From 06b288e17cd9baa6f46e1eef7f62a9cbf3bfa7cc Mon Sep 17 00:00:00 2001 From: Alex Lebens Date: Sun, 15 Mar 2026 22:32:42 +0000 Subject: [PATCH] Merge (#4771) Reviewed-on: https://gitea.alexlebens.dev/alexlebens/infrastructure/pulls/4771 --- .../templates/grafana-dashboard.yaml | 19 ++++++++ clusters/cl01tl/helm/tdarr/values.yaml | 1 + clusters/cl01tl/helm/trivy/Chart.lock | 6 +++ clusters/cl01tl/helm/trivy/Chart.yaml | 23 +++++++++ .../helm/trivy/templates/namespace.yaml | 11 +++++ clusters/cl01tl/helm/trivy/values.yaml | 47 +++++++++++++++++++ 6 files changed, 107 insertions(+) create mode 100644 clusters/cl01tl/helm/trivy/Chart.lock create mode 100644 clusters/cl01tl/helm/trivy/Chart.yaml create mode 100644 clusters/cl01tl/helm/trivy/templates/namespace.yaml create mode 100644 clusters/cl01tl/helm/trivy/values.yaml diff --git a/clusters/cl01tl/helm/grafana-operator/templates/grafana-dashboard.yaml b/clusters/cl01tl/helm/grafana-operator/templates/grafana-dashboard.yaml index f17ac3a9f..912d7fac2 100644 --- a/clusters/cl01tl/helm/grafana-operator/templates/grafana-dashboard.yaml +++ b/clusters/cl01tl/helm/grafana-operator/templates/grafana-dashboard.yaml @@ -358,6 +358,25 @@ spec: resyncPeriod: 1h url: http://gitea-http.gitea:3000/alexlebens/grafana-dashboards/raw/branch/main/dashboards/service/traefik.json +--- +apiVersion: grafana.integreatly.org/v1beta1 +kind: GrafanaDashboard +metadata: + name: grafana-dashboard-tdarr + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: grafana-dashboard-tdarr + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/part-of: {{ .Release.Name }} +spec: + instanceSelector: + matchLabels: + app: grafana-main + contentCacheDuration: 1h + folderUID: grafana-folder-service + resyncPeriod: 1h + url: http://gitea-http.gitea:3000/alexlebens/grafana-dashboards/raw/branch/main/dashboards/service/tdarr.json + --- apiVersion: grafana.integreatly.org/v1beta1 kind: GrafanaDashboard diff --git a/clusters/cl01tl/helm/tdarr/values.yaml b/clusters/cl01tl/helm/tdarr/values.yaml index a1d3d9a05..c17eecfe6 100644 --- a/clusters/cl01tl/helm/tdarr/values.yaml +++ b/clusters/cl01tl/helm/tdarr/values.yaml @@ -165,6 +165,7 @@ tdarr: tdarr-exporter: image: name: homeylab/tdarr-exporter + # renovate: datasource=docker depName=homeylab/tdarr-exporter tag: 1.4.2 metrics: serviceMonitor: diff --git a/clusters/cl01tl/helm/trivy/Chart.lock b/clusters/cl01tl/helm/trivy/Chart.lock new file mode 100644 index 000000000..fcf58bd31 --- /dev/null +++ b/clusters/cl01tl/helm/trivy/Chart.lock @@ -0,0 +1,6 @@ +dependencies: +- name: trivy-operator + repository: https://aquasecurity.github.io/helm-charts/ + version: 0.32.1 +digest: sha256:7e25850fc3115f52e6c65151c76668929eee6713228e935862d9f156397c2ede +generated: "2026-03-15T17:21:41.373519-05:00" diff --git a/clusters/cl01tl/helm/trivy/Chart.yaml b/clusters/cl01tl/helm/trivy/Chart.yaml new file mode 100644 index 000000000..d1b410afc --- /dev/null +++ b/clusters/cl01tl/helm/trivy/Chart.yaml @@ -0,0 +1,23 @@ +apiVersion: v2 +name: trivy +version: 1.0.0 +description: Trivy +keywords: + - trivy + - vulnerability + - monitoring + - kubernetes +home: https://wiki.alexlebens.dev/s/ +sources: + - https://github.com/aquasecurity/trivy + - https://github.com/aquasecurity/trivy-operator + - https://github.com/aquasecurity/trivy-operator/tree/main/deploy/helm +maintainers: + - name: alexlebens +dependencies: + - name: trivy-operator + version: 0.32.1 + repository: https://aquasecurity.github.io/helm-charts/ +icon: https://raw.githubusercontent.com/aquasecurity/trivy/main/docs/imgs/logo.png +# renovate: github=aquasecurity/trivy +appVersion: 0.32.1 diff --git a/clusters/cl01tl/helm/trivy/templates/namespace.yaml b/clusters/cl01tl/helm/trivy/templates/namespace.yaml new file mode 100644 index 000000000..eb7c54ed8 --- /dev/null +++ b/clusters/cl01tl/helm/trivy/templates/namespace.yaml @@ -0,0 +1,11 @@ +apiVersion: v1 +kind: Namespace +metadata: + name: trivy + labels: + app.kubernetes.io/name: trivy + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/part-of: {{ .Release.Name }} + pod-security.kubernetes.io/audit: privileged + pod-security.kubernetes.io/enforce: privileged + pod-security.kubernetes.io/warn: privileged diff --git a/clusters/cl01tl/helm/trivy/values.yaml b/clusters/cl01tl/helm/trivy/values.yaml new file mode 100644 index 000000000..5d6cce425 --- /dev/null +++ b/clusters/cl01tl/helm/trivy/values.yaml @@ -0,0 +1,47 @@ +trivy-operator: + targetWorkloads: "pod,replicaset,replicationcontroller,statefulset,daemonset,cronjob,job" + operator: + replicas: 1 + vulnerabilityScannerEnabled: true + sbomGenerationEnabled: true + clusterSbomCacheEnabled: true + configAuditScannerEnabled: true + rbacAssessmentScannerEnabled: true + infraAssessmentScannerEnabled: true + clusterComplianceEnabled: false + vulnerabilityScannerScanOnlyCurrentRevisions: true + accessGlobalSecretsAndServiceAccount: true + metricsFindingsEnabled: true + exposedSecretScannerEnabled: true + serviceMonitor: + enabled: true + trivy: + createConfig: true + image: + registry: mirror.gcr.io + repository: aquasec/trivy + tag: 0.69.3 + storageClassEnabled: true + storageClassName: ceph-block + storageSize: "10Gi" + registry: + mirror: + "registry-1.docker.io": proxy-registry-1.docker.io + "quay.io": proxy-quay.io + "registry.k8s.io": proxy-registry.k8s + "gcr.io": proxy-gcr.io + "ghcr.io": proxy-ghcr.io + "hub.docker": proxy-hub.docker + severity: UNKNOWN,LOW,MEDIUM,HIGH,CRITICAL + slow: true + resources: + requests: + cpu: 100m + memory: 128M + supportedConfigAuditKinds: "Workload,Service,Role,ClusterRole,NetworkPolicy,Ingress,LimitRange,ResourceQuota" + server: + resources: + requests: + cpu: 200m + memory: 512Mi + replicas: 1