helm - trivy-server should use trivy.repository:trivy.tag for image if defined

[jrhunger]

What steps did you take and what happened:

Deployed v0.7.0 using with built-in server enabled, in a cluster that has a proxy firewall (with internal-signed-cert) between it and ghcr.io. Top-level values.yaml specifies trivy.repository and trivy.tag to point at our custom trivy image that includes CA cert trust for our internal certificate.

trivy-server-0 pod sent to Crash Loop Backoff due to cert mismatch when downloading DB.

What did you expect to happen:

I expected that trivy-server would use the defined trivy image which trusts our internal cert and would successfully download the DB and continue running.

Anything else you would like to add:
Should be fixable by replacing the hardcoded image line in templates/trivy-server.yaml with this one:

image: {{ .Values.trivy.repository }}:{{ .Values.trivy.tag | default .Chart.AppVersion }}

I tested this with local modification to helm chart and it works.

Environment:

• Trivy-Operator version (use trivy-operator version): v0.7.0
• Kubernetes version (use kubectl version): 1.24.3
• OS (macOS 10.15, Windows 10, Ubuntu 19.10 etc): Oracle Linux 7

[adrianmarcu18]

I would also like this to be fixed. To be mentioned that there are some other hardcoded values in the template, such as resources.