This repository was archived by the owner on Sep 3, 2025. It is now read-only.
- Notifications
You must be signed in to change notification settings - Fork3
Uh oh!
There was an error while loading.Please reload this page.
Merged
Changes fromall commits
Commits
Show all changes
3 commits Select commitHold shift + click to select a range
File filter
Filter by extension
Conversations
Failed to load comments.
Loading
Uh oh!
There was an error while loading.Please reload this page.
Jump to
Jump to file
Failed to load files.
Loading
Uh oh!
There was an error while loading.Please reload this page.
Diff view
Diff view
There are no files selected for viewing
2 changes: 1 addition & 1 deletiongo.mod
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,4 +1,4 @@ | ||
| module github.com/coder/coder-xray | ||
| go 1.21 | ||
28 changes: 28 additions & 0 deletionshelm/Chart.yaml
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,28 @@ | ||
| apiVersion: v2 | ||
| name: coder-xray | ||
| description: Query XRay results for Coder workspace pods and push them to Coder | ||
| home: https://github.com/coder/coder-xray | ||
| # version and appVersion are injected at release and will always be shown as | ||
| # 0.1.0 in the repository. | ||
| # | ||
| # If you're installing the Helm chart directly from git it will have this | ||
| # version, which means the auto-generated image URI will be invalid. You can set | ||
| # "image.tag" to the desired tag manually. | ||
| type: application | ||
| version: "0.1.0" | ||
| appVersion: "0.1.0" | ||
| # This matches the required version from Coder. | ||
| kubeVersion: ">= 1.19.0-0" | ||
| keywords: | ||
| - coder | ||
| - terraform | ||
| sources: | ||
| - https://github.com/coder/coder-xray/tree/main | ||
| icon: https://helm.coder.com/coder_logo_black.png | ||
| maintainers: | ||
| - name: Coder Technologies, Inc. | ||
| email: support@coder.com | ||
| url: https://coder.com/contact |
98 changes: 98 additions & 0 deletionshelm/templates/service.yaml
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,98 @@ | ||
| apiVersion: rbac.authorization.k8s.io/v1 | ||
| kind: Role | ||
| metadata: | ||
| name: coder-xray-kube-role | ||
| rules: | ||
| - apiGroups: [""] | ||
| resources: ["pods", "events"] | ||
| verbs: ["get", "watch", "list"] | ||
| - apiGroups: ["apps"] | ||
| resources: ["replicasets", "events"] | ||
| verbs: ["get", "watch", "list"] | ||
| --- | ||
| apiVersion: v1 | ||
| kind: ServiceAccount | ||
| metadata: | ||
| name: {{ .Values.serviceAccount.name | quote }} | ||
| annotations: {{ toYaml .Values.serviceAccount.annotations | nindent 4 }} | ||
| labels: {{ toYaml .Values.serviceAccount.labels | nindent 4 }} | ||
| --- | ||
| apiVersion: rbac.authorization.k8s.io/v1 | ||
| kind: RoleBinding | ||
| metadata: | ||
| name: coder-xray-kube-rolebinding | ||
| roleRef: | ||
| apiGroup: rbac.authorization.k8s.io | ||
| kind: Role | ||
| name: coder-xray-kube-role | ||
| subjects: | ||
| - kind: ServiceAccount | ||
| name: {{ .Values.serviceAccount.name | quote }} | ||
| --- | ||
| apiVersion: apps/v1 | ||
| kind: Deployment | ||
| metadata: | ||
| name: coder-xray-kube | ||
| spec: | ||
| # This must remain at 1 otherwise duplicate logs can occur! | ||
| replicas: 1 | ||
| selector: | ||
| matchLabels: | ||
| app.kubernetes.io/instance: {{ .Release.Name }} | ||
| template: | ||
| metadata: | ||
| labels: | ||
| app.kubernetes.io/instance: {{ .Release.Name }} | ||
| spec: | ||
| serviceAccountName: {{ .Values.serviceAccount.name | quote }} | ||
| restartPolicy: Always | ||
| {{- with .Values.image.pullSecrets }} | ||
| imagePullSecrets: | ||
| {{- toYaml . | nindent 8 }} | ||
| {{- end }} | ||
| {{- with .Values.nodeSelector }} | ||
| nodeSelector: | ||
| {{- toYaml . | nindent 8 }} | ||
| {{- end }} | ||
| containers: | ||
| - name: coder-xray-kube | ||
| image: "{{ .Values.image.repo }}:{{ .Values.image.tag | default .Chart.AppVersion }}" | ||
| imagePullPolicy: {{ .Values.image.pullPolicy }} | ||
| command: | ||
| - /coder-xray scan | ||
| env: | ||
| - name: CODER_URL | ||
| value: {{ .Values.coder.url }} | ||
| - name: CODER_NAMESPACE | ||
| value: {{ .Values.namespace | default .Release.Namespace }} | ||
| - name: CODER_TOKEN | ||
| valueFrom: | ||
| secretKeyRef: | ||
| name: {{ .Values.coder.secretName }} | ||
| key: coder-token | ||
| {{- if .Values.image.sslCertFile }} | ||
| - name: SSL_CERT_FILE | ||
| value: {{ .Values.image.sslCertFile }} | ||
| {{- end }} | ||
| {{- if .Values.image.sslCertDir }} | ||
