Automated Manifest Update (#4772)

This PR contains newly rendered Kubernetes manifests automatically generated by the CI workflow. ### Details - **Trigger**: `pull_request` by `@alexlebens` - **Commit**: `06b288e` (on `06b288e17cd9baa6f46e1eef7f62a9cbf3bfa7cc`) - **Charts Updated**: `grafana-operator,trivy` Reviewed-on: #4772 Co-authored-by: gitea-bot <gitea-bot@alexlebens.net> Co-committed-by: gitea-bot <gitea-bot@alexlebens.net>
2026-03-15 22:34:46 +00:00
parent f6a18bfc05
commit 450397c029
36 changed files with 4620 additions and 0 deletions
--- a/clusters/cl01tl/manifests/trivy/ConfigMap-trivy-operator.yaml
+++ b/clusters/cl01tl/manifests/trivy/ConfigMap-trivy-operator.yaml
@@ -0,0 +1,25 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: trivy-operator
+  namespace: trivy
+  labels:
+    helm.sh/chart: trivy-operator-0.32.1
+    app.kubernetes.io/name: trivy-operator
+    app.kubernetes.io/instance: trivy
+    app.kubernetes.io/version: "0.30.1"
+    app.kubernetes.io/managed-by: Helm
+data:
+  nodeCollector.volumes: "[{\"hostPath\":{\"path\":\"/var/lib/etcd\"},\"name\":\"var-lib-etcd\"},{\"hostPath\":{\"path\":\"/var/lib/kubelet\"},\"name\":\"var-lib-kubelet\"},{\"hostPath\":{\"path\":\"/var/lib/kube-scheduler\"},\"name\":\"var-lib-kube-scheduler\"},{\"hostPath\":{\"path\":\"/var/lib/kube-controller-manager\"},\"name\":\"var-lib-kube-controller-manager\"},{\"hostPath\":{\"path\":\"/etc/systemd\"},\"name\":\"etc-systemd\"},{\"hostPath\":{\"path\":\"/lib/systemd\"},\"name\":\"lib-systemd\"},{\"hostPath\":{\"path\":\"/etc/kubernetes\"},\"name\":\"etc-kubernetes\"},{\"hostPath\":{\"path\":\"/etc/cni/net.d/\"},\"name\":\"etc-cni-netd\"}]"
+  nodeCollector.volumeMounts: "[{\"mountPath\":\"/var/lib/etcd\",\"name\":\"var-lib-etcd\",\"readOnly\":true},{\"mountPath\":\"/var/lib/kubelet\",\"name\":\"var-lib-kubelet\",\"readOnly\":true},{\"mountPath\":\"/var/lib/kube-scheduler\",\"name\":\"var-lib-kube-scheduler\",\"readOnly\":true},{\"mountPath\":\"/var/lib/kube-controller-manager\",\"name\":\"var-lib-kube-controller-manager\",\"readOnly\":true},{\"mountPath\":\"/etc/systemd\",\"name\":\"etc-systemd\",\"readOnly\":true},{\"mountPath\":\"/lib/systemd/\",\"name\":\"lib-systemd\",\"readOnly\":true},{\"mountPath\":\"/etc/kubernetes\",\"name\":\"etc-kubernetes\",\"readOnly\":true},{\"mountPath\":\"/etc/cni/net.d/\",\"name\":\"etc-cni-netd\",\"readOnly\":true}]"
+  scanJob.useGCRServiceAccount: "true"
+  scanJob.podTemplateContainerSecurityContext: "{\"allowPrivilegeEscalation\":false,\"capabilities\":{\"drop\":[\"ALL\"]},\"privileged\":false,\"readOnlyRootFilesystem\":true}"
+  scanJob.compressLogs: "true"
+  vulnerabilityReports.scanner: "Trivy"
+  vulnerabilityReports.scanJobsInSameNamespace: "false"
+  configAuditReports.scanner: "Trivy"
+  report.recordFailedChecksOnly: "true"
+  node.collector.imageRef: "ghcr.io/aquasecurity/node-collector:0.3.1"
+  policies.bundle.oci.ref: "mirror.gcr.io/aquasec/trivy-checks:1"
+  policies.bundle.insecure: "false"
+  node.collector.nodeSelector: "true"