eblume/blumeops
1
1
Fork 0
Code Issues Pull requests Projects Releases 83 Packages Wiki Activity Actions
blumeops/argocd/apps
History
Erich Blume 35705faca2 Add Kingfisher secret scanner CronJob (#317) 
## Summary

- Deploys MongoDB Kingfisher as a weekly CronJob on minikube-indri
- Scans all Forgejo repos (eblume + all orgs) for leaked secrets with live validation
- Produces timestamped HTML and JSON reports on sifaka NFS (`/volume1/reports/kingfisher/`)
- Forgejo API token sourced from 1Password via ExternalSecret
- Uses official `ghcr.io/mongodb/kingfisher:1.91.0` container image
- Runs Sunday 4am (after Prowler's 3am k8s scan)

## Resources

- CronJob, PV/PVC (sifaka NFS), ExternalSecret
- ArgoCD Application with manual sync + CreateNamespace

## Test plan

- [x] Sync ArgoCD `apps` app to pick up new kingfisher Application
- [x] Set `--revision feature/kingfisher-cronjob` on kingfisher app
- [x] Verify ExternalSecret creates the `kingfisher-forgejo-token` Secret
- [x] Trigger manual job: `kubectl create job --from=cronjob/kingfisher kingfisher-manual -n kingfisher --context=minikube-indri`
- [ ] Verify reports appear on sifaka at `/volume1/reports/kingfisher/`
- [ ] After merge: set `--revision main` and re-sync

Reviewed-on: #317
2026-03-28 21:39:55 -07:00
..
1password-connect-ringtail.yaml
1password-connect.yaml
alloy-k8s.yaml
alloy-ringtail.yaml
alloy-tracing-ringtail.yaml
apps.yaml
argocd.yaml
authentik.yaml
blumeops-pg.yaml
cloudnative-pg.yaml
cv.yaml
devpi.yaml
docs.yaml
external-secrets-crds-ringtail.yaml Upgrade External Secrets Operator v2.2.0 + migrate Helm to kustomize (#312) 2026-03-25 15:56:41 -07:00
external-secrets-crds.yaml Upgrade External Secrets Operator v2.2.0 + migrate Helm to kustomize (#312) 2026-03-25 15:56:41 -07:00
external-secrets-ringtail.yaml Upgrade External Secrets Operator v2.2.0 + migrate Helm to kustomize (#312) 2026-03-25 15:56:41 -07:00
external-secrets.yaml Upgrade External Secrets Operator v2.2.0 + migrate Helm to kustomize (#312) 2026-03-25 15:56:41 -07:00
forgejo-runner.yaml
frigate.yaml
grafana-config.yaml
grafana.yaml
homepage.yaml
immich-storage.yaml
immich.yaml
kingfisher.yaml Add Kingfisher secret scanner CronJob (#317) 2026-03-28 21:39:55 -07:00
kiwix.yaml
kube-state-metrics-ringtail.yaml
kube-state-metrics.yaml
loki.yaml
mealie.yaml Deploy Mealie recipe manager (#299) 2026-03-16 21:59:10 -07:00
miniflux.yaml
navidrome.yaml
ntfy.yaml
nvidia-device-plugin.yaml
ollama.yaml
prometheus.yaml
prowler.yaml Deploy Prowler CIS scanner (#310) 2026-03-24 16:08:09 -07:00
tailscale-operator-ringtail.yaml Fix ArgoCD apps app permanent OutOfSync 2026-03-22 20:42:37 -07:00
tailscale-operator.yaml Fix ArgoCD apps app permanent OutOfSync 2026-03-22 20:42:37 -07:00
tempo.yaml
teslamate.yaml
torrent.yaml
unpoller.yaml Add UnPoller for UniFi network metrics (#298) 2026-03-16 15:52:45 -07:00