Skip to content

Commit

Permalink
chore(helm): remove envSecret value (#795)
Browse files Browse the repository at this point in the history
Signed-off-by: Daniel Pacak <pacak.daniel@gmail.com>
  • Loading branch information
danielpacak authored Nov 5, 2021
1 parent 9890603 commit 564ac13
Show file tree
Hide file tree
Showing 3 changed files with 4 additions and 48 deletions.
14 changes: 2 additions & 12 deletions deploy/helm/templates/deployment.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -12,7 +12,6 @@ spec:
template:
metadata:
annotations:
checksum/secret: {{ .Values.envSecret.stringData | toYaml | sha256sum }}
{{- with .Values.podAnnotations }}
{{- . | toYaml | nindent 8 }}
{{- end }}
Expand Down Expand Up @@ -41,6 +40,8 @@ spec:
value: ":8080"
- name: OPERATOR_HEALTH_PROBE_BIND_ADDRESS
value: ":9090"
- name: OPERATOR_LOG_DEV_MODE
value: {{ .Values.operator.logDevMode | quote }}
- name: OPERATOR_CIS_KUBERNETES_BENCHMARK_ENABLED
value: {{ .Values.operator.kubernetesBenchmarkEnabled | quote }}
- name: OPERATOR_VULNERABILITY_SCANNER_ENABLED
Expand All @@ -51,17 +52,6 @@ spec:
value: {{ .Values.operator.batchDeleteLimit | quote }}
- name: OPERATOR_BATCH_DELETE_DELAY
value: {{ .Values.operator.batchDeleteDelay | quote }}
{{- /* Import configuration from passed Helm values */}}
{{- range $key, $value := .Values.envSecret.stringData }}
{{- if $value }}
- name: {{ $key | quote }}
valueFrom:
secretKeyRef:
name: {{ $.Values.envSecret.name | default (include "starboard-operator.fullname" $) | quote }}
key: {{ $key | quote }}
optional: true
{{- end }}
{{- end }}
ports:
# metrics port is exposed by the k8s Service and by default also
# have annotations which will help prometheus as a target for
Expand Down
12 changes: 0 additions & 12 deletions deploy/helm/templates/secret.yaml

This file was deleted.

26 changes: 2 additions & 24 deletions deploy/helm/values.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -15,6 +15,8 @@ operator:
# leaderElectionId determines the name of the resource that leader election
# will use for holding the leader lock.
leaderElectionId: "starboard-operator"
# logDevMode the flag to enable development mode (more human-readable output, extra stack traces and logging information, etc)
logDevMode: false
# vulnerabilityScannerEnabled the flag to enable vulnerability scanner
vulnerabilityScannerEnabled: true
# configAuditScannerEnabled the flag to enable configuration audit scanner
Expand Down Expand Up @@ -42,30 +44,6 @@ service:
prometheus.io/scrape: "true"
prometheus.io/path: /metrics

# envSecret represent a k8s Secret resource that will be referenced to mount
# environment variables.
envSecret:
# create specifies whether a k8s Secret should be created with a given
# stringData. If this is set to false, only the keys defined in stringData
# will be optionally mounted from the named secret, rather than all keys in
# the named k8s Secret.
create: true
# name specifies the name of the k8s Secret to reference. If not set, a name
# is generated using the fullname template. name is currently required to be
# hardcoded to starboard-operator as the starboard-operator binary makes a
# hardcoded reference to that name:
# https://github.com/aquasecurity/starboard/blob/ad6b9b99931d7524806f79b1329fdda82c75a715/pkg/operator/scanner.go#L26-L28
name: "starboard-operator"
# stringData specifies key value pairs to be added to the k8s Secret and
# mounted by the Pod as environment variables.
#
# NOTE: OPERATOR_NAMESPACE will be set based on where this Helm chart was
# installed, and you are required to specify targetNamespace instead of
# OPERATOR_TARGET_NAMESPACE below for this Helm chart to function
# properly.
stringData:
OPERATOR_LOG_DEV_MODE: "false"

starboard:
# vulnerabilityReportsPlugin the name of the plugin that generates vulnerability reports. Either `Trivy` or `Aqua`.
vulnerabilityReportsPlugin: "Trivy"
Expand Down

0 comments on commit 564ac13

Please sign in to comment.