From 77f29c1c393e3d8b7991450a9dc49ab3380b5da0 Mon Sep 17 00:00:00 2001
From: Sheogorath <sheogorath@shivering-isles.com>
Date: Sun, 7 Jan 2024 01:25:27 +0100
Subject: [PATCH] removal(sbom-operator): Drop sbom-operator
After running it for a while now, it turns to be not too useful for the
SI Infra. The main use-cases for SBOMs at this point are security scans
and license compliance.
None of these are use-cases that I actually used the produced SBOMs for.
One of the main issues for using these SBOMs for security scans was the
glaring false-negatives for actual security issues due to a lack of
detection of certain packages/application within containers.
Instead running renovate and regularly upgrading all parts has proven
way more practical.
License Compliance, while might being a potential concern, is not on the
list of things to worry about right now.
Finally another issue with this particular operator, was it breaking for
various reasons and resulting in dropping out regularly, which made
SBOMs also out of date.
---
apps/k8s01/sbom-operator/kustomization.yaml | 9 --
apps/k8s01/sbom-operator/namespace.yaml | 31 -----
apps/k8s01/sbom-operator/release.yaml | 98 ----------------
apps/k8s01/sbom-operator/repository.yaml | 8 --
apps/k8s01/sbom-operator/secret.yaml | 119 --------------------
5 files changed, 265 deletions(-)
delete mode 100644 apps/k8s01/sbom-operator/kustomization.yaml
delete mode 100644 apps/k8s01/sbom-operator/namespace.yaml
delete mode 100644 apps/k8s01/sbom-operator/release.yaml
delete mode 100644 apps/k8s01/sbom-operator/repository.yaml
delete mode 100644 apps/k8s01/sbom-operator/secret.yaml
diff --git a/apps/k8s01/sbom-operator/kustomization.yaml b/apps/k8s01/sbom-operator/kustomization.yaml
deleted file mode 100644
index d0043a65d..000000000
--- a/apps/k8s01/sbom-operator/kustomization.yaml
+++ /dev/null
@@ -1,9 +0,0 @@
-apiVersion: kustomize.config.k8s.io/v1beta1
-kind: Kustomization
-namespace: sbom-operator
-resources:
- - namespace.yaml
- - repository.yaml
- - release.yaml
- - secret.yaml
- - ../../../shared/resourcequotas/default.yaml
diff --git a/apps/k8s01/sbom-operator/namespace.yaml b/apps/k8s01/sbom-operator/namespace.yaml
deleted file mode 100644
index 9c279c5ed..000000000
--- a/apps/k8s01/sbom-operator/namespace.yaml
+++ /dev/null
@@ -1,31 +0,0 @@
-apiVersion: v1
-kind: Namespace
-metadata:
- name: sbom-operator
- labels:
- pod-security.kubernetes.io/audit: restricted
- pod-security.kubernetes.io/enforce: restricted
- pod-security.kubernetes.io/warn: restricted
