wip: tested the almost everything - its working

Signed-off-by: Rahul Vishwakarma <[email protected]>

Author: manzil-infinity180

docs/trivy-manifest/deployment.yml

@@ -1,31 +1,30 @@
-    apiVersion: apps/v1
-    kind: Deployment
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: trivy-server
+  labels:
+    app: trivy-server
+spec:
+  replicas: 1 # You can adjust the number of replicas for high availability
+  selector:
+    matchLabels:
+      app: trivy-server
+  template:
     metadata:
-      name: trivy-server
       labels:
         app: trivy-server
     spec:
-      replicas: 1 # You can adjust the number of replicas for high availability
-      selector:
-        matchLabels:
-          app: trivy-server
-      template:
-        metadata:
-          labels:
-            app: trivy-server
-        spec:
-          containers:
-          - name: trivy-server
-            image: aquasec/trivy:latest # Use a specific version instead of latest in production
-            args: ["server", "--listen", "0.0.0.0:8080"] # Listen on all interfaces
-            ports:
+      containers:
+        - name: trivy-server
+          image: aquasec/trivy:latest # Use a specific version instead of latest in production
+          args: ["server", "--listen", "0.0.0.0:8080"] # Listen on all interfaces
+          ports:
             - containerPort: 8080
               name: http
-            # Optional: Add resource limits and requests for better resource management
-            # resources:
-            #   limits:
-            #     cpu: "500m"
-            #     memory: "512Mi"
-            #   requests:
-            #     cpu: "250m"
-            #     memory: "256Mi"
+#          volumeMounts:
+#            - name: trivy-cache
+#              mountPath: /root/.cache/trivy
+#      volumes:
+#        - name: trivy-cache
+#          persistentVolumeClaim:
+#            claimName: trivy-cache-pvc

docs/trivy-manifest/pvc.yml

@@ -3,6 +3,7 @@ kind: PersistentVolumeClaim
 metadata:
   name: trivy-cache-pvc
 spec:
+  storageClassName: standard
   accessModes:
     - ReadWriteOnce
   resources:

docs/trivy-manifest/service.yml

@@ -1,14 +1,14 @@
-    apiVersion: v1
-    kind: Service
-    metadata:
-      name: trivy-server-service
-      labels:
-        app: trivy-server
-    spec:
-      selector:
-        app: trivy-server
-      ports:
-        - protocol: TCP
-          port: 8080
-          targetPort: 8080
-      type: ClusterIP # Use ClusterIP for internal access, or NodePort/LoadBalancer for external access
+apiVersion: v1
+kind: Service
+metadata:
+  name: trivy-server-service
+  labels:
+    app: trivy-server
+spec:
+  selector:
+    app: trivy-server
+  ports:
+    - protocol: TCP
+      port: 8080
+      targetPort: 8080
+  type: ClusterIP # Use ClusterIP for internal access, or NodePort/LoadBalancer for external access

main.go

@@ -138,7 +138,7 @@ func main() {
 	go func() {
 		http.HandleFunc("/validate", ValidateDeployment)
 		log.Println("Starting webhook server on :8000...")
-		err := http.ListenAndServeTLS(":8000", "/certs/tls.crt", "/certs/tls.key", nil)
+		err := http.ListenAndServeTLS(":8000", "certs/tls.crt", "certs/tls.key", nil)
 		if err != nil {
 			log.Fatalf("Failed to start webhook server: %v", err)
 		}

manifest/deployment.yaml

@@ -14,7 +14,7 @@ spec:
     spec:
       containers:
         - name: k8s-controller
-          image: manzilrahul/k8s-custom-controller:1.0.9
+          image: manzilrahul/k8s-custom-controller:latest
           volumeMounts:
             - name: webhook-certs
               mountPath: /certs      # Your code expects "certs/tls.crt"

manifest/webhook-example/initContainerDeployment.yml

@@ -19,6 +19,6 @@ spec:
           command: ["sh", "-c", "echo Init container with CVEs"]
       containers:
         - name: main-vulnerable
-          image: nginx:1.19   # Main container with CVEs
+          image: cgr.dev/chainguard/nginx:latest   # Main container with CVEs
           ports:
             - containerPort: 80