Possibility to use custom imagePullSecret in scan jobs (marvin, popeye, trivy)

[recroutgr]

Feature Description

We want to have a possibility to inject imagePullSecrets values into scanning CroJob definitions (marvin, popeye and trivy). Currently, helm values for imagePullSecrets filed is injected only in Deployment for zora-operator.

Is your feature request related to a problem?

We want to use a private registry for all images related to the Zora project. For that we need to use imagePullSecrets. In values file of Zora helm chart we found a field responsible for that -

zora/charts/zora/values.yaml

Line 57 in 98e8e91

imagePullSecrets: []

But apparently it works only for zora-operator deployment, not for scan jobs (marvin, popeye, trivy). We also found out that CRD for clusterscan object (from which render of cronjob happens from my understanding - https://github.com/undistro/zora/blob/v0.8.4/charts/zora/crds/zora.undistro.io_plugins.yaml ) doesn't even have imagePullSecrets field, so it's not possible to add it there manually without editing the codebase.
Therefore, cluster cannot pull images from private registry to run scans and corresponding pods go into CrashLoopBackOff state.

What alternatives have you considered?

We haven't found any other way to inject imagePullSecret field into scan definition (CronJob/Job/Pod) without external interventions.
We came up with temporary solution: We use mutations inside Zora namespace to inject imagePullSecrets values into CronJobs definition. It works well but it's still a workaround.

[matheusfm]

Hi @recroutgr,
Thank you for your detailed feature request.
It makes sense and we understand the need for this enhancement.
We'll take a closer look into it. Contributions are always welcome.