remove trivy
This commit is contained in:
@@ -355,7 +355,6 @@ kubectl patch application myapp -n argocd \
|
||||
| **Fluent-Bit** | Log shipping | `monitoring` | DaemonSet |
|
||||
| **OpenCost** | Cost monitoring | `monitoring` | 1 |
|
||||
| **Renovate** | Dependency updates | `renovate` | CronJob |
|
||||
| **Trivy** | Vulnerability scanning | `trivy-system` | 1 |
|
||||
|
||||
**Full specs**: [Technical Reference - Infrastructure Components](docs/REFERENCE.md#infrastructure-components)
|
||||
|
||||
|
||||
@@ -1,37 +0,0 @@
|
||||
apiVersion: cilium.io/v2
|
||||
kind: CiliumNetworkPolicy
|
||||
metadata:
|
||||
name: deny-external-egress
|
||||
namespace: trivy-system
|
||||
labels:
|
||||
app.kubernetes.io/managed-by: argocd
|
||||
app.kubernetes.io/part-of: network-policies
|
||||
spec:
|
||||
endpointSelector: {}
|
||||
egress:
|
||||
# Allow DNS resolution
|
||||
- toEndpoints:
|
||||
- matchLabels:
|
||||
io.kubernetes.pod.namespace: kube-system
|
||||
k8s-app: kube-dns
|
||||
toPorts:
|
||||
- ports:
|
||||
- port: "53"
|
||||
protocol: UDP
|
||||
- port: "53"
|
||||
protocol: TCP
|
||||
|
||||
# Allow cluster-internal traffic (RFC1918)
|
||||
- toCIDR:
|
||||
- 10.0.0.0/8
|
||||
- 172.16.0.0/12
|
||||
- 192.168.0.0/16
|
||||
|
||||
# Allow Trivy vulnerability DB downloads (ghcr.io OCI registry)
|
||||
- toFQDNs:
|
||||
- matchName: ghcr.io
|
||||
- matchName: pkg-containers.githubusercontent.com
|
||||
toPorts:
|
||||
- ports:
|
||||
- port: "443"
|
||||
protocol: TCP
|
||||
@@ -26,7 +26,6 @@ spec:
|
||||
- monitoring
|
||||
- secrets
|
||||
- kyverno
|
||||
- trivy-system
|
||||
match:
|
||||
any:
|
||||
- resources:
|
||||
|
||||
@@ -16,7 +16,6 @@ spec:
|
||||
- resources:
|
||||
namespaces:
|
||||
- kube-system
|
||||
- trivy-system
|
||||
- monitoring
|
||||
- argocd
|
||||
- cert-manager
|
||||
|
||||
@@ -14,7 +14,6 @@
|
||||
"syft@1.29.0",
|
||||
"grype@0.92.2",
|
||||
"traefik@3.6.7",
|
||||
"trivy@latest",
|
||||
"claude-code@latest",
|
||||
"go@latest",
|
||||
"dotnet-sdk@latest",
|
||||
|
||||
@@ -88,7 +88,6 @@ launchpad/
|
||||
│ ├── loki.yaml
|
||||
│ ├── tempo.yaml
|
||||
│ ├── fluent-bit.yaml
|
||||
│ ├── trivy.yaml
|
||||
│ ├── gitea.yaml
|
||||
│ ├── gitea-actions.yaml
|
||||
│ ├── sealedsecrets.yaml
|
||||
|
||||
@@ -10,7 +10,6 @@ resources:
|
||||
- prometheus.yaml
|
||||
- loki.yaml
|
||||
- fluent-bit.yaml
|
||||
- trivy.yaml
|
||||
- enterprise-apps.yaml
|
||||
- cluster-resources-application.yaml
|
||||
- kyverno-policies.yaml
|
||||
|
||||
@@ -1,67 +0,0 @@
|
||||
apiVersion: v1
|
||||
kind: Namespace
|
||||
metadata:
|
||||
name: trivy-system
|
||||
annotations:
|
||||
argocd.argoproj.io/sync-wave: "-1"
|
||||
---
|
||||
|
||||
apiVersion: argoproj.io/v1alpha1
|
||||
kind: Application
|
||||
metadata:
|
||||
name: trivy-operator
