Installing the Trivy-Operator through GitOps¶
This tutorial shows you how to install the Trivy Operator through GitOps platforms, namely ArgoCD and FluxCD.
ArgoCD¶
Make sure to have ArgoCD installed and running in your Kubernetes cluster.
You can either deploy the Trivy Operator through the argocd CLI or by applying a Kubernetes manifest.
ArgoCD command:
> kubectl create ns trivy-system
> argocd app create trivy-operator --repo https://github.com/aquasecurity/trivy-operator --path deploy/helm --dest-server https://kubernetes.default.svc --dest-namespace trivy-system
Kubernetes manifest trivy-operator.yaml
:
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
name: trivy-operator
namespace: argocd
spec:
project: default
source:
chart: trivy-operator
repoURL: https://aquasecurity.github.io/helm-charts/
targetRevision: 0.0.3
helm:
values: |
trivy:
ignoreUnfixed: true
destination:
server: https://kubernetes.default.svc
namespace: trivy-system
syncPolicy:
automated:
prune: true
selfHeal: true
To apply the Kubernetes manifest, if you have the manifest locally, you can use the following command through kubectl:
> kubectl apply -f trivy-operator.yaml
application.argoproj.io/trivy-operator created
If you have the manifest in a Git repository, you can apply it to your cluster through the following command:
> kubectl apply -n argocd -f https://raw.githubusercontent.com/AnaisUrlichs/argocd-starboard/main/starboard/argocd-starboard.yaml
Once deployed, you want to tell ArgoCD to sync the application from the actual state to the desired state:
argocd app sync trivy-operator
Now you can see the deployment in the ArgoCD UI. Have a look at the ArgoCD documentation to know how to access the UI.
Note that ArgoCD is unable to show the Trivy CRDs as synced.
FluxCD¶
Make sure to have FluxCD installed and running in your Kubernetes cluster.
You can either deploy the Trivy Operator through the Flux CLI or by applying a Kubernetes manifest.
Flux command:
> kubectl create ns trivy-system
> flux create source helm trivy-operator --url https://aquasecurity.github.io/helm-charts --namespace trivy-system
> flux create helmrelease trivy-operator --chart trivy-operator
--source HelmRepository/trivy-operator
--chart-version 0.0.3
--namespace trivy-system
Kubernetes manifest trivy-operator.yaml
:
apiVersion: source.toolkit.fluxcd.io/v1beta2
kind: HelmRepository
metadata:
name: trivy-operator
namespace: flux-system
spec:
interval: 60m
url: https://aquasecurity.github.io/helm-charts/
---
apiVersion: helm.toolkit.fluxcd.io/v2beta1
kind: HelmRelease
metadata:
name: trivy-operator
namespace: trivy-system
spec:
chart:
spec:
chart: trivy-operator
sourceRef:
kind: HelmRepository
name: trivy-operator
namespace: flux-system
version: 0.10.1
interval: 60m
values:
trivy:
ignoreUnfixed: true
install:
crds: CreateReplace
createNamespace: true
You can then apply the file to your Kubernetes cluster:
kubectl apply -f trivy-operator.yaml
After the installation¶
After the install, you want to check that the Trivy operator is running in the trivy-system namespace:
kubectl get deployment -n trivy-system