remove spegel and tricy

clusters/cl01tl/monitoring/trivy/Chart.yaml

@@ -1,23 +0,0 @@
-apiVersion: v2
-name: trivy
-version: 1.0.0
-description: Trivy
-keywords:
-  - trivyoperator
-  - trivy
-  - vulnerabilities
-  - scanner
-  - kubernetes
-home: https://wiki.alexlebens.dev/doc/trivy-P7bGRoEjfb
-sources:
-  - https://github.com/aquasecurity/trivy
-  - https://github.com/aquasecurity/trivy-operator
-  - https://github.com/aquasecurity/trivy-operator/tree/main/deploy/helm
-maintainers:
-  - name: alexlebens
-dependencies:
-  - name: trivy-operator
-    version: 0.24.1
-    repository: https://aquasecurity.github.io/helm-charts/
-icon: https://raw.githubusercontent.com/aquasecurity/trivy-operator/main/docs/images/trivy-operator-logo.png
-appVersion: 0.22.0

clusters/cl01tl/monitoring/trivy/values.yaml

@@ -1,202 +0,0 @@
-trivy-operator:
-  targetWorkloads: "pod,replicaset,replicationcontroller,statefulset,daemonset,cronjob,job"
-  operator:
-    replicas: 2
-    leaderElectionId: "trivyoperator-lock"
-    scanJobTTL: ""
-    scanSecretTTL: ""
-    scanJobTimeout: 15m
-    scanJobsConcurrentLimit: 10
-    scanNodeCollectorLimit: 1
-    scanJobsRetryDelay: 30s
-    vulnerabilityScannerEnabled: true
-    sbomGenerationEnabled: true
-    clusterSbomCacheEnabled: false
-    scannerReportTTL: "24h"
-    cacheReportTTL: "120h"
-    configAuditScannerEnabled: true
-    rbacAssessmentScannerEnabled: true
-    infraAssessmentScannerEnabled: true
-    clusterComplianceEnabled: true
-    batchDeleteLimit: 10
-    vulnerabilityScannerScanOnlyCurrentRevisions: true
-    configAuditScannerScanOnlyCurrentRevisions: true
-    batchDeleteDelay: 10s
-    accessGlobalSecretsAndServiceAccount: true
-    builtInTrivyServer: false
-    builtInServerRegistryInsecure: false
-    controllerCacheSyncTimeout: "15m"
-    trivyServerHealthCheckCacheExpiration: 10h
-    metricsFindingsEnabled: true
-    metricsVulnIdEnabled: false
-    exposedSecretScannerEnabled: true
-    metricsExposedSecretInfo: false
-    metricsConfigAuditInfo: false
-    metricsRbacAssessmentInfo: false
-    metricsInfraAssessmentInfo: false
-    metricsImageInfo: false
-    metricsClusterComplianceInfo: false
-    serverAdditionalAnnotations: {}
-    webhookBroadcastURL: ""
-    webhookBroadcastTimeout: 30s
-    webhookBroadcastCustomHeaders: ""
-    webhookSendDeletedReports: false
-    privateRegistryScanSecretsNames: {}
-    mergeRbacFindingWithConfigAudit: false
-    httpProxy: ~
-    httpsProxy: ~
-    noProxy: ~
-    valuesFromConfigMap: ""
-    valuesFromSecret: ""
-  service:
-    headless: true
-    metricsPort: 80
-    metricsAppProtocol: TCP
-    type: ClusterIP
-  serviceMonitor:
-    enabled: true
-    namespace: trivy
-    interval: 30s
-    honorLabels: true
-  trivyOperator:
-    vulnerabilityReportsPlugin: "Trivy"
-    configAuditReportsPlugin: "Trivy"
-    scanJobCompressLogs: true
-    useGCRServiceAccount: true
-    scanJobAutomountServiceAccountToken: true
-    skipInitContainers: false
-    metricsResourceLabelsPrefix: "k8s_label_"
-  trivy:
-    createConfig: true
-    image:
-      registry: ghcr.io
-      repository: aquasecurity/trivy
-      tag: 0.53.0
-    mode: Standalone
-    sbomSources: ""
-    includeDevDeps: false
-    storageClassEnabled: true
-    storageClassName: ceph-block
-    storageSize: 5Gi
-    additionalVulnerabilityReportFields: "Description,Links,CVSS,PackagePath,PackageType"
-    severity: UNKNOWN,LOW,MEDIUM,HIGH,CRITICAL
-    slow: true
-    ignoreUnfixed: false
-    offlineScan: false
-    timeout: "15m0s"
-    resources:
-      requests:
-        cpu: 100m
-        memory: 128M
-    skipJavaDBUpdate: false
-    serverInsecure: false
-    dbRegistry: "ghcr.io"
-    dbRepository: "aquasecurity/trivy-db"
-    dbRepositoryUsername: ~
-    dbRepositoryPassword: ~
-    javaDbRegistry: "ghcr.io"
-    javaDbRepository: "aquasecurity/trivy-java-db"
-    dbRepositoryInsecure: "false"
-    useBuiltinRegoPolicies: "true"
-    externalRegoPoliciesEnabled: false
-    useEmbeddedRegoPolicies: "false"
-    supportedConfigAuditKinds: "Workload,Service,Role,ClusterRole,NetworkPolicy,Ingress,LimitRange,ResourceQuota"
-    command: image
-    imageScanCacheDir: "/tmp/trivy/.cache"
-    filesystemScanCacheDir: "/var/trivyoperator/trivy-db"
-    serverUser: ""
-    serverPassword: ""
-    serverServiceName: "trivy-service"
-    server:
-      resources:
-        requests:
-          cpu: 100m
-          memory: 512Mi
-    valuesFromSecret: ""
-  compliance:
-    failEntriesLimit: 10
-    reportType: summary
-    cron: 0 */6 * * *
-    specs:
-      - k8s-cis-1.23
-      - k8s-nsa-1.0
-      - k8s-pss-baseline-0.1
-      - k8s-pss-restricted-0.1
-  rbac:
-    create: true
-  serviceAccount:
-    create: true
-  volumeMounts:
-    - mountPath: /tmp
-      name: cache-policies
-      readOnly: false
-  volumes:
-    - name: cache-policies
-      emptyDir: {}
-  resources:
-    requests:
-      cpu: 100m
-      memory: 128Mi
-  policiesBundle:
-    registry: ghcr.io
-    repository: aquasecurity/trivy-checks
-    tag: 0
-    registryUser: ~
-    registryPassword: ~
-    existingSecret: false
-    insecure: false
-  nodeCollector:
-    useNodeSelector: true
-    registry: ghcr.io
-    repository: aquasecurity/node-collector
-    tag: 0.3.1
-    volumeMounts:
-      - name: var-lib-etcd
-        mountPath: /var/lib/etcd
-        readOnly: true
-      - name: var-lib-kubelet
-        mountPath: /var/lib/kubelet
-        readOnly: true
-      - name: var-lib-kube-scheduler
-        mountPath: /var/lib/kube-scheduler
-        readOnly: true
-      - name: var-lib-kube-controller-manager
-        mountPath: /var/lib/kube-controller-manager
-        readOnly: true
-      - name: etc-systemd
-        mountPath: /etc/systemd
-        readOnly: true
-      - name: lib-systemd
-        mountPath: /lib/systemd/
-        readOnly: true
-      - name: etc-kubernetes
-        mountPath: /etc/kubernetes
-        readOnly: true
-      - name: etc-cni-netd
-        mountPath: /etc/cni/net.d/
-        readOnly: true
-    volumes:
-      - name: var-lib-etcd
-        hostPath:
-          path: /var/lib/etcd
-      - name: var-lib-kubelet
-        hostPath:
-          path: /var/lib/kubelet
-      - name: var-lib-kube-scheduler
-        hostPath:
-          path: /var/lib/kube-scheduler
-      - name: var-lib-kube-controller-manager
-        hostPath:
-          path: /var/lib/kube-controller-manager
-      - name: etc-systemd
-        hostPath:
-          path: /etc/systemd
-      - name: lib-systemd
-        hostPath:
-          path: /lib/systemd
-      - name: etc-kubernetes
-        hostPath:
-          path: /etc/kubernetes
-      - name: etc-cni-netd
-        hostPath:
-          path: /etc/cni/net.d/