|
||||
namespace: argocd
|
||||
annotations:
|
||||
argocd.argoproj.io/sync-wave: "0"
|
||||
labels:
|
||||
app.kubernetes.io/name: trivy-operator
|
||||
app.kubernetes.io/part-of: platform
|
||||
app.kubernetes.io/managed-by: argocd
|
||||
finalizers:
|
||||
- resources-finalizer.argocd.argoproj.io
|
||||
spec:
|
||||
project: default
|
||||
|
||||
source:
|
||||
repoURL: https://aquasecurity.github.io/helm-charts
|
||||
chart: trivy-operator
|
||||
targetRevision: 0.31.0
|
||||
helm:
|
||||
releaseName: trivy-operator
|
||||
valuesObject:
|
||||
operator:
|
||||
targetNamespaces: ""
|
||||
excludeNamespaces: "argocd,trivy-system,kube-system,monitoring,kyverno,cert-manager"
|
||||
scanJobsInSameNamespace: true
|
||||
metricsVulnIdEnabled: true
|
||||
metricsImageInfo: true
|
||||
trivy:
|
||||
ignoreUnfixed: false
|
||||
|
||||
destination:
|
||||
server: https://kubernetes.default.svc
|
||||
namespace: trivy-system
|
||||
|
||||
syncPolicy:
|
||||
automated:
|
||||
prune: true
|
||||
selfHeal: true
|
||||
allowEmpty: false
|
||||
syncOptions:
|
||||
- CreateNamespace=true
|
||||
- Validate=true
|
||||
- ServerSideApply=true
|
||||
retry:
|
||||
limit: 5
|
||||
backoff:
|
||||
duration: 5s
|
||||
factor: 2
|
||||
maxDuration: 3m
|
||||
|
||||
ignoreDifferences:
|
||||
- group: apiextensions.k8s.io
|
||||
kind: CustomResourceDefinition
|
||||
jsonPointers:
|
||||
- /metadata/labels
|
||||
- /metadata/annotations
|
||||
- /metadata/finalizers
|
||||
@@ -8,9 +8,6 @@ generatorOptions:
|
||||
grafana_dashboard: "1"
|
||||
|
||||
configMapGenerator:
|
||||
- name: grafana-dashboard-trivy
|
||||
files:
|
||||
- trivy.json
|
||||
- name: grafana-dashboard-traefik-loki
|
||||
files:
|
||||
- traefik-loki.json
|
||||
|
||||
File diff suppressed because it is too large
Load Diff
@@ -36,28 +36,6 @@ extraScrapeConfigs: |
|
||||
- source_labels: [__meta_kubernetes_namespace]
|
||||
target_label: namespace
|
||||
|
||||
- job_name: trivy-operator
|
||||
scrape_interval: 30s
|
||||
metrics_path: /metrics
|
||||
kubernetes_sd_configs:
|
||||
- role: pod
|
||||
namespaces:
|
||||
names:
|
||||
- trivy-system
|
||||
relabel_configs:
|
||||
- source_labels: [__meta_kubernetes_pod_label_app_kubernetes_io_name]
|
||||
regex: trivy-operator
|
||||
action: keep
|
||||
- source_labels: [__meta_kubernetes_pod_container_port_number]
|
||||
regex: "8080"
|
||||
action: keep
|
||||
- source_labels: [__meta_kubernetes_pod_name]
|
||||
target_label: pod
|
||||
- source_labels: [__meta_kubernetes_namespace]
|
||||
target_label: namespace
|
||||
- source_labels: [__meta_kubernetes_pod_label_app_kubernetes_io_instance]
|
||||
target_label: instance
|
||||
|
||||
- job_name: traefik
|
||||
scrape_interval: 15s
|
||||
metrics_path: /metrics
|
||||
|
||||
Reference in New Issue
Block a user