I'm trying to set up the Trivy operator helm chart on my development cluster for security scanning, but I'm running into issues. The error messages I'm seeing indicate problems with image authentication from our Azure Container Registry; it says the system isn't authenticated. Additionally, I'm getting a message that the Docker daemon isn't running and that the Podman socket can't be found. I'm using AKS version 1.30.0 and the Trivy operator helm chart version 0.23.3. Ideally, I want to configure Trivy to use our managed identity for accessing ACR, but all the instructions I seem to come across relate to workload identity, aad-pod-identity, or service principals. If anyone has dealt with this and can offer some guidance, I would really appreciate it as we need to resolve this as soon as possible!
3 Answers
I was in the same boat and found that using filesystem mode worked for me. It doesn’t require any secrets and scans images directly from the nodes. It’s less risky since Trivy doesn't need any extra permissions to access other resources. If I find a better solution later on, I’ll update!
I've had success using the workload identity for accessing Azure Container Registry. It can be a bit tricky to set up initially, but it’s worth it if you want to manage permissions securely. You might want to look into that approach if you haven't already.
Honestly, I find workload identity frustrating. If you’re looking for a workaround, consider running the Trivy operator in filesystem mode instead. It avoids the hassles of messing with those identities. Good luck!
Related Questions
Set Wordpress Featured Image Using Javascript
How To Fix PHP Random Being The Same
Why no WebP Support with Wordpress
Replace Wordpress Cron With Linux Cron
Customize Yoast Canonical URL Programmatically
[Centos] Delete All Files And Folders That Contain a String