Files
fleet-infra/clusters/lab/security/trivy-operator.yaml
Davide Piu c2a803d28b feat: deploy Wave 1 - Vaultwarden, Uptime Kuma, Trivy Operator, Authelia
GitOps manifests for security stack Wave 1:
- Vaultwarden (vault.davidepiu.xyz) - password manager
- Uptime Kuma (status.davidepiu.xyz) - uptime monitoring
- Trivy Operator - vulnerability scanning
- Authelia (auth.davidepiu.xyz) - SSO + 2FA

All with NetworkPolicies for Traefik ingress.
2026-02-19 22:44:34 +00:00

46 lines
916 B
YAML

---
apiVersion: source.toolkit.fluxcd.io/v1
kind: HelmRepository
metadata:
name: aquasecurity
namespace: flux-system
spec:
interval: 1h
url: https://aquasecurity.github.io/helm-charts/
---
apiVersion: helm.toolkit.fluxcd.io/v2
kind: HelmRelease
metadata:
name: trivy-operator
namespace: flux-system
spec:
interval: 1h
targetNamespace: trivy-system
install:
createNamespace: true
chart:
spec:
chart: trivy-operator
sourceRef:
kind: HelmRepository
name: aquasecurity
interval: 1h
values:
trivy:
resources:
requests:
cpu: 10m
memory: 64Mi
limits:
cpu: 500m
memory: 512Mi
operator:
scanJobsConcurrentLimit: 1
vulnerabilityScannerScanOnlyCurrentRevisions: true
compliance:
cron: ""
nodeCollector:
excludeNodes: ""
serviceMonitor:
enabled: false