Everyone can contribute! Learn DevOps and Cloud Native in our cafe ☕
Technology is moving fast in the DevOps and Cloud Native community.
Join the conversation and add your thoughts, tips, experiences, stories.
"Everyone Can Contribute" is inspired by GitLab's mission.
41. #EveryoneCanContribute cafe: Kubernetes Cluster Image Scanning with Trivy & Starboard
Reminder: GitLab Commit Virtual day 2 is today. Register now!
Enjoy the session! 🦊
First, the Starboard Operator will be installed and collecting the cluster image reports in our Civo k2s cluster. You can specifiy the namespaces for the Starboard Operator in the configuration. If left empty, all namespaces are scanned - we defined the
The next step is to combine this with GitLab CI/CD to see the security reports. Follow the GitLab documentation to generate the
CIS_KUBECONFIG variable as file. You can also define additional parameters for the CI/CD job.
The Estafette Vulnerability Scanner runs Trivy in a pod in a given interval and reports similar cluster image vulnerabilities. The installation with the Helm chart and
values.yml override took longer, and the Grafana dashboard sourcing the Prometheus exporter and
ServiceMonitor resource needed extra attention.