diff --git a/deploy/helm/shipsec/templates/dind-deployment.yaml b/deploy/helm/shipsec/templates/dind-deployment.yaml deleted file mode 100644 index bc48159b..00000000 --- a/deploy/helm/shipsec/templates/dind-deployment.yaml +++ /dev/null @@ -1,48 +0,0 @@ -{{- if .Values.execution.dind.enabled }} -apiVersion: apps/v1 -kind: Deployment -metadata: - name: shipsec-dind - namespace: {{ .Values.global.namespaces.workloads }} - labels: - {{- include "shipsec.labels" . | nindent 4 }} - app.kubernetes.io/component: dind -spec: - replicas: 1 - selector: - matchLabels: - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/component: dind - template: - metadata: - labels: - {{- include "shipsec.labels" . | nindent 8 }} - app.kubernetes.io/component: dind - spec: - containers: - - name: dind - image: docker:27-dind - imagePullPolicy: IfNotPresent - securityContext: - privileged: true - args: - - "--host=tcp://0.0.0.0:{{ .Values.execution.dind.port }}" - - "--storage-driver=overlay2" - env: - - name: DOCKER_TLS_CERTDIR - value: "" - ports: - - name: docker - containerPort: {{ .Values.execution.dind.port }} - volumeMounts: - - name: docker-storage - mountPath: /var/lib/docker - volumes: - - name: docker-storage - {{- if .Values.execution.dind.storage.enabled }} - persistentVolumeClaim: - claimName: shipsec-dind-pvc - {{- else }} - emptyDir: {} - {{- end }} -{{- end }} diff --git a/deploy/helm/shipsec/templates/dind-pvc.yaml b/deploy/helm/shipsec/templates/dind-pvc.yaml deleted file mode 100644 index 32a11ef1..00000000 --- a/deploy/helm/shipsec/templates/dind-pvc.yaml +++ /dev/null @@ -1,17 +0,0 @@ -{{- if and .Values.execution.dind.enabled .Values.execution.dind.storage.enabled }} -apiVersion: v1 -kind: PersistentVolumeClaim -metadata: - name: shipsec-dind-pvc - namespace: {{ .Values.global.namespaces.workloads }} - labels: - {{- include "shipsec.labels" . | nindent 4 }} - app.kubernetes.io/component: dind -spec: - accessModes: - - ReadWriteOnce - resources: - requests: - storage: {{ .Values.execution.dind.storage.size }} -{{- end }} - diff --git a/deploy/helm/shipsec/templates/dind-service.yaml b/deploy/helm/shipsec/templates/dind-service.yaml deleted file mode 100644 index 349c0d24..00000000 --- a/deploy/helm/shipsec/templates/dind-service.yaml +++ /dev/null @@ -1,20 +0,0 @@ -{{- if .Values.execution.dind.enabled }} -apiVersion: v1 -kind: Service -metadata: - name: shipsec-dind - namespace: {{ .Values.global.namespaces.workloads }} - labels: - {{- include "shipsec.labels" . | nindent 4 }} - app.kubernetes.io/component: dind -spec: - type: ClusterIP - ports: - - name: docker - port: {{ .Values.execution.dind.port }} - targetPort: docker - selector: - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/component: dind -{{- end }} - diff --git a/deploy/helm/shipsec/templates/worker-deployment.yaml b/deploy/helm/shipsec/templates/worker-deployment.yaml index c4734f9e..cd243d4e 100644 --- a/deploy/helm/shipsec/templates/worker-deployment.yaml +++ b/deploy/helm/shipsec/templates/worker-deployment.yaml @@ -47,6 +47,11 @@ spec: secretKeyRef: name: {{ .Values.secrets.name }} key: SECRET_STORE_MASTER_KEY + - name: INTERNAL_SERVICE_TOKEN + valueFrom: + secretKeyRef: + name: {{ .Values.secrets.name }} + key: INTERNAL_SERVICE_TOKEN {{- if eq .Values.execution.mode "k8s" }} - name: EXECUTION_MODE value: "k8s" @@ -66,9 +71,6 @@ spec: - name: K8S_JOB_SERVICE_ACCOUNT value: {{ .Values.execution.k8s.jobServiceAccount | quote }} {{- end }} - {{- else if .Values.execution.workerDockerHost }} - - name: DOCKER_HOST - value: {{ .Values.execution.workerDockerHost | quote }} {{- end }} {{- range $k, $v := .Values.worker.env }} - name: {{ $k }} diff --git a/deploy/helm/shipsec/values.yaml b/deploy/helm/shipsec/values.yaml index 8ac338bb..0d94aa52 100644 --- a/deploy/helm/shipsec/values.yaml +++ b/deploy/helm/shipsec/values.yaml @@ -107,17 +107,8 @@ ingress: secretName: shipsec-tls execution: - # "docker" = use Docker CLI (local dev / DIND), "k8s" = K8s Jobs (GKE / production) + # "docker" = use local Docker socket (local dev), "k8s" = K8s Jobs (GKE / production) mode: docker - dind: - enabled: false - serviceName: shipsec-dind - namespace: shipsec-workloads - port: 2375 - storage: - enabled: true - size: 20Gi - workerDockerHost: '' k8s: # Namespace where component Jobs are created jobNamespace: shipsec-workloads diff --git a/deploy/helm/shipsec/values/cloud-generic.yaml b/deploy/helm/shipsec/values/cloud-generic.yaml index d48dfc0d..962321c9 100644 --- a/deploy/helm/shipsec/values/cloud-generic.yaml +++ b/deploy/helm/shipsec/values/cloud-generic.yaml @@ -8,9 +8,3 @@ backend: frontend: service: type: ClusterIP - -execution: - dind: - enabled: false - workerDockerHost: "" - diff --git a/deploy/helm/shipsec/values/dind.yaml b/deploy/helm/shipsec/values/dind.yaml deleted file mode 100644 index a1f7c195..00000000 --- a/deploy/helm/shipsec/values/dind.yaml +++ /dev/null @@ -1,5 +0,0 @@ -execution: - dind: - enabled: true - workerDockerHost: tcp://shipsec-dind.shipsec-workloads.svc.cluster.local:2375 - diff --git a/deploy/helm/shipsec/values/no-dind.yaml b/deploy/helm/shipsec/values/no-dind.yaml deleted file mode 100644 index 98304b03..00000000 --- a/deploy/helm/shipsec/values/no-dind.yaml +++ /dev/null @@ -1,5 +0,0 @@ -execution: - dind: - enabled: false - workerDockerHost: "" -