The module is not enabled by default in any bundles.
The module is configured using the ModuleConfig custom resource named operator-trivy
(learn more about setting up Deckhouse…).
Example of the ModuleConfig/operator-trivy
resource for configuring the module:
apiVersion: deckhouse.io/v1alpha1
kind: ModuleConfig
metadata:
name: operator-trivy
spec:
version: 1
enabled: true
settings: # <-- Module parameters from the "Parameters" section below.
Parameters
Schema version: 1
- object
Optional
nodeSelector
foroperator-trivy
and scan jobs.The same as
spec.nodeSelector
for the Kubernetes pod.If the parameter is omitted or
false
, it will be determined automatically.Example:
nodeSelector: disktype: ssd
- array of strings
Filter vulnerability reports by their severities.
Example:
severities: - UNKNOWN - CRITICAl
- string
The name of StorageClass that will be used in the cluster by default.
If the value is not specified, the StorageClass will be used according to the global storageClass parameter setting.
The global
storageClass
parameter is only considered when the module is enabled. Changing the globalstorageClass
parameter while the module is enabled will not trigger disk re-provisioning.Warning. Specifying a value different from the one currently used (in the existing PVC) will result in disk re-provisioning and all data will be deleted.
If
false
is specified,emptyDir
will be forced to be used.Examples:
storageClass: ceph-ssd
storageClass: 'false'
- array of objects
Optional
tolerations
foroperator-trivy
and scan jobs.The same as
spec.tolerations
for the Kubernetes pod.If the parameter is omitted or
false
, it will be determined automatically.Example:
tolerations: - key: key1 operator: Equal value: value1 effect: NoSchedule