Merge pull request #505 from kubescape/fixfix

add missing service account to jobs
kubescape · Sep 16, 2024 · 92f69ed · 92f69ed
2 parents 893ff19 + dcb2e1b
commit 92f69ed
Show file tree

Hide file tree

Showing 8 changed files with 38 additions and 160 deletions.
diff --git a/charts/kubescape-operator/assets/kubescape-cronjob-full.yaml b/charts/kubescape-operator/assets/kubescape-cronjob-full.yaml
@@ -57,6 +57,7 @@ apiVersion: batch/v1
 {{ toYaml .Values.kubescapeScheduler.volumeMounts | indent 18 }}
 {{- end }}
               restartPolicy: Never
+              serviceAccountName: {{ .Values.kubescape.name }}
               automountServiceAccountToken: false
               nodeSelector:
               {{- if .Values.kubescapeScheduler.nodeSelector }}

diff --git a/charts/kubescape-operator/assets/kubevuln-cronjob-full.yaml b/charts/kubescape-operator/assets/kubevuln-cronjob-full.yaml
@@ -57,6 +57,7 @@ apiVersion: batch/v1
 {{ toYaml .Values.kubevulnScheduler.volumeMounts | indent 18 }}
 {{- end }}
               restartPolicy: Never
+              serviceAccountName: {{ .Values.kubevuln.name }}
               automountServiceAccountToken: false
               nodeSelector:
               {{- if .Values.kubevulnScheduler.nodeSelector }}

diff --git a/charts/kubescape-operator/assets/registry-scan-cronjob-full.yaml b/charts/kubescape-operator/assets/registry-scan-cronjob-full.yaml
@@ -57,6 +57,7 @@ apiVersion: batch/v1
 {{ toYaml .Values.registryScanScheduler.volumeMounts | indent 18 }}
 {{- end }}
               restartPolicy: Never
+              serviceAccountName: {{ .Values.kubevuln.name }}
               automountServiceAccountToken: false
               nodeSelector:
               {{- if .Values.registryScanScheduler.nodeSelector }}

diff --git a/charts/kubescape-operator/templates/storage/apiservice.yaml b/charts/kubescape-operator/templates/storage/apiservice.yaml
@@ -7,8 +7,7 @@ metadata:
   labels:
     {{- include "kubescape-operator.labels" (dict "Chart" .Chart "Release" .Release "Values" .Values "app" .Values.storage.name "tier" .Values.global.namespaceTier) | nindent 4 }}
 spec:
-  insecureSkipTLSVerify: false
-  caBundle: {{ .Values.global.kubescapeCa | b64enc }}
+  insecureSkipTLSVerify: true
   group: "spdx.softwarecomposition.kubescape.io"
   groupPriorityMinimum: 1000
   versionPriority: 15

diff --git a/charts/kubescape-operator/templates/storage/deployment.yaml b/charts/kubescape-operator/templates/storage/deployment.yaml
@@ -49,12 +49,6 @@ spec:
           tcpSocket:
             port: 8443
         env:
-          - name: TLS_SERVER_CERT_FILE
-            value: "/etc/tls/tls.crt"
-          - name: TLS_SERVER_KEY_FILE
-            value: "/etc/tls/tls.key"
-          - name: TLS_CLIENT_CA_FILE
-            value: "/var/run/secrets/kubernetes.io/serviceaccount/ca.crt"
           - name: "CLEANUP_INTERVAL"
             value: "{{ .Values.storage.cleanupInterval }}"
           - name: GOMEMLIMIT
@@ -84,9 +78,6 @@ spec:
           - name: {{ .Values.global.cloudConfig }}
             mountPath: /etc/config
             readOnly: true
-          - name: "tls"
-            mountPath: "/etc/tls"
-            readOnly: true
         resources:
 {{ toYaml .Values.storage.resources | indent 12 }}
       nodeSelector:
@@ -125,7 +116,4 @@ spec:
             - key: "services"
               path: "services.json"
             {{- end }}
-        - name: "tls"
-          secret:
-            secretName: {{ .Values.storage.name }}
 {{- end }}
diff --git a/charts/kubescape-operator/templates/storage/tlscertkey.yaml b/charts/kubescape-operator/templates/storage/tlscertkey.yaml