values.yaml
The values.yaml is also created by helm create new-scanner.
Most of these generated fields are not necessary for the secureCodeBox.
In the following we will describe the important fields.
The final values.yaml will look something like this:
# Define the image and settings for the parser container
parser:
  image:
    # parser.image.repository -- Parser image repository
    repository: docker.io/securecodebox/parser-nmap
    # parser.image.tag -- Parser image tag
    # @default -- defaults to the charts version
    tag: null
  # parser.ttlSecondsAfterFinished -- seconds after which the kubernetes job for the parser will be deleted. Requires the Kubernetes TTLAfterFinished controller: https://kubernetes.io/docs/concepts/workloads/controllers/ttlafterfinished/
  ttlSecondsAfterFinished: null
  # @default -- 3
  backoffLimit: 3
  # parser.env -- Optional environment variables mapped into each parseJob (see: https://kubernetes.io/docs/tasks/inject-data-application/define-environment-variable-container/)
  env: []
  # parser.scopeLimiterAliases -- Optional finding aliases to be used in the scopeLimiter.
  scopeLimiterAliases: {}
# Do the same for the scanner containers
scanner:
  image:
    # scanner.image.repository -- Container Image to run the scan
    repository: docker.io/securecodebox/parser-nmap
    # scanner.image.tag -- defaults to the charts appVersion
    tag: null
  # scanner.ttlSecondsAfterFinished -- seconds after which the kubernetes job for the scanner will be deleted. Requires the Kubernetes TTLAfterFinished controller: https://kubernetes.io/docs/concepts/workloads/controllers/ttlafterfinished/
  ttlSecondsAfterFinished: null
  # scannerJob.backoffLimit -- There are situations where you want to fail a scan Job after some amount of retries due to a logical error in configuration etc. To do so, set backoffLimit to specify the number of retries before considering a scan Job as failed. (see: https://kubernetes.io/docs/concepts/workloads/controllers/job/#pod-backoff-failure-policy)
  # @default -- 3
  backoffLimit: 3
  # scanner.resources -- CPU/memory resource requests/limits (see: https://kubernetes.io/docs/tasks/configure-pod-container/assign-memory-resource/, https://kubernetes.io/docs/tasks/configure-pod-container/assign-cpu-resource/)
  resources: {}
  #   resources:
  #     requests:
  #       memory: "256Mi"
  #       cpu: "250m"
  #     limits:
  #       memory: "512Mi"
  #       cpu: "500m"
  # scanner.env -- Optional environment variables mapped into each scanJob (see: https://kubernetes.io/docs/tasks/inject-data-application/define-environment-variable-container/)
  env: []
  # scanner.extraVolumes -- Optional Volumes mapped into each scanJob (see: https://kubernetes.io/docs/concepts/storage/volumes/)
  extraVolumes: []
  # scanner.extraVolumeMounts -- Optional VolumeMounts mapped into each scanJob (see: https://kubernetes.io/docs/concepts/storage/volumes/)
  extraVolumeMounts: []
  # scanner.extraContainers -- Optional additional Containers started with each scanJob (see: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/)
  extraContainers: []
  # scanner.securityContext -- Optional securityContext set on scanner container (see: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/)
  securityContext:
    runAsNonRoot: true
    readOnlyRootFilesystem: true
    allowPrivilegeEscalation: false
    privileged: false
    capabilities:
      drop:
        - all
scanner and parser
The two top-level fields scanner and parser define the containers and settings for the scanner and parser, respectively.
All fields below are common for both scanner and parser.
image
The image field contains the container image and tag used for the scanner or parser.
For the scanner, this could be the official image of the scanner or a custom image, if one is needed.
Usually the tag of the image is null and will default to the charts appVersion (for the scanner) or version (for the parser).
See below how to use a local docker image.
For WPScan the official image can be used so the image fields for scanner and parser may look like this:
scanner:
  image:
    repository: wpscanteam/wpscan
    tag: null
  # ...
parser:
  image:
    repository: docker.io/securecodebox/parser-wpscan
    tag: null
  # ...
ttlSecondsAfterFinished
Defines how long the scanner job after finishing will be available (see: TTL Controller for Finished Resources | Kubernetes).
resources
The resources field can limit or request resources for the scan / parse job (see: Managing Resources For Containers | Kubernetes).
A basic example could be the following:
resources:
  requests:
    memory: "256Mi"
    cpu: "250m"
  limits:
    memory: "512Mi"
    cpu: "500m"
env
Optional environment variables mapped into the job (see: Define Environment Variables for a Container | Kubernetes).
extraVolumes
Optional Volumes mapped into the job (see: Volumes | Kubernetes).
extraVolumeMounts
Optional VolumeMounts mapped into the job (see: Volumes | Kubernetes).
extraContainers
Optional additional Containers started with the job (see: Init Containers | Kubernetes).
securityContext
Optional securityContext set on the container (see: Configure a Security Context for a Pod or Container | Kubernetes).
scopeLimiterAliases
Optional scopeLimiterAliases set on the parse definition (see ScopeLimiterAliases)
affinity
Optional affinity settings that control how the job is scheduled (see: Node Affinity | Kubernetes)
tolerations
Optional tolerations settings that control how the job is scheduled (see: Tolerations | Kubernetes)