43 lines
1.2 KiB
YAML
43 lines
1.2 KiB
YAML
# Trivy Operator Dashboard — web UI for Trivy Operator CRDs (community chart; not Aqua).
|
|
# Helm: oci://ghcr.io/raoulx24/charts/trivy-operator-dashboard — Argo: **noble-trivy-dashboard**.
|
|
# OAuth: Traefik **ForwardAuth** → **oauth2-proxy** (OIDC to Authentik), same pattern as Longhorn / Prometheus UIs.
|
|
#
|
|
# Sync **noble-trivy-operator** first so CRDs and reports exist. DNS: host below → Traefik LB.
|
|
|
|
kubernetes:
|
|
# Match **clusters/noble/bootstrap/trivy/values.yaml** operator feature flags (no SBOM / cluster compliance cache).
|
|
trivyUseClusterComplianceReport: false
|
|
trivyUseClusterSbomReport: false
|
|
trivyUseClusterVulnerabilityReport: false
|
|
trivyUseSbomReport: false
|
|
|
|
image:
|
|
pullPolicy: IfNotPresent
|
|
|
|
ingress:
|
|
enabled: true
|
|
className: traefik
|
|
annotations:
|
|
cert-manager.io/cluster-issuer: letsencrypt-prod
|
|
traefik.ingress.kubernetes.io/router.middlewares: oauth2-proxy-forward-auth@kubernetescrd
|
|
hosts:
|
|
- host: trivy.apps.noble.lab.pcenicni.dev
|
|
paths:
|
|
- path: /
|
|
pathType: Prefix
|
|
tls:
|
|
- secretName: trivy-apps-noble-tls
|
|
hosts:
|
|
- trivy.apps.noble.lab.pcenicni.dev
|
|
|
|
tolerations:
|
|
- operator: Exists
|
|
|
|
resources:
|
|
requests:
|
|
cpu: 100m
|
|
memory: 384Mi
|
|
limits:
|
|
cpu: "1"
|
|
memory: 512Mi
|