kubectl
The Kubernetes Yaml Deployment files are available on GitHub in https://github.com/aquasecurity/trivy-operator under /deploy/static
.
Example - Deploy from GitHub
This will install the operator in the trivy-system
namespace and configure it to scan all namespaces, except kube-system
and trivy-system
:
kubectl apply -f https://raw.githubusercontent.com/aquasecurity/trivy-operator/v0.23.0/deploy/static/trivy-operator.yaml
To confirm that the Operator is running, check that the trivy-operator
Deployment in the trivy-system
namespace is available and all its containers are ready:
$ kubectl get deployment -n trivy-system
NAME READY UP-TO-DATE AVAILABLE AGE
trivy-operator 1/1 1 1 11m
If for some reason it's not ready yet, check the logs of the trivy-operator
Deployment for errors:
kubectl logs deployment/trivy-operator -n trivy-system
Advanced Configuration
You can configure Trivy-Operator to control it's behavior and adapt it to your needs. Aspects of the operator machinery are configured using environment variables on the operator Pod, while aspects of the scanning behavior are controlled by ConfigMaps and Secrets. To learn more, please refer to the Configuration documentation.
Uninstall
Danger
Uninstalling the operator and deleting custom resource definitions will also delete all generated security reports.
You can uninstall the operator with the following command:
kubectl delete -f https://raw.githubusercontent.com/aquasecurity/trivy-operator/v0.23.0/deploy/static/trivy-operator.yaml