eblume/blumeops
1
1
Fork 0
Code Issues Pull requests Projects Releases 83 Packages Wiki Activity Actions
blumeops/docs/reference/services
History
Erich Blume d021b3534f
All checks were successful
Build Container / detect (push) Successful in 4s
Details
Build Container / build-dockerfile (prowler) (push) Successful in 10s
Details
Deploy Prowler CIS scanner (#310) 
## Summary
- Deploy Prowler 5 as a weekly CronJob on minikube-indri for CIS Kubernetes Benchmark v1.11 scanning
- Custom slim container build (strips PowerShell, Trivy, and non-K8s providers from upstream)
- Reports (HTML, CSV, JSON-OCSF) written to NFS share on sifaka at `/volume1/reports/prowler/`
- Read-only ClusterRole for pod, RBAC, and control plane inspection
- Host path mounts + hostPID for kubelet file permission checks

## Follow-ups
- Mirror prowler-cloud/prowler on forge for supply chain control
- Build and push container image, update kustomization.yaml newTag
- Consider adding k3s-ringtail scanning (core + RBAC checks only)

## Test plan
- [ ] Build container: `mise run container-release prowler v5.22.0`
- [ ] Update `argocd/manifests/prowler/kustomization.yaml` newTag to built image tag
- [ ] Sync ArgoCD: `argocd app sync apps && argocd app set prowler --revision deploy-prowler && argocd app sync prowler`
- [ ] Trigger manual job: `kubectl create job --from=cronjob/prowler prowler-manual -n prowler --context=minikube-indri`
- [ ] Verify reports appear on sifaka NFS share
- [ ] `mise run services-check`

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Reviewed-on: #310
2026-03-24 16:08:09 -07:00
..
1password.md Add how-to card for running 1Password backup 2026-03-11 18:17:45 -07:00
alloy.md Bump Grafana Alloy to v1.14.0 (#292) 2026-03-13 16:25:27 -07:00
argocd.md Fix stale docs and shell quoting in devpi start script 2026-03-15 19:25:27 -07:00
authentik.md Fix stale docs and shell quoting in devpi start script 2026-03-15 19:25:27 -07:00
automounter.md Review jellyfin and automounter services 2026-03-17 13:06:23 -07:00
borgmatic.md Deploy Mealie recipe manager (#299) 2026-03-16 21:59:10 -07:00
caddy.md Restructure docs: consolidate, recategorize, and extract 2026-03-15 19:55:59 -07:00
cv.md Add CV service reference card and docs updates (#171) 2026-02-12 11:45:32 -08:00
devpi.md Review 12 reference docs: fix stale image refs, expand stubs, add cross-refs 2026-03-23 09:51:57 -07:00
docs.md Review 12 reference docs: fix stale image refs, expand stubs, add cross-refs 2026-03-23 09:51:57 -07:00
flyio-proxy.md Add spider-trap guards to docs.eblu.me Quartz nginx config 2026-03-06 09:43:41 -08:00
forgejo.md Fix spider trap: disable SPA mode, remove index files, relax wiki-links (#290) 2026-03-09 11:59:43 -07:00
frigate.md Remove unused Mosquitto MQTT broker from ringtail 2026-03-11 18:37:31 -07:00
grafana.md Restructure docs: consolidate, recategorize, and extract 2026-03-15 19:55:59 -07:00
immich.md Review 12 reference docs: fix stale image refs, expand stubs, add cross-refs 2026-03-23 09:51:57 -07:00
jellyfin.md Review 12 reference docs: fix stale image refs, expand stubs, add cross-refs 2026-03-23 09:51:57 -07:00
kiwix.md Bump kiwix-serve from 3.8.1 to 3.8.2 2026-03-05 08:12:32 -08:00
loki.md Review 12 reference docs: fix stale image refs, expand stubs, add cross-refs 2026-03-23 09:51:57 -07:00
mealie.md Add plan-a-meal how-to for Mealie cooking timelines 2026-03-17 11:07:16 -07:00
miniflux.md Review 12 reference docs: fix stale image refs, expand stubs, add cross-refs 2026-03-23 09:51:57 -07:00
navidrome.md No navidrome authentikation 2026-02-21 20:33:48 -08:00
ntfy.md Remove unused Mosquitto MQTT broker from ringtail 2026-03-11 18:37:31 -07:00
ollama.md Add Ollama reference card and update indexes 2026-03-04 19:43:14 -08:00
postgresql.md Doc review: connect-to-postgres, create-release-artifact-workflow, deploy-k8s-service (#191) 2026-02-15 07:42:01 -08:00
prometheus.md Review 12 reference docs: fix stale image refs, expand stubs, add cross-refs 2026-03-23 09:51:57 -07:00
prowler.md Deploy Prowler CIS scanner (#310) 2026-03-24 16:08:09 -07:00
tempo.md Remove unused Mosquitto MQTT broker from ringtail 2026-03-11 18:37:31 -07:00
teslamate.md Review 12 reference docs: fix stale image refs, expand stubs, add cross-refs 2026-03-23 09:51:57 -07:00
transmission.md Upgrade Transmission to 4.1.1 (#282) 2026-03-04 07:44:33 -08:00
zot.md Bump zot registry to v2.1.15 (#293) 2026-03-14 10:00:40 -07:00