From 1611e44375e02e6c8539078e63dd261c13bcb028 Mon Sep 17 00:00:00 2001 From: Denis Patrakeev Date: Tue, 25 Feb 2025 15:58:37 +0300 Subject: [PATCH] [DO-1600] fix trivy_operator 8 (!49) [DO-1600] Reviewed-on: https://git.avroid.tech/K8s/k8s-configs/pulls/49 --- ...cd-apps-trivy-operator-network-policy.yaml | 25 +++++++++++++++++++ 1 file changed, 25 insertions(+) diff --git a/clusters/k8s-avroid-office.prod.local/namespaces/avroid-prod/security/trivy-operator/argocd-apps-trivy-operator-network-policy.yaml b/clusters/k8s-avroid-office.prod.local/namespaces/avroid-prod/security/trivy-operator/argocd-apps-trivy-operator-network-policy.yaml index 7fac3ae..3ddaeb7 100644 --- a/clusters/k8s-avroid-office.prod.local/namespaces/avroid-prod/security/trivy-operator/argocd-apps-trivy-operator-network-policy.yaml +++ b/clusters/k8s-avroid-office.prod.local/namespaces/avroid-prod/security/trivy-operator/argocd-apps-trivy-operator-network-policy.yaml @@ -46,6 +46,31 @@ spec: # https://aquasecurity.github.io/trivy-operator/v0.23.0/getting-started/installation/troubleshooting/#installing-the-operator-in-a-namespace-with-default-deny-all-egressingress-network-policies apiVersion: networking.k8s.io/v1 kind: NetworkPolicy +metadata: + name: trivy-operator-out-443-4954-trivy + namespace: avroid-prod + labels: + app.kubernetes.io/managed-by: argocd +spec: + podSelector: + matchLabels: + app.kubernetes.io/managed-by: trivy-operator + policyTypes: + - Egress + ingress: [] + egress: + - ports: + - port: 443 + protocol: TCP + - port: 4954 + protocol: TCP + - to: + - ipBlock: + cidr: 0.0.0.0/0 +--- +# https://aquasecurity.github.io/trivy-operator/v0.23.0/getting-started/installation/troubleshooting/#installing-the-operator-in-a-namespace-with-default-deny-all-egressingress-network-policies +apiVersion: networking.k8s.io/v1 +kind: NetworkPolicy metadata: name: trivy-operator-out-to-kubeapi namespace: avroid-prod