Review configuration documentation

[Jeansen]

When I install the operator via OLM, I have the following config-map entries:

  compliance.failEntriesLimit: '10'
  configAuditReports.scanner: Trivy
  node.collector.imageRef: ghcr.io/aquasecurity/node-collector:0.1.2
  policies.bundle.oci.ref: ghcr.io/aquasecurity/trivy-policies:0
  report.recordFailedChecksOnly: 'true'
  scanJob.compressLogs: 'true'
  vulnerabilityReports.scanner: Trivy

With helm, the default CM looks like this:

data:
  compliance.failEntriesLimit: '10'
  configAuditReports.scanner: Trivy
  node.collector.imageRef: ghcr.io/aquasecurity/node-collector:0.2.1
  node.collector.nodeSelector: 'true'
  nodeCollector.volumeMounts: >-
    [{"mountPath":"/var/lib/etcd","name":"var-lib-etcd","readOnly":true},{"mountPath":"/var/lib/kubelet","name":"var-lib-kubelet","readOnly":true},{"mountPath":"/var/lib/kube-scheduler","name":"var-lib-kube-scheduler","readOnly":true},{"mountPath":"/var/lib/kube-controller-manager","name":"var-lib-kube-controller-manager","readOnly":true},{"mountPath":"/etc/systemd","name":"etc-systemd","readOnly":true},{"mountPath":"/lib/systemd/","name":"lib-systemd","readOnly":true},{"mountPath":"/etc/kubernetes","name":"etc-kubernetes","readOnly":true},{"mountPath":"/etc/cni/net.d/","name":"etc-cni-netd","readOnly":true}]
  nodeCollector.volumes: >-
    [{"hostPath":{"path":"/var/lib/etcd"},"name":"var-lib-etcd"},{"hostPath":{"path":"/var/lib/kubelet"},"name":"var-lib-kubelet"},{"hostPath":{"path":"/var/lib/kube-scheduler"},"name":"var-lib-kube-scheduler"},{"hostPath":{"path":"/var/lib/kube-controller-manager"},"name":"var-lib-kube-controller-manager"},{"hostPath":{"path":"/etc/systemd"},"name":"etc-systemd"},{"hostPath":{"path":"/lib/systemd"},"name":"lib-systemd"},{"hostPath":{"path":"/etc/kubernetes"},"name":"etc-kubernetes"},{"hostPath":{"path":"/etc/cni/net.d/"},"name":"etc-cni-netd"}]
  policies.bundle.insecure: 'false'
  policies.bundle.oci.ref: ghcr.io/aquasecurity/trivy-checks:0
  report.recordFailedChecksOnly: 'true'
  scanJob.compressLogs: 'true'
  scanJob.podTemplateContainerSecurityContext: >-
    {"allowPrivilegeEscalation":false,"capabilities":{"drop":["ALL"]},"privileged":false,"readOnlyRootFilesystem":true}
  vulnerabilityReports.scanner: Trivy

I cannot find information e.g. about the compliance.failEntriesLimit in https://aquasecurity.github.io/trivy-operator/v0.2.1/operator/configuration/. The same is true for e.g. nodeCollector.volumeMounts and many other. Please update the documentation regarding the configuration.

[chen-keinan]

@Jeansen thanks for the feedback, I have created a PR to update defaults

regarding docs:

• nodeCollector.volumMounts helm values specified it purpose for collecting node config file information
• compliance.failEntriesLimit - helm doc is updated with PR

[Jeansen]

Hi @chen-keinan Thank you. You created a PR regarding the compliance.failEntriesLimit but reference Helm values regarding nodeCollector.volumMounts. I opened this issue regarding the documentation on https://aquasecurity.github.io/trivy-operator/v0.2.1/operator/configuration/. Of course I can check the values.yaml, if I install via Helm. But initially I wanted to use OLM. Having to check another installation path for documentation is a smell. Please review the docs. Also, it is not about these two examples, there are more.

Actually I'd suggest you generate the documentation from the Helm values. Also, even within the values.yaml it is not documented why nodeCollector.volumMounts mounts the predefined values. Why is this a default and what could optionally be put there?