fix: remove checkov_skips for logdna agent (#341)

maheshwarishikha · Shikha Maheshwari · web-flow · commit 800c1ad588de · 2024-06-03T17:12:23.000+05:30
* test: temporary code without checkovs for logdna agent

* fix: remove checkov_skips

---------

Co-authored-by: Shikha Maheshwari &lt;shikhamaheshwari@Shikhas-MacBook-Pro.local&gt;
diff --git a/chart/logdna-agent/templates/daemonset.yaml b/chart/logdna-agent/templates/daemonset.yaml
@@ -8,10 +8,6 @@ metadata:
     app.kubernetes.io/instance: "{{ .Values.metadata.name }}"
     # Extracts the first part before '@' from .Values.image.version, ensuring it's treated as a string.
     app.kubernetes.io/version: {{ .Values.image.version | default "" | toString | splitList "@" | first }}
-  annotations:
-    {{- range .Values.checkov_skips }}
-    {{- . | toYaml | nindent 4 -}}
-    {{- end }}
 spec:
   updateStrategy:
     type: RollingUpdate
diff --git a/chart/logdna-agent/templates/role.yaml b/chart/logdna-agent/templates/role.yaml
@@ -8,10 +8,6 @@ metadata:
     app.kubernetes.io/instance: "{{ .Values.metadata.name }}"
     # Extracts the first part before '@' from .Values.image.version, ensuring it's treated as a string.
     app.kubernetes.io/version: {{ .Values.image.version | default "" | toString | splitList "@" | first }}
-  annotations:
-    {{- range .Values.checkov_skips }}
-    {{- . | toYaml | nindent 4 -}}
-    {{- end }}
 rules:
   - apiGroups: [""]
     resources: ["configmaps"]
diff --git a/chart/logdna-agent/templates/rolebinding.yaml b/chart/logdna-agent/templates/rolebinding.yaml
@@ -8,10 +8,6 @@ metadata:
     app.kubernetes.io/instance: "{{ .Values.metadata.name }}"
     # Extracts the first part before '@' from .Values.image.version, ensuring it's treated as a string.
     app.kubernetes.io/version: {{ .Values.image.version | default "" | toString | splitList "@" | first }}
-  annotations:
-    {{- range .Values.checkov_skips }}
-    {{- . | toYaml | nindent 4 -}}
-    {{- end }}
 roleRef:
   apiGroup: rbac.authorization.k8s.io
   kind: Role
diff --git a/chart/logdna-agent/templates/secret.yaml b/chart/logdna-agent/templates/secret.yaml
@@ -10,8 +10,4 @@ metadata:
     app.kubernetes.io/instance: {{ .Values.metadata.name }}
     # Extracts the first part before '@' from .Values.image.version, ensuring it's treated as a string.
     app.kubernetes.io/version: {{ .Values.image.version | default "" | toString | splitList "@" | first }}
-  annotations:
-    {{- range .Values.checkov_skips }}
-    {{- . | toYaml | nindent 4 -}}
-    {{- end }}
 type: Opaque
diff --git a/chart/logdna-agent/templates/serviceaccount.yaml b/chart/logdna-agent/templates/serviceaccount.yaml
@@ -8,7 +8,3 @@ metadata:
     app.kubernetes.io/instance: "{{ .Values.metadata.name }}"
     # Extracts the first part before '@' from .Values.image.version, ensuring it's treated as a string.
     app.kubernetes.io/version: {{ .Values.image.version | default "" | toString | splitList "@" | first }}
-  annotations:
-    {{- range .Values.checkov_skips }}
-    {{- . | toYaml | nindent 4 -}}
-    {{- end }}
diff --git a/chart/logdna-agent/values.yaml b/chart/logdna-agent/values.yaml
@@ -12,24 +12,3 @@ secret:
 agent:
   tags: ""
   dbPath: "/var/lib/logdna"
-checkov_skips:
-  - checkov.io/skip1: CKV_K8S_21  # "The default namespace should not be used" - false positive - the helm namespace is always used, but not picked up by linter
-  - checkov.io/skip2: CKV_K8S_11  # "CPU limits should be set" - ignoring as chart not owned by us
-  - checkov.io/skip4: CKV_K8S_38  # "Ensure that Service Account Tokens are only mounted where necessary" - ignoring as chart not owned by us
-  - checkov.io/skip5: CKV_K8S_29  # "Apply security context to your pods and containers" - ignoring as chart not owned by us
-  - checkov.io/skip6: CKV_K8S_25  # "Minimize the admission of containers with added capability" - ignoring as chart not owned by us
-  - checkov.io/skip7: CKV_K8S_35  # "Prefer using secrets as files over secrets as environment variables" - ignoring as chart not owned by us
-  - checkov.io/skip8: CKV_K8S_9   # "Readiness Probe Should be Configured" - ignoring as chart not owned by us
-  - checkov.io/skip9: CKV_K8S_22  # "Use read-only filesystem for containers where possible" - ignoring as chart not owned by us
-  - checkov.io/skip10: CKV_K8S_40 # "Containers should run as a high UID to avoid host conflict" - ignoring as chart not owned by us
-  - checkov.io/skip11: CKV_K8S_20 # "Containers should not run with allowPrivilegeEscalation" - see https://github.ibm.com/GoldenEye/issues/issues/67
-  - checkov.io/skip12: CKV_K8S_12 # "Memory requests should be set" - ignoring as chart not owned by us
-  - checkov.io/skip13: CKV_K8S_8  # "Liveness Probe Should be Configured" - ignoring as chart not owned by us
-  - checkov.io/skip14: CKV_K8S_31 # "Ensure that the seccomp profile is set to docker/default or runtime/default" - ignoring as chart not owned by us
-  - checkov.io/skip15: CKV_K8S_37 # "Minimize the admission of containers with capabilities assigned" - ignoring as chart not owned by us
-  - checkov.io/skip16: CKV_K8S_31 # "Ensure that the seccomp profile is set to docker/default or runtime/default" - ignoring as chart not owned by us
-  - checkov.io/skip17: CKV_K8S_15 # "Image Pull Policy should be Always" - when imagePullPolicy is Always, the image is pulled every time the pod is started. While this can help ensure deployment consistency, it can also prevent a pod from starting if the image registry can not be reached.
-  - checkov.io/skip18: CKV_K8S_13 # "Memory limits should be set" - ignoring as chart not owned by us
-  - checkov.io/skip19: CKV_K8S_10 # "CPU requests should be set" - ignoring as chart not owned by us
-  - checkov.io/skip20: CKV_K8S_16 # "Container should not be privileged" - ignoring as chart not owned by us
-  - checkov.io/skip21: CKV_K8S_28 # "Minimize the admission of containers with the NET_RAW capability" - ignoring as chart not owned by us