- pod-security.kubernetes.io/audit-version: v1.27
- pod-security.kubernetes.io/enforce-version: v1.26
- pod-security.kubernetes.io/warn-version: v1.27
----
-apiVersion: v1
-kind: ServiceAccount
-metadata:
- name: flux-reconciler
- namespace: sbom-operator
----
-apiVersion: rbac.authorization.k8s.io/v1
-kind: RoleBinding
-metadata:
- name: flux-reconciler
- namespace: sbom-operator
-roleRef:
- apiGroup: rbac.authorization.k8s.io
- kind: ClusterRole
- name: admin
-subjects:
- - kind: ServiceAccount
- name: flux-reconciler
- namespace: sbom-operator
diff --git a/apps/k8s01/sbom-operator/release.yaml b/apps/k8s01/sbom-operator/release.yaml
deleted file mode 100644
index bc0c40c49..000000000
--- a/apps/k8s01/sbom-operator/release.yaml
+++ /dev/null
@@ -1,98 +0,0 @@
-apiVersion: helm.toolkit.fluxcd.io/v2beta1
-kind: HelmRelease
-metadata:
- name: sbom-operator
- namespace: sbom-operator
-spec:
- timeout: 5m
- releaseName: sbom-operator
- chart:
- spec:
- chart: sbom-operator
- sourceRef:
- kind: HelmRepository
- name: sbom-operator
- version: 0.31.0
- interval: 5m
- valuesFrom:
- - kind: ConfigMap
- name: sbom-operator-base-values
- valuesKey: values.yaml
- - kind: Secret
- name: sbom-operator-override-values
- valuesKey: values-overrides.yaml
- optional: true
- install:
- remediation:
- retries: -1
- upgrade:
- remediation:
- retries: -1
- postRenderers:
- - kustomize:
- patchesStrategicMerge:
- - kind: Deployment
- apiVersion: apps/v1
- metadata:
- name: sbom-operator
- spec:
- template:
- spec:
- securityContext:
- fsGroup: 1001
- containers:
- - name: sbom-operator
- - name: cleanup
- image: quay.io/fedora/fedora:38
- command:
- - bash
- - -c
- - while true; do find /tmp -type d -mmin +15 -maxdepth 1 -exec rm -rf {} + ; sleep 300; done
- resources:
- requests:
- cpu: 10m
- memory: 64Mi
- limits:
- cpu: 100m
- memory: 128Mi
- securityContext:
- allowPrivilegeEscalation: false
- capabilities:
- drop:
- - ALL
- privileged: false
- readOnlyRootFilesystem: true
- runAsNonRoot: true
- runAsUser: 1001
- seccompProfile:
- type: RuntimeDefault
- volumeMounts:
- - name: tmp
- mountPath: /tmp
- volumes:
- - name: tmp
- emptyDir: null
- ephemeral:
- volumeClaimTemplate:
- spec:
- accessModes:
- - ReadWriteOnce
- resources:
- requests:
- storage: 50Gi
----
-apiVersion: v1
-kind: ConfigMap
-metadata:
- name: sbom-operator-base-values
- namespace: sbom-operator
-data:
- values.yaml: |
- resources:
- requests:
- cpu: 100m
- memory: 256Mi
- limits:
- cpu: "1"
- memory: "2Gi"
- podSecurityPolicy:
\ No newline at end of file
