Categorygithub.com/aquasecurity/starboard-operator
module
0.0.1-alpha.5
Repository: https://github.com/aquasecurity/starboard-operator.git
Documentation: pkg.go.dev
Overview
Versions
1
Dependencies
0
Dependents
0
Files
0

# README

starboard-operator

GitHub Release GitHub Build Actions Coverage Status Go Report Card License Docker Pulls

This operator for Starboard automatically updates security report resources in response to workload and other changes on a Kubernetes cluster - for example, initiating a vulnerability scan when a new pod is started. Please see the main Starboard repo for more info about the Starboard project.

Table of Contents

Configuration

Configuration of the operator is done via environment variables at startup.

NAMEDEFAULTDESCRIPTION
OPERATOR_NAMESPACEN/ASee Install modes
OPERATOR_TARGET_NAMESPACESN/ASee Install modes
OPERATOR_SCAN_JOB_TIMEOUT5mThe length of time to wait before giving up on a scan job
OPERATOR_SCANNER_TRIVY_ENABLEDtrueThe flag to enable Trivy vulnerability scanner
OPERATOR_SCANNER_TRIVY_VERSION0.11.0The version of Trivy to be used
OPERATOR_SCANNER_AQUA_CSP_ENABLEDfalseThe flag to enable Aqua CSP vulnerability scanner
OPERATOR_SCANNER_AQUA_CSP_VERSION5.0The version of Aqua CSP scannercli container image to be used

Install modes

The values of the OPERATOR_NAMESPACE and OPERATOR_TARGET_NAMESPACES determine the install mode, which in turn determines the multitenancy support of the operator.

MODEOPERATOR_NAMESPACEOPERATOR_TARGET_NAMESPACESDESCRIPTION
OwnNamespaceoperatorsoperatorsThe operator can be configured to watch events in the namespace it is deployed in.
SingleNamespaceoperatorsfooThe operator can be configured to watch for events in a single namespace that the operator is not deployed in.
MultiNamespaceoperatorsfoo,bar,bazThe operator can be configured to watch for events in more than one namespace.
AllNamespacesoperatorsThe operator can be configured to watch for events in all namespaces.

Vulnerability scanners

To enable Aqua CSP as vulnerability scanner set the value of the OPERATOR_SCANNER_AQUA_CSP_ENABLED to true and disable the default Trivy scanner by setting OPERATOR_SCANNER_TRIVY_ENABLED to false.

To configure the Aqua CSP scanner create the starboard-operator secret in the operators namespace:

$ kubectl create secret generic starboard-operator \
 --namespace operators \
 --from-literal OPERATOR_SCANNER_AQUA_CSP_USERNAME=$AQUA_CONSOLE_USERNAME \
 --from-literal OPERATOR_SCANNER_AQUA_CSP_PASSWORD=$AQUA_CONSOLE_PASSWORD \
 --from-literal OPERATOR_SCANNER_AQUA_CSP_VERSION=$AQUA_VERSION \
 --from-literal OPERATOR_SCANNER_AQUA_CSP_HOST=http://csp-console-svc.aqua:8080

Contributing

Thanks for taking the time to join our community and start contributing!

  • See CONTRIBUTING.md for information about setting up your development environment and deploying the operator.
  • Check out the open issues.

How does it work?

# Packages

No description provided by the author
No description provided by the author