Everyone can contribute! Let's learn together in a weekly cafe ☕
We love to break things, make mistakes, debug, analyse, fix problems together. Live and unfiltered on Youtube.
Community members and thought leaders regularly join and share their projects and ideas.
"Everyone Can Contribute" is inspired by GitLab's mission.
41. #EveryoneCanContribute cafe: Kubernetes Cluster Image Scanning with Trivy & Starboard
Reminder: GitLab Commit Virtual day 2 is today. Register now!
Enjoy the session! 🦊
First, the Starboard Operator will be installed and collecting the cluster image reports in our Civo k2s cluster. You can specifiy the namespaces for the Starboard Operator in the configuration. If left empty, all namespaces are scanned - we defined the
The next step is to combine this with GitLab CI/CD to see the security reports. Follow the GitLab documentation to generate the
CIS_KUBECONFIG variable as file. You can also define additional parameters for the CI/CD job.
The Estafette Vulnerability Scanner runs Trivy in a pod in a given interval and reports similar cluster image vulnerabilities. The installation with the Helm chart and
values.yml override took longer, and the Grafana dashboard sourcing the Prometheus exporter and
ServiceMonitor resource needed extra attention.