diff --git a/apps/k8s01/sbom-operator/repository.yaml b/apps/k8s01/sbom-operator/repository.yaml
deleted file mode 100644
index ef91c8d18..000000000
--- a/apps/k8s01/sbom-operator/repository.yaml
+++ /dev/null
@@ -1,8 +0,0 @@
-apiVersion: source.toolkit.fluxcd.io/v1beta1
-kind: HelmRepository
-metadata:
- name: sbom-operator
- namespace: sbom-operator
-spec:
- interval: 30m
- url: https://ckotzbauer.github.io/helm-charts
diff --git a/apps/k8s01/sbom-operator/secret.yaml b/apps/k8s01/sbom-operator/secret.yaml
deleted file mode 100644
index c501d199a..000000000
--- a/apps/k8s01/sbom-operator/secret.yaml
+++ /dev/null
@@ -1,119 +0,0 @@
-apiVersion: v1
-kind: Secret
-metadata:
- name: sbom-operator-override-values
- namespace: sbom-operator
-stringData:
- values-overrides.yaml: ENC[AES256_GCM,data:oMNsCtHSEFm+x3L3ZKTA2M5uapSzLsxWAuCrFnSu+9K9gUIWGKJSSxV/iJu0oWGnf3qQGcRqPF+E8eZvGyDSte/EErxT4MVmPZW5KJ2Nh61VRMPG8PKx0/luGYQkVzP0HOuaOPCBJ/B88NnWq4bXUJTduxF8FDqqzQ8TjCl22n/egpUXGN0FrO59xm64LB3eRNIZAFyXyXIvFoZ2beTmaXjyiAo9Z8Dbeltf/wdicmb4D4zSSE+YOmc9PWbOmlOpy9mmW9h+ksga/RaMD4KPI5HApJX0RV8t4nhMkxsG42DuQxxej7hvBa3s8kphTZiEp6n7Fpv3mEHi/rWr3MkFRhZ5mbUHRK8LctE+updVS38u8rRaY5+xKSZv14s8sRulNXBbzXQkHbihHeYn+FAXtvGmA6DSo0qMq3P3rLTo9lS8+1Jjx07cg32RgFbc5hLxnmgF8OdAIZe4rJjnl2BQ5cuD4nbXqI3CZvhU9zt0THeBHTlqJcvmZVrACvylsbeqBv7L8TrxDdXF+t5BVcK0jlG9n/HXR6ip5LaRAIuUgZYRNGWAVF+ayCHxt6Tu+NhE+45Mt7rK66t4vVC1bWxOTcOXdEaw7G0EjdiePadS2L1ajU89WzZVA47BiOfIiD/MV2jB9kEF0tcVoI8wYj0oJhwE9nTPmRn+k38V6L4qQwbKwdvansBbPH3XOQBkSNa9RG6PM+QiqblKZxIKEqGRom0ZdeaXPT6BX3yrBQ3rndJBEgdk2U0RvoI0KBKvOIiL7amYSYVpJ6zQg5y2kincxSDvJnYjzzfux4yN4Cds+VsH80HAJvBKMBNHS7W78qw79yiBiFfiXhHF7HXga/mMvMicwuaHgiRVJUtCGzVGcTyDUqOh0wyoDqfCMU8o24dpZuIFucBcffkhrlbnigWO5aG2voID9zogxhioszJipMEsgSsbCCvjuGqgZ+EecTEO32VY8D1U/Q+u6NVWWmvNMmZTGKNNVnH/f+6U/yzuLOBPA4+ER/SqtFdhYag4ajCH1P/J7ioC0wAN2oautgB0pyVZDQDYyGikvlCj,iv:kWCyXkqs3ehkfh+F+1xv0RiUPWiK2gaPzzpAl06fVfE=,tag:S2oQJZyABKI+LyxWEiyQLQ==,type:str]
-sops:
- kms: []
- gcp_kms: []
- azure_kv: []
- hc_vault: []
- age: []
- lastmodified: "2023-12-17T18:43:37Z"
- mac: ENC[AES256_GCM,data:h6LeTJR0hmP7M542G6pbyNfhTlqUsrtNKNk9hjqXJanygCpQbAS+wii8kWJYWQLcFh+Vj+Ob+9jDBJzCokpNhT+faade40eL/+NyERUrO9IVXAOTtioG2svIUjLS88rXlNwpdLMr6FOoGR9eaqsfWom0DcsAypPB5xpRSXvXRAo=,iv:aLztd3RZOPsyCRN9kQMbi15Kqg4w1YBi9OHsUSmpJSE=,tag:wctZaZXAstnlzKC+Ar5BPg==,type:str]
- pgp:
- - created_at: "2023-09-27T21:30:31Z"
- enc: |-
- -----BEGIN PGP MESSAGE-----
-
- wcFMA7kpg2bgzVHcARAAr5M5ibEfvKUkkpR1TMz77VXKlaMTaUHEQ25OK1Rpe4jV
