Deploy trivy

2021-02-23 00:09:22 +01:00 · 2021-02-23 00:09:22 +01:00 · 91cc528a2f
commit 91cc528a2f
parent 32ba33296f
2 changed files with 39 additions and 0 deletions
--- a/tasks/main.yml
+++ b/tasks/main.yml
@ -92,3 +92,39 @@
      - drone-runner
  tags:
    - drone
+
+# https://github.com/aquasecurity/trivy/tree/main/helm/trivy
+- name: Trivy Setup
+  block:
+  - name: Git clone stable repo on HEAD
+    ansible.builtin.git:
+      repo: "https://github.com/aquasecurity/trivy.git"
+      dest: tmp/trivy
+  - name: Deploy trivy chart from local path
+    community.kubernetes.helm:
+      state: present
+      name: trivy
+      context: "{{ my_context }}"
+      chart_ref: tmp/trivy/helm/trivy
+      release_namespace: "{{ trivy_namespace }}"
+      create_namespace: true
+      values:
+        image:
+          tag: "{{ trivy_version }}"
+#        persistence:
+#          storageClass: "{{ trivy_storage_classname }}"
+#        trivy:
+#          gitHubToken: ""
+#          cache:
+#            redis:
+#              enabled: false
+#              url: "" # e.g. redis://redis.redis.svc:6379
+#        ingress:
+#          enabled: false
+#          annotations: {}
+#            # kubernetes.io/ingress.class: nginx
+#          hosts:
+#            - host: trivy.{{ traefik_domain }}
+
+  tags:
+    - trivy