As an example, let's install the operator in the
trivy-system namespace and configure it to select all namespaces,
- Clone the chart directory:
Or add Aqua chart repository:
git clone --depth 1 --branch v0.10.1 https://github.com/aquasecurity/trivy-operator.git cd trivy-operator
helm repo add aqua https://aquasecurity.github.io/helm-charts/ helm repo update
- Install the chart from a local directory:
Or install the chart from the Aqua chart repository:
helm install trivy-operator ./deploy/helm \ --namespace trivy-system \ --create-namespace \ --set="trivy.ignoreUnfixed=true"There are many values in the chart that can be set to configure Trivy-Operator.
helm install trivy-operator aqua/trivy-operator \ --namespace trivy-system \ --create-namespace \ --set="trivy.ignoreUnfixed=true" \ --version 0.10.1
- Check that the
trivy-operatorHelm release is created in the
trivy-systemnamespace, and it has status
deployed:To confirm that the operator is running, check that the
$ helm list -n trivy-system NAME NAMESPACE REVISION UPDATED STATUS CHART APP VERSION trivy-operator trivy-system 1 2021-01-27 20:09:53.158961 +0100 CET deployed trivy-operator-0.10.1 0.10.1
trivy-operatorDeployment in the
trivy-systemnamespace is available and all its containers are ready:If for some reason it's not ready yet, check the logs of the Deployment for errors:
$ kubectl get deployment -n trivy-system NAME READY UP-TO-DATE AVAILABLE AGE trivy-operator 1/1 1 1 11m
kubectl logs deployment/trivy-operator -n trivy-system
Install as Helm dependency
There are cases, when potential chart developers want to add the operator as dependency. An example would be the creation of an umbrella chart for an application, which depends on 3d-party charts.
In this case, It maybe not suitable to install the Trivy Operator in the same namespace as the main application. Instead, we can use the Helm value
operator.namespace to define a namespace where only the operator will be installed. The Operator chart will then either create a new namespace if not existing or use the existing one.
You can uninstall the operator with the following command:
helm uninstall trivy-operator -n trivy-system
You have to manually delete custom resource definitions created by the
helm install command:
Deleting custom resource definitions will also delete all security reports generated by the operator.
kubectl delete crd vulnerabilityreports.aquasecurity.github.io kubectl delete crd configauditreports.aquasecurity.github.io kubectl delete crd clusterconfigauditreports.aquasecurity.github.io kubectl delete crd rbacassessmentreports.aquasecurity.github.io kubectl delete crd infraassessmentreports.aquasecurity.github.io kubectl delete crd clusterrbacassessmentreports.aquasecurity.github.io