feat: deploy Wave 1 - Vaultwarden, Uptime Kuma, Trivy Operator, Authelia

GitOps manifests for security stack Wave 1:
- Vaultwarden (vault.davidepiu.xyz) - password manager
- Uptime Kuma (status.davidepiu.xyz) - uptime monitoring
- Trivy Operator - vulnerability scanning
- Authelia (auth.davidepiu.xyz) - SSO + 2FA

All with NetworkPolicies for Traefik ingress.
This commit is contained in:
2026-02-19 22:44:34 +00:00
parent 232957ac4a
commit c2a803d28b
4 changed files with 292 additions and 0 deletions

View File

@@ -0,0 +1,45 @@
---
apiVersion: source.toolkit.fluxcd.io/v1
kind: HelmRepository
metadata:
name: aquasecurity
namespace: flux-system
spec:
interval: 1h
url: https://aquasecurity.github.io/helm-charts/
---
apiVersion: helm.toolkit.fluxcd.io/v2
kind: HelmRelease
metadata:
name: trivy-operator
namespace: flux-system
spec:
interval: 1h
targetNamespace: trivy-system
install:
createNamespace: true
chart:
spec:
chart: trivy-operator
sourceRef:
kind: HelmRepository
name: aquasecurity
interval: 1h
values:
trivy:
resources:
requests:
cpu: 10m
memory: 64Mi
limits:
cpu: 500m
memory: 512Mi
operator:
scanJobsConcurrentLimit: 1
vulnerabilityScannerScanOnlyCurrentRevisions: true
compliance:
cron: ""
nodeCollector:
excludeNodes: ""
serviceMonitor:
enabled: false