[DO-1600] Fix trivy-operator 3 (!43)

[DO-1600] Reviewed-on: https://git.avroid.tech/K8s/k8s-configs/pulls/43
2025-02-25 13:34:19 +03:00
parent 99a83a42d3
commit 7a0a151fe7
1 changed files with 13 additions and 1 deletions
--- a/clusters/k8s-avroid-office.prod.local/namespaces/avroid-prod/security/trivy-operator/argocd-apps-trivy-operator-network-policy.yaml
+++ b/clusters/k8s-avroid-office.prod.local/namespaces/avroid-prod/security/trivy-operator/argocd-apps-trivy-operator-network-policy.yaml
@@ -17,6 +17,8 @@ spec:
        - namespaceSelector:
            matchLabels:
              kubernetes.io/metadata.name: ingress-nginx
+    # https://aquasecurity.github.io/trivy-operator/v0.23.0/getting-started/installation/troubleshooting/#installing-the-operator-in-a-namespace-with-default-deny-all-egressingress-network-policies
+    
 ---
 apiVersion: networking.k8s.io/v1
 kind: NetworkPolicy
@@ -31,12 +33,22 @@ spec:
    - Egress
  ingress: []
  egress:
+    # https://aquasecurity.github.io/trivy-operator/v0.23.0/getting-started/installation/troubleshooting/#installing-the-operator-in-a-namespace-with-default-deny-all-egressingress-network-policies
    - ports:
+        - port: 53
+          protocol: TCP
+        - port: 53
+          protocol: UDP
        - port: 443
          protocol: TCP
-        - port: 80
+        - port: 4954
          protocol: TCP
    - to:
+        - namespaceSelector:
+            matchLabels:
+              kubernetes.io/metadata.name: kube-system
        - podSelector:
            matchLabels:
              app.kubernetes.io/name: trivy
+        - ipBlock:
+            cidr: 172.24.0.1/32