Add required permissions to the Scanning Pod for creating configmaps
We need to add the required permissions to the Scanning Pod so that it is allowed to create configmaps.
Implementation plan
-
Create a service account for the scanning pod -
Create a role that will allow the scanning pod to create configmaps -
Create a role binding that binds the role to the service account -
Create a clusterrole for listing the resources required by trivy -
Create a clusterrolebinding -
Create an additional configuration in values.yml
. It should be something like
config:
operational_container_scanning:
disabled: false
-
Pass an env var in the gitlab agent deployment passing the service account name for OCS -
Pass an env var in the gitlab agent deployment specifying if OCS is enabled or not.
Edited by Nick Ilieskou