# Trivy Operator Dashboard — web UI for Trivy Operator CRDs (community chart; not Aqua).
# Helm: oci://ghcr.io/raoulx24/charts/trivy-operator-dashboard — Argo: **noble-trivy-dashboard**.
# OAuth: Traefik **ForwardAuth** → **oauth2-proxy** (OIDC to Authentik), same pattern as Longhorn / Prometheus UIs.
#
# Sync **noble-trivy-operator** first so CRDs and reports exist. DNS: host below → Traefik LB.

kubernetes:
  # Match **clusters/noble/apps/trivy/values.yaml** operator feature flags (no SBOM / cluster compliance cache).
  trivyUseClusterComplianceReport: false
  trivyUseClusterSbomReport: false
  trivyUseClusterVulnerabilityReport: false
  trivyUseSbomReport: false

image:
  pullPolicy: IfNotPresent

ingress:
  enabled: true
  className: traefik
  annotations:
    cert-manager.io/cluster-issuer: letsencrypt-prod
    traefik.ingress.kubernetes.io/router.middlewares: oauth2-proxy-forward-auth@kubernetescrd
  hosts:
    - host: trivy.apps.noble.lab.pcenicni.dev
      paths:
        - path: /
          pathType: Prefix
  tls:
    - secretName: trivy-apps-noble-tls
      hosts:
        - trivy.apps.noble.lab.pcenicni.dev

tolerations:
  - operator: Exists

resources:
  requests:
    cpu: 100m
    memory: 384Mi
  limits:
    cpu: "1"
    memory: 512Mi