[Release] logzio-trivy align to new global structure #574

charts/logzio-trivy/CHANGELOG.md

@@ -0,0 +1,54 @@
+# Changes by Version
+
+<!-- next version -->
+
+## 1.0.0
+- **Breaking changes**
+    - Secret values are now global and aligned to prevent duplicate values in the parent chart
+      - `secrets.logzioShippingToken` >> `global.logzioLogsToken`
+      - `secrets.logzioListener` >> `global.logzioRegion`
+      - `env_id` >> `global.env_id`
+    - K8s secret resource configuration has been renamed from `secrets` >> `secret`
+
+## 0.3.6
+- Fix `tolerations` value 
+
+## 0.3.5
+- Added `affinity` ,`nodeSelector` and `tolerations` to the deployment.
+
+## 0.3.4
+- Bump Trivy-Operator version to `0.24.1`.
+
+## 0.3.3
+- Upgrade to image `logzio/trivy-to-logzio:0.3.3`.
+    - Upgrade python version to 3.12.5.
+    - Re-build image to include the latest version of git(CVE-2024-32002).
+- Bump Trivy-Operator version to `0.24.0`.
+
+## 0.3.2
+- Added 'user-agent' header for telemetry data.
+
+## 0.3.0
+- Bump Trivy-Operator version to `0.15.1`.
+
+## 0.2.1
+- Default to disable unused reports (config audit, rbac assessment, infra assessment, cluster compliance).
+- Bump Trivy-Operator version to `0.13.1`.
+- Bump logzio-trivy version to `0.2.1`.
+
+## 0.2.0
+- Upgrade to image `logzio/trivy-to-logzio:0.2.0`:
+    - Watch for new reports, in addition to daily scan.
+
+## 0.1.0
+- Upgrade to image `logzio/trivy-to-logzio:0.1.0`.
+- **Breaking changes**:
+    - Deprecation of CronJob, using Deployment instead.
+    - Scanning for reports will occur once upon container deployment, then once a day at the scheduled time. 
+    - Not using cron expressions anymore. Instead, set a time for the daily run in form of HH:MM. 
+
+## 0.0.2
+- Add quotes to schedule expression to avoid errors. 
+
+## 0.0.1
+- Initial release.

charts/logzio-trivy/Chart.yaml

@@ -5,7 +5,7 @@ keywords:
   - logging
   - trivy
   - security
-version: 0.3.6
+version: 1.0.0
 appVersion: 0.2.3
 sources:
   - https://github.com/logzio/logzio-helm

charts/logzio-trivy/README.md

@@ -21,16 +21,16 @@ Use the following command, and replace the placeholders with your parameters:
 
 ```sh
 helm install -n monitoring --create-namespace \
---set env_id="<<ENV-ID>>" \
---set secrets.logzioShippingToken="<<LOG-SHIPPING-TOKEN>>" \
---set secrets.logzioListener="<<LISTENER-HOST>>" \
+--set global.env_id="<<ENV-ID>>" \
+--set global.logzioLogsToken="<<LOG-SHIPPING-TOKEN>>" \
+--set global.logzioRegion="<<LOGZIO-REGION>>" \
 logzio-trivy logzio-helm/logzio-trivy
 ```
 
 | Parameter | Description |
 | --- | --- |
 | `<<LOG-SHIPPING-TOKEN>>` | Your [logs shipping token](https://app.logz.io/#/dashboard/settings/general). |
-| `<<LISTENER-HOST>>` | Your account's [listener host](https://app.logz.io/#/dashboard/settings/manage-tokens/data-shipping?product=logs). For example - `listener.logz.io` |
+| `<<LOGZIO-REGION>>` | Your account's [region code](https://docs.logz.io/docs/user-guide/admin/hosting-regions/account-region/). For example - `us` |
 | `<<ENV-ID>>` | The name for your environment's identifier, to easily identify the telemetry data for each environment. |
 
 
@@ -52,14 +52,14 @@ However, you can modify the Chart by using the `--set` flag in your `helm instal
 | `schedule` | Time for daily scanning for security reports and send them to Logz.io, in format "HH:MM" | `"07:00"` |
 | `image` | Container image | `logzio/trivy-to-logzio` |
 | `imageTag` | Container image tag | `0.2.1` |
-| `env_id` | The name for your environment's identifier, to easily identify the telemetry data for each environment | `""` |
+| `global.env_id` | The name for your environment's identifier, to easily identify the telemetry data for each environment | `""` |
 | `terminationGracePeriodSeconds` | Termination period (in seconds) to wait before killing Fluentd pod process on pod shutdown. | `30` |
 | `serviceAccount.create` | Specifies whether to create a service account for the Deployment | `true` |
 | `serviceAccount.name` | Name of the service account. | `""` |
-| `secrets.enabled` | Specifies wheter to create a secret for the deployment | `true` |
-| `secrets.name` | Secret name | `"logzio-logs-secret-trivy"` |
-| `secrets.logzioShippingToken` | Your logz.io log shipping token | `""` |
-| `secrets.logzioListener` | Your logz.io listener host, for example - `listener.logz.io` | `""` (defaults to us region) |
+| `secret.enabled` | Specifies wheter to create a secret for the deployment | `true` |
+| `secret.name` | Secret name | `"logzio-logs-secret-trivy"` |
+| `global.logzioLogsToken` | Your logz.io log shipping token | `""` |
+| `global.logzioRegion` | Your logz.io region code, for example - `eu` | `"us"` (defaults to us region) |
 | `scriptLogLevel` | Log level of the script that sends security risk to Logz.io. Can be one of: `DEBUG`, `INFO`, `WARNING`, `ERROR`, `CRITICAL`. | `INFO` |
 
