Kubernetes/k8s-configs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

[DO-1600] fix trivy_operator 8 (!49)

Browse Source 
[DO-1600]

Reviewed-on: https://git.avroid.tech/K8s/k8s-configs/pulls/49
This commit is contained in:
Denis Patrakeev
2025-02-25 15:58:37 +03:00
parent 35341ba931
commit 1611e44375
1 changed files with 25 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

25
clusters/k8s-avroid-office.prod.local/namespaces/avroid-prod/security/trivy-operator/argocd-apps-trivy-operator-network-policy.yaml
View File

@@ -46,6 +46,31 @@ spec:
# https://aquasecurity.github.io/trivy-operator/v0.23.0/getting-started/installation/troubleshooting/#installing-the-operator-in-a-namespace-with-default-deny-all-egressingress-network-policies # https://aquasecurity.github.io/trivy-operator/v0.23.0/getting-started/installation/troubleshooting/#installing-the-operator-in-a-namespace-with-default-deny-all-egressingress-network-policies
apiVersion: networking.k8s.io/v1 apiVersion: networking.k8s.io/v1
kind: NetworkPolicy kind: NetworkPolicy
metadata:
name: trivy-operator-out-443-4954-trivy
namespace: avroid-prod
labels:
app.kubernetes.io/managed-by: argocd
spec:
podSelector:
matchLabels:
app.kubernetes.io/managed-by: trivy-operator
policyTypes:
- Egress
ingress: []
egress:
- ports:
- port: 443
protocol: TCP
- port: 4954
protocol: TCP
- to:
- ipBlock:
cidr: 0.0.0.0/0
---
# https://aquasecurity.github.io/trivy-operator/v0.23.0/getting-started/installation/troubleshooting/#installing-the-operator-in-a-namespace-with-default-deny-all-egressingress-network-policies
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata: metadata:
name: trivy-operator-out-to-kubeapi name: trivy-operator-out-to-kubeapi
namespace: avroid-prod namespace: avroid-prod