Allow to specify operator and lurcher image references via helm

Author: J12934

operator/controllers/execution/scan_controller.go

@@ -426,9 +426,24 @@ func (r *ScanReconciler) constructJobForScan(scan *executionv1.Scan, scanType *e
 		},
 	)
 
+	lurcherImage := os.Getenv("LURCHER_IMAGE")
+	lurcherPullPolicyRaw := os.Getenv("LURCHER_PULL_POLICY")
+	var lurcherPullPolicy corev1.PullPolicy
+	switch lurcherPullPolicyRaw {
+	case "Always":
+		lurcherPullPolicy = corev1.PullAlways
+	case "IfNotPresent":
+		lurcherPullPolicy = corev1.PullIfNotPresent
+	case "Never":
+		lurcherPullPolicy = corev1.PullNever
+	default:
+		return nil, fmt.Errorf("Unkown imagePull Policy for lurcher: %s", lurcherPullPolicyRaw)
+	}
+
 	lurcherSidecar := &corev1.Container{
-		Name:  "lurcher",
-		Image: "scbexperimental/lurcher@sha256:10294aabb8c4f3d819c83b187d26b850b9168aaf75e8ea112043ebbbbc5d7ed6",
+		Name:            "lurcher",
+		Image:           lurcherImage,
+		ImagePullPolicy: lurcherPullPolicy,
 		Args: []string{
 			"--container",
 			job.Spec.Template.Spec.Containers[0].Name,
@@ -466,7 +481,6 @@ func (r *ScanReconciler) constructJobForScan(scan *executionv1.Scan, scanType *e
 				MountPath: "/home/securecodebox/",
 			},
 		},
-		ImagePullPolicy: "IfNotPresent",
 	}
 
 	job.Spec.Template.Spec.Containers = append(job.Spec.Template.Spec.Containers, *lurcherSidecar)

operator/templates/manager/manager.yaml

@@ -20,7 +20,12 @@ spec:
             - /manager
           args:
             - --enable-leader-election
-          image: scbexperimental/operator:latest
+          {{- if .Values.image.digest }}
+          image: "{{ .Values.image.registry }}/{{ .Values.image.repository }}@{{ .Values.image.digest }}"
+          {{- else }}
+          image: "{{ .Values.image.registry }}/{{ .Values.image.repository }}:{{ .Values.image.tag }}"
+          {{- end }}
+          imagePullPolicy: {{ .Values.image.pullPolicy }}
           name: manager
           env:
             # TODO: integrate with cert manager and auto gen a cert for minio
@@ -42,6 +47,15 @@ spec:
                   key: secretkey
             - name: S3_BUCKET
               value: {{ .Values.minio.defaultBucket.name }}
+            {{- if .Values.image.digest }}
+            - name: LURCHER_IMAGE
+              value: "{{ .Values.lurcher.image.registry }}/{{ .Values.lurcher.image.repository }}@{{ .Values.lurcher.image.digest }}"
+            {{- else }}
+            - name: LURCHER_IMAGE
+              value: "{{ .Values.lurcher.image.registry }}/{{ .Values.lurcher.image.repository }}:{{ .Values.lurcher.image.tag }}"
+            {{- end }}
+            - name: LURCHER_PULL_POLICY
+              value: {{ .Values.lurcher.image.pullPolicy }}
           resources:
             limits:
               cpu: 100m

operator/values.yaml

@@ -2,6 +2,21 @@
 # This is a YAML-formatted file.
 # Declare variables to be passed into your templates.
 
+image:
+  registry: docker.io
+  repository: scbexperimental/operator
+  tag: latest
+  digest: null
+  pullPolicy: Always
+
+lurcher:
+  image:
+    registry: docker.io
+    repository: scbexperimental/lurcher
+    tag: null
+    digest: "sha256:0e9f18f85809fb8c042543657d340949db14e81fc727bf9fab4421befd317850"
+    pullPolicy: IfNotPresent
+
 s3:
   # TODO: Needs to be implemented
   # by default uses a locally installed minio instance.