Install Trivy Operator#
Lens paid subscription feature
In Lens Desktop, you can set automatic vulnerability scanning of your cluster with Trivy Operator. The operator requires creating of several resources in your Kubernetes cluster. Lens Desktop provides a command sequence for installation of the Trivy Operator through the built-in Terminal.
Prerequisites#
- Permissions allowing installation of cluster resources within at least a target namespace.
- A cluster without any cluster resources related to the Trivy Operator. To clean up the cluster, see Remove Trivy Operator.
- An installed Helm release. To install Helm, see Installing Helm .
To install the Trivy Operator:
- Click the Open Install Instructions in the banner on top of a Lens Security Center view.
-
In the following modal, copy the installation command sequence:
helm repo add aqua https://aquasecurity.github.io/helm-charts/ helm repo update helm install trivy-operator aqua/trivy-operator --namespace trivy-system --create-namespace --version 0.23.3
-
Paste the command sequence in the Terminal and wait for the operator to install.
Once the Trivy Operator is correctly installed, the banner disappears from all Lens Security Center views, and Lens Desktop starts displaying the scanning results and reports.
Tip
You can also install Trivy Operator using the instructions from the official documentation . Lens Desktop is able to process and display the security reports regardless of the chosen installation option.
Lens Desktop requires enabling the Trivy Operator for automatic scanning. You can enable the operator in the cluster settings menu.
Info
For details, see the Trivy Operator documentation site .
To enable the Trivy Operator:
- Open the Settings of your cluster.
- Navigate to Lens Security Center and toggle Enable Trivy Operator.
You can also open Lens Security Center by clicking the cog button in the upper-right corner of the following views: Images, Resources, Roles:
For space clusters, only space users with the Admin
or Owner
roles can enable the Trivy Operator for all space users. As a space Admin
or Owner
, you can enable the Trivy Operator for the whole team. To do so, follow the instruction above.
Remove Trivy Operator#
To remove the Trivy Operator from your cluster:
-
In Terminal, uninstall the
trivy-operator
Helm release:helm uninstall trivy-operator -n TRIVY_OPERATOR_NAMESPACE
-
Clean up the namespace of the operator:
kubectl delete ns TRIVY_OPERATOR_NAMESPACE
-
Clean up the custom resources, associated with the Trivy Operator:
kubectl get crds | grep "aquasecurity" | xargs kubectl delete crds
kubectl get crds | Select-String "aquasecurity" | ForEach-Object { $_.Line.Split()[0] } | ForEach-Object { kubectl delete crds $_ }
Once the resources related to the Trivy Operator are removed from the cluster, the banner appears on top of Lens Security Center views.