Evolution of application deployment over the past 20 years.
Configure your local and remote lab environments.
Covers the resource types that are included with Kubernetes.
•Pod
•Job
Using helm to manage Kubernetes resources
Example microservice application.
Kubernetes manifests to deploy the demo application.
Explore how custom resources can add functionality
Install additional software to enhance the deployment.
Improving the DevX when working with Kubernetes.
How to safely upgrade your clusters and nodes.
Implement CI/CD for your applications (with GitOps!)
Trivy is an open-source project from Aqua Security that automatically scans the container images and configurations running in your cluster. Deploying the operator gives you ongoing visibility into CVEs without requiring manual scans each time a new image is deployed.
It will:
The course repository includes a Taskfile that installs the Trivy Operator with Helm.
# task trivy-operator:01-install-trivy-operator
Which runs the following commands:
helm repo add aqua https://aquasecurity.github.io/helm-charts/
helm repo update
helm upgrade --install trivy-operator aqua/trivy-operator \
--namespace trivy-system \
--create-namespace \
--version 0.23.2
After installation the operator immediately starts jobs to scan every detected image.
kubectl get pods -n trivy-system
You should see the operator pod as well as one or more vulnerabilityreport-scan
jobs.
List the generated reports:
kubectl get vulnerabilityreports -A
Add the -o wide
flag to get a summary count of vulnerabilities found at each severity level.
To inspect a specific report in detail:
kubectl get vulnerabilityreports -n demo-app <report-name> -o yaml | yq
The output shows each CVE along with links to additional information. In the video we saw an example vulnerability in the Go standard library that could be resolved by updating the base image version.
If you want to remove the operator, run:
# task trivy-operator:02-uninstall-trivy-operator
All of the code used in this lesson is available in the course GitHub repository.