Merge (#4771)
Reviewed-on: #4771
This commit was merged in pull request #4771.
This commit is contained in:
@@ -358,6 +358,25 @@ spec:
|
|||||||
resyncPeriod: 1h
|
resyncPeriod: 1h
|
||||||
url: http://gitea-http.gitea:3000/alexlebens/grafana-dashboards/raw/branch/main/dashboards/service/traefik.json
|
url: http://gitea-http.gitea:3000/alexlebens/grafana-dashboards/raw/branch/main/dashboards/service/traefik.json
|
||||||
|
|
||||||
|
---
|
||||||
|
apiVersion: grafana.integreatly.org/v1beta1
|
||||||
|
kind: GrafanaDashboard
|
||||||
|
metadata:
|
||||||
|
name: grafana-dashboard-tdarr
|
||||||
|
namespace: {{ .Release.Namespace }}
|
||||||
|
labels:
|
||||||
|
app.kubernetes.io/name: grafana-dashboard-tdarr
|
||||||
|
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||||
|
app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||||
|
spec:
|
||||||
|
instanceSelector:
|
||||||
|
matchLabels:
|
||||||
|
app: grafana-main
|
||||||
|
contentCacheDuration: 1h
|
||||||
|
folderUID: grafana-folder-service
|
||||||
|
resyncPeriod: 1h
|
||||||
|
url: http://gitea-http.gitea:3000/alexlebens/grafana-dashboards/raw/branch/main/dashboards/service/tdarr.json
|
||||||
|
|
||||||
---
|
---
|
||||||
apiVersion: grafana.integreatly.org/v1beta1
|
apiVersion: grafana.integreatly.org/v1beta1
|
||||||
kind: GrafanaDashboard
|
kind: GrafanaDashboard
|
||||||
|
|||||||
@@ -165,6 +165,7 @@ tdarr:
|
|||||||
tdarr-exporter:
|
tdarr-exporter:
|
||||||
image:
|
image:
|
||||||
name: homeylab/tdarr-exporter
|
name: homeylab/tdarr-exporter
|
||||||
|
# renovate: datasource=docker depName=homeylab/tdarr-exporter
|
||||||
tag: 1.4.2
|
tag: 1.4.2
|
||||||
metrics:
|
metrics:
|
||||||
serviceMonitor:
|
serviceMonitor:
|
||||||
|
|||||||
6
clusters/cl01tl/helm/trivy/Chart.lock
Normal file
6
clusters/cl01tl/helm/trivy/Chart.lock
Normal file
@@ -0,0 +1,6 @@
|
|||||||
|
dependencies:
|
||||||
|
- name: trivy-operator
|
||||||
|
repository: https://aquasecurity.github.io/helm-charts/
|
||||||
|
version: 0.32.1
|
||||||
|
digest: sha256:7e25850fc3115f52e6c65151c76668929eee6713228e935862d9f156397c2ede
|
||||||
|
generated: "2026-03-15T17:21:41.373519-05:00"
|
||||||
23
clusters/cl01tl/helm/trivy/Chart.yaml
Normal file
23
clusters/cl01tl/helm/trivy/Chart.yaml
Normal file
@@ -0,0 +1,23 @@
|
|||||||
|
apiVersion: v2
|
||||||
|
name: trivy
|
||||||
|
version: 1.0.0
|
||||||
|
description: Trivy
|
||||||
|
keywords:
|
||||||
|
- trivy
|
||||||
|
- vulnerability
|
||||||
|
- monitoring
|
||||||
|
- kubernetes
|
||||||
|
home: https://wiki.alexlebens.dev/s/
|
||||||
|
sources:
|
||||||
|
- https://github.com/aquasecurity/trivy
|
||||||
|
- https://github.com/aquasecurity/trivy-operator
|
||||||
|
- https://github.com/aquasecurity/trivy-operator/tree/main/deploy/helm
|
||||||
|
maintainers:
|
||||||
|
- name: alexlebens
