--- # Source: trivy/charts/trivy-operator/templates/deployment.yaml apiVersion: apps/v1 kind: Deployment metadata: name: trivy-trivy-operator namespace: trivy labels: helm.sh/chart: trivy-operator-0.31.0 app.kubernetes.io/name: trivy-operator app.kubernetes.io/instance: trivy app.kubernetes.io/version: "0.29.0" app.kubernetes.io/managed-by: Helm spec: replicas: 1 strategy: type: Recreate selector: matchLabels: app.kubernetes.io/name: trivy-operator app.kubernetes.io/instance: trivy template: metadata: labels: app.kubernetes.io/name: trivy-operator app.kubernetes.io/instance: trivy spec: serviceAccountName: trivy-trivy-operator automountServiceAccountToken: true containers: - name: "trivy-operator" image: "mirror.gcr.io/aquasec/trivy-operator:0.29.0" imagePullPolicy: IfNotPresent env: - name: OPERATOR_NAMESPACE value: trivy - name: OPERATOR_TARGET_NAMESPACES value: "" - name: OPERATOR_EXCLUDE_NAMESPACES value: "" - name: OPERATOR_TARGET_WORKLOADS value: "pod,replicaset,replicationcontroller,statefulset,daemonset,cronjob,job" - name: OPERATOR_SERVICE_ACCOUNT value: "trivy-trivy-operator" envFrom: - configMapRef: name: trivy-operator-config ports: - name: metrics containerPort: 8080 - name: probes containerPort: 9090 readinessProbe: httpGet: path: /readyz/ port: probes initialDelaySeconds: 5 periodSeconds: 10 successThreshold: 1 failureThreshold: 3 livenessProbe: httpGet: path: /healthz/ port: probes initialDelaySeconds: 5 periodSeconds: 10 successThreshold: 1 failureThreshold: 10 resources: requests: cpu: 100m memory: 128Mi securityContext: allowPrivilegeEscalation: false capabilities: drop: - ALL privileged: false readOnlyRootFilesystem: true volumeMounts: - mountPath: /tmp name: cache-policies readOnly: false volumes: - emptyDir: {} name: cache-policies