Skip to main content

values.yaml

The values.yaml is also created by helm create new-scanner. Most of these generated fields are not necessary for the secureCodeBox. In the following we will describe the important fields. The final values.yaml will look something like this:

# Define the image and settings for the parser containerparser:  image:    # parser.image.repository -- Parser image repository    repository: docker.io/securecodebox/parser-nmap    # parser.image.tag -- Parser image tag    # @default -- defaults to the charts version    tag: null
  # parser.ttlSecondsAfterFinished -- seconds after which the kubernetes job for the parser will be deleted. Requires the Kubernetes TTLAfterFinished controller: https://kubernetes.io/docs/concepts/workloads/controllers/ttlafterfinished/  ttlSecondsAfterFinished: null  # @default -- 3  backoffLimit: 3  # parser.env -- Optional environment variables mapped into each parseJob (see: https://kubernetes.io/docs/tasks/inject-data-application/define-environment-variable-container/)  env: []
  # parser.scopeLimiterAliases -- Optional finding aliases to be used in the scopeLimiter.  scopeLimiterAliases: {}
# Do the same for the scanner containersscanner:  image:    # scanner.image.repository -- Container Image to run the scan    repository: docker.io/securecodebox/parser-nmap    # scanner.image.tag -- defaults to the charts appVersion    tag: null
  # scanner.ttlSecondsAfterFinished -- seconds after which the kubernetes job for the scanner will be deleted. Requires the Kubernetes TTLAfterFinished controller: https://kubernetes.io/docs/concepts/workloads/controllers/ttlafterfinished/  ttlSecondsAfterFinished: null  # scannerJob.backoffLimit -- There are situations where you want to fail a scan Job after some amount of retries due to a logical error in configuration etc. To do so, set backoffLimit to specify the number of retries before considering a scan Job as failed. (see: https://kubernetes.io/docs/concepts/workloads/controllers/job/#pod-backoff-failure-policy)  # @default -- 3  backoffLimit: 3
  # scanner.resources -- CPU/memory resource requests/limits (see: https://kubernetes.io/docs/tasks/configure-pod-container/assign-memory-resource/, https://kubernetes.io/docs/tasks/configure-pod-container/assign-cpu-resource/)  resources: {}  #   resources:  #     requests:  #       memory: "256Mi"  #       cpu: "250m"  #     limits:  #       memory: "512Mi"  #       cpu: "500m"
  # scanner.env -- Optional environment variables mapped into each scanJob (see: https://kubernetes.io/docs/tasks/inject-data-application/define-environment-variable-container/)  env: []
  # scanner.extraVolumes -- Optional Volumes mapped into each scanJob (see: https://kubernetes.io/docs/concepts/storage/volumes/)  extraVolumes: []
  # scanner.extraVolumeMounts -- Optional VolumeMounts mapped into each scanJob (see: https://kubernetes.io/docs/concepts/storage/volumes/)  extraVolumeMounts: []
  # scanner.extraContainers -- Optional additional Containers started with each scanJob (see: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/)  extraContainers: []
  # scanner.securityContext -- Optional securityContext set on scanner container (see: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/)  securityContext:    runAsNonRoot: true    readOnlyRootFilesystem: true    allowPrivilegeEscalation: false    privileged: false    capabilities:      drop:        - all

scanner and parser#

The two top-level fields scanner and parser define the containers and settings for the scanner and parser, respectively. All fields below are common for both scanner and parser.

image#

The image field contains the container image and tag used for the scanner or parser. For the scanner, this could be the official image of the scanner or a custom image, if one is needed. Usually the tag of the image is null and will default to the charts appVersion (for the scanner) or version (for the parser). See below how to use a local docker image. For WPScan the official image can be used so the image fields for scanner and parser may look like this:

scanner:  image:    repository: wpscanteam/wpscan    tag: null  # ...
parser:  image:    repository: docker.io/securecodebox/parser-wpscan    tag: null  # ...

ttlSecondsAfterFinished#

Defines how long the scanner job after finishing will be available (see: TTL Controller for Finished Resources | Kubernetes).

resources#

The resources field can limit or request resources for the scan / parse job (see: Managing Resources For Containers | Kubernetes). A basic example could be the following:

resources:  requests:    memory: "256Mi"    cpu: "250m"  limits:    memory: "512Mi"    cpu: "500m"

env#

Optional environment variables mapped into the job (see: Define Environment Variables for a Container | Kubernetes).

extraVolumes#

Optional Volumes mapped into the job (see: Volumes | Kubernetes).

extraVolumeMounts#

Optional VolumeMounts mapped into the job (see: Volumes | Kubernetes).

extraContainers#

Optional additional Containers started with the job (see: Init Containers | Kubernetes).

securityContext#

Optional securityContext set on the container (see: Configure a Security Context for a Pod or Container | Kubernetes).

scopeLimiterAliases#

Optional scopeLimiterAliases set on the parse definition (see ScopeLimiterAliases)

affinity#

Optional affinity settings that control how the job is scheduled (see: Node Affinity | Kubernetes)

tolerations#

Optional tolerations settings that control how the job is scheduled (see: Tolerations | Kubernetes)