Skip to content

Installing the Trivy-Operator through GitOps

This tutorial shows you how to install the Trivy Operator through GitOps platforms, namely ArgoCD and FluxCD.

ArgoCD

Make sure to have ArgoCD installed and running in your Kubernetes cluster.

You can either deploy the Trivy Operator through the argocd CLI or by applying a Kubernetes manifest.

ArgoCD command: 

> kubectl create ns trivy-system
> argocd app create trivy-operator --repo https://github.com/aquasecurity/trivy-operator --path deploy/helm --dest-server https://kubernetes.default.svc --dest-namespace trivy-system
Note that this installation is directly related to our official Helm Chart. If you want to change any of the value, we'd suggest you to create a separate values.yaml file.

Kubernetes manifest trivy-operator.yaml: 

apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
  name: trivy-operator
  namespace: argocd
spec:
  project: default
  source:
    chart: trivy-operator
    repoURL: https://aquasecurity.github.io/helm-charts/
    targetRevision: 0.0.3
    helm:
      values: |
        trivy:
          ignoreUnfixed: true
  destination:
    server: https://kubernetes.default.svc
    namespace: trivy-system
  syncPolicy:
    automated:
      prune: true
      selfHeal: true

To apply the Kubernetes manifest, if you have the manifest locally, you can use the following command through kubectl: 

> kubectl apply -f trivy-operator.yaml

application.argoproj.io/trivy-operator created

If you have the manifest in a Git repository, you can apply it to your cluster through the following command: 

> kubectl apply -n argocd -f https://raw.githubusercontent.com/AnaisUrlichs/argocd-starboard/main/starboard/argocd-starboard.yaml
The latter command would allow you to make changes to the YAML manifest that ArgoCD would register automatically.

Once deployed, you want to tell ArgoCD to sync the application from the actual state to the desired state: 

argocd app sync trivy-operator

Now you can see the deployment in the ArgoCD UI. Have a look at the ArgoCD documentation to know how to access the UI.

ArgoCD UI after deploying the Trivy Operator

Note that ArgoCD is unable to show the Trivy CRDs as synced.

FluxCD

Make sure to have FluxCD installed and running in your Kubernetes cluster.

You can either deploy the Trivy Operator through the Flux CLI or by applying a Kubernetes manifest.

Flux command: 

> kubectl create ns trivy-system
> flux create source helm trivy-operator --url https://aquasecurity.github.io/helm-charts --namespace trivy-system
> flux create helmrelease trivy-operator --chart trivy-operator
  --source HelmRepository/trivy-operator
  --chart-version 0.0.3
  --namespace trivy-system

Kubernetes manifest trivy-operator.yaml: 

apiVersion: source.toolkit.fluxcd.io/v1beta2
kind: HelmRepository
metadata:
  name: trivy-operator
  namespace: flux-system
spec:
  interval: 60m
  url: https://aquasecurity.github.io/helm-charts/

---
apiVersion: helm.toolkit.fluxcd.io/v2beta1
kind: HelmRelease
metadata:
  name: trivy-operator
  namespace: trivy-system
spec:
  chart:
    spec:
      chart: trivy-operator
      sourceRef:
        kind: HelmRepository
        name: trivy-operator
        namespace: flux-system
      version: 0.10.1
  interval: 60m
  values:
    trivy:
      ignoreUnfixed: true
  install:
    crds: CreateReplace
    createNamespace: true

You can then apply the file to your Kubernetes cluster: 

kubectl apply -f trivy-operator.yaml

After the installation

After the install, you want to check that the Trivy operator is running in the trivy-system namespace: 

kubectl get deployment -n trivy-system