docs: new experience add examples

Signed-off-by: chenk <[email protected]>
chen-keinan · Apr 9, 2024 · 5489851 · 5489851
1 parent 931ed2b
commit 5489851
Show file tree

Hide file tree

Showing 2 changed files with 23 additions and 18 deletions.
diff --git a/docs/docs/target/kubernetes.md b/docs/docs/target/kubernetes.md
@@ -91,6 +91,18 @@ Total: 3 (UNKNOWN: 0, LOW: 1, MEDIUM: 0, HIGH: 2, CRITICAL: 0)
 └────────────────┴────────────────┴──────────┴────────┴───────────────────┴──────────────────────────────────┴───────────────────────────────────────────────────┘
 ```
 
+### Taints and Tolerations
+
+The node-collector scan-job will run on every node. In case the node has been tainted, it is possible to add toleration to the scan job for it to be scheduled on the tainted node
+
+- `--tolerations  key1=value1:NoExecute,key2=value2:NoSchedule` this flag wil enable node-collector to be schedule on tainted Node
+
+Example:
+
+```sh
+trivy k8s --report summary --tolerations  key1=value1:NoExecute,key2=value2:NoSchedule
+```
+
 ### Non-intrusive
 
 You can control whether the node scan-job (`node-collector`) will run in the cluster. To disable it, add the `--non-intrusive` flag  

diff --git a/docs/tutorials/kubernetes/cluster-scanning.md b/docs/tutorials/kubernetes/cluster-scanning.md
@@ -1,52 +1,51 @@
 # Kubernetes Scanning Tutorial
 
-## Prerequisites 
+## Prerequisites
 
 To test the following commands yourself, make sure that you’re connected to a Kubernetes cluster. A simple kind, a Docker-Desktop or microk8s cluster will do. In our case, we’ll use a one-node kind cluster.  
-
-Pro tip: The output of the commands will be even more interesting if you have some workloads running in your cluster. 
+Pro tip: The output of the commands will be even more interesting if you have some workloads running in your cluster.
 
 ## Cluster Scanning
 
 Trivy K8s is great to get an overview of all the vulnerabilities and misconfiguration issues or to scan specific workloads that are running in your cluster. You would want to use the Trivy K8s command either on your own local cluster or in your CI/CD pipeline post deployments.  
 
-The `trivy k8s` command is part of the Trivy CLI. 
+The `trivy k8s` command is part of the Trivy CLI.
 
-With the following command, we can scan our entire Kubernetes cluster for vulnerabilities and get a summary of the scan: 
+With the following command, we can scan our entire Kubernetes cluster for vulnerabilities and get a summary of the scan:
 
-```
+```sh
 trivy k8s --report=summary
 ```
 
 To get detailed information for all your resources, just replace ‘summary’ with ‘all’: 
 
-```
+```sh
 trivy k8s --report=all
 ```
 
 However, we recommend displaying all information only in case you scan a specific namespace or resource since you can get overwhelmed with additional details. 
 
 Furthermore, we can specify the namespace that Trivy is supposed to scan to focus on specific resources in the scan result: 
 
-```
+```sh
 trivy k8s --include-namespaces kube-system --report summary
 ```
 
 Again, if you’d like to receive additional details, use the ‘--report=all’ flag: 
 
-```
+```sh
 trivy k8s --include-namespaces kube-system --report all
 ```
 
 Like with scanning for vulnerabilities, we can also filter in-cluster security issues by severity of the vulnerabilities: 
 
-```
+```sh
 trivy k8s --severity=CRITICAL --report=summary
 ```
 
 Note that you can use any of the Trivy flags on the Trivy K8s command. 
 
-## Trivy Operator 
+## Trivy Operator
 
 The Trivy K8s command is an imperative model to scan resources. We wouldn’t want to manually scan each resource across different environments. The larger the cluster and the more workloads are running in it, the more error-prone this process would become. With the Trivy Operator, we can automate the scanning process after the deployment.  
 
@@ -60,15 +59,9 @@ This has several benefits:
 
 - The CRDs can be both machine and human-readable depending on which applications consume the CRDs. This allows for more versatile applications of the Trivy operator. 
 
-
 There are several ways that you can install the Trivy Operator in your cluster. In this guide, we’re going to use the Helm installation based on the [following documentation.](../../docs/target/kubernetes.md#trivy-operator)
 
 Please follow the Trivy Operator documentation for further information on:
 
 - [Installation of the Trivy Operator](https://aquasecurity.github.io/trivy-operator/latest/getting-started/installation/)
-- [Getting started guide](https://aquasecurity.github.io/trivy-operator/latest/getting-started/quick-start/)
-
-
-
-
-
+- [Getting started guide](https://aquasecurity.github.io/trivy-operator/latest/getting-started/quick-start/)