- xcRw3OAYN/WOJsAYYyu+DZTa5X0CMTX2vIUGzaDkuTH9VFdn67A6/FamzfvGqWFR
- lcjh8PmbT9/DpJVKuNGs+0WyP6dBbvQDVprAo9rBjvEqqhTxXLXYGy/L4ky/+6Od
- sZNpqKvQtvmbLpvkWDs16atFXupUnRYOD3dyvd74jS6CQj3t9a20hfZ244WLNqat
- 7dtefew1F93xgYvwLik1PggH9i1BXv4CR/Uj6f0vTJ84sD3wJX43JQLnmmeEYYMg
- rH7p/CyrfVrD1zklf/kSb6R3SOJBR+tbv6i+DUG/f/DAxOQxKZwrvDMQZUumnVUY
- iqOA1HGa1yBSRwmM6EybCiSsDXmrIL2OiBugHGjqzOA3AzV8vmsmkvYSZwh4cCWT
- XJAYffWD730Z5ECeoGh+DngB6vy9fEF6NyZ5xrzqJk6ITkIYwnxlZv1ZiRfipeYj
- mg9XZbm6mOk+cgrcPMOK3VOyKDmjk6pGEEGIy0qwaWO2rBA5gUbVTtEsNOQhdKWb
- raVhgA4MnLtSkvBgsYoRO/xc0M3KYl1Q1A2ATv2z9SzJ8qJyzhPMF/+/uq7MgEbn
- ogTpcgsDvGMR24XGNBv/4cvZO9NgIWgs8f+smJLqnxbaCZMS7IQ7XtwQhSsL6nLS
- UQHiogW6CIeB+i8DgTooWXz5O4xf184jZodFuC5VNN6FvaDiFZ/cKV+4goPUthP7
- C7faolE6ilirP5+YPj63zdhSW9y55ASDPdk/cE16ijZJ0w==
- =LB59
- -----END PGP MESSAGE-----
- fp: 286791FB6648539775DB31B8FCB98C2A3EC6F601
- - created_at: "2023-09-27T21:30:31Z"
- enc: |
- -----BEGIN PGP MESSAGE-----
-
- hQIMA4oYbIHZIrAPAQ/9HgKJUBNTeNvwNFaH8sJYHLv4mNkQd6vrmI2ZGx0Qra4T
- Ze1eaRdpCTQ/1l9IREQuQr0nenpAyb9AyYVAtNXmQlT05BqZjXP5rPWWtShGVZVz
- 932gRSJ56LoKKzcJiuEx5EzLOjBfgW2LtvWV2EzgFwz9+SquUJSdcvQM3ZfLWYsO
- xnsdPGcxJieCv0Z4T+TXO1CF9RRSxinFgB5l/66F2S8y/WVWabBEcvRpLS6aDSpg
- 0OxPfQht8qkHkb1poFnZwr2oQYXpFYYBT7jGwfi/ShmREwW+fE9zjS26VEswsQ/u
- hsm5jDooiitIrcbZ+H5vbKXirLPBK+Bs8spqt0XJGrfIAbvtE0XDHlWhO5k/HzzH
- dBbOc2UQpoO0/kRoQbvdOjjfrpEo3T+qKYnlwu+U+Hai8xWZw3IM19KVAQ2YL0wn
- xPN33f2n3k0KqX/MmmiYJIX/bzbkcuPOp5fPFZGw3MDCp1FbX5cKkW/6/QiNMnLU
- Tm1OeDTYw1SEjb1J+5UBTbL2Ofbwb7VR2svn6oBV440hIIzsGcWkmFZ1w/uU7S66
- BM9mDG8+bZK5u3G8Umtr0+vYNSxlYIl017Iyx20xTFq/OPZ3GnuddUON0FC1bufR
- /kHH+Q+fdLQD2nDmUKneSwn7JG03RdzQA7XT76tUN1BCOyPpwRis66W9zsHhdWbU
- aAEJAhA587Gfs0hbJYeivufwtlr+3wP9OffI8VpcbiqIileOTEP9ap6Fxnp8S05o
- SFZxhFP4t86wJPaGhomu3gA2kVx6QauNVt0gZaz0HZmxO4Uk8RDuI36fCpAfrSrU
- 5/ePctR+K/bu
- =WJnd
- -----END PGP MESSAGE-----
- fp: B137EE1549DFAF960DD1E2B15147025FB9F09E07
- encrypted_regex: ^(data|stringData|email|dnsZones?|dnsNames?|.*(H|h)osts?|tang|externalURL|.*-secret|.*-url|.*Secrets?|.*-domain|password|subjects|node|apiURL|.*(S|s)erverNames?|.*SecretKey|externalName)$
- version: 3.7.3
----
-apiVersion: v1
-kind: Secret
-metadata:
- name: sbom-operator
- namespace: sbom-operator
-stringData:
- password: ENC[AES256_GCM,data:G95GN4ft1zp6zqSRzae9WrFXqIsfUDUVx9k=,iv:7Jt92nbroqOshzvE4yKTkDebA2cjAwi/DmQL1tmHZa4=,tag:yq9RQd8VEEwzU9ai8xlF6w==,type:str]
-sops:
- kms: []
- gcp_kms: []
- azure_kv: []
- hc_vault: []
- age: []
- lastmodified: "2023-12-17T18:43:37Z"
