List of Google Cloud Platform (GCP) Permissions required to deploy trivy-operator or run Trivy for kubernetes security scanning

[fernandogont]

Hello,

I'm trying to deploy trivy-operator and also trying to run Trivy for kubernetes security scanning. Is there official documentation of the GCP privileges/permissions that would be required for each of them? (so that I don't need to resort to "trial & error"?)

Aside, one of the errors I've got when trying to deploy trivy operator has been:

**Error from server (Forbidden): error when creating "https://raw.githubusercontent.com/aquasecurity/trivy-operator/v0.21.3/deploy/static/trivy-operator.yaml": roles.rbac.authorization.k8s.io "trivy-operator" is forbidden: user "myuser@mycompany.com" (groups=["system:authenticated"]) is attempting to grant RBAC permissions not currently held:
{APIGroups:[""], Resources:["configmaps"], Verbs:["create" "get" "list" "watch"]}**

But there doesn't seem to exist a container.configmaps.watch permission in GCP.

Any clues?

Thanks!
Fernando

[chen-keinan]

@fernandogont there is no official docs on this matter however you can take a look at trivy-operator rbac setting and understand what kind of permission it need:

• rbac permission
• reconciliation permission