clusters/cl01tl/services/spegel/Chart.yaml

@@ -1,21 +0,0 @@
-apiVersion: v2
-name: spegel
-version: 1.0.0
-description: Spegel
-keywords:
-  - spegel
-  - image
-  - cache
-  - kubernetes
-home: https://wiki.alexlebens.dev/doc/spegel-sGOCkqO5Gu
-sources:
-  - https://github.com/spegel-org/spegel
-  - https://github.com/spegel-org/spegel/tree/main/charts/spegel
-maintainers:
-  - name: alexlebens
-dependencies:
-  - name: spegel
-    version: v0.0.23
-    repository: oci://ghcr.io/spegel-org/helm-charts
-icon: https://raw.githubusercontent.com/walkxcode/dashboard-icons/main/png/kubernetes.png
-appVersion: v0.0.23

clusters/cl01tl/services/spegel/templates/namespace.yaml

@@ -1,6 +0,0 @@
-apiVersion: v1
-kind: Namespace
-metadata:
-  name: spegel
-  labels:
-    pod-security.kubernetes.io/enforce: privileged

clusters/cl01tl/services/spegel/values.yaml

@@ -1,41 +0,0 @@
-spegel:
-  service:
-    registry:
-      port: 5000
-      nodePort: 30021
-      hostPort: 30020
-      topologyAwareHintsEnabled: true
-    router:
-      port: 5001
-    metrics:
-      port: 9090
-  resources:
-    requests:
-      cpu: 100m
-      memory: 128Mi
-  nodeSelector:
-    kubernetes.io/os: linux
-  tolerations:
-    - key: CriticalAddonsOnly
-      operator: Exists
-    - effect: NoExecute
-      operator: Exists
-    - effect: NoSchedule
-      operator: Exists
-  serviceMonitor:
-    enabled: true
-  priorityClassName: system-node-critical
-  spegel:
-    logLevel: "INFO"
-    registries:
-      - https://cgr.dev
-      - https://docker.io
-      - https://ghcr.io
-      - https://quay.io
-      - https://mcr.microsoft.com
-      - https://public.ecr.aws
-      - https://gcr.io
-      - https://registry.k8s.io
-      - https://k8s.gcr.io
-      - https://lscr.io
-    containerdRegistryConfigPath: /etc/cri/conf.d/hosts