diff --git a/docs/src/components/starboard.md b/docs/src/components/starboard.md deleted file mode 120000 index 2230c00d25c1355f9adda487920752e5ea68f442..0000000000000000000000000000000000000000 --- a/docs/src/components/starboard.md +++ /dev/null @@ -1 +0,0 @@ -../../../infrastructure/starboard/README.md \ No newline at end of file diff --git a/infrastructure/kustomization.yaml b/infrastructure/kustomization.yaml index 4b9b4c54fd8e0bd37b1f3fed5950a2f21cd172d0..8cd1c6def59428563ec7f93898b75e5a04873f81 100644 --- a/infrastructure/kustomization.yaml +++ b/infrastructure/kustomization.yaml @@ -16,4 +16,3 @@ resources: - k8up - postgres - kubenav - - starboard diff --git a/infrastructure/starboard/README.md b/infrastructure/starboard/README.md deleted file mode 100644 index a634845759c957adae0bf8962a6b78a0e62a74a4..0000000000000000000000000000000000000000 --- a/infrastructure/starboard/README.md +++ /dev/null @@ -1,18 +0,0 @@ -Starboard -=== - -Operator to create and manage automated container image scans for all containers deployed in the cluster, this helps to provide visibility for potential security issues and makes it easy to identify containers and deployments affected by CVEs. - -This particular installation utilises a trivy-server setup, that reduces the times to download the vulnerability database, making it API limit friendlier. - -Links ---- - -- [Starboard Docs](https://aquasecurity.github.io/starboard/v0.15.4/) -- [Starboard Helm Chart](https://github.com/aquasecurity/starboard/tree/main/deploy/helm) -- [Starboard Source Code](https://github.com/aquasecurity/starboard/) -- [Starboard Help Forum](https://github.com/aquasecurity/starboard//discussions) -- [Trivy Docs](https://aquasecurity.github.io/trivy/v0.25.4/) -- [Trivy Helm Chart](https://github.com/aquasecurity/trivy/tree/main/helm/trivy) -- [Trivy Source Code](https://github.com/aquasecurity/trivy/) -- [Trivy Help Forum](https://github.com/aquasecurity/trivy/discussions) diff --git a/infrastructure/starboard/kustomization.yaml b/infrastructure/starboard/kustomization.yaml deleted file mode 100644 index cbeaece97127d0040772350a5d23315c55f03f9b..0000000000000000000000000000000000000000 --- a/infrastructure/starboard/kustomization.yaml +++ /dev/null @@ -1,12 +0,0 @@ -apiVersion: kustomize.config.k8s.io/v1beta1 -kind: Kustomization -namespace: starboard-system -resources: - - namespace.yaml - - repository.yaml - - release.yaml - - monitoring.yaml - - ../../shared/networkpolicies/allow-from-same-namespace.yaml - - ../../shared/networkpolicies/allow-from-monitoring.yaml -patchesStrategicMerge: - - networkpolicy.yaml diff --git a/infrastructure/starboard/monitoring.yaml b/infrastructure/starboard/monitoring.yaml deleted file mode 100644 index 9f036d0e682ed3a54d6b0c0212ce19bee7e5de2f..0000000000000000000000000000000000000000 --- a/infrastructure/starboard/monitoring.yaml +++ /dev/null @@ -1,28 +0,0 @@ -apiVersion: source.toolkit.fluxcd.io/v1beta1 -kind: HelmRepository -metadata: - name: giantswarm - namespace: starboard-system -spec: - interval: 30m - url: https://giantswarm.github.io/giantswarm-catalog ---- -apiVersion: helm.toolkit.fluxcd.io/v2beta1 -kind: HelmRelease -metadata: - name: starboard-exporter - namespace: starboard-system -spec: - releaseName: starboard-exporter - chart: - spec: - chart: starboard-exporter - sourceRef: - kind: