infrastructure/clusters/cl01tl/manifests/trivy/Deployment-trivy-trivy-operator.yaml

---
# Source: trivy/charts/trivy-operator/templates/deployment.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
  name: trivy-trivy-operator
  namespace: trivy
  labels:
    helm.sh/chart: trivy-operator-0.31.0
    app.kubernetes.io/name: trivy-operator
    app.kubernetes.io/instance: trivy
    app.kubernetes.io/version: "0.29.0"
    app.kubernetes.io/managed-by: Helm
spec:
  replicas: 1
  strategy:
    type: Recreate
  selector:
    matchLabels:
      app.kubernetes.io/name: trivy-operator
      app.kubernetes.io/instance: trivy
  template:
    metadata:
      labels:
        app.kubernetes.io/name: trivy-operator
        app.kubernetes.io/instance: trivy
    spec:
      serviceAccountName: trivy-trivy-operator
      automountServiceAccountToken: true
      containers:
        - name: "trivy-operator"
          image: "mirror.gcr.io/aquasec/trivy-operator:0.29.0"
          imagePullPolicy: IfNotPresent
          env:
            - name: OPERATOR_NAMESPACE
              value: trivy
            - name: OPERATOR_TARGET_NAMESPACES
              value: ""
            - name: OPERATOR_EXCLUDE_NAMESPACES
              value: ""
            - name: OPERATOR_TARGET_WORKLOADS
              value: "pod,replicaset,replicationcontroller,statefulset,daemonset,cronjob,job"
            - name: OPERATOR_SERVICE_ACCOUNT
              value: "trivy-trivy-operator"
          envFrom:
            - configMapRef:
                name: trivy-operator-config
          ports:
            - name: metrics
              containerPort: 8080
            - name: probes
              containerPort: 9090
          readinessProbe:
            httpGet:
              path: /readyz/
              port: probes
            initialDelaySeconds: 5
            periodSeconds: 10
            successThreshold: 1
            failureThreshold: 3
          livenessProbe:
            httpGet:
              path: /healthz/
              port: probes
            initialDelaySeconds: 5
            periodSeconds: 10
            successThreshold: 1
            failureThreshold: 10
          resources:
            requests:
              cpu: 100m
              memory: 128Mi
          securityContext:
            allowPrivilegeEscalation: false
            capabilities:
              drop:
                - ALL
            privileged: false
            readOnlyRootFilesystem: true
          volumeMounts:
            - mountPath: /tmp
              name: cache-policies
              readOnly: false
      volumes:
        - emptyDir: {}
          name: cache-policies