Undocumented requirement to use mirror registry path for excludeImages to work

[codelooker]

What steps did you take and what happened:

I am using registry mirrors with my Kubernetes deployment (https://docs.rke2.io/install/registry_mirror). In order to have the trivy operator ignore specific images, i.e. docker.io/rancher/* I had to specify the images as they are from the mirror and not the original domain.

Example, for the following configuration below for trivy to use the mirror I would have to specify excludeImages as mydockeriomirror.io/rancher/* instead of docker.io/rancher/*

trivy:
  registry:
    mirror:
      docker.io: "mydockeriomirror.io"

Inside of the Kubernetes cluster the images appear as docker.io/rancher/*

What did you expect to happen:

I would like for either:

• The documentation to be updated to include the requirement to use the mirror addresses for images with excludeImages
• The logic in trivy-operator to be updated to do the re-mapping when dealing with excludeImages and mirrors for registries

Environment:

• Trivy-Operator version: 0.29.0
• Kubernetes version: RKE2 v1.31.1
• OS: RHEL 9.4