Replies: 5 comments 6 replies
-
@avishefi It is a problem with trivy-operator, right? @chen-keinan If I remember correctly, you told me about this enhancement. Do you have an issue in GitHub? I couldn't find it. |
Beta Was this translation helpful? Give feedback.
-
I think an optional CLI flag for a default registry or mirror with credentials which precedes the default registry or even replaces it can solve this scenario. |
Beta Was this translation helpful? Give feedback.
-
Related also to #3004 |
Beta Was this translation helpful? Give feedback.
-
This feature would also help when using containerd registry mirrors. Example# /etc/containerd/certs.d/docker.io/hosts.toml
server = "https://docker.io"
[host."https://harbor.example.com/v2/docker.io"]
capabilities = ["pull", "resolve"]
override_path = true By using the above config, a Kubernetes pod that attempts to use Trivy is not able to make use of this transparent redirection, and will instead attempt to pull the image directly from |
Beta Was this translation helpful? Give feedback.
-
Question
I have an air-gapped Kubernetes cluster configured so that the registry mirrors are defined on the host and all references to an image go to a private registry. For example:
aquasecurity/trivy
is automatically fetched from<private-registry>/aquasecurity/trivy
without specifying image pull secrets or a registry explicitly.Trivy can't fetch images defined this way (used through trivy-operator) and attempts to fetch all images from docker.io instead of the private registry.
Is there a way for Trivy to fetch images from the private registry configured this way? I tried both Standalone and ClientServer and couldn't find a configuration for that.
Target
Container Image
Scanner
Vulnerability
Output Format
None
Mode
None
Operating System
OpenShift 4.11, Kubernetes 1.24, RHEL 8
Version
Beta Was this translation helpful? Give feedback.
All reactions