FEAT(trivy): add trivy-ui Application with ingress

- Add trivy-ui as separate ArgoCD Application with inline values - Create ingress.yaml for trivy0213.kro.kr - Update kustomization.yaml to include ingress
2025-12-31 23:11:54 +09:00
parent a3d971b986
commit 95c756bc7f
3 changed files with 94 additions and 1 deletions
--- a/trivy/argocd.yaml
+++ b/trivy/argocd.yaml
@@ -41,3 +41,71 @@ spec:
      labels:
        goldilocks.fairwinds.com/enabled: 'true'
  revisionHistoryLimit: 10
+---
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  name: trivy-ui
+  namespace: argocd
+  finalizers:
+  - resources-finalizer.argocd.argoproj.io
+spec:
+  project: default
+  source:
+    repoURL: https://locustbaby.github.io/trivy-ui/
+    chart: trivy-ui
+    targetRevision: '*'
+    helm:
+      values: |
+        replicaCount: 1
+
+        image:
+          repository: locustbaby/trivy-ui
+          pullPolicy: IfNotPresent
+          tag: "v0.0.2"
+
+        serviceAccount:
+          create: true
+
+        service:
+          type: ClusterIP
+          port: 80
+
+        resources:
+          requests:
+            cpu: 50m
+            memory: 64Mi
+          limits:
+            memory: 128Mi
+
+        env:
+          KUBECONFIG_DIR: "/kubeconfigs"
+          STATIC_PATH: "trivy-dashboard/dist"
+          DEBUG: "false"
+
+        kubeconfigs:
+          create: false
+
+        rbac:
+          create: true
+  destination:
+    server: https://kubernetes.default.svc
+    namespace: trivy-system
+  syncPolicy:
+    automated:
+      prune: true
+      selfHeal: true
+    syncOptions:
+    - CreateNamespace=true
+    - PrunePropagationPolicy=foreground
+    - PruneLast=true
+    retry:
+      limit: 5
+      backoff:
+        duration: 5s
+        factor: 2
+        maxDuration: 3m
+    managedNamespaceMetadata:
+      labels:
+        goldilocks.fairwinds.com/enabled: 'true'
+  revisionHistoryLimit: 10
--- a/trivy/ingress.yaml
+++ b/trivy/ingress.yaml
@@ -0,0 +1,24 @@
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: trivy-ui-ingress
+  namespace: trivy-system
+  annotations:
+    cert-manager.io/cluster-issuer: letsencrypt-prod
+spec:
+  ingressClassName: traefik
+  tls:
+    - hosts:
+        - trivy0213.kro.kr
+      secretName: trivy-ui-tls
+  rules:
+    - host: trivy0213.kro.kr
+      http:
+        paths:
+          - path: /
+            pathType: Prefix
+            backend:
+              service:
+                name: trivy-ui
+                port:
+                  number: 80
--- a/trivy/kustomization.yaml
+++ b/trivy/kustomization.yaml
@@ -1,3 +1,4 @@
 apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
-resources: []
+resources:
+- ingress.yaml