K3S-HOME/security
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
107 Commits 1 Branch 0 Tags
a6342a2fdd1a93e2633328edf43ef01deae0ac93
Commit Graph

11 Commits

Author SHA1 Message Date
Mayne0213
1cd89f6bae REFACTOR(falco): remove CPU limit 
- Set cpu: null to override chart default (1 core)
- Prevents CPU throttling under high load
 2026-01-05 00:40:26 +09:00
Mayne0213
bce1bdf12b FIX(trivy): fix Trivy resource limits 
- Operator: add 512Mi memory limit
- Scan jobs: increase memory limit 500M -> 768Mi
- Reduce concurrent scan jobs 3 -> 2
 2026-01-05 00:40:26 +09:00
Mayne0213
589b98a875 REFACTOR(trivy): remove Trivy scan job CPU limit 
- Remove CPU limit to prevent throttling
- Optimize scan job performance
 2026-01-05 00:40:26 +09:00
Mayne0213
a0e483a8c4 FEAT(trivy): add ignoreDiff for trivy-ui CPU limit 
- Add ignoreDifferences for CPU limit field
- Prevent ArgoCD sync drift
 2026-01-05 00:40:26 +09:00
Mayne0213
59b834c250 REFACTOR(resources): use tilde for null CPU 
- Use ~ (tilde) for null CPU limit values
- YAML best practice for null
 2026-01-05 00:40:26 +09:00
Mayne0213
e1ecf43096 REFACTOR(trivy): remove trivy-ui CPU limit 
- Remove CPU limit to prevent throttling
- Optimize resource configuration
 2026-01-05 00:40:26 +09:00
Mayne0213
7abf679d5e FEAT(goldilocks): add Authelia SSO 
- Add Authelia SSO to goldilocks, karma, trivy ingress
- Enable single sign-on authentication
 2026-01-04 23:41:39 +09:00
Mayne0213
95c756bc7f FEAT(trivy): add trivy-ui Application with ingress 
- Add trivy-ui as separate ArgoCD Application with inline values
- Create ingress.yaml for trivy0213.kro.kr
- Update kustomization.yaml to include ingress
 2026-01-04 23:41:39 +09:00
Mayne0213
a3d971b986 FEAT(trivy): enable Trivy operator for security scanning 
- Uncomment trivy/argocd.yaml in kustomization.yaml
- Enable automated sync in trivy argocd.yaml
 2026-01-04 23:41:39 +09:00
Mayne0213
114307fa4b CHORE(goldilocks): disable Goldilocks and Trivy 
- Comment out goldilocks/argocd.yaml from kustomization
- Comment out trivy/argocd.yaml from kustomization
- Disable autoSync in both applications
- Server overload mitigation
 2026-01-04 23:41:39 +09:00
Mayne0213
8da74949b8 FEAT(trivy): add trivy operator 
- for container vulnerability scanning
- Add Trivy Operator Helm chart (v0.31.0)
- Configure ServiceMonitor for Prometheus integration
- Enable vulnerability, config audit, and RBAC scanners
- Use Longhorn storage class for Trivy DB
- Exclude kube-system namespaces from scanning
 2026-01-04 23:41:39 +09:00