|
||||||
|
dependencies:
|
||||||
|
- name: trivy-operator
|
||||||
|
version: 0.32.1
|
||||||
|
repository: https://aquasecurity.github.io/helm-charts/
|
||||||
|
icon: https://raw.githubusercontent.com/aquasecurity/trivy/main/docs/imgs/logo.png
|
||||||
|
# renovate: github=aquasecurity/trivy
|
||||||
|
appVersion: 0.32.1
|
||||||
11
clusters/cl01tl/helm/trivy/templates/namespace.yaml
Normal file
11
clusters/cl01tl/helm/trivy/templates/namespace.yaml
Normal file
@@ -0,0 +1,11 @@
|
|||||||
|
apiVersion: v1
|
||||||
|
kind: Namespace
|
||||||
|
metadata:
|
||||||
|
name: trivy
|
||||||
|
labels:
|
||||||
|
app.kubernetes.io/name: trivy
|
||||||
|
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||||
|
app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||||
|
pod-security.kubernetes.io/audit: privileged
|
||||||
|
pod-security.kubernetes.io/enforce: privileged
|
||||||
|
pod-security.kubernetes.io/warn: privileged
|
||||||
47
clusters/cl01tl/helm/trivy/values.yaml
Normal file
47
clusters/cl01tl/helm/trivy/values.yaml
Normal file
@@ -0,0 +1,47 @@
|
|||||||
|
trivy-operator:
|
||||||
|
targetWorkloads: "pod,replicaset,replicationcontroller,statefulset,daemonset,cronjob,job"
|
||||||
|
operator:
|
||||||
|
replicas: 1
|
||||||
|
vulnerabilityScannerEnabled: true
|
||||||
|
sbomGenerationEnabled: true
|
||||||
|
clusterSbomCacheEnabled: true
|
||||||
|
configAuditScannerEnabled: true
|
||||||
|
rbacAssessmentScannerEnabled: true
|
||||||
|
infraAssessmentScannerEnabled: true
|
||||||
|
clusterComplianceEnabled: false
|
||||||
|
vulnerabilityScannerScanOnlyCurrentRevisions: true
|
||||||
|
accessGlobalSecretsAndServiceAccount: true
|
||||||
|
metricsFindingsEnabled: true
|
||||||
|
exposedSecretScannerEnabled: true
|
||||||
|
serviceMonitor:
|
||||||
|
enabled: true
|
||||||
|
trivy:
|
||||||
|
createConfig: true
|
||||||
|
image:
|
||||||
|
registry: mirror.gcr.io
|
||||||
|
repository: aquasec/trivy
|
||||||
|
tag: 0.69.3
|
||||||
|
storageClassEnabled: true
|
||||||
|
storageClassName: ceph-block
|
||||||
|
storageSize: "10Gi"
|
||||||
|
registry:
|
||||||
|
mirror:
|
||||||
|
"registry-1.docker.io": proxy-registry-1.docker.io
|
||||||
|
"quay.io": proxy-quay.io
|
||||||
|
"registry.k8s.io": proxy-registry.k8s
|
||||||
|
"gcr.io": proxy-gcr.io
|
||||||
|
"ghcr.io": proxy-ghcr.io
|
||||||
|
"hub.docker": proxy-hub.docker
|
||||||
|
severity: UNKNOWN,LOW,MEDIUM,HIGH,CRITICAL
|
||||||
|
slow: true
|
||||||
|
resources:
|
||||||
|
requests:
|
||||||
|
cpu: 100m
|
||||||
|
memory: 128M
|
||||||
|
supportedConfigAuditKinds: "Workload,Service,Role,ClusterRole,NetworkPolicy,Ingress,LimitRange,ResourceQuota"
|
||||||
|
server:
|
||||||
|
resources:
|
||||||
|
requests:
|
||||||
|
cpu: 200m
|
||||||
|
memory: 512Mi
|
||||||
|
replicas: 1
|
||||||
Reference in New Issue
Block a user