Skip to content

Helm

Helm, which is de facto standard package manager for Kubernetes, allows installing applications from parameterized YAML manifests called Helm charts.

To address shortcomings of static YAML manifests we provide the Helm chart to deploy the Trivy-Operator. The Helm chart supports all Install Modes.

As an example, let's install the operator in the trivy-system namespace and configure it to select all namespaces, except kube-system and trivy-system:

  1. Clone the chart directory:
    git clone --depth 1 --branch v0.0.1 https://github.com/aquasecurity/trivy-operator.git
    cd trivy-operator
    
    Or add Aqua chart repository:
    helm repo add aqua https://aquasecurity.github.io/helm-charts/
    helm repo update
    
  2. Install the chart from a local directory:
    helm install trivy-operator ./deploy/helm \
      --namespace trivy-system \
      --create-namespace \
      --set="trivy.ignoreUnfixed=true"
    
    Or install the chart from the Aqua chart repository:
    helm install trivy-operator aqua/trivy-operator \
      --namespace trivy-system \
      --create-namespace \
      --set="trivy.ignoreUnfixed=true" \
      --version 0.0.1
    
    There are many values in the chart that can be set to configure Trivy-Operator.
  3. Check that the trivy-operator Helm release is created in the trivy-system namespace, and it has status deployed:
    $ helm list -n trivy-system
    NAME                 NAMESPACE           REVISION    UPDATED                                 STATUS      CHART                       APP VERSION
    trivy-operator   trivy-system    1           2021-01-27 20:09:53.158961 +0100 CET    deployed    trivy-operator-0.0.1    0.0.1
    
    To confirm that the operator is running, check that the trivy-operator Deployment in the trivy-system namespace is available and all its containers are ready:
    $ kubectl get deployment -n trivy-system
    NAME                 READY   UP-TO-DATE   AVAILABLE   AGE
    trivy-operator   1/1     1            1           11m
    
    If for some reason it's not ready yet, check the logs of the Deployment for errors:
    kubectl logs deployment/trivy-operator -n trivy-system
    

Uninstall

You can uninstall the operator with the following command:

helm uninstall trivy-operator -n trivy-system

You have to manually delete custom resource definitions created by the helm install command:

Danger

Deleting custom resource definitions will also delete all security reports generated by the operator.

kubectl delete crd vulnerabilityreports.aquasecurity.github.io
kubectl delete crd clustervulnerabilityreports.aquasecurity.github.io
kubectl delete crd configauditreports.aquasecurity.github.io
kubectl delete crd ciskubebenchreports.aquasecurity.github.io
kubectl delete crd kubehunterreports.aquasecurity.github.io
kubectl delete crd clusterconfigauditreports.aquasecurity.github.io
kubectl delete crd clustercompliancereports.aquasecurity.github.io
kubectl delete crd clustercompliancedetailreports.aquasecurity.github.io