Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[bitnami/harbor] Enable zero-secret output #25453

Merged
merged 2 commits into from
May 29, 2024
Merged

[bitnami/harbor] Enable zero-secret output #25453

merged 2 commits into from
May 29, 2024

Conversation

meln5674
Copy link
Contributor

Description of the change

This patch makes the following changes:

  • Added value trivy.existingEnvVarsSecret
  • Added value jobservice.existingEnvVarsSecret
  • Moved redis URL from jobservice config secret to env vars secret
  • Switched jobservice config from Secret to ConfigMap now that no sensitive values are present
  • Don't create core service if it would be empty

Benefits

It is now possible to deploy the chart while creating all secrets out-of-band (i.e. kubectl). This means that no sensitive values are required to be in the values.yaml. This is more secure when running via GitOps.

Because the jobservice configuration no longer contains the (potentially) sensitive redis URL, it can be stored as a ConfigMap, which makes it easier to view.

All changes should be backwards compatible.

Possible drawbacks

None known.

Applicable issues

Additional information

Checklist

  • Chart version bumped in Chart.yaml according to semver. This is not necessary when the changes only affect README.md files.
  • Variables are documented in the values.yaml and added to the README.md using readme-generator-for-helm
  • Title of the pull request follows this pattern [bitnami/<name_of_the_chart>] Descriptive title
  • All commits signed off and in agreement of Developer Certificate of Origin (DCO)

@github-actions github-actions bot added harbor triage Triage is needed labels Apr 29, 2024
@github-actions github-actions bot requested a review from javsalgar April 29, 2024 15:30
@carrodher
Copy link
Member

Thanks for your contribution, could you please rebase from main? There is an issue with one of the GH actions which is totally unrelated to your PR but will require to use the latest changes in the main branch

@meln5674 meln5674 force-pushed the feature/harbor-existing-secrets branch from ab44139 to 9faec85 Compare May 2, 2024 15:27
@meln5674
Copy link
Contributor Author

meln5674 commented May 7, 2024

Let me know if there's anything needed on my end besides the rebase to get the check to pass.

@javsalgar
Copy link
Contributor

It seems that your branch is 31 commits behind main, could you sync your fork? The issue with the action should be fixed by then

@meln5674 meln5674 force-pushed the feature/harbor-existing-secrets branch from 9faec85 to 4562ed3 Compare May 8, 2024 04:39
@github-actions GitHub Actions
Copy link

This Pull Request has been automatically marked as "stale" because it has not had recent activity (for 15 days). It will be closed if no further activity occurs. Thank you for your contribution.

@github-actions github-actions bot added the stale 15 days without activity label May 24, 2024
@meln5674 meln5674 force-pushed the feature/harbor-existing-secrets branch from 4562ed3 to 52abe8d Compare May 26, 2024 18:10
@meln5674
Copy link
Contributor Author

Please excuse my impatience, but its been 3 weeks since I've made the requested change, and all checks are passing. I rebased again yesterday. Please let me know if there are any further obstacles to merging that I can address.

@javsalgar javsalgar added verify Execute verification workflow for these changes in-progress and removed stale 15 days without activity labels May 28, 2024
@github-actions github-actions bot removed the triage Triage is needed label May 28, 2024
@github-actions github-actions bot removed the request for review from javsalgar May 28, 2024 06:58
@github-actions github-actions bot requested a review from dgomezleon May 28, 2024 06:58
dgomezleon
dgomezleon requested changes May 28, 2024
View reviewed changes
Copy link
Member

@dgomezleon dgomezleon left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks a lot for contributing and sorry for the delay. I apply a couple of suggestions. Could you please take a look?

bitnami/harbor/values.yaml Outdated Show resolved Hide resolved
bitnami/harbor/templates/core/core-secret.yaml Show resolved Hide resolved
@meln5674
[harbor] Enable zero-secret output
67178ba 
* Added value trivy.existingEnvVarsSecret
* Added value jobservice.existingEnvVarsSecret
* Moved redis URL from jobservice config secret to env vars secret
* Switched jobservice config from Secret to ConfigMap now that no
  sensitive values are present
* Don't create core service if it would be empty

Signed-off-by: Andrew Melnick <[email protected]>
@meln5674 meln5674 force-pushed the feature/harbor-existing-secrets branch from 0fb4e80 to 67178ba Compare May 28, 2024 21:21
@bitnami-bot
Update CHANGELOG.md
a1d9041 
Signed-off-by: Bitnami Containers <[email protected]>
dgomezleon
dgomezleon approved these changes May 29, 2024
View reviewed changes
Copy link
Member

@dgomezleon dgomezleon left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@dgomezleon dgomezleon merged commit 95d111b into bitnami:main May 29, 2024
11 checks passed
rafariossaa pushed a commit to rafariossaa/charts that referenced this pull request May 29, 2024
@meln5674 @bitnami-bot @rafariossaa
[bitnami/harbor] Enable zero-secret output (bitnami#25453)
384f388 
* [harbor] Enable zero-secret output

* Added value trivy.existingEnvVarsSecret
* Added value jobservice.existingEnvVarsSecret
* Moved redis URL from jobservice config secret to env vars secret
* Switched jobservice config from Secret to ConfigMap now that no
  sensitive values are present
* Don't create core service if it would be empty

Signed-off-by: Andrew Melnick <[email protected]>

* Update CHANGELOG.md

Signed-off-by: Bitnami Containers <[email protected]>

---------

Signed-off-by: Andrew Melnick <[email protected]>
Signed-off-by: Bitnami Containers <[email protected]>
Co-authored-by: Bitnami Containers <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@dgomezleon dgomezleon dgomezleon approved these changes

Assignees

@dgomezleon dgomezleon

Labels
harbor solved verify Execute verification workflow for these changes
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

[harbor] Allow providing all secrets out-of-band
5 participants
@meln5674 @carrodher @javsalgar @dgomezleon @bitnami-bot