diff --git a/charts/cci-container-infra/Chart.yaml b/charts/cci-container-infra/Chart.yaml
index 6b2afce8343dddcf509555e812ea376e5e2203e3..bfbcef519ea958096481317d52de1e3ad5c2be6c 100644
--- a/charts/cci-container-infra/Chart.yaml
+++ b/charts/cci-container-infra/Chart.yaml
@@ -1,7 +1,7 @@
apiVersion: v2
description: A Helm umbrella chart for the CERN container infra
name: cci-container-infra
-version: 0.4.1
+version: 0.4.2
keywords:
- docker
- registry
@@ -12,7 +12,7 @@ sources:
- https://github.com/goharbor/harbor-helm
dependencies:
- name: harbor
- version: 1.9.4
+ version: 1.9.6
repository: https://helm.goharbor.io
maintainers:
- name: Diogo Guerra
diff --git a/charts/cci-container-infra/values.yaml b/charts/cci-container-infra/values.yaml
index 5ddc5f6050b945eddd6e616b372da7c0ad6cfa87..4ef87d8a0df56ee2d8f18f31f03a197fa2edc30a 100644
--- a/charts/cci-container-infra/values.yaml
+++ b/charts/cci-container-infra/values.yaml
@@ -242,21 +242,7 @@ harbor:
accessMode: ReadWriteOnce
size: 1Gi
trivy:
- existingClaim: ""
- storageClass: ""
- subPath: ""
- accessMode: ReadWriteOnce
size: 5Gi
- # Define which storage backend is used for registry and chartmuseum to store
- # images and charts. Refer to
- # https://github.com/docker/distribution/blob/master/docs/configuration.md#storage
- # for the detail.
- # Specify whether to disable `redirect` for images and chart storage, for
- # backends which not supported it (such as using minio for `s3` storage type), please disable
- # it. To disable redirects, simply set `disableredirect` to `true` instead.
- # Refer to
- # https://github.com/docker/distribution/blob/master/docs/configuration.md#redirect
- # for the detail.
imageChartStorage:
disableredirect: false
# Specify the "caBundleSecretName" if the storage service uses a self-signed certificate.
diff --git a/releases/prod/values.yaml b/releases/prod/values.yaml
index 23d053eba27b1278e5bc4c3df641a56868944e6f..c5fbf0c86c03e51e971ce61a47bb76ce687ab624 100644
--- a/releases/prod/values.yaml
+++ b/releases/prod/values.yaml
@@ -50,7 +50,7 @@ spec:
redis:
existingClaim: cci-container-infra-harbor-redis
trivy:
- existingClaim: cci-container-infra-harbor-trivy
+ storageClass: meyrin-cephfs
imageChartStorage:
type: s3
s3:
@@ -74,6 +74,8 @@ spec:
htpasswd: ENC[AES256_GCM,data:ly6/IrVPzvU9nOt13xLuyNR6fUXuIA627Y2LIajzxjNau8sYOWGdpdE4hwyx6AxYURKOQb6Stjuc5gPQIg5bLJkm,iv:peImMX2ac7UULncz4ZN6pK0npUVO+HAKgX6cgPSESqw=,tag:j3zaE1+Lki6Eu4l6bQ7gBg==,type:str]
chartmuseum:
replicas: 3
+ trivy:
+ replicas: 3
database:
type: external
external:
@@ -95,8 +97,8 @@ sops:
- secret_href: https://openstack.cern.ch:9311/v1/secrets/9faa1229-bddf-4b3e-a05b-ef43ccf72527
created_at: '2022-07-27T09:31:23Z'
enc: yErst7NAI1U0ZDzZGxXsp6Y4MuKw+aOnY213LHb/DmR6LWSfS5WL0cAGVPl1fH+u
- lastmodified: '2022-07-27T09:52:30Z'
- mac: ENC[AES256_GCM,data:XlSF4qGxwuqzbUaxw1TL5O27U2fBzF5Wy/pLYodyMNby2+jTUzqykKJQfBXBqj5geJcvtXA0CyT+uaUdNXQl5tgg0TuoL+0t0TQ1DJLEdoaOEorK4TWx2FjUEdf63Yo5GL7nadmjVASftANhfyZ7S3N93c95RtRhmu1UgbrBntI=,iv:vYgYNbu3kwUSxD3gsmw1bpdDee1xcH862Zrg/nedrPE=,tag:SUMRs85FIthiAnFyCBhdPg==,type:str]
