You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Presently, some Secrets in the harbor chart are "baked into", that is, they require providing sensitive values in the values.yaml, which is not secure when using GitOps.
What is the feature you are proposing to solve the problem?
The following changes should allow for zero secrets to be created by the chart, if desired:
Add a trivy.existingEnvVarsSecret field that will point to a secret currently created by trivy/trivy-secret-envvars.yaml, do not create the secret if it is provided
Change jobservice/jobservice-config-secret.yaml from a Secret to a ConfigMap, now that the only sensitive value has been removed
Add a jobservice.existingEnvVarsSecret field that will point to a secret currently created by jobservice/jobservice-secret-envvars.yaml, do not create if provided
Do not create core/core-secret.yaml if the data section would be empty (i.e. if both core.existingSecret and core.secretName are both provided).
With these changes made, all Secrets are within an if-block, meaning it is possible to configure the chart to emit no Secrets.
I have these changes working in a local copy. I am happy to update the docs and submit a PR if these would be accepted as-is or with minor modifications.
What alternatives have you considered?
Using a different chart.
The text was updated successfully, but these errors were encountered:
Thank you for bringing this issue to our attention. We appreciate your involvement! If you're interested in contributing a solution, we welcome you to create a pull request. The Bitnami team is excited to review your submission and offer feedback. You can find the contributing guidelines here.
Your contribution will greatly benefit the community. Feel free to reach out if you have any questions or need assistance.
This Issue has been automatically marked as "stale" because it has not had recent activity (for 15 days). It will be closed if no further activity occurs. Thanks for the feedback.
Due to the lack of activity in the last 5 days since it was marked as "stale", we proceed to close this Issue. Do not hesitate to reopen it later if necessary.
Name and Version
bitnami/harbor 21.1.1
What is the problem this feature will solve?
Presently, some Secrets in the harbor chart are "baked into", that is, they require providing sensitive values in the values.yaml, which is not secure when using GitOps.
What is the feature you are proposing to solve the problem?
The following changes should allow for zero secrets to be created by the chart, if desired:
trivy.existingEnvVarsSecret
field that will point to a secret currently created bytrivy/trivy-secret-envvars.yaml
, do not create the secret if it is providedjobservice/jobservice-config-secret.yaml
at config.yaml's worker_pool.redis_url tojobservice/jobservice-secret-envvars.yaml
at a separate keyJOB_SERVICE_POOL_REDIS_URL
which the jobservice respects (see https://github.com/goharbor/harbor/blob/main/src/jobservice/config/config.go#L40C42-L40C68)jobservice/jobservice-config-secret.yaml
from a Secret to a ConfigMap, now that the only sensitive value has been removedjobservice.existingEnvVarsSecret
field that will point to a secret currently created byjobservice/jobservice-secret-envvars.yaml
, do not create if providedcore/core-secret.yaml
if the data section would be empty (i.e. if bothcore.existingSecret
andcore.secretName
are both provided).With these changes made, all Secrets are within an if-block, meaning it is possible to configure the chart to emit no Secrets.
I have these changes working in a local copy. I am happy to update the docs and submit a PR if these would be accepted as-is or with minor modifications.
What alternatives have you considered?
Using a different chart.
The text was updated successfully, but these errors were encountered: