The module is not enabled by default in any bundles.
The module is configured using the ModuleConfig custom resource named operator-trivy
(learn more about setting up Deckhouse…).
Example of the ModuleConfig/operator-trivy
resource for configuring the module:
apiVersion: deckhouse.io/v1alpha1
kind: ModuleConfig
metadata:
name: operator-trivy
spec:
version: 1
enabled: true
settings: # <-- Module parameters from the "Parameters" section below.
Parameters
Schema version: 1
- linkCVEtoBDUboolean
Convert vulnerability reports. Convert CVE database vulnerabilities to BDU database records.
Default:
false
Examples:
linkCVEtoBDU: true
linkCVEtoBDU: false
- nodeSelectorobject
Optional
nodeSelector
foroperator-trivy
and scan jobs.The same as
spec.nodeSelector
for the Kubernetes pod.If the parameter is omitted or
false
, it will be determined automatically.Example:
nodeSelector: disktype: ssd
- tolerationsarray of objects
Optional
tolerations
foroperator-trivy
and scan jobs.The same as
spec.tolerations
for the Kubernetes pod.If the parameter is omitted or
false
, it will be determined automatically.Example:
tolerations: - key: key1 operator: Equal value: value1 effect: NoSchedule
- tolerations.effectstring
- tolerations.keystring
- tolerations.operatorstring
- tolerations.tolerationSecondsinteger
- tolerations.valuestring