From 238c8e58112ccc467b9f862edc1232d32407b4f3 Mon Sep 17 00:00:00 2001 From: Carlos Panato Date: Sun, 21 Nov 2021 16:43:13 +0100 Subject: [PATCH] cosigned: remove privatekey and cosign password Signed-off-by: Carlos Panato --- charts/cosigned/Chart.yaml | 2 +- charts/cosigned/ci/ci-values.yaml | 2 -- charts/cosigned/templates/webhook/clusterrole_webhook.yaml | 4 ++-- charts/cosigned/templates/webhook/cosign_secret.yaml | 4 +--- charts/cosigned/templates/webhook/rolebinding_webhook.yaml | 2 +- charts/cosigned/templates/webhook/service_webhook.yaml | 2 +- charts/cosigned/values.yaml | 2 -- 7 files changed, 6 insertions(+), 12 deletions(-) diff --git a/charts/cosigned/Chart.yaml b/charts/cosigned/Chart.yaml index d1ffd74e..5ebbc9e4 100644 --- a/charts/cosigned/Chart.yaml +++ b/charts/cosigned/Chart.yaml @@ -8,7 +8,7 @@ sources: type: application name: cosigned -version: v0.1.4 +version: v0.1.5 appVersion: v1.3.1 maintainers: diff --git a/charts/cosigned/ci/ci-values.yaml b/charts/cosigned/ci/ci-values.yaml index 15c62bef..e941169e 100644 --- a/charts/cosigned/ci/ci-values.yaml +++ b/charts/cosigned/ci/ci-values.yaml @@ -1,4 +1,2 @@ cosign: - cosignKey: LS0tLS1CRUdJTiBFTkNSWVBURUQgQ09TSUdOIFBSSVZBVEUgS0VZLS0tLS0KZXlKclpHWWlPbnNpYm1GdFpTSTZJbk5qY25sd2RDSXNJbkJoY21GdGN5STZleUpPSWpvek1qYzJPQ3dpY2lJNgpPQ3dpY0NJNk1YMHNJbk5oYkhRaU9pSkRXbVJYVFdkdlZFdFFUVkZ1YmxkU01VVnVabU0xYmxWVFZFcHBNamMxClRHSklMMVpJVmtzclZqVlpQU0o5TENKamFYQm9aWElpT25zaWJtRnRaU0k2SW01aFkyd3ZjMlZqY21WMFltOTQKSWl3aWJtOXVZMlVpT2lKTFYwMDBWVWRvTURseGNpOWlhV00wYXpjMVRuY3pURFZPTm5WaldqazNlaUo5TENKagphWEJvWlhKMFpYaDBJam9pZG5kUFZsSTVNazE1VmtGUVlWRkthVVp6YW0xbkwwVklkMk5uUTBaTE5tUmlRelk1CmJFOVpWVWRRUkdoV1owWjFaM0UwWVV4UGVqZEZVREZzTUc1a2N6ZFFWVEZFTVcwNGNqVnNWV3h1TW1KcU5UWXgKSzNnd2NqbDBTbFJLYzJOdk1WRnNTVmhJVEhaQ2RYa3ZSa2hMVEc4M2FEWlhXVmxMY1NzemRtRnFjMEZTY25SWApjRTFFYlVaYWNsTjVOa2Q1T1dwUVRHTXpTMkY2YVRVNE5IRTJaVnBIZGk5WU5YaE1RMmxoWkhaR1pscDFhVTlNCk5qaHFhelJNTVRRNVVsSXhkV1ppV1Zab1EwcENZU3NyUm5jOVBTSjkKLS0tLS1FTkQgRU5DUllQVEVEIENPU0lHTiBQUklWQVRFIEtFWS0tLS0tCg== cosignPub: LS0tLS1CRUdJTiBQVUJMSUMgS0VZLS0tLS0KTUZrd0V3WUhLb1pJemowQ0FRWUlLb1pJemowREFRY0RRZ0FFZ3VQMEd0aEUrTGYxQzZyWlQ4ZzlDbUtWQk5ReApicnZTWTdGMG94ODFUVzlBcExrSjVIdmtTNzJVQ0ZkZjJaV2JNMXkxZEMyS0FIM1l0Q1lOM1JCdHp3PT0KLS0tLS1FTkQgUFVCTElDIEtFWS0tLS0tCg== - cosignPassword: aG9ua0AxMjM= diff --git a/charts/cosigned/templates/webhook/clusterrole_webhook.yaml b/charts/cosigned/templates/webhook/clusterrole_webhook.yaml index e55fc151..94ea48ec 100644 --- a/charts/cosigned/templates/webhook/clusterrole_webhook.yaml +++ b/charts/cosigned/templates/webhook/clusterrole_webhook.yaml @@ -25,11 +25,11 @@ rules: # The webhook configured the namespace as the OwnerRef on various cluster-scoped resources, # which requires we can Get the system namespace. resourceNames: [ "{{ .Release.Namespace }}" ] - + # This is needed by k8schain to support fetching pull secrets attached to pod specs # or their service accounts. If pull secrets aren't used, the "secrets" below can # be safely dropped, but the logic will fetch the service account to check for pull # secrets. - apiGroups: [""] resources: ["serviceaccounts", "secrets"] - verbs: ["get"] \ No newline at end of file + verbs: ["get"] diff --git a/charts/cosigned/templates/webhook/cosign_secret.yaml b/charts/cosigned/templates/webhook/cosign_secret.yaml index 28ae53d9..0a0fc302 100644 --- a/charts/cosigned/templates/webhook/cosign_secret.yaml +++ b/charts/cosigned/templates/webhook/cosign_secret.yaml @@ -8,7 +8,5 @@ metadata: namespace: {{ .Release.Namespace }} type: Opaque data: - cosign.key: {{ default "" .Values.cosign.cosignKey}} - cosign.password: {{ default "" .Values.cosign.cosignPassword}} cosign.pub: {{ .Values.cosign.cosignPub}} -{{- end -}} \ No newline at end of file +{{- end -}} diff --git a/charts/cosigned/templates/webhook/rolebinding_webhook.yaml b/charts/cosigned/templates/webhook/rolebinding_webhook.yaml index b02e621a..5865df6b 100644 --- a/charts/cosigned/templates/webhook/rolebinding_webhook.yaml +++ b/charts/cosigned/templates/webhook/rolebinding_webhook.yaml @@ -12,4 +12,4 @@ subjects: roleRef: kind: Role name: {{ template "cosigned.fullname" . }}-webhook - apiGroup: rbac.authorization.k8s.io \ No newline at end of file + apiGroup: rbac.authorization.k8s.io diff --git a/charts/cosigned/templates/webhook/service_webhook.yaml b/charts/cosigned/templates/webhook/service_webhook.yaml index 9a7dd543..85b13171 100644 --- a/charts/cosigned/templates/webhook/service_webhook.yaml +++ b/charts/cosigned/templates/webhook/service_webhook.yaml @@ -45,4 +45,4 @@ spec: targetPort: metrics selector: {{- include "cosigned.selectorLabels" . | nindent 4 }} - control-plane: {{ template "cosigned.fullname" . }}-webhook \ No newline at end of file + control-plane: {{ template "cosigned.fullname" . }}-webhook diff --git a/charts/cosigned/values.yaml b/charts/cosigned/values.yaml index 3f9650eb..dac4fd1e 100644 --- a/charts/cosigned/values.yaml +++ b/charts/cosigned/values.yaml @@ -2,9 +2,7 @@ cosign: secretKeyRef: name: # add the values in base64 encoded - cosignKey: cosignPub: - cosignPassword: webhook: name: webhook