search

jetstack / version-checker

Kubernetes utility for exposing image versions in use, compared to latest available upstream, as metrics.
https://jetstack.io
Apache License 2.0
661 stars 76 forks source link

Define credentials as a environment variable #185

Closed nonamef closed 2 months ago

nonamef commented 2 months ago

Currently if you want to add any username/password, it's done as a string. As the helm chart code is stored in a repository, anyone with access can see the credentials without issue. e.g 

# Docker Hub Credentials Configuration
docker:
  username:  admin-user
  password: password123

An enhancement would be to define the credentials as an environment variable so that secrets could be used to mask the credentials. e.g

env:
  - name: DOCKER_USERNAME
    valueFrom:
      secretKeyRef:
        name: docker-credentials
        key: username
  - name: DOCKER_PASSWORD
    valueFrom:
      secretKeyRef:
        name: docker-credentials
        key: password
nonamef commented 2 months ago

Looks like I missed the defined vars in the deployment. Would be good if it was in the readme. https://github.com/jetstack/version-checker/blob/74cde3ce164e8ef2a988e86319e9957778dd2de6/deploy/charts/version-checker/templates/deployment.yaml#L134

        {{- if .Values.docker.username }}
        - name: VERSION_CHECKER_DOCKER_USERNAME
          valueFrom:
            secretKeyRef:
              name: {{ $chartname }}
              key: docker.username
        {{- end }}
        {{- if .Values.docker.password }}
        - name: VERSION_CHECKER_DOCKER_PASSWORD
          valueFrom:
            secretKeyRef:
              name: {{ $chartname }}
              key: docker.password
        {{- end }}