From 95c756bc7f65486eb9cec9677785120ed8039988 Mon Sep 17 00:00:00 2001
From: Mayne0213 <bluemayne0213@icloud.com>
Date: Wed, 31 Dec 2025 23:11:54 +0900
Subject: [PATCH] FEAT(trivy): add trivy-ui Application with ingress

- Add trivy-ui as separate ArgoCD Application with inline values
- Create ingress.yaml for trivy0213.kro.kr
- Update kustomization.yaml to include ingress
---
 trivy/argocd.yaml        | 68 ++++++++++++++++++++++++++++++++++++++++
 trivy/ingress.yaml       | 24 ++++++++++++++
 trivy/kustomization.yaml |  3 +-
 3 files changed, 94 insertions(+), 1 deletion(-)
 create mode 100644 trivy/ingress.yaml

diff --git a/trivy/argocd.yaml b/trivy/argocd.yaml
index 9a67eae..d1528e1 100644
--- a/trivy/argocd.yaml
+++ b/trivy/argocd.yaml
@@ -41,3 +41,71 @@ spec:
       labels:
         goldilocks.fairwinds.com/enabled: 'true'
   revisionHistoryLimit: 10
+---
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  name: trivy-ui
+  namespace: argocd
+  finalizers:
+  - resources-finalizer.argocd.argoproj.io
+spec:
+  project: default
+  source:
+    repoURL: https://locustbaby.github.io/trivy-ui/
+    chart: trivy-ui
+    targetRevision: '*'
+    helm:
+      values: |
+        replicaCount: 1
+
+        image:
+          repository: locustbaby/trivy-ui
+          pullPolicy: IfNotPresent
+          tag: "v0.0.2"
+
+        serviceAccount:
+          create: true
+
+        service:
+          type: ClusterIP
+          port: 80
+
+        resources:
+          requests:
+            cpu: 50m
+            memory: 64Mi
+          limits:
+            memory: 128Mi
+
+        env:
+          KUBECONFIG_DIR: "/kubeconfigs"
+          STATIC_PATH: "trivy-dashboard/dist"
+          DEBUG: "false"
+
+        kubeconfigs:
+          create: false
+
+        rbac:
+          create: true
+  destination:
+    server: https://kubernetes.default.svc
+    namespace: trivy-system
+  syncPolicy:
+    automated:
+      prune: true
+      selfHeal: true
+    syncOptions:
+    - CreateNamespace=true
+    - PrunePropagationPolicy=foreground
+    - PruneLast=true
+    retry:
+      limit: 5
+      backoff:
+        duration: 5s
+        factor: 2
+        maxDuration: 3m
+    managedNamespaceMetadata:
+      labels:
+        goldilocks.fairwinds.com/enabled: 'true'
+  revisionHistoryLimit: 10
diff --git a/trivy/ingress.yaml b/trivy/ingress.yaml
new file mode 100644
index 0000000..107bbc3
--- /dev/null
+++ b/trivy/ingress.yaml
@@ -0,0 +1,24 @@
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: trivy-ui-ingress
+  namespace: trivy-system
+  annotations:
+    cert-manager.io/cluster-issuer: letsencrypt-prod
+spec:
+  ingressClassName: traefik
+  tls:
+    - hosts:
+        - trivy0213.kro.kr
+      secretName: trivy-ui-tls
+  rules:
+    - host: trivy0213.kro.kr
+      http:
+        paths:
+          - path: /
+            pathType: Prefix
+            backend:
+              service:
+                name: trivy-ui
+                port:
+                  number: 80
diff --git a/trivy/kustomization.yaml b/trivy/kustomization.yaml
index b83b23e..bd43e8a 100644
--- a/trivy/kustomization.yaml
+++ b/trivy/kustomization.yaml
@@ -1,3 +1,4 @@
 apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
-resources: []
+resources:
+- ingress.yaml