CHORE(trivy): remove Trivy vulnerability scanner

- Delete trivy directory and configuration files
- Remove trivy from kustomization.yaml
- Reduce cluster resource usage

kustomization.yaml

@@ -7,4 +7,3 @@ resources:
   - vault/argocd.yaml
   - external-secrets/argocd.yaml
   - falco/argocd.yaml
-  - trivy/argocd.yaml

trivy/argocd.yaml

@@ -1,43 +0,0 @@
-apiVersion: argoproj.io/v1alpha1
-kind: Application
-metadata:
-  name: trivy
-  namespace: argocd
-  finalizers:
-  - resources-finalizer.argocd.argoproj.io
-spec:
-  project: default
-  sources:
-  - repoURL: https://aquasecurity.github.io/helm-charts
-    chart: trivy-operator
-    targetRevision: 0.31.0
-    helm:
-      valueFiles:
-      - $values/trivy/helm-values.yaml
-  - repoURL: https://github.com/K3S-HOME/security.git
-    targetRevision: main
-    ref: values
-  - repoURL: https://github.com/K3S-HOME/security.git
-    targetRevision: main
-    path: trivy
-  destination:
-    server: https://kubernetes.default.svc
-    namespace: trivy-system
-  syncPolicy:
-    automated:
-      prune: true
-      selfHeal: true
-    syncOptions:
-    - CreateNamespace=true
-    - PrunePropagationPolicy=foreground
-    - PruneLast=true
-    retry:
-      limit: 5
-      backoff:
-        duration: 5s
-        factor: 2
-        maxDuration: 3m
-    managedNamespaceMetadata:
-      labels:
-        goldilocks.fairwinds.com/enabled: 'true'
-  revisionHistoryLimit: 10

trivy/helm-values.yaml

@@ -1,93 +0,0 @@
-# Trivy Operator Helm Values
-# Chart: https://github.com/aquasecurity/trivy-operator
-
-# Namespace 설정
-targetNamespaces: ""
-excludeNamespaces: "kube-system,kube-public,kube-node-lease"
-
-# Operator 설정
-operator:
-  replicas: 1
-
-  # Operator 리소스
-  resources:
-    requests:
-      cpu: 50m
-      memory: 256Mi
-    limits:
-      cpu: null  # Disable chart default
-      memory: 384Mi
-
-  # 스캔 설정
-  scanJobTimeout: 10m
-  scanJobsConcurrentLimit: 2  # Reduced from 3 to save resources
-  scannerReportTTL: "24h"
-
-  # 스캐너 활성화
-  vulnerabilityScannerEnabled: true
-  sbomGenerationEnabled: true
-  configAuditScannerEnabled: true
-  rbacAssessmentScannerEnabled: true
-  infraAssessmentScannerEnabled: true
-  clusterComplianceEnabled: true
-  exposedSecretScannerEnabled: true
-
-  # 메트릭 설정
-  metricsFindingsEnabled: true
-  metricsVulnIdEnabled: false  # 카디널리티 증가 방지
-
-# Trivy 스캐너 설정
-trivy:
-  # Standalone 모드 (ClientServer보다 간단)
-  mode: Standalone
-
-  # 취약점 심각도
-  severity: UNKNOWN,LOW,MEDIUM,HIGH,CRITICAL
-
-  # 리소스 절약 모드
-  slow: true
-
-  # 스캔 타임아웃
-  timeout: "10m0s"
-
-  # 스토리지 설정 (Longhorn 사용)
-  storageClassEnabled: true
-  storageClassName: "longhorn"
-  storageSize: "2Gi"
-
-  # 스캔 작업 리소스 제한
-  resources:
-    requests:
-      cpu: 50m
-      memory: 256Mi
-    limits:
-      cpu: null  # Disable chart default (500m)
-      memory: 384Mi
-
-# 스캔 작업 설정
-trivyOperator:
-  scanJobCompressLogs: true
-  reportRecordFailedChecksOnly: true
-
-  # 스캔 작업 보안 컨텍스트
-  scanJobPodTemplateContainerSecurityContext:
-    allowPrivilegeEscalation: false
-    capabilities:
-      drop:
-        - ALL
-    privileged: false
-    readOnlyRootFilesystem: true
-
-# ServiceMonitor 설정 (Prometheus 연동)
-serviceMonitor:
-  enabled: true
-  namespace: prometheus
-  interval: 60s
-  labels:
-    release: prometheus
-  honorLabels: true
-
-# 서비스 설정
-service:
-  headless: true
-  metricsPort: 80

trivy/kustomization.yaml

@@ -1,3 +0,0 @@
-apiVersion: kustomize.config.k8s.io/v1beta1
-kind: Kustomization
-resources: []