|
This is unreleased documentation for SBOM Scanner 0.9.0-dev. |
Helm Values Configuration
This document describes the available configuration options for the SBOMscanner Helm chart.
You can customize these values in two ways:
-
Create a custom values file (e.g.,
my-values.yaml) with your overrides and pass it to Helm:
helm install sbomscanner ./chart -f my-values.yaml-
Use
--setflags to override specific values directly:
helm install sbomscanner ./chart --set controller.replicas=5 --set storage.postgres.cnpg.instances=5For more details on customizing Helm charts, see the Helm documentation.
Log Levels
You can configure the log level for each SBOMscanner component to control the verbosity of the logs.
controller:
logLevel: "info"
storage:
logLevel: "info"
worker:
logLevel: "info"Available log levels are: debug, info, warn, error.
Resource Limits and Requests
Each component has default resource limits and requests that you can customize based on your cluster’s capacity and workload requirements.
Worker
worker:
resources:
limits:
cpu: 500m
memory: 1Gi
requests:
cpu: 250m
memory: 300MiAdjust these values based on your workload. The storage component typically needs more memory due to SBOM processing.
For more information on resource management, see the Kubernetes documentation on resource requests and limits.
PostgreSQL Configuration
SBOMscanner requires a PostgreSQL database to store SBOM data. You have two options: use the built-in CloudNativePG (CNPG) operator or connect to an external PostgreSQL instance.
Using CloudNativePG (Default)
By default, SBOMscanner deploys a PostgreSQL cluster using the CloudNativePG operator. This is the easiest way to get started.
storage:
postgres:
cnpg:
enabled: true
instances: 3
storage:
size: 1Gi
resizeInUseVolumes: true
storageClass: ""
pvcTemplate: {}Configuration options: - instances: Number of PostgreSQL replicas
(default: 3) - storage.size: Size of the persistent volume. You can
increase this value later, and changes will be automatically applied to
existing PVCs. Size cannot be decreased. See the
CNPG
documentation for more details. - storage.resizeInUseVolumes:
Automatically resize PVCs (default: true) - storage.storageClass:
Specify a storage class. If empty, uses the cluster’s default storage
class. - storage.pvcTemplate: Custom PVC template if you need advanced
configuration
For more configuration options, refer to the CloudNativePG Cluster configuration documentation.
Using an External PostgreSQL Instance
If you already have a PostgreSQL instance or prefer to manage it separately, disable CNPG and provide connection details.
storage:
postgres:
cnpg:
enabled: false
authSecretName: "my-postgres-credentials"
caSecretName: "my-postgres-ca"Steps to configure external PostgreSQL:
-
Create a
Secretwith the PostgreSQL connection URI:
apiVersion: v1
kind: Secret
metadata:
name: my-postgres-credentials
namespace: default
stringData:
uri: "postgresql://user:password@postgres.example.com:5432/sbomscanner?sslmode=require"The URI format follows the PostgreSQL connection URI specification.
|
Any |
-
Create a
Secretwith the CA certificate used to verify the PostgreSQL server certificate:
apiVersion: v1
kind: Secret
metadata:
name: my-postgres-ca
namespace: default
stringData:
ca.crt: |
-----BEGIN CERTIFICATE-----
...
-----END CERTIFICATE------
Reference the secrets in your Helm values:
storage:
postgres:
authSecretName: "my-postgres-credentials"
caSecretName: "my-postgres-ca"Please note: When using an external PostgreSQL instance, make sure the database is already created and accessible from your Kubernetes cluster.