Installation fails during the "Installing and configuring packages for Tanzu Hub" step. Error logs indicate a timeout waiting for the daedalus-trivy deployment to reconcile: [x] Installation failed with error: timed out waiting for PackageInstall to reconcile. Last failure: kapp: Error: waiting on reconcile packageinstall/daedalus...

Tanzu Hub 10.4.1

Organization security policies forbid the use of the Trivy scanner included with Tanzu Hub, or network restrictions prevent the download of the Trivy vulnerability database from external registries.

Currently, there is no option to install Tanzu Hub without the Trivy components. A feature request (Jira TNZ####) exists to allow installation without the scanner.

As a workaround, configure the environment to use a local or embedded Trivy database to satisfy security requirements and proceed with installation:

1. Locate the Trivy Database Registry Location field in the tile settings.
2. Enter the following value to use the embedded database: registry.internal:####/hub-self-managed/repo/aquasecurity/trivy-db:embedded
3. Deselect the option to validate certificate if using a self-signed or internal certificate.
4. Apply changes to restart the installation.

The database now only receives updates when a new version of Tanzu Hub is installed, and does not attempt external connections for vulnerability data.

Subscribe to this article to receive updates when progress is made on the feature request to allow installation of Hub without the Trivy scanner.