- mac: ENC[AES256_GCM,data:h6LeTJR0hmP7M542G6pbyNfhTlqUsrtNKNk9hjqXJanygCpQbAS+wii8kWJYWQLcFh+Vj+Ob+9jDBJzCokpNhT+faade40eL/+NyERUrO9IVXAOTtioG2svIUjLS88rXlNwpdLMr6FOoGR9eaqsfWom0DcsAypPB5xpRSXvXRAo=,iv:aLztd3RZOPsyCRN9kQMbi15Kqg4w1YBi9OHsUSmpJSE=,tag:wctZaZXAstnlzKC+Ar5BPg==,type:str]
- pgp:
- - created_at: "2023-09-27T21:30:31Z"
- enc: |-
- -----BEGIN PGP MESSAGE-----
-
- wcFMA7kpg2bgzVHcARAAr5M5ibEfvKUkkpR1TMz77VXKlaMTaUHEQ25OK1Rpe4jV
- xcRw3OAYN/WOJsAYYyu+DZTa5X0CMTX2vIUGzaDkuTH9VFdn67A6/FamzfvGqWFR
- lcjh8PmbT9/DpJVKuNGs+0WyP6dBbvQDVprAo9rBjvEqqhTxXLXYGy/L4ky/+6Od
- sZNpqKvQtvmbLpvkWDs16atFXupUnRYOD3dyvd74jS6CQj3t9a20hfZ244WLNqat
- 7dtefew1F93xgYvwLik1PggH9i1BXv4CR/Uj6f0vTJ84sD3wJX43JQLnmmeEYYMg
- rH7p/CyrfVrD1zklf/kSb6R3SOJBR+tbv6i+DUG/f/DAxOQxKZwrvDMQZUumnVUY
- iqOA1HGa1yBSRwmM6EybCiSsDXmrIL2OiBugHGjqzOA3AzV8vmsmkvYSZwh4cCWT
- XJAYffWD730Z5ECeoGh+DngB6vy9fEF6NyZ5xrzqJk6ITkIYwnxlZv1ZiRfipeYj
- mg9XZbm6mOk+cgrcPMOK3VOyKDmjk6pGEEGIy0qwaWO2rBA5gUbVTtEsNOQhdKWb
- raVhgA4MnLtSkvBgsYoRO/xc0M3KYl1Q1A2ATv2z9SzJ8qJyzhPMF/+/uq7MgEbn
- ogTpcgsDvGMR24XGNBv/4cvZO9NgIWgs8f+smJLqnxbaCZMS7IQ7XtwQhSsL6nLS
- UQHiogW6CIeB+i8DgTooWXz5O4xf184jZodFuC5VNN6FvaDiFZ/cKV+4goPUthP7
- C7faolE6ilirP5+YPj63zdhSW9y55ASDPdk/cE16ijZJ0w==
- =LB59
- -----END PGP MESSAGE-----
- fp: 286791FB6648539775DB31B8FCB98C2A3EC6F601
- - created_at: "2023-09-27T21:30:31Z"
- enc: |
- -----BEGIN PGP MESSAGE-----
-
- hQIMA4oYbIHZIrAPAQ/9HgKJUBNTeNvwNFaH8sJYHLv4mNkQd6vrmI2ZGx0Qra4T
- Ze1eaRdpCTQ/1l9IREQuQr0nenpAyb9AyYVAtNXmQlT05BqZjXP5rPWWtShGVZVz
- 932gRSJ56LoKKzcJiuEx5EzLOjBfgW2LtvWV2EzgFwz9+SquUJSdcvQM3ZfLWYsO
- xnsdPGcxJieCv0Z4T+TXO1CF9RRSxinFgB5l/66F2S8y/WVWabBEcvRpLS6aDSpg
- 0OxPfQht8qkHkb1poFnZwr2oQYXpFYYBT7jGwfi/ShmREwW+fE9zjS26VEswsQ/u
- hsm5jDooiitIrcbZ+H5vbKXirLPBK+Bs8spqt0XJGrfIAbvtE0XDHlWhO5k/HzzH
- dBbOc2UQpoO0/kRoQbvdOjjfrpEo3T+qKYnlwu+U+Hai8xWZw3IM19KVAQ2YL0wn
- xPN33f2n3k0KqX/MmmiYJIX/bzbkcuPOp5fPFZGw3MDCp1FbX5cKkW/6/QiNMnLU
- Tm1OeDTYw1SEjb1J+5UBTbL2Ofbwb7VR2svn6oBV440hIIzsGcWkmFZ1w/uU7S66
- BM9mDG8+bZK5u3G8Umtr0+vYNSxlYIl017Iyx20xTFq/OPZ3GnuddUON0FC1bufR
- /kHH+Q+fdLQD2nDmUKneSwn7JG03RdzQA7XT76tUN1BCOyPpwRis66W9zsHhdWbU
- aAEJAhA587Gfs0hbJYeivufwtlr+3wP9OffI8VpcbiqIileOTEP9ap6Fxnp8S05o
- SFZxhFP4t86wJPaGhomu3gA2kVx6QauNVt0gZaz0HZmxO4Uk8RDuI36fCpAfrSrU
- 5/ePctR+K/bu
- =WJnd
- -----END PGP MESSAGE-----
- fp: B137EE1549DFAF960DD1E2B15147025FB9F09E07
- encrypted_regex: ^(data|stringData|email|dnsZones?|dnsNames?|.*(H|h)osts?|tang|externalURL|.*-secret|.*-url|.*Secrets?|.*-domain|password|subjects|node|apiURL|.*(S|s)erverNames?|.*SecretKey|externalName)$
- version: 3.7.3
--
GitLab