Everyone can contribute! Learn DevOps and Cloud Native in our cafe ☕
Technology is moving fast in the DevOps and Cloud Native community.
Join the conversation and add your thoughts, tips, experiences, stories.
"Everyone Can Contribute" is inspired by GitLab's mission.
41. #EveryoneCanContribute cafe: Kubernetes Cluster Image Scanning with Trivy & Starboard
Niclas Mietz walks us Aqua Security Starboard, installed into a Civo Cloud k3s cluster. Philip Welz takes over with Trivy in Estafette.
Reminder: GitLab Commit Virtual day 2 is today. Register now!
Recording
Enjoy the session! 🦊
Highlights
First, the Starboard Operator will be installed and collecting the cluster image reports in our Civo k2s cluster. You can specifiy the namespaces for the Starboard Operator in the configuration. If left empty, all namespaces are scanned - we defined the default
namespace.
The next step is to combine this with GitLab CI/CD to see the security reports. Follow the GitLab documentation to generate the CIS_KUBECONFIG
variable as file. You can also define additional parameters for the CI/CD job.
The Estafette Vulnerability Scanner runs Trivy in a pod in a given interval and reports similar cluster image vulnerabilities. The installation with the Helm chart and values.yml
override took longer, and the Grafana dashboard sourcing the Prometheus exporter and ServiceMonitor
resource needed extra attention.