| - name: SSL_CERT_DIR | ||
| value: {{ .Values.image.sslCertDir }} | ||
| {{- end }} | ||
| - name: CODER_ARTIFACTORY_URL | ||
| value: {{ .Values.artifactory.url }} | ||
| - name: CODER_ARTIFACTORY_USER | ||
| valueFrom: | ||
| secretKeyRef: | ||
| name: {{ .Values.artifactory.secretName }} | ||
| key: user | ||
| - name: CODER_ARTIFACTORY_TOKEN | ||
| valueFrom: | ||
| secretKeyRef: | ||
| name: {{ .Values.artifactory.secretName }} | ||
| key: token | ||
| {{- if .Values.volumeMounts }} | ||
| volumeMounts: {{- toYaml .Values.volumeMounts | nindent 12 }} | ||
| {{- end }} | ||
| {{- if .Values.volumes }} | ||
| volumes: {{- toYaml .Values.volumes | nindent 8 }} | ||
| {{- end }} |
71 changes: 71 additions & 0 deletionshelm/values.yaml
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,71 @@ | ||
| # artifactory -- Arguments related to the JFrog Artifactory instance | ||
| coder: | ||
| # url -- The URL of your Coder deployment. Must prefix with http or https | ||
| url: "" | ||
| # secretName -- The secret to use to reference the Coder API token used | ||
| # when pushing scan results to a deployment. Must have template admin privileges. | ||
| # The key should be 'coder-token'. | ||
| # | ||
| # Create the secret by running `kubectl create secret generic coder-xray --from-literal=coder-token='<token>'` | ||
| secretName: "" | ||
| # namespace -- The namespace to searching for Pods within. | ||
| # If unspecified, this defaults to the Helm namespace. | ||
| namespace: "" | ||
| # artifactory -- Arguments related to the JFrog Artifactory instance | ||
| # to interface with. | ||
| artifactory: | ||
| # url -- The base url of the Artifactory instance. Must prefix with http or https. | ||
| url: "" | ||
| # secretName -- The secret to use to reference the user and token for querying | ||
| # the Artifactory API. The key for the user should be 'user' and | ||
| # the key for the token should be 'token'. The secret should be | ||
| # managed separately. | ||
| # | ||
| # Create the secret by running `kubectl create secret generic artifactory --from-literal=user='<user>' --from-literal=token='<token>'` | ||
| secretName: "" | ||
| # volumes -- A list of extra volumes to add to the coder-xray pod. | ||
| volumes: | ||
| # emptyDir: {} | ||
| # - name: "my-volume" | ||
| # volumeMounts -- A list of extra volume mounts to add to the coder-xray pod. | ||
| volumeMounts: | ||
| # - name: "my-volume" | ||
| # mountPath: "/mnt/my-volume" | ||
| # image -- The image to use. | ||
| image: | ||
| # image.repo -- The repository of the image. | ||
| repo: "ghcr.io/coder/coder-xray" | ||
| # image.tag -- The tag of the image, defaults to {{.Chart.AppVersion}} | ||
| # if not set. If you're using the chart directly from git, the default | ||
| # app version will not work and you'll need to set this value. The helm | ||
| # chart helpfully fails quickly in this case. | ||
| tag: "" | ||
| # image.pullPolicy -- The pull policy to use for the image. See: | ||
| # https://kubernetes.io/docs/concepts/containers/images/#image-pull-policy | ||
| pullPolicy: IfNotPresent | ||
| # image.pullSecrets -- The secrets used for pulling the Coder image from | ||
| # a private registry. | ||
| pullSecrets: [] | ||
| # - name: "pull-secret" | ||
| # image.sslCertFile -- Location of the SSL certificate file. Sets the $SSL_CERT_FILE | ||
| # variable inside of the container. | ||
| sslCertFile: "" | ||
| # image.sslCertDir -- Directory to check for SSL certificate files. Sets the $SSL_CERT_DIR | ||
| # variable inside of the container. | ||
| sslCertDir: "" | ||
| serviceAccount: | ||
| # serviceAccount.annotations -- The service account annotations. | ||
| annotations: {} | ||
| # serviceAccount.labels -- The service account labels. | ||
| labels: {} | ||
| # coder.serviceAccount.name -- The service account name | ||
| name: coder-xray | ||
| # nodeSelector -- Node labels for constraining the coder-xray pod to specific nodes. | ||
| nodeSelector: {} |
2 changes: 1 addition & 1 deletionreporter/reporter.go
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.Learn more about bidirectional Unicode characters
4 changes: 2 additions & 2 deletionsreporter/reporter_test.go
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.Learn more about bidirectional Unicode characters
10 changes: 5 additions & 5 deletionsroot.go
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.Learn more about bidirectional Unicode characters
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.