+ lastmodified: '2023-04-03T09:03:45Z'
+ mac: ENC[AES256_GCM,data:ZLeO3nb8QKhPRVTmPyEj9hAHW8ZstVfJ1kSIbNGswlpDTmsMJtTR9mBJhxFS1tIDue+9E4nOv8nPjWdgxzhY+bLQcbt3mWTAee2hlSlDodP0mzWD8z2FtHyTNRU1LqJo4Uv0iuUma3cKQh/He3EFL9WpWVAJ7nGetKXGSiI6Lw8=,iv:LbIcgZTgcTajJqYWdWdHFUZuVY7DgjcUh/Pz6wGFDwA=,tag:vWIXlKPAYA6bk57fNMFHmw==,type:str]
pgp: []
encrypted_regex: ^(transport_url)|(.*[Pp]assword)|(encryptMe.*)|(.*[Pp]asswd)|(.*[Kk]ey)|(clientSecret)|(secret)|(.*ID)$
version: 3.5.0-1.cern
diff --git a/releases/staging/values.yaml b/releases/staging/values.yaml
index f0c5c6d848bb69ca82f33bdc7355d1ecd4444c5d..71a1c77fb7df084155bca8e496cb492e62b0fe83 100644
--- a/releases/staging/values.yaml
+++ b/releases/staging/values.yaml
@@ -50,7 +50,7 @@ spec:
redis:
existingClaim: staging-cci-container-infra-harbor-redis
trivy:
- existingClaim: staging-cci-container-infra-harbor-trivy
+ storageClass: geneva-cephfs-testing
imageChartStorage:
type: s3
s3:
@@ -95,8 +95,8 @@ sops:
- secret_href: https://openstack.cern.ch:9311/v1/secrets/9faa1229-bddf-4b3e-a05b-ef43ccf72527
created_at: '2022-07-27T09:29:16Z'
enc: ZA+vfXXwQceLFEAnppfv9TLdR9J/QbFp1DaqPhCZwMD9x8H/Ljr5GjZp5F6Cp6iZ
- lastmodified: '2022-07-27T09:52:41Z'
- mac: ENC[AES256_GCM,data:D252BrgSImkhvOYVCrKo63IDtr4HM4cI5iOfeJscflqOyytOYVR6Wl4tmf7Cwe2LCsJ0obkYsrCNaCSz34fwj2VyGiWV09Lc7Qdx6IZ/nHdc4QihsLDaXz+2ez84O5WKljeSiOksHxiXBR+SJRpxD5hB4LC46oc+Zrt/wIjXesU=,iv:4V+rYLNnbmGDX+YrMkuGG0TAtqzBPtbb3mvIMkO3BQk=,tag:kknFef89qVahdcmM9qXD0Q==,type:str]
+ lastmodified: '2023-04-03T09:04:17Z'
+ mac: ENC[AES256_GCM,data:xl/APqoY00dahbyOpm4WZuirQ/TSYIrIDOuRW4Sno5vR07t48WLmd+H3ja9iv0mWtnCr+XpYX7b9VNr79ke8omhaJ4Lhjr6Nn7jcFSvnON4EvNkQpIMh4r8ncsHwv0s00krBZx5081icw8nQNB9Pe+d/VBYMgCpg1VZunW4eRy8=,iv:/H5b8JKj3kkKx7Wk3rzPmf3CQ9o5DVNE/GExS3K3fMU=,tag:XFM0KvXOA61nc1bmXGTbXg==,type:str]
pgp: []
encrypted_regex: ^(transport_url)|(.*[Pp]assword)|(encryptMe.*)|(.*[Pp]asswd)|(.*[Kk]ey)|(clientSecret)|(secret)|(.*ID)$
version: 3.5.0-1.cern
diff --git a/static/prod/pvc-trivy.yaml b/static/prod/pvc-trivy.yaml
deleted file mode 100644
index 7d062d2b12b36c0e0710c07f2931db49a3ae9721..0000000000000000000000000000000000000000
--- a/static/prod/pvc-trivy.yaml
+++ /dev/null
@@ -1,15 +0,0 @@
-apiVersion: v1
-kind: PersistentVolumeClaim
-metadata:
- annotations:
- volume.beta.kubernetes.io/storage-provisioner: manila-provisioner
- name: cci-container-infra-harbor-trivy
- namespace: prod
-spec:
- accessModes:
- - ReadWriteMany
- resources:
- requests:
- storage: 5Gi
- storageClassName: meyrin-cephfs
-
diff --git a/static/staging/pvc-trivy.yaml b/static/staging/pvc-trivy.yaml
deleted file mode 100644
index 473d45a592f4ba535c7f260fef54d9f38fa28937..0000000000000000000000000000000000000000
--- a/static/staging/pvc-trivy.yaml
+++ /dev/null
@@ -1,15 +0,0 @@
-apiVersion: v1
-kind: PersistentVolumeClaim
-metadata:
- annotations:
- volume.beta.kubernetes.io/storage-provisioner: manila-provisioner
- name: staging-cci-container-infra-harbor-trivy
- namespace: staging
-spec:
- accessModes:
- - ReadWriteMany
- resources:
- requests:
- storage: 5Gi
- storageClassName: geneva-cephfs-testing
-