Compare commits
	
		
			3 Commits
		
	
	
		
			da170f96c1
			...
			62636cb3bb
		
	
	| Author | SHA1 | Date | |
|---|---|---|---|
| 62636cb3bb | |||
| 170811acf6 | |||
| 58f4a8a29b | 
| @@ -6,7 +6,7 @@ libation: | |||||||
|         suspend: false |         suspend: false | ||||||
|         concurrencyPolicy: Forbid |         concurrencyPolicy: Forbid | ||||||
|         timeZone: US/Central |         timeZone: US/Central | ||||||
|         schedule: "0 * * * *" |         schedule: "30 4 * * *" | ||||||
|         startingDeadlineSeconds: 90 |         startingDeadlineSeconds: 90 | ||||||
|         successfulJobsHistory: 3 |         successfulJobsHistory: 3 | ||||||
|         failedJobsHistory: 3 |         failedJobsHistory: 3 | ||||||
|   | |||||||
| @@ -75,7 +75,7 @@ roundcube: | |||||||
|         suspend: false |         suspend: false | ||||||
|         concurrencyPolicy: Forbid |         concurrencyPolicy: Forbid | ||||||
|         timeZone: US/Central |         timeZone: US/Central | ||||||
|         schedule: 0 4 * * * |         schedule: 30 4 * * * | ||||||
|         startingDeadlineSeconds: 90 |         startingDeadlineSeconds: 90 | ||||||
|         successfulJobsHistory: 3 |         successfulJobsHistory: 3 | ||||||
|         failedJobsHistory: 3 |         failedJobsHistory: 3 | ||||||
|   | |||||||
| @@ -9,7 +9,7 @@ komodo: | |||||||
|         main: |         main: | ||||||
|           image: |           image: | ||||||
|             repository: ghcr.io/moghtech/komodo-core |             repository: ghcr.io/moghtech/komodo-core | ||||||
|             tag: 1.17.5 |             tag: 1.18.0 | ||||||
|             pullPolicy: IfNotPresent |             pullPolicy: IfNotPresent | ||||||
|           env: |           env: | ||||||
|             - name: COMPOSE_LOGGING_DRIVER |             - name: COMPOSE_LOGGING_DRIVER | ||||||
|   | |||||||
							
								
								
									
										22
									
								
								clusters/cl01tl/monitoring/trivy/Chart.yaml
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										22
									
								
								clusters/cl01tl/monitoring/trivy/Chart.yaml
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,22 @@ | |||||||
|  | apiVersion: v2 | ||||||
|  | name: trivy | ||||||
|  | version: 1.0.0 | ||||||
|  | description: Trivy | ||||||
|  | keywords: | ||||||
|  |   - trivy | ||||||
|  |   - vulnerability | ||||||
|  |   - monitoring | ||||||
|  |   - kubernetes | ||||||
|  | home: https://wiki.alexlebens.dev/s/5cffa529-4c2e-4126-99eb-cc4aeb5a49b3 | ||||||
|  | sources: | ||||||
|  |   - https://github.com/aquasecurity/trivy | ||||||
|  |   - https://github.com/aquasecurity/trivy-operator | ||||||
|  |   - https://github.com/aquasecurity/trivy-operator/tree/main/deploy/helm | ||||||
|  | maintainers: | ||||||
|  |   - name: alexlebens | ||||||
|  | dependencies: | ||||||
|  |   - name: trivy-operator | ||||||
|  |     version: 0.28.1 | ||||||
|  |     repository: https://aquasecurity.github.io/helm-charts/ | ||||||
|  | icon: https://raw.githubusercontent.com/aquasecurity/trivy/main/docs/imgs/logo.png | ||||||
|  | appVersion: v0.26.1 | ||||||
							
								
								
									
										113
									
								
								clusters/cl01tl/monitoring/trivy/values.yaml
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										113
									
