Skip to content

vijaybiradar/Deploying-Trivy-Operator-with-kube-prometheus-stack-for-Enhanced-Kubernetes-Security

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

7 Commits

README.md

README.md

 
 

Repository files navigation

Deploying Trivy Operator with kube-prometheus-stack for Enhanced Kubernetes Security.

Step 1: Create a Namespace for Monitoring

kubectl create ns monitoring

Step 2: Add kube-prometheus-stack Helm Chart Repository

helm repo add prometheus-community https://prometheus-community.github.io/helm-charts
helm repo update

image

Untar the Helm chart for prometheus-community/kube-prometheus-stack:

helm pull --untar prometheus-community/kube-prometheus-stack

Step 3: Customize and Install Kube Prometheus Stack Edit values.yaml to customize Kube Prometheus Stack:

prometheus:
  prometheusSpec:
    serviceMonitorSelectorNilUsesHelmValues: true
    serviceMonitorSelector: {}
    serviceMonitorNamespaceSelector: {}

Install Prometheus Helm Chart:

helm upgrade --install kube-prom prometheus-community/kube-prometheus-stack -n monitoring -f values.yaml --install --debug

image

image

Step 4: Add Aqua Security Helm Chart Repository

helm repo add aqua https://aquasecurity.github.io/helm-charts/
helm repo update

image

untar the Helm chart for trivy-operator from the aqua/trivy-operator

helm pull --untar aqua/trivy-operator

Step 5: Customize and Install Trivy Operator Edit values.yaml to customize Trivy Operator installation:

serviceMonitor:
  # enabled determines whether a serviceMonitor should be deployed
  enabled: true
trivy:
  ignoreUnfixed: true

Install Trivy Operator:

helm install trivy-operator aqua/trivy-operator -n monitoring -f values.yaml

image

Step 6: Access Grafana Dashboard

Port Forward Grafana Service

kubectl port-forward svc/prom-grafana 3000:80 -n monitoring

Access Grafana Dashboard Open a web browser and go to localhost:3000.

image

Login with the following credentials: Username: admin Password: (retrieve password using the following command)

kubectl get secret prom-grafana -o jsonpath="{.data.admin-password}" -n monitoring | base64 --decode ; echo

Username: admin Password: prom-operator

  1. Import Trivy Dashboard into Grafana Navigate to "Dashboards" in Grafana. Click on "New" and select "Import". Enter dashboard ID 17813 and click on "Load".

image image

Navigate to "Dashboards" in Grafana. Click on "New" and select "Import". Enter dashboard ID 16652 and click on "Load". image

Navigate to "Dashboards" in Grafana. Click on "New" and select "Import". Enter dashboard ID 16742 and click on "Load".

image

8.Explore Trivy Operator metrics through Prometheus to gain insights into image vulnerabilities and enhance Kubernetes cluster security.:

Total vulnerabilities found in your cluster:

sum(trivy_image_vulnerabilities) Total misconfiguration identified in your cluster:

sum(trivy_resource_configaudits) Exposed Secrets discovered by the Trivy Operator in your cluster:

sum(trivy_image_exposedsecrets) image

  1. Query Reports

After Trivy Operator starts running scans, you can query the generated reports using the following commands:

kubectl get vulnerabilityreports --all-namespaces -o wide
kubectl get configauditreports --all-namespaces -o wide
kubectl get infraassessmentreports --all-namespaces -o wide
kubectl get rbacassessmentreports --all-namespaces -o wide
kubectl get exposedsecretreport --all-namespaces -o wide
kubectl get clustercompliancereport --all-namespaces -o wide

image image image image image image

About

No description or website provided.

Topics

trivy-operator kube-prometheus-stack

Resources

Readme
Activity

Stars

0 stars

Watchers

1 watching

Forks

1 fork
Report repository

Releases

No releases published

Packages

No packages published