 ### Handling image pull rate limit
@@ -72,36 +72,3 @@ In these cases we can use the following `--set` command to use an alternative im
 ```shell
 --set image=public.ecr.aws/logzio/trivy-to-logzio
 ```
-
-
-## Changelog
-- **0.3.6**
-  - Fix `tolerations` value 
-- **0.3.5**
-  - Added `affinity` ,`nodeSelector` and `tolerations` to the deployment.
-- **0.3.4**
-  - Bump Trivy-Operator version to `0.24.1`.
-- **0.3.3**:
-  - Upgrade to image `logzio/trivy-to-logzio:0.3.3`.
-    - Upgrade python version to 3.12.5.
-    - Re-build image to include the latest version of git(CVE-2024-32002).
-  - Bump Trivy-Operator version to `0.24.0`.
-- **0.3.2**:
-  - Added 'user-agent' header for telemetry data.
-- **0.3.0**:
-  - Bump Trivy-Operator version to `0.15.1`.
-- **0.2.1**:
-  - Default to disable unused reports (config audit, rbac assessment, infra assessment, cluster compliance).
-  - Bump Trivy-Operator version to `0.13.1`.
-  - Bump logzio-trivy version to `0.2.1`.
-- **0.2.0**:
-  - Upgrade to image `logzio/trivy-to-logzio:0.2.0`:
-    - Watch for new reports, in addition to daily scan.
-- **0.1.0**:
-  - Upgrade to image `logzio/trivy-to-logzio:0.1.0`.
-  - **Breaking changes**:
-    - Deprecation of CronJob, using Deployment instead.
-    - Scanning for reports will occur once upon container deployment, then once a day at the scheduled time. 
-    - Not using cron expressions anymore. Instead, set a time for the daily run in form of HH:MM. 
-- **0.0.2**: Add quotes to schedule expression to avoid errors. 
-- **0.0.1**: Initial release.

charts/logzio-trivy/templates/_helpers.tpl

@@ -32,9 +32,10 @@ Create the name of the service account to use
 Builds the full logzio listener host
 */}}
 {{- define "trivyToLogzio.listenerHost" }}
-{{- if or ( eq $.Values.secrets.logzioListener "listener.logz.io" ) ( eq $.Values.secrets.logzioListener "" ) -}}
-{{- printf "https://listener.logz.io:8071" }}
+{{- $region := .Values.global.logzioRegion -}}
+{{- if or (eq $region "us") (not $region) -}}
+https://listener.logz.io:8071
 {{- else }}
-{{- printf "https://%s:8071" .Values.secrets.logzioListener -}}
-{{- end -}}
-{{- end -}}
+{{- printf "https://listener-%s.logz.io:8071" $region }}
+{{- end }}
+{{- end }}

charts/logzio-trivy/templates/deployment.yaml

@@ -23,15 +23,15 @@ spec:
         - name: LOGZIO_LOG_SHIPPING_TOKEN
           valueFrom:
             secretKeyRef:
-              name: {{ .Values.secrets.name }}
+              name: {{ .Values.secret.name }}
               key: logzio-log-shipping-token
         - name: LOGZIO_LOG_LISTENER
           valueFrom:
             secretKeyRef:
-              name: {{ .Values.secrets.name }}
+              name: {{ .Values.secret.name }}
               key: logzio-log-listener
         - name: ENV_ID
-          value: {{ .Values.env_id | quote }}
+          value: {{ .Values.global.env_id | quote }}
         - name: IMAGE_VERSION
           value: {{ .Values.imageTag }}
         - name: SCHEDULE

charts/logzio-trivy/templates/secret.yaml

@@ -1,11 +1,11 @@
-{{- if .Values.secrets.enabled -}}
+{{- if .Values.secret.enabled -}}
 apiVersion: v1
 kind: Secret
 metadata:
-  name: {{ .Values.secrets.name }}
+  name: {{ .Values.secret.name }}
   namespace: {{ .Release.namespace }}
 type: Opaque
 stringData:
-  logzio-log-shipping-token: {{ required "Logzio shipping token is required!" .Values.secrets.logzioShippingToken }}
+  logzio-log-shipping-token: {{ required "Logzio shipping token is required!" (.Values.logzioLogsToken | default .Values.global.logzioLogsToken) }}
   logzio-log-listener: {{ template "trivyToLogzio.listenerHost" . }}
 {{- end }}

charts/logzio-trivy/values.yaml

@@ -25,8 +25,6 @@ schedule: "07:00"
 image: logzio/trivy-to-logzio
 # Container image tag
 imageTag: 0.2.3
-# The name for your environment's identifier (cluster name), to easily identify the telemetry data for each environment
-env_id: ""
 # Termination period (in seconds) to wait before killing Fluentd pod process on pod shutdown
 terminationGracePeriodSeconds: 30
 serviceAccount:
@@ -35,15 +33,19 @@ serviceAccount:
   # Name of the service account
   name: ""
 
-secrets:
+global:
+  # The name for your environment's identifier (cluster name), to easily identify the telemetry data for each environment
+  env_id: ""
+  # Your logz.io log shipping token
+  logzioLogsToken: ""
+  # Your logz.io listener host, for example - listener.logz.io
+  logzioRegion: "us"
+
+secret:
   # Specifies wheter to create a secret for the Deployment
   enabled: true
   # Secret name
   name: "logzio-logs-secret-trivy"
-  # Your logz.io log shipping token
-  logzioShippingToken: ""
-  # Your logz.io listener host, for example - listener.logz.io
-  logzioListener: ""
 
 # Log level of the script that sends security risk to Logz.io. Can be one of: DEBUG, INFO, WARNING, ERROR, CRITICAL.
 scriptLogLevel: INFO