								
								clusters/cl01tl/monitoring/trivy/values.yaml
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,113 @@ | |||||||
|  | trivy-operator: | ||||||
|  |   targetWorkloads: "pod,replicaset,replicationcontroller,statefulset,daemonset,cronjob,job" | ||||||
|  |   operator: | ||||||
|  |     replicas: 1 | ||||||
|  |     vulnerabilityScannerEnabled: true | ||||||
|  |     sbomGenerationEnabled: false | ||||||
|  |     clusterSbomCacheEnabled: false | ||||||
|  |     configAuditScannerEnabled: false | ||||||
|  |     rbacAssessmentScannerEnabled: false | ||||||
|  |     infraAssessmentScannerEnabled: false | ||||||
|  |     clusterComplianceEnabled: false | ||||||
|  |   serviceMonitor: | ||||||
|  |     enabled: true | ||||||
|  |   trivy: | ||||||
|  |     createConfig: true | ||||||
|  |     image: | ||||||
|  |       registry: mirror.gcr.io | ||||||
|  |       repository: aquasec/trivy | ||||||
|  |       tag: 0.62.1 | ||||||
|  |     storageClassEnabled: true | ||||||
|  |     storageClassName: ceph-block | ||||||
|  |     storageSize: "5Gi" | ||||||
|  |     registry: | ||||||
|  |       mirror: | ||||||
|  |         "registry-1.docker.io": proxy-registry-1.docker.io | ||||||
|  |         "quay.io": proxy-quay.io | ||||||
|  |         "registry.k8s.io": proxy-registry.k8s | ||||||
|  |         "gcr.io": proxy-gcr.io | ||||||
|  |         "ghcr.io": proxy-ghcr.io | ||||||
|  |         "hub.docker": proxy-hub.docker | ||||||
|  |     severity: UNKNOWN,LOW,MEDIUM,HIGH,CRITICAL | ||||||
|  |     slow: true | ||||||
|  |     resources: | ||||||
|  |       requests: | ||||||
|  |         cpu: 100m | ||||||
|  |         memory: 128M | ||||||
|  |     supportedConfigAuditKinds: "Workload,Service,Role,ClusterRole,NetworkPolicy,Ingress,LimitRange,ResourceQuota" | ||||||
|  |     server: | ||||||
|  |       resources: | ||||||
|  |         requests: | ||||||
|  |           cpu: 200m | ||||||
|  |           memory: 512Mi | ||||||
|  |       replicas: 1 | ||||||
|  |   compliance: | ||||||
|  |     reportType: summary | ||||||
|  |     cron: 0 5 * * * | ||||||
|  |     specs: | ||||||
|  |       - k8s-cis-1.23 | ||||||
|  |       - k8s-nsa-1.0 | ||||||
|  |       - k8s-pss-baseline-0.1 | ||||||
|  |       - k8s-pss-restricted-0.1 | ||||||
|  |   volumeMounts: | ||||||
|  |     - mountPath: /tmp | ||||||
|  |       name: cache-policies | ||||||
|  |       readOnly: false | ||||||
|  |   volumes: | ||||||
|  |     - name: cache-policies | ||||||
|  |       emptyDir: {} | ||||||
|  |   resources: | ||||||
|  |     requests: | ||||||
|  |       cpu: 100m | ||||||
|  |       memory: 128Mi | ||||||
|  |   nodeCollector: | ||||||
|  |     volumeMounts: | ||||||
|  |       - name: var-lib-etcd | ||||||
|  |         mountPath: /var/lib/etcd | ||||||
|  |         readOnly: true | ||||||
|  |       - name: var-lib-kubelet | ||||||
|  |         mountPath: /var/lib/kubelet | ||||||
|  |         readOnly: true | ||||||
|  |       - name: var-lib-kube-scheduler | ||||||
|  |         mountPath: /var/lib/kube-scheduler | ||||||
|  |         readOnly: true | ||||||
|  |       - name: var-lib-kube-controller-manager | ||||||
|  |         mountPath: /var/lib/kube-controller-manager | ||||||
|  |         readOnly: true | ||||||
|  |       - name: etc-systemd | ||||||
|  |         mountPath: /etc/systemd | ||||||
|  |         readOnly: true | ||||||
|  |       - name: lib-systemd | ||||||
|  |         mountPath: /lib/systemd/ | ||||||
|  |         readOnly: true | ||||||
|  |       - name: etc-kubernetes | ||||||
|  |         mountPath: /etc/kubernetes | ||||||
|  |         readOnly: true | ||||||
|  |       - name: etc-cni-netd | ||||||
|  |         mountPath: /etc/cni/net.d/ | ||||||
|  |         readOnly: true | ||||||
|  |     volumes: | ||||||
|  |       - name: var-lib-etcd | ||||||
|  |         hostPath: | ||||||
|  |           path: /var/lib/etcd | ||||||
|  |       - name: var-lib-kubelet | ||||||
|  |         hostPath: | ||||||
|  |           path: /var/lib/kubelet | ||||||
|  |       - name: var-lib-kube-scheduler | ||||||
|  |         hostPath: | ||||||
|  |           path: /var/lib/kube-scheduler | ||||||
|  |       - name: var-lib-kube-controller-manager | ||||||
|  |         hostPath: | ||||||
|  |           path: /var/lib/kube-controller-manager | ||||||
|  |       - name: etc-systemd | ||||||
|  |         hostPath: | ||||||
|  |           path: /etc/systemd | ||||||
|  |       - name: lib-systemd | ||||||
|  |         hostPath: | ||||||
|  |           path: /lib/systemd | ||||||
|  |       - name: etc-kubernetes | ||||||
|  |         hostPath: | ||||||
|  |           path: /etc/kubernetes | ||||||
|  |       - name: etc-cni-netd | ||||||
|  |         hostPath: | ||||||
