Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[stable/insights-agent]: FWI-3155: Add Trivy unsetAWSRegionEnvVars to help Trivy scan ECR in a different region #1016

Closed
wants to merge 4 commits into from
Closed

[stable/insights-agent]: FWI-3155: Add Trivy unsetAWSRegionEnvVars to help Trivy scan ECR in a different region #1016

wants to merge 4 commits into from

Conversation

ivanfetch-wt
Copy link
Contributor

Why This PR?
FWI-3155 - help Trivy authenticate to ECR when ECR is in a different region, by unsetting AWS_DEFAULT_REGION and AWS_REGION environment variables which in turn keep the EKS pod identity WebHook from injecting those same variables based on the cluster's location.

A new Trivy.unsetAWSRegionEnvVars boolean chart value causes the above environment variables to be unset in the Trivy CronJob. I verified this unsets these environment variables when set statically in a "pretend Trivy" CronJob image, as a test.

Checklist:

  • I have included the name of the chart in the title of this PR in square brackets i.e. [stable/goldilocks].
  • I have updated the chart version in Chart.yaml following Semantic Versioning.
  • Any new values are backwards compatible and/or have sensible default.
  • Any new values have been added to the README for the Chart, or helm-docs --sort-values-order=file has been run for the charts that support it.

Ivan Fetch added 2 commits November 15, 2022 14:04
@ivanfetch-wt ivanfetch-wt requested a review from rbren as a code owner November 15, 2022 21:09
@fairwinds-insights
Copy link

fairwinds-insights bot commented Nov 15, 2022
edited
Loading

Fairwinds Insights CI Report

View the Full Report

✅ No new Action Items detected!

@ivanfetch-wt ivanfetch-wt changed the title If/fwi 3155 [stable/insights-agent]: FWI-3155: Add Trivy unsetAWSRegionEnvVars to help Trivy scan ECR in a different region Nov 15, 2022
@ivanfetch-wt ivanfetch-wt enabled auto-merge (squash) November 15, 2022 21:36
@ivanfetch-wt
Copy link
Contributor Author

I'm closing this in favor of PR #1023 which allows environment variables to be set for Trivy.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@rbren rbren rbren approved these changes

Assignees
No one assigned
Labels
Don't Merge!!
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@ivanfetch-wt @rbren