Merge pull request #164 from snyk/fix/adjustable-storage

ivanstanev · web-flow · commit e0153f33ded2 · 2019-10-15T16:13:06.000+01:00
fix: increase temporary storage to 50Gi
diff --git a/README.md b/README.md
@@ -79,6 +79,6 @@ kubectl apply -f snyk-monitor-deployment.yaml
 ## Enabling static analysis ##
 
 Static analysis works with any container runtime and does not rely on Docker to scan the images in your cluster.
-It works by pulling the image, unpacking it and inspecting the files directly. For this process it needs temporary storage, so the Snyk monitor uses 20 GB of storage in the form of [emptyDir](https://kubernetes.io/docs/concepts/storage/volumes/#emptydir).
+It works by pulling the image, unpacking it and inspecting the files directly. For this process it needs temporary storage, so the Snyk monitor uses 50 GB of storage in the form of [emptyDir](https://kubernetes.io/docs/concepts/storage/volumes/#emptydir).
 
 To enable static analysis, modify one of the permissions files (`snyk-monitor-namespaced-permissions.yaml` for the Namespaced deployment or `snyk-monitor-cluster-permissions.yaml` for the Cluster-scoped deployment) and set the string value of `staticAnalysis` to `"true"`.
diff --git a/snyk-monitor-deployment.yaml b/snyk-monitor-deployment.yaml
@@ -79,5 +79,5 @@ spec:
               path: config.json
       - name: temporary-storage
         emptyDir:
-          sizeLimit: 20Gi
+          sizeLimit: 50Gi
       serviceAccountName: snyk-monitor
diff --git a/snyk-monitor/README.md b/snyk-monitor/README.md
@@ -74,7 +74,7 @@ helm upgrade --generate-name --install snyk-monitor snyk-charts/snyk-monitor --n
 ## Enabling static analysis ##
 
 Static analysis works with any container runtime and does not rely on Docker to scan the images in your cluster.
-It works by pulling the image, unpacking it and inspecting the files directly. For this process it needs temporary storage, so the Snyk monitor uses 20 GB of storage in the form of [emptyDir](https://kubernetes.io/docs/concepts/storage/volumes/#emptydir).
+It works by pulling the image, unpacking it and inspecting the files directly. For this process it needs temporary storage, so the Snyk monitor uses 50 GB of storage in the form of [emptyDir](https://kubernetes.io/docs/concepts/storage/volumes/#emptydir).
 The Docker socket is _not_ mounted when static analysis is enabled.
 
 To enable static analysis, set the `featureFlags.staticAnalysis` value to `true`:
diff --git a/snyk-monitor/templates/deployment.yaml b/snyk-monitor/templates/deployment.yaml
@@ -74,5 +74,5 @@ spec:
         {{- if eq .Values.featureFlags.staticAnalysis true }}
         - name: temporary-storage
           emptyDir:
-            sizeLimit: 20Gi
+            sizeLimit: {{ .Values.temporaryStorageSize }}
         {{- end }}
diff --git a/snyk-monitor/values.yaml b/snyk-monitor/values.yaml
@@ -30,3 +30,7 @@ dockerSocketHostPath: "/var/run/docker.sock"
 
 featureFlags:
   staticAnalysis: false
+
+# The snyk-monitor requires disk storage to temporarily pull container images and to scan them for vulnerabilities.
+# This value controls how much disk storage _at most_ may be allocated for the snyk-monitor. The snyk-monitor mounts an emptyDir for storage.
+temporaryStorageSize: 50Gi