|  |           path: /etc/cni/net.d/ | ||||||
| @@ -151,80 +151,6 @@ gitea: | |||||||
|     enabled: false |     enabled: false | ||||||
|   mariadb: |   mariadb: | ||||||
|     enabled: false |     enabled: false | ||||||
| # renovate: |  | ||||||
| #   global: |  | ||||||
| #     fullnameOverride: gitea-renovate |  | ||||||
| #   controllers: |  | ||||||
| #     renovate: |  | ||||||
| #       type: cronjob |  | ||||||
| #       cronjob: |  | ||||||
| #         suspend: false |  | ||||||
| #         concurrencyPolicy: Forbid |  | ||||||
| #         timeZone: US/Central |  | ||||||
| #         schedule: "0 4 * * *" |  | ||||||
| #         startingDeadlineSeconds: 90 |  | ||||||
| #         successfulJobsHistory: 3 |  | ||||||
| #         failedJobsHistory: 3 |  | ||||||
| #         backoffLimit: 3 |  | ||||||
| #         parallelism: 1 |  | ||||||
| #       containers: |  | ||||||
| #         main: |  | ||||||
| #           image: |  | ||||||
| #             repository: renovate/renovate |  | ||||||
| #             tag: 40 |  | ||||||
| #             pullPolicy: IfNotPresent |  | ||||||
| #           env: |  | ||||||
| #             - name: RENOVATE_PLATFORM |  | ||||||
| #               value: gitea |  | ||||||
| #             - name: RENOVATE_AUTODISCOVER |  | ||||||
| #               value: 'true' |  | ||||||
| #             - name: RENOVATE_ONBOARDING |  | ||||||
| #               value: 'true' |  | ||||||
| #             - name: RENOVATE_BASE_DIR |  | ||||||
| #               value: /tmp/renovate |  | ||||||
| #             - name: RENOVATE_PERSIST_REPO_DATA |  | ||||||
| #               value: true |  | ||||||
| #             - name: RENOVATE_REPOSITORY_CACHE |  | ||||||
| #               value: true |  | ||||||
| #             - name: RENOVATE_REDIS_URL |  | ||||||
| #               value: redis://gitea-renovate-valkey-primary.gitea:6379 |  | ||||||
| #             - name: LOG_LEVEL |  | ||||||
| #               value: info |  | ||||||
| #           envFrom: |  | ||||||
| #             - secretRef: |  | ||||||
| #                 name: gitea-renovate-secret |  | ||||||
| #           resources: |  | ||||||
| #             requests: |  | ||||||
| #               cpu: 100m |  | ||||||
| #               memory: 128Mi |  | ||||||
| #   persistence: |  | ||||||
| #     base: |  | ||||||
| #       storageClass: ceph-block |  | ||||||
| #       accessMode: ReadWriteOnce |  | ||||||
| #       size: 5Gi |  | ||||||
| #       retain: true |  | ||||||
| #       advancedMounts: |  | ||||||
| #         renovate: |  | ||||||
| #           main: |  | ||||||
| #             - path: /tmp/renovate |  | ||||||
| #               readOnly: false |  | ||||||
| #     ssh: |  | ||||||
| #       enabled: true |  | ||||||
| #       type: secret |  | ||||||
| #       name: gitea-renovate-ssh-secret |  | ||||||
| #       advancedMounts: |  | ||||||
| #         renovate: |  | ||||||
| #           main: |  | ||||||
| #             - path: /home/ubuntu/.ssh |  | ||||||
| #               readOnly: true |  | ||||||
| #               mountPropagation: None |  | ||||||
| #     cache: |  | ||||||
| #       type: emptyDir |  | ||||||
| #       advancedMounts: |  | ||||||
| #         renovate: |  | ||||||
| #           main: |  | ||||||
| #             - path: /tmp/renovate/cache |  | ||||||
| #               readOnly: false |  | ||||||
| backup: | backup: | ||||||
|   global: |   global: | ||||||
|     fullnameOverride: gitea-backup |     fullnameOverride: gitea-backup | ||||||
|   | |||||||
| @@ -6,7 +6,7 @@ kubernetes-cloudflare-ddns: | |||||||
|         suspend: false |         suspend: false | ||||||
|         concurrencyPolicy: Forbid |         concurrencyPolicy: Forbid | ||||||
|         timeZone: US/Central |         timeZone: US/Central | ||||||
|         schedule: "0 0 * * *" |         schedule: "30 4 * * *" | ||||||
|         startingDeadlineSeconds: 90 |         startingDeadlineSeconds: 90 | ||||||
|         successfulJobsHistory: 3 |         successfulJobsHistory: 3 | ||||||
|         failedJobsHistory: 3 |         failedJobsHistory: 3 | ||||||
|   | |||||||
| @@ -13,7 +13,7 @@ etcd-backup: | |||||||
|         suspend: false |         suspend: false | ||||||
|         concurrencyPolicy: Forbid |         concurrencyPolicy: Forbid | ||||||
|         timeZone: US/Central |         timeZone: US/Central | ||||||
|         schedule: "0 0 * * *" |         schedule: "0 2 * * *" | ||||||
|         startingDeadlineSeconds: 90 |         startingDeadlineSeconds: 90 | ||||||
|         successfulJobsHistory: 3 |         successfulJobsHistory: 3 | ||||||
|         failedJobsHistory: 3 |         failedJobsHistory: 3 | ||||||
|   | |||||||
		Reference in New Issue
	
	Block a user