Skip to content

Commit

Permalink
Merge pull request #42 from cpanato/cosigned-privatekey
Browse files Browse the repository at this point in the history
cosigned: remove privatekey and cosign password
  • Loading branch information
dlorenc authored Nov 21, 2021
2 parents 53fef27 + 238c8e5 commit d88a8c2
Show file tree
Hide file tree
Showing 7 changed files with 6 additions and 12 deletions.
2 changes: 1 addition & 1 deletion charts/cosigned/Chart.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -8,7 +8,7 @@ sources:
type: application

name: cosigned
version: v0.1.4
version: v0.1.5
appVersion: v1.3.1

maintainers:
Expand Down
2 changes: 0 additions & 2 deletions charts/cosigned/ci/ci-values.yaml
Original file line number Diff line number Diff line change
@@ -1,4 +1,2 @@
cosign:
cosignKey: LS0tLS1CRUdJTiBFTkNSWVBURUQgQ09TSUdOIFBSSVZBVEUgS0VZLS0tLS0KZXlKclpHWWlPbnNpYm1GdFpTSTZJbk5qY25sd2RDSXNJbkJoY21GdGN5STZleUpPSWpvek1qYzJPQ3dpY2lJNgpPQ3dpY0NJNk1YMHNJbk5oYkhRaU9pSkRXbVJYVFdkdlZFdFFUVkZ1YmxkU01VVnVabU0xYmxWVFZFcHBNamMxClRHSklMMVpJVmtzclZqVlpQU0o5TENKamFYQm9aWElpT25zaWJtRnRaU0k2SW01aFkyd3ZjMlZqY21WMFltOTQKSWl3aWJtOXVZMlVpT2lKTFYwMDBWVWRvTURseGNpOWlhV00wYXpjMVRuY3pURFZPTm5WaldqazNlaUo5TENKagphWEJvWlhKMFpYaDBJam9pZG5kUFZsSTVNazE1VmtGUVlWRkthVVp6YW0xbkwwVklkMk5uUTBaTE5tUmlRelk1CmJFOVpWVWRRUkdoV1owWjFaM0UwWVV4UGVqZEZVREZzTUc1a2N6ZFFWVEZFTVcwNGNqVnNWV3h1TW1KcU5UWXgKSzNnd2NqbDBTbFJLYzJOdk1WRnNTVmhJVEhaQ2RYa3ZSa2hMVEc4M2FEWlhXVmxMY1NzemRtRnFjMEZTY25SWApjRTFFYlVaYWNsTjVOa2Q1T1dwUVRHTXpTMkY2YVRVNE5IRTJaVnBIZGk5WU5YaE1RMmxoWkhaR1pscDFhVTlNCk5qaHFhelJNTVRRNVVsSXhkV1ppV1Zab1EwcENZU3NyUm5jOVBTSjkKLS0tLS1FTkQgRU5DUllQVEVEIENPU0lHTiBQUklWQVRFIEtFWS0tLS0tCg==
cosignPub: LS0tLS1CRUdJTiBQVUJMSUMgS0VZLS0tLS0KTUZrd0V3WUhLb1pJemowQ0FRWUlLb1pJemowREFRY0RRZ0FFZ3VQMEd0aEUrTGYxQzZyWlQ4ZzlDbUtWQk5ReApicnZTWTdGMG94ODFUVzlBcExrSjVIdmtTNzJVQ0ZkZjJaV2JNMXkxZEMyS0FIM1l0Q1lOM1JCdHp3PT0KLS0tLS1FTkQgUFVCTElDIEtFWS0tLS0tCg==
cosignPassword: aG9ua0AxMjM=
4 changes: 2 additions & 2 deletions charts/cosigned/templates/webhook/clusterrole_webhook.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -25,11 +25,11 @@ rules:
# The webhook configured the namespace as the OwnerRef on various cluster-scoped resources,
# which requires we can Get the system namespace.
resourceNames: [ "{{ .Release.Namespace }}" ]

# This is needed by k8schain to support fetching pull secrets attached to pod specs
# or their service accounts. If pull secrets aren't used, the "secrets" below can
# be safely dropped, but the logic will fetch the service account to check for pull
# secrets.
- apiGroups: [""]
resources: ["serviceaccounts", "secrets"]
verbs: ["get"]
verbs: ["get"]
4 changes: 1 addition & 3 deletions charts/cosigned/templates/webhook/cosign_secret.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -8,7 +8,5 @@ metadata:
namespace: {{ .Release.Namespace }}
type: Opaque
data:
cosign.key: {{ default "" .Values.cosign.cosignKey}}
cosign.password: {{ default "" .Values.cosign.cosignPassword}}
cosign.pub: {{ .Values.cosign.cosignPub}}
{{- end -}}
{{- end -}}
2 changes: 1 addition & 1 deletion charts/cosigned/templates/webhook/rolebinding_webhook.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -12,4 +12,4 @@ subjects:
roleRef:
kind: Role
name: {{ template "cosigned.fullname" . }}-webhook
apiGroup: rbac.authorization.k8s.io
apiGroup: rbac.authorization.k8s.io
2 changes: 1 addition & 1 deletion charts/cosigned/templates/webhook/service_webhook.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -45,4 +45,4 @@ spec:
targetPort: metrics
selector:
{{- include "cosigned.selectorLabels" . | nindent 4 }}
control-plane: {{ template "cosigned.fullname" . }}-webhook
control-plane: {{ template "cosigned.fullname" . }}-webhook
2 changes: 0 additions & 2 deletions charts/cosigned/values.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -2,9 +2,7 @@ cosign:
secretKeyRef:
name:
# add the values in base64 encoded
cosignKey:
cosignPub:
cosignPassword:

webhook:
name: webhook
Expand Down

0 comments on commit d88a8c2

Please sign in to comment.