Tanzu Hub 10.4 Trivy "download-db" job fails despite valid Proxy configuration
search cancel

Tanzu Hub 10.4 Trivy "download-db" job fails despite valid Proxy configuration

book

Article ID: 439756

calendar_today

Updated On:

Products

VMware Tanzu Platform - Hub

Issue/Introduction

  • In Tanzu Hub 10.4 installations using the Proxy configuration, downloads of the Trivy Database fail, leading to failures for daedalus and daedalus-trivy pods.
  • From an SSH to the Registry VM, kubectl get pods -n tanzusm | grep daedalus commands will show the daedalus and daedalus-trivy pods restarting or in Error state.
  • The daedalus pod logs will report errors like:

    kubectl logs -n tanzusm daedalus-<UNIQUE_POD_ID>

    2026-04-29 18:05:01.433 ERROR 1 --- [  scheduling-13] [daedalus,########################30f05983,8064b25330f05983]v.m.c.d.e.v.h.AbstractContinuousScanHook : Error in continuous scanning [scan=trivy].
    ...
    org.springframework.transaction.CannotCreateTransactionException: Could not open JPA EntityManager for transaction
    ...
    Caused by: org.hibernate.exception.JDBCConnectionException: Unable to acquire JDBC Connection [HikariPool-1 - Connection is not available, request timed out after 30000ms (total=10, active=10, idle=0, waiting=15)] [n/a]
    ...
    2026-04-29 18:05:02.421  WARN 1 --- [mcat-handler-35] [daedalus,,]o.s.b.a.health.HealthEndpointSupport     : Health contributor org.springframework.boot.actuate.jdbc.DataSourceHealthIndicator (db) took 24533ms to respond

  • The daedalus-trivy pod logs will report errors like:

    kubectl logs -n tanzusm daedalus-trivy-<UNIQUE_POD_ID>

    download-db 2026-04-27T21:41:33Z    INFO    [vulndb] Need to update DB
    download-db 2026-04-27T21:41:33Z    INFO    [vulndb] Downloading vulnerability DB...
    download-db 2026-04-27T21:41:33Z    INFO    [vulndb] Downloading artifact...  repo="ghcr.io/aquasecurity/trivy-db:2"
    download-db 2026-04-27T21:54:42Z    FATAL   Fatal error    run error: init error: DB error: failed to download vulnerability DB: OCI artifact error: failed to download vulnerability DB: failed to download artifact
    download-db      * Get "https://ghcr.io/v2/": dial tcp [REDACTED]:443: connect: connection timed out; Get "http://ghcr.io/v2/": dial tcp [REDACTED]:80: connect: connection timed out

Environment

Tanzu Hub 10.4 using Proxy configuration in Hub Tile -> Proxy page.

Cause

The Trivy pods do not utilize the Proxy configuration when configured in Tanzu Hub 10.4.

Resolution

A fix is in progress for this issue. The  patch version in which it will be released is pending.

 

Workaround

Direct the Trivy Database configuration in Tanzu Hub tile to a local registry. Find steps detailing this in the Configure Trivy for air-gapped environments documentation.

Powered by Wolken Software