Davide Piu
c2a803d28b
GitOps manifests for security stack Wave 1: - Vaultwarden (vault.davidepiu.xyz) - password manager - Uptime Kuma (status.davidepiu.xyz) - uptime monitoring - Trivy Operator - vulnerability scanning - Authelia (auth.davidepiu.xyz) - SSO + 2FA All with NetworkPolicies for Traefik ingress.
46 lines
916 B
YAML
46 lines
916 B
YAML
---
|
|
apiVersion: source.toolkit.fluxcd.io/v1
|
|
kind: HelmRepository
|
|
metadata:
|
|
name: aquasecurity
|
|
namespace: flux-system
|
|
spec:
|
|
interval: 1h
|
|
url: https://aquasecurity.github.io/helm-charts/
|
|
---
|
|
apiVersion: helm.toolkit.fluxcd.io/v2
|
|
kind: HelmRelease
|
|
metadata:
|
|
name: trivy-operator
|
|
namespace: flux-system
|
|
spec:
|
|
interval: 1h
|
|
targetNamespace: trivy-system
|
|
install:
|
|
createNamespace: true
|
|
chart:
|
|
spec:
|
|
chart: trivy-operator
|
|
sourceRef:
|
|
kind: HelmRepository
|
|
name: aquasecurity
|
|
interval: 1h
|
|
values:
|
|
trivy:
|
|
resources:
|
|
requests:
|
|
cpu: 10m
|
|
memory: 64Mi
|
|
limits:
|
|
cpu: 500m
|
|
memory: 512Mi
|
|
operator:
|
|
scanJobsConcurrentLimit: 1
|
|
vulnerabilityScannerScanOnlyCurrentRevisions: true
|
|
compliance:
|
|
cron: ""
|
|
nodeCollector:
|
|
excludeNodes: ""
|
|
serviceMonitor:
|
|
enabled: false
|