x version, but
# you don't get any breaking changes when updating.
#
# For more information, or you are still using the legacy scanning engine,
# please check the documentation:
# > https://docs.sysdig.com/en/docs/installation/container-registry-scanner/
# ============================================================================================
#
{{- if eq .Values.scanOnStart.enabled true }}
# Because 'scanOnStart:true' job '{{ .Values.scanOnStart.jobName }}' has been launched to perform an initial scan.
Expand Down
4 changes: 0 additions & 4 deletions charts/registry-scanner/templates/_job.tpl
View file
Original file line number Diff line number Diff line change
Expand Up @@ -24,11 +24,7 @@
securityContext:
{{- toYaml .Values.securityContext | nindent 14 }}
image: {{ include "registry-scanner.image" . }}
{{- if .Values.config.scan.newVmScanner }}
args: [ "--scan_runner=new-vm-scanner-k8s-job"]
{{- else}}
args: [ "--scan_runner=k8sjob" ]
{{- end }}
imagePullPolicy: {{ .Values.image.pullPolicy }}
resources:
{{- toYaml .Values.resources | nindent 14 }}
Expand Down
4 changes: 1 addition & 3 deletions charts/registry-scanner/values.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -73,7 +73,7 @@ config:
# Number of repositories to scan per registry.<br/>Maximum Value 1000
maxRepositoriesPerRegistry: 500
scan:
# Override the default (if not specified) `quay.io/sysdig/secure-inline-scan:2` image for the inline scanner job.
# Override the default image for the inline scanner job.
inlineScanImage: ""
# Security context for Inline Scanner container.
securityContext: {}
Expand All @@ -98,8 +98,6 @@ config:
# Size limit for the emptyDir volume used by the scanner job.<br/>
# This volume is used to store both the vulnerability database and the image to scan.
temporaryVolumeSizeLimit: 2Gi
# true/false whether to activate the beta image scanning (experimental and unsupported)
newVmScanner: false
ssl:
ca:
# For outbound connections
Expand Down

0 comments on commit 5848f76

Please sign in to comment.