Helm¶
Helm, which is de facto standard package manager for Kubernetes, allows installing applications from parameterized YAML manifests called Helm charts.
To address shortcomings of static YAML manifests we provide the Helm chart to deploy the Trivy-Operator. The Helm chart supports all Install Modes.
As an example, let's install the operator in the trivy-system
namespace and configure it to select all namespaces,
except kube-system
and trivy-system
:
- Clone the chart directory:
Or add Aqua chart repository:
git clone --depth 1 --branch v0.0.1 https://github.com/aquasecurity/trivy-operator.git cd trivy-operator
helm repo add aqua https://aquasecurity.github.io/helm-charts/ helm repo update
- Install the chart from a local directory:
Or install the chart from the Aqua chart repository:
helm install trivy-operator ./deploy/helm \ --namespace trivy-system \ --create-namespace \ --set="trivy.ignoreUnfixed=true"
There are many values in the chart that can be set to configure Trivy-Operator.helm install trivy-operator aqua/trivy-operator \ --namespace trivy-system \ --create-namespace \ --set="trivy.ignoreUnfixed=true" \ --version 0.0.1
- Check that the
trivy-operator
Helm release is created in thetrivy-system
namespace, and it has statusdeployed
:To confirm that the operator is running, check that the$ helm list -n trivy-system NAME NAMESPACE REVISION UPDATED STATUS CHART APP VERSION trivy-operator trivy-system 1 2021-01-27 20:09:53.158961 +0100 CET deployed trivy-operator-0.0.1 0.0.1
trivy-operator
Deployment in thetrivy-system
namespace is available and all its containers are ready:If for some reason it's not ready yet, check the logs of the Deployment for errors:$ kubectl get deployment -n trivy-system NAME READY UP-TO-DATE AVAILABLE AGE trivy-operator 1/1 1 1 11m
kubectl logs deployment/trivy-operator -n trivy-system
Uninstall¶
You can uninstall the operator with the following command:
helm uninstall trivy-operator -n trivy-system
You have to manually delete custom resource definitions created by the helm install
command:
Danger
Deleting custom resource definitions will also delete all security reports generated by the operator.
kubectl delete crd vulnerabilityreports.aquasecurity.github.io
kubectl delete crd clustervulnerabilityreports.aquasecurity.github.io
kubectl delete crd configauditreports.aquasecurity.github.io
kubectl delete crd ciskubebenchreports.aquasecurity.github.io
kubectl delete crd kubehunterreports.aquasecurity.github.io
kubectl delete crd clusterconfigauditreports.aquasecurity.github.io
kubectl delete crd clustercompliancereports.aquasecurity.github.io
kubectl delete crd clustercompliancedetailreports.aquasecurity.github.io