remove trivy

clusters/cl01tl/monitoring/trivy/Chart.yaml

@@ -1,23 +0,0 @@
-apiVersion: v2
-name: trivy
-version: 1.0.0
-description: Trivy
-keywords:
-  - trivyoperator
-  - trivy
-  - vulnerabilities
-  - scanner
-  - kubernetes
-home: https://wiki.alexlebens.dev/doc/trivy-P7bGRoEjfb
-sources:
-  - https://github.com/aquasecurity/trivy
-  - https://github.com/aquasecurity/trivy-operator
-  - https://github.com/aquasecurity/trivy-operator/tree/main/deploy/helm
-maintainers:
-  - name: alexlebens
-dependencies:
-  - name: trivy-operator
-    version: 0.24.1
-    repository: https://aquasecurity.github.io/helm-charts/
-icon: https://raw.githubusercontent.com/aquasecurity/trivy-operator/main/docs/images/trivy-operator-logo.png
-appVersion: 0.22.0

clusters/cl01tl/monitoring/trivy/values.yaml

@@ -1,205 +0,0 @@
-trivy-operator:
-  targetNamespaces: ""
-  excludeNamespaces: ""
-  targetWorkloads: "pod,replicaset,replicationcontroller,statefulset,daemonset,cronjob,job"
-  operator:
-    replicas: 2
-    leaderElectionId: "trivyoperator-lock"
-    scanJobTTL: ""
-    scanSecretTTL: ""
-    scanJobTimeout: 15m
-    scanJobsConcurrentLimit: 1
-    scanNodeCollectorLimit: 1
-    scanJobsRetryDelay: 300s
-    scannerReportTTL: "24h"
-    cacheReportTTL: "120h"
-    batchDeleteLimit: 10
-    batchDeleteDelay: 10s
-    accessGlobalSecretsAndServiceAccount: true
-    builtInTrivyServer: false
-    builtInServerRegistryInsecure: false
-    controllerCacheSyncTimeout: "15m"
-    trivyServerHealthCheckCacheExpiration: 10h
-    serverAdditionalAnnotations: {}
-    webhookBroadcastURL: ""
-    webhookBroadcastTimeout: 30s
-    webhookBroadcastCustomHeaders: ""
-    webhookSendDeletedReports: false
-    privateRegistryScanSecretsNames: {}
-    mergeRbacFindingWithConfigAudit: false
-    httpProxy: ~
-    httpsProxy: ~
-    noProxy: ~
-    valuesFromConfigMap: ""
-    valuesFromSecret: ""
-    sbomGenerationEnabled: true
-    clusterSbomCacheEnabled: true
-    clusterComplianceEnabled: true
-    configAuditScannerEnabled: true
-    configAuditScannerScanOnlyCurrentRevisions: true
-    exposedSecretScannerEnabled: true
-    infraAssessmentScannerEnabled: true
-    rbacAssessmentScannerEnabled: true
-    vulnerabilityScannerEnabled: true
-    vulnerabilityScannerScanOnlyCurrentRevisions: true
-    metricsFindingsEnabled: true
-    metricsVulnIdEnabled: false
-    metricsExposedSecretInfo: false
-    metricsConfigAuditInfo: false
-    metricsRbacAssessmentInfo: false
-    metricsInfraAssessmentInfo: false
-    metricsImageInfo: false
-    metricsClusterComplianceInfo: false
-  service:
-    headless: true
-    metricsPort: 80
-    metricsAppProtocol: TCP
-    type: ClusterIP
-  serviceMonitor:
-    enabled: true
-    namespace: trivy
-    interval: 30s
-    honorLabels: true
-  trivyOperator:
-    vulnerabilityReportsPlugin: "Trivy"
-    configAuditReportsPlugin: "Trivy"
-    scanJobCompressLogs: true
-    useGCRServiceAccount: true
-    scanJobAutomountServiceAccountToken: true
-    skipInitContainers: false
-    metricsResourceLabelsPrefix: "k8s_label_"
-  trivy:
-    createConfig: true
-    image:
-      registry: ghcr.io
-      repository: aquasecurity/trivy
-      tag: 0.54.1
-    mode: Standalone
-    sbomSources: ""
-    includeDevDeps: false
-    storageClassEnabled: true
-    storageClassName: ceph-block
-    storageSize: 5Gi
