Extend Gitlab Agent with trivy-k8s-wrapper optional image configuration

Problem statement

Gitlab Agent Helm chart allows the user to specify the gitlab agent image. The Gitlab Agent (GA) has a fixed version of the trivy-k8s-wrapper which is used to perform the Operational Container Scanning (OCS) feature. That means that the trivy-k8s-wrapper image cannot be specified by the user. This option is required to enable integration tests where we need to test the GA against a specific version of the trivy-k8s-wrapper.

Proposal

Provide an optional configuration in the gitlab agent to pass a different image for the trivy-k8s-wrapper scanner. By default this configuration is empty.

Implementation path

• Create a new field trivy_k8s_wrapper_image with nested field repository and tag in the agent config. More details here
• Pass the new field to the OCS worker
• If repository or tag is empty use the default value, otherwise choose the passed value. This will be used in the OCS pod specs
• Update documentation