HelmRepository - name: giantswarm - namespace: starboard-system - version: 0.7.1 - interval: 5m - values: - networkpolicy: - enabled: false diff --git a/infrastructure/starboard/namespace.yaml b/infrastructure/starboard/namespace.yaml deleted file mode 100644 index 3523645abb4155aa147b648f7d08d5a408c4516d..0000000000000000000000000000000000000000 --- a/infrastructure/starboard/namespace.yaml +++ /dev/null @@ -1,12 +0,0 @@ -apiVersion: v1 -kind: Namespace -metadata: - name: starboard-system - labels: - pod-security.kubernetes.io/audit: restricted - pod-security.kubernetes.io/enforce: baseline - pod-security.kubernetes.io/warn: restricted - pod-security.kubernetes.io/audit-version: v1.23 - pod-security.kubernetes.io/enforce-version: v1.23 - pod-security.kubernetes.io/warn-version: v1.23 - kyverno.shivering-isles.com/class: "system" diff --git a/infrastructure/starboard/networkpolicy.yaml b/infrastructure/starboard/networkpolicy.yaml deleted file mode 100644 index ccec8a45b69bca6abd13b5ac5f04591db26ac85b..0000000000000000000000000000000000000000 --- a/infrastructure/starboard/networkpolicy.yaml +++ /dev/null @@ -1,12 +0,0 @@ ---- -apiVersion: networking.k8s.io/v1 -kind: NetworkPolicy -metadata: - name: allow-from-monitoring -spec: - podSelector: - matchExpressions: - - key: app.kubernetes.io/name - operator: In - values: - - starboard-exporter diff --git a/infrastructure/starboard/release.yaml b/infrastructure/starboard/release.yaml deleted file mode 100644 index a068e51c5e474e52bed4720e591ca9bffa77c192..0000000000000000000000000000000000000000 --- a/infrastructure/starboard/release.yaml +++ /dev/null @@ -1,61 +0,0 @@ -apiVersion: helm.toolkit.fluxcd.io/v2beta1 -kind: HelmRelease -metadata: - name: starboard-operator - namespace: starboard-system -spec: - releaseName: starboard-operator - chart: - spec: - chart: starboard-operator - sourceRef: - kind: HelmRepository - name: aqua - namespace: starboard-system - version: 0.10.10 - interval: 5m - install: - crds: CreateReplace - upgrade: - crds: CreateReplace - valuesFrom: - - kind: ConfigMap - name: starboard-base-values - valuesKey: values.yaml - - kind: Secret - name: starboard-override-values - valuesKey: values-overrides.yaml - optional: true ---- -apiVersion: v1 -kind: ConfigMap -metadata: - name: starboard-base-values - namespace: starboard-system -data: - values.yaml: | - operator: - vulnerabilityScannerScanOnlyCurrentRevisions: true - clusterComplianceEnabled: false - kubernetesBenchmarkEnabled: false - trivy: - mode: ClientServer - ignoreUnfixed: false - serverURL: "http://trivy:4954" ---- -apiVersion: helm.toolkit.fluxcd.io/v2beta1 -kind: HelmRelease -metadata: - name: trivy - namespace: starboard-system -spec: - releaseName: trivy - chart: - spec: - chart: trivy - sourceRef: - kind: HelmRepository - name: aqua - namespace: starboard-system - version: 0.5.0 - interval: 5m diff --git a/infrastructure/starboard/repository.yaml b/infrastructure/starboard/repository.yaml deleted file mode 100644 index 7ab68f8d66827a751ff0f93916817ab5b2733608..0000000000000000000000000000000000000000 --- a/infrastructure/starboard/repository.yaml +++ /dev/null @@ -1,8 +0,0 @@ -apiVersion: source.toolkit.fluxcd.io/v1beta1 -kind: HelmRepository -metadata: - name: aqua - namespace: starboard-system -spec: - interval: 30m - url: https://aquasecurity.github.io/helm-charts/