drop(starboard): Remove starboard setup from cluster

0f59ecfb · Sheogorath · d4b7a401 · d4b7a401 · 0f59ecfb · d4b7a401
Verified Commit 0f59ecfb authored 2 years ago by Sheogorath
--- a/docs/src/components/starboard.md
+++ b/docs/src/components/starboard.md
-../../../infrastructure/starboard/README.md
\ No newline at end of file
--- a/infrastructure/kustomization.yaml
+++ b/infrastructure/kustomization.yaml
@@ -16,4 +16,3 @@ resources:
  - k8up
  - postgres
  - kubenav
-  - starboard
--- a/infrastructure/starboard/README.md
+++ b/infrastructure/starboard/README.md
-Starboard
-===
-
-Operator to create and manage automated container image scans for all containers deployed in the cluster, this helps to provide visibility for potential security issues and makes it easy to identify containers and deployments affected by CVEs.
-
-This particular installation utilises a trivy-server setup, that reduces the times to download the vulnerability database, making it API limit friendlier.
-
-Links
---
-
- [Starboard Docs](https://aquasecurity.github.io/starboard/v0.15.4/)
- [Starboard Helm Chart](https://github.com/aquasecurity/starboard/tree/main/deploy/helm)
- [Starboard Source Code](https://github.com/aquasecurity/starboard/)
- [Starboard Help Forum](https://github.com/aquasecurity/starboard//discussions)
- [Trivy Docs](https://aquasecurity.github.io/trivy/v0.25.4/)
- [Trivy Helm Chart](https://github.com/aquasecurity/trivy/tree/main/helm/trivy)
- [Trivy Source Code](https://github.com/aquasecurity/trivy/)
- [Trivy Help Forum](https://github.com/aquasecurity/trivy/discussions)
--- a/infrastructure/starboard/kustomization.yaml
+++ b/infrastructure/starboard/kustomization.yaml
-apiVersion: kustomize.config.k8s.io/v1beta1
-kind: Kustomization
-namespace: starboard-system
-resources:
-  - namespace.yaml
-  - repository.yaml
-  - release.yaml
-  - monitoring.yaml
-  - ../../shared/networkpolicies/allow-from-same-namespace.yaml
-  - ../../shared/networkpolicies/allow-from-monitoring.yaml
-patchesStrategicMerge:
-  - networkpolicy.yaml
--- a/infrastructure/starboard/monitoring.yaml
+++ b/infrastructure/starboard/monitoring.yaml
-apiVersion: source.toolkit.fluxcd.io/v1beta1
-kind: HelmRepository
-metadata:
-  name: giantswarm
-  namespace: starboard-system
-spec:
-  interval: 30m
-  url: https://giantswarm.github.io/giantswarm-catalog
---
-apiVersion: helm.toolkit.fluxcd.io/v2beta1
-kind: HelmRelease
-metadata:
-  name: starboard-exporter
-  namespace: starboard-system
-spec:
-  releaseName: starboard-exporter
-  chart:
-    spec:
-      chart: starboard-exporter
-      sourceRef:
-        kind: HelmRepository
-        name: giantswarm
-        namespace: starboard-system
-      version: 0.7.1
-  interval: 5m
-  values:
-    networkpolicy:
-      enabled: false
--- a/infrastructure/starboard/namespace.yaml
+++ b/infrastructure/starboard/namespace.yaml
-apiVersion: v1
-kind: Namespace
-metadata:
-  name: starboard-system
-  labels:
-    pod-security.kubernetes.io/audit: restricted
-    pod-security.kubernetes.io/enforce: baseline
-    pod-security.kubernetes.io/warn: restricted
-    pod-security.kubernetes.io/audit-version: v1.23
-    pod-security.kubernetes.io/enforce-version: v1.23
-    pod-security.kubernetes.io/warn-version: v1.23
-    kyverno.shivering-isles.com/class: "system"
--- a/infrastructure/starboard/networkpolicy.yaml
+++ b/infrastructure/starboard/networkpolicy.yaml
---
-apiVersion: networking.k8s.io/v1
-kind: NetworkPolicy
-metadata:
-  name: allow-from-monitoring
-spec:
-  podSelector:
-    matchExpressions:
-      - key: app.kubernetes.io/name
-        operator: In
-        values:
-          - starboard-exporter
--- a/infrastructure/starboard/release.yaml
+++ b/infrastructure/starboard/release.yaml
-apiVersion: helm.toolkit.fluxcd.io/v2beta1
-kind: HelmRelease
-metadata:
-  name: starboard-operator
-  namespace: starboard-system
-spec:
-  releaseName: starboard-operator
-  chart:
-    spec:
-      chart: starboard-operator
-      sourceRef:
-        kind: HelmRepository
-        name: aqua
-        namespace: starboard-system
-      version: 0.10.10
-  interval: 5m
-  install:
-    crds: CreateReplace
-  upgrade:
-    crds: CreateReplace
-  valuesFrom:
-    - kind: ConfigMap
-      name: starboard-base-values
-      valuesKey: values.yaml
-    - kind: Secret
-      name: starboard-override-values
-      valuesKey: values-overrides.yaml
-      optional: true
---
-apiVersion: v1
-kind: ConfigMap
-metadata:
-  name: starboard-base-values
-  namespace: starboard-system
-data:
-  values.yaml: |
-    operator:
-      vulnerabilityScannerScanOnlyCurrentRevisions: true
-      clusterComplianceEnabled: false
-      kubernetesBenchmarkEnabled: false
-    trivy:
-      mode: ClientServer
-      ignoreUnfixed: false
-      serverURL: "http://trivy:4954"
---
-apiVersion: helm.toolkit.fluxcd.io/v2beta1
-kind: HelmRelease
-metadata:
-  name: trivy
-  namespace: starboard-system
-spec:
-  releaseName: trivy
-  chart:
-    spec:
-      chart: trivy
-      sourceRef:
-        kind: HelmRepository
-        name: aqua
-        namespace: starboard-system
-      version: 0.5.0
-  interval: 5m
--- a/infrastructure/starboard/repository.yaml
+++ b/infrastructure/starboard/repository.yaml
-apiVersion: source.toolkit.fluxcd.io/v1beta1
-kind: HelmRepository
-metadata:
-  name: aqua
-  namespace: starboard-system
-spec:
-  interval: 30m
-  url: https://aquasecurity.github.io/helm-charts/