Update folder location

master/kubeclarity/Chart.yaml

@@ -0,0 +1,11 @@
+apiVersion: v2
+name: kubeclarity
+description: A Helm chart for Kubernetes
+type: application
+version: 0.0.1
+appVersion: 0.0.1
+
+dependencies:
+- name: kubeclarity
+  repository: https://openclarity.github.io/kubeclarity
+  version: 2.23.3

master/kubeclarity/templates/ingress.yaml

@@ -0,0 +1,47 @@
+apiVersion: traefik.containo.us/v1alpha1
+kind: IngressRoute
+metadata:
+  name: kubeclarity-ingress
+spec:
+  entryPoints:
+    - websecure
+  routes:
+  - match: Host(`kubeclarity.durp.info`) && PathPrefix(`/`)
+    middlewares:
+    - name: whitelist
+      namespace: traefik
+    - name: authentik-proxy-provider
+      namespace: traefik  
+    kind: Rule
+    services:
+    - name: kubeclarity-kubeclarity
+      port: 8080
+  tls:
+    secretName: kubeclarity-tls
+
+---
+
+apiVersion: cert-manager.io/v1
+kind: Certificate
+metadata:
+  name: kubeclarity-tls
+spec:
+  secretName: kubeclarity-tls
+  issuerRef:
+    name: letsencrypt-production
+    kind: ClusterIssuer
+  commonName: "kubeclarity.durp.info"
+  dnsNames:
+  - "kubeclarity.durp.info"  
+
+---
+
+kind: Service
+apiVersion: v1
+metadata:
+  name: kubeclarity-external-dns
+  annotations:
+    external-dns.alpha.kubernetes.io/hostname: kubeclarity.durp.info
+spec:
+  type: ExternalName
+  externalName: durp.info

master/kubeclarity/values.yaml

@@ -0,0 +1,235 @@
+kubeclarity:
+  global:
+    databasePassword: kubeclarity
+    docker:
+      registry: "registry.internal.durp.info/openclarity"
+      tag: "latest"
+      imagePullPolicy: Always
+
+  curl:
+    image:
+      registry: "registry.internal.durp.info"
+      repository: curlimages/curl
+      tag: 7.87.0
+
+  kubeclarity:
+    docker:
+      imageName: ""
+
+    logLevel: warning
+
+    enableDBInfoLog: false
+
+    prometheus:
+      enabled: false
+
+    podAnnotations: {}
+
+    service:
+      type: ClusterIP
+      port: 8080
+      annotations: {}
+
+    ingress:
+      enabled: false
+
+    resources:
+      requests:
+        memory: "200Mi"
+        cpu: "100m"
+      limits:
+        memory: "1000Mi"
+        cpu: "1000m"
+
+    initContainers:
+      resources:
+        requests:
+          memory: "100Mi"
+          cpu: "100m"
+        limits:
+          memory: "200Mi"
+          cpu: "200m"
+
+  kubeclarity-runtime-scan:
+    httpsProxy: ""
+    httpProxy: ""
+    resultServicePort: 8888
+
+    labels:
+      app: kubeclarity-scanner
+      sidecar.istio.io/inject: "false"
+
+    namespace: ""
+
+    registry:
+      skipVerifyTlS: "false"
+      useHTTP: "false"
+
+    cis-docker-benchmark-scanner:
+      resources:
+        requests:
+          memory: "50Mi"
+          cpu: "50m"
+        limits:
+          memory: "1000Mi"
+          cpu: "1000m"
+
+    vulnerability-scanner:
+      resources:
+        requests:
+          memory: "50Mi"
+          cpu: "50m"
+        limits:
+          memory: "1000Mi"
+          cpu: "1000m"
+
+      analyzer:
+        analyzerList: "syft gomod trivy"
+        analyzerScope: "squashed"
+
+        trivy:
+          enabled: true
+          timeout: "300"
+
+      scanner:
+        scannerList: "grype trivy"
+
+        grype:
+          enabled: true
+          mode: "REMOTE"
+
+          remote-grype:
+            timeout: "2m"
+
+        dependency-track:
+          enabled: false
+          insecureSkipVerify: "true"
+          disableTls: "true"
+          apiserverAddress: "dependency-track-apiserver.dependency-track"
+          apiKey: ""
+
+        trivy:
+          enabled: true
+          timeout: "300"
+
+  kubeclarity-grype-server:
+    enabled: true
+
+    docker:
+      imageRepo: "registry.internal.durp.info/openclarity"
+      imageTag: "v0.6.0"
+      imagePullPolicy: Always
+
+    logLevel: warning
+
+    servicePort: 9991
+
+    resources:
+      requests:
+        cpu: "200m"
+        memory: "200Mi"
+      limits:
+        cpu: "1000m"
+        memory: "1G"
+
+  kubeclarity-trivy-server:
+    enabled: true
+
+    ## Docker Image values.
+    image:
+      registry: registry.internal.durp.info
+      repository: aquasec/trivy
+      tag: 0.44.1
+      pullPolicy: Always
+
+    persistence:
+      enabled: false
+
+    podSecurityContext:
+      runAsUser: 1001
+      runAsNonRoot: true
+      fsGroup: 1001
+
+    securityContext:
+      privileged: false
+      readOnlyRootFilesystem: true
+
+    trivy:
+      debugMode: false
+
+    service:
+      port: 9992
+
+    resources:
+      requests:
+        cpu: "200m"
+        memory: "200Mi"
+      limits:
+        cpu: "1000m"
+        memory: "1G"
+
+
+  kubeclarity-sbom-db:
+    docker:
+      imageName: ""
+    logLevel: warning
+
+    servicePort: 8080
+
+    resources:
+      requests:
+        memory: "20Mi"
+        cpu: "10m"
+      limits:
+        memory: "1Gi"
+        cpu: "200m"
+
+  kubeclarity-postgresql:
+    enabled: true
+
+    image:
+      registry: registry.internal.durp.info
+      repository: bitnami/postgresql
+      tag: 14.6.0-debian-11-r31
+
+    auth:
+      existingSecret: kubeclarity-postgresql-secret
+      username: postgres
+      database: kubeclarity
+      sslMode: disable
+
+    service:
+      ports:
+        postgresql: 5432
+
+    serviceAccount:
+      enabled: true
+    securityContext:
+      enabled: true
+      fsGroup: 1001
+    containerSecurityContext:
+      enabled: true
+      runAsUser: 1001
+      runAsNonRoot: true
+    volumePermissions:
+      enabled: false
+      securityContext:
+        runAsUser: 1001
+    shmVolume:
+      chmod:
+        enabled: true
+
+    resources:
+      requests:
+        memory: "256Mi"
+        cpu: "250m"
+      limits:
+        memory: "1000Mi"
+        cpu: "1000m"
+
+  kubeclarity-postgresql-external:
+    enabled: false
+
+  kubeclarity-postgresql-secret:
+    create: true
+    secretKey: "postgres-password"