-    additionalVulnerabilityReportFields: "Description,Links,CVSS,PackagePath,PackageType"
-    severity: UNKNOWN,LOW,MEDIUM,HIGH,CRITICAL
-    slow: true
-    ignoreUnfixed: false
-    offlineScan: false
-    timeout: "15m0s"
-    resources:
-      requests:
-        cpu: 100m
-        memory: 128M
-      limits:
-        cpu: 1000m
-        memory: 1Gi
-    skipJavaDBUpdate: false
-    serverInsecure: false
-    dbRegistry: "ghcr.io"
-    dbRepository: "aquasecurity/trivy-db"
-    dbRepositoryUsername: ~
-    dbRepositoryPassword: ~
-    javaDbRegistry: "ghcr.io"
-    javaDbRepository: "aquasecurity/trivy-java-db"
-    dbRepositoryInsecure: "false"
-    useBuiltinRegoPolicies: "true"
-    externalRegoPoliciesEnabled: false
-    useEmbeddedRegoPolicies: "false"
-    supportedConfigAuditKinds: "Workload,Service,Role,ClusterRole,NetworkPolicy,Ingress,LimitRange,ResourceQuota"
-    command: image
-    imageScanCacheDir: "/tmp/trivy/.cache"
-    filesystemScanCacheDir: "/var/trivyoperator/trivy-db"
-    serverUser: ""
-    serverPassword: ""
-    serverServiceName: "trivy-service"
-    server:
-      resources:
-        requests:
-          cpu: 100m
-          memory: 512Mi
-        limits:
-          cpu: 1000m
-          memory: 1Gi
-    valuesFromSecret: ""
-  compliance:
-    failEntriesLimit: 10
-    reportType: summary
-    cron: 0 */6 * * *
-    specs:
-      - k8s-cis-1.23
-      - k8s-nsa-1.0
-      - k8s-pss-baseline-0.1
-      - k8s-pss-restricted-0.1
-  rbac:
-    create: true
-  serviceAccount:
-    create: true
-  volumeMounts:
-    - mountPath: /tmp
-      name: cache-policies
-      readOnly: false
-  volumes:
-    - name: cache-policies
-      emptyDir: {}
-  resources:
-    requests:
-      cpu: 100m
-      memory: 128Mi
-    limits:
-      cpu: 1000m
-      memory: 1Gi
-  policiesBundle:
-    registry: ghcr.io
-    repository: aquasecurity/trivy-checks
-    tag: 0
-    registryUser: ~
-    registryPassword: ~
-    existingSecret: false
-    insecure: false
-  nodeCollector:
-    useNodeSelector: true
-    registry: ghcr.io
-    repository: aquasecurity/node-collector
-    tag: 0.3.1
-    tolerations:
-      - key: node-role.kubernetes.io/control-plane
-        operator: Exists
-        effect: NoSchedule
-    volumeMounts:
-      - name: var-lib-etcd
-        mountPath: /var/lib/etcd
-        readOnly: true
-      - name: var-lib-kubelet
-        mountPath: /var/lib/kubelet
-        readOnly: true
-      - name: var-lib-kube-scheduler
-        mountPath: /var/lib/kube-scheduler
-        readOnly: true
-      - name: var-lib-kube-controller-manager
-        mountPath: /var/lib/kube-controller-manager
-        readOnly: true
-      - name: etc-kubernetes
-        mountPath: /etc/kubernetes
-        readOnly: true
-      - name: etc-cni-netd
-        mountPath: /etc/cni/net.d/
-        readOnly: true
-    volumes:
-      - name: var-lib-etcd
-        hostPath:
-          path: /var/lib/etcd
-      - name: var-lib-kubelet
-        hostPath:
-          path: /var/lib/kubelet
-      - name: var-lib-kube-scheduler
-        hostPath:
-          path: /var/lib/kube-scheduler
-      - name: var-lib-kube-controller-manager
-        hostPath:
-          path: /var/lib/kube-controller-manager
-      - name: etc-kubernetes
-        hostPath:
-          path: /etc/kubernetes
-      - name: etc-cni-netd
-        hostPath:
-          path: /etc/cni/net.d/