Add description for IMAGE_PULL_SECRETS env variable in rad-sbom

Signed-off-by: Mateusz Dymiński <dyminski@gmail.com>
ksoclabs · Nov 4, 2024 · 5f1b313 · 5f1b313
1 parent 995563b
commit 5f1b313
Show file tree

Hide file tree

Showing 3 changed files with 9 additions and 3 deletions.
diff --git a/stable/ksoc-plugins/Chart.yaml b/stable/ksoc-plugins/Chart.yaml
@@ -1,6 +1,6 @@
 apiVersion: v2
 name: ksoc-plugins
-version: 1.9.2
+version: 1.9.3
 description: A Helm chart to run the KSOC plugins
 home: https://ksoc.com
 icon: https://ksoc.com/hubfs/Ksoc-logo.svg
@@ -16,8 +16,8 @@ annotations:
   artifacthub.io/category: security
   # Possible kind options are added, changed, deprecated, removed, fixed and security.
   artifacthub.io/changes: |
-    - kind: fixed
-      description: Sets the correct priority class for the node-agent daemonset.
+    - kind: added
+      description: Add documentation for the `IMAGE_PULL_SECRETS` config value in 'rad-sbom' component.
   artifacthub.io/containsSecurityUpdates: "false"
   artifacthub.io/links: |
     - name: source

diff --git a/stable/ksoc-plugins/README.md b/stable/ksoc-plugins/README.md
@@ -566,6 +566,7 @@ The command removes all the Kubernetes components associated with the chart and
 | ksocNodeAgent.updateStrategy.rollingUpdate.maxUnavailable | int | `1` | The maximum number of pods that can be unavailable during the update. Can be an absolute number or percent, e.g.  `5` or `"10%"` |
 | ksocNodeAgent.updateStrategy.type | string | `"RollingUpdate"` |  |
 | ksocSbom.enabled | bool | `true` |  |
+| ksocSbom.env.IMAGE_PULL_SECRETS | string | `""` | Comma separated list of image pull secrets to use to pull container images. Important: The secrets must be created in the same namespace as the rad-sbom deployment. By default 'rad-sbom' tries to read imagePullSecrets from the manifest spec, but additionally, you can specify the secrets here. If you use AWS ECR private registry, we recommend to use EKS Pod Identity or IRSA to add access to "rad-sbom" to the ECR registry. |
 | ksocSbom.env.LOG_LEVEL | string | `"info"` | The log level to use.  Options are trace, debug, info, warn, error |
 | ksocSbom.env.MUTATE_ANNOTATIONS | bool | `false` | Whether to mutate the annotations in pod spec by adding images digests. Annotations can be used to track image digests in addition to, or instead of the image tag mutation. |
 | ksocSbom.env.MUTATE_IMAGE | bool | `true` | Whether to mutate the image in pod spec by adding digest at the end. By default, digests are added to images to ensure that the image that runs in the cluster matches the digest of the build.  Disable this if your continuous deployment reconciler requires a strict image tag match. |

diff --git a/stable/ksoc-plugins/values.yaml b/stable/ksoc-plugins/values.yaml
@@ -103,6 +103,11 @@ ksocSbom:
     MUTATE_ANNOTATIONS: false
     # -- The format of the generated SBOM. Currently we support: syft-json,cyclonedx-json,spdx-json
     SBOM_FORMAT: cyclonedx-json
+    # -- Comma separated list of image pull secrets to use to pull container images. Important: The secrets must be created in the
+    # same namespace as the rad-sbom deployment. By default 'rad-sbom' tries to read imagePullSecrets from the manifest spec, but
+    # additionally, you can specify the secrets here.
+    # If you use AWS ECR private registry, we recommend to use EKS Pod Identity or IRSA to add access to "rad-sbom" to the ECR registry.
+    IMAGE_PULL_SECRETS: ""
     # -- The log level to use.  Options are trace, debug, info, warn, error
     LOG_LEVEL: info
   resources: