Forte/launchpad
6
0
Fork 0
Code Issues Pull Requests Actions Packages Wiki Activity

remove trivy

Browse Source
This commit is contained in:
Danijel Simeunovic
2026-04-24 15:24:58 +02:00
parent 3095741590
commit 03c47ad109
11 changed files with 0 additions and 1976 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
README.md
View File

@@ -355,7 +355,6 @@ kubectl patch application myapp -n argocd \
| **Fluent-Bit** | Log shipping | `monitoring` | DaemonSet | | **Fluent-Bit** | Log shipping | `monitoring` | DaemonSet |
| **OpenCost** | Cost monitoring | `monitoring` | 1 | | **OpenCost** | Cost monitoring | `monitoring` | 1 |
| **Renovate** | Dependency updates | `renovate` | CronJob | | **Renovate** | Dependency updates | `renovate` | CronJob |
| **Trivy** | Vulnerability scanning | `trivy-system` | 1 |
**Full specs**: [Technical Reference - Infrastructure Components](docs/REFERENCE.md#infrastructure-components) **Full specs**: [Technical Reference - Infrastructure Components](docs/REFERENCE.md#infrastructure-components)

37
cluster-resources/network/deny-external-egress-trivy.yaml
View File

@@ -1,37 +0,0 @@
apiVersion: cilium.io/v2
kind: CiliumNetworkPolicy
metadata:
name: deny-external-egress
namespace: trivy-system
labels:
app.kubernetes.io/managed-by: argocd
app.kubernetes.io/part-of: network-policies
spec:
endpointSelector: {}
egress:
# Allow DNS resolution
- toEndpoints:
- matchLabels:
io.kubernetes.pod.namespace: kube-system
k8s-app: kube-dns
toPorts:
- ports:
- port: "53"
protocol: UDP
- port: "53"
protocol: TCP
# Allow cluster-internal traffic (RFC1918)
- toCIDR:
- 10.0.0.0/8
- 172.16.0.0/12
- 192.168.0.0/16
# Allow Trivy vulnerability DB downloads (ghcr.io OCI registry)
- toFQDNs:
- matchName: ghcr.io
- matchName: pkg-containers.githubusercontent.com
toPorts:
- ports:
- port: "443"
protocol: TCP

1
cluster-resources/policies/label-checker.yaml
View File

@@ -26,7 +26,6 @@ spec:
- monitoring - monitoring
- secrets - secrets
- kyverno - kyverno
- trivy-system
match: match:
any: any:
- resources: - resources:

1
cluster-resources/policies/secret-cloner.yaml
View File

@@ -16,7 +16,6 @@ spec:
- resources: - resources:
namespaces: namespaces:
- kube-system - kube-system
- trivy-system
- monitoring - monitoring
- argocd - argocd
- cert-manager - cert-manager

1
devbox.json
View File

@@ -14,7 +14,6 @@
"syft@1.29.0", "syft@1.29.0",
"grype@0.92.2", "grype@0.92.2",
"traefik@3.6.7", "traefik@3.6.7",
"trivy@latest",
"claude-code@latest", "claude-code@latest",
"go@latest", "go@latest",
"dotnet-sdk@latest", "dotnet-sdk@latest",

1
docs/REFERENCE.md
View File

@@ -88,7 +88,6 @@ launchpad/
│ ├── loki.yaml │ ├── loki.yaml
│ ├── tempo.yaml │ ├── tempo.yaml
│ ├── fluent-bit.yaml │ ├── fluent-bit.yaml
│ ├── trivy.yaml
│ ├── gitea.yaml │ ├── gitea.yaml
│ ├── gitea-actions.yaml │ ├── gitea-actions.yaml
│ ├── sealedsecrets.yaml │ ├── sealedsecrets.yaml

1
infra/base/kustomization.yaml
View File

@@ -10,7 +10,6 @@ resources:
- prometheus.yaml - prometheus.yaml
- loki.yaml - loki.yaml
- fluent-bit.yaml - fluent-bit.yaml
- trivy.yaml
- enterprise-apps.yaml - enterprise-apps.yaml
- cluster-resources-application.yaml - cluster-resources-application.yaml
- kyverno-policies.yaml - kyverno-policies.yaml

67
infra/base/trivy.yaml
View File

@@ -1,67 +0,0 @@
apiVersion: v1
kind: Namespace
metadata:
name: trivy-system
annotations:
argocd.argoproj.io/sync-wave: "-1"
---
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
name: trivy-operator
namespace: argocd
annotations:
argocd.argoproj.io/sync-wave: "0"
labels:
app.kubernetes.io/name: trivy-operator
app.kubernetes.io/part-of: platform
app.kubernetes.io/managed-by: argocd
finalizers:
- resources-finalizer.argocd.argoproj.io
spec:
project: default
source:
repoURL: https://aquasecurity.github.io/helm-charts
chart: trivy-operator
targetRevision: 0.31.0
helm:
releaseName: trivy-operator
valuesObject:
operator:
targetNamespaces: ""
excludeNamespaces: "argocd,trivy-system,kube-system,monitoring,kyverno,cert-manager"
scanJobsInSameNamespace: true
metricsVulnIdEnabled: true
metricsImageInfo: true
trivy:
ignoreUnfixed: false
destination:
server: https://kubernetes.default.svc
namespace: trivy-system
syncPolicy:
automated:
prune: true
selfHeal: true
allowEmpty: false
syncOptions:
- CreateNamespace=true
- Validate=true
- ServerSideApply=true
retry:
limit: 5
backoff:
duration: 5s
factor: 2
maxDuration: 3m
ignoreDifferences:
- group: apiextensions.k8s.io
kind: CustomResourceDefinition
jsonPointers:
- /metadata/labels
- /metadata/annotations
- /metadata/finalizers

3
infra/dashboards/kustomization.yaml
View File

@@ -8,9 +8,6 @@ generatorOptions:
grafana_dashboard: "1" grafana_dashboard: "1"
configMapGenerator: configMapGenerator:
- name: grafana-dashboard-trivy
files:
- trivy.json
- name: grafana-dashboard-traefik-loki - name: grafana-dashboard-traefik-loki
files: files:
- traefik-loki.json - traefik-loki.json

1841
infra/dashboards/trivy.json
View File

File diff suppressed because it is too large Load Diff

22
infra/values/base/prometheus-values.yaml
View File

@@ -36,28 +36,6 @@ extraScrapeConfigs: |
- source_labels: [__meta_kubernetes_namespace] - source_labels: [__meta_kubernetes_namespace]
target_label: namespace target_label: namespace
- job_name: trivy-operator
scrape_interval: 30s
metrics_path: /metrics
kubernetes_sd_configs:
- role: pod
namespaces:
names:
- trivy-system
relabel_configs:
- source_labels: [__meta_kubernetes_pod_label_app_kubernetes_io_name]
regex: trivy-operator
action: keep
- source_labels: [__meta_kubernetes_pod_container_port_number]
regex: "8080"
action: keep
- source_labels: [__meta_kubernetes_pod_name]
target_label: pod
- source_labels: [__meta_kubernetes_namespace]
target_label: namespace
- source_labels: [__meta_kubernetes_pod_label_app_kubernetes_io_instance]
target_label: instance
- job_name: traefik - job_name: traefik
scrape_interval: 15s scrape_interval: 15s
metrics_path: /metrics metrics_path: /metrics