From bd17c75055ab2cb7d58bd9b937dc57b43f5cdb8b Mon Sep 17 00:00:00 2001
From: Tamal Saha <tamal@appscode.com>
Date: Tue, 2 Apr 2024 12:00:22 -0700
Subject: [PATCH] Remove license checks from webhook server

Signed-off-by: Tamal Saha <tamal@appscode.com>
---
 .../kubevault_webhook_server_types.go         | 14 ++--
 charts/kubevault-webhook-server/README.md     | 80 +++++++++----------
 .../templates/_helpers.tpl                    | 18 -----
 .../templates/deployment.yaml                 | 13 ---
 .../license-checker-cluster-role-binding.yaml | 14 ----
 .../license-checker-cluster-role.yaml         | 38 ---------
 .../license-reader-cluster-role-binding.yaml  | 14 ----
 .../license-reader-cluster-role.yaml          | 17 ----
 .../templates/license.yaml                    | 13 ---
 .../values.openapiv3_schema.yaml              |  4 -
 charts/kubevault-webhook-server/values.yaml   | 11 ---
 charts/kubevault/values.openapiv3_schema.yaml |  4 -
 12 files changed, 44 insertions(+), 196 deletions(-)
 delete mode 100644 charts/kubevault-webhook-server/templates/license-checker-cluster-role-binding.yaml
 delete mode 100644 charts/kubevault-webhook-server/templates/license-checker-cluster-role.yaml
 delete mode 100644 charts/kubevault-webhook-server/templates/license-reader-cluster-role-binding.yaml
 delete mode 100644 charts/kubevault-webhook-server/templates/license-reader-cluster-role.yaml
 delete mode 100644 charts/kubevault-webhook-server/templates/license.yaml

diff --git a/apis/installer/v1alpha1/kubevault_webhook_server_types.go b/apis/installer/v1alpha1/kubevault_webhook_server_types.go
index 583d8c45..e4147d4e 100644
--- a/apis/installer/v1alpha1/kubevault_webhook_server_types.go
+++ b/apis/installer/v1alpha1/kubevault_webhook_server_types.go
@@ -47,15 +47,11 @@ type KubevaultWebhookServerSpec struct {
 	//+optional
 	NameOverride string `json:"nameOverride"`
 	//+optional
-	FullnameOverride string `json:"fullnameOverride"`
-	ReplicaCount     int32  `json:"replicaCount"`
-	RegistryFQDN     string `json:"registryFQDN"`
-	// +optional
-	License string `json:"license"`
-	// +optional
-	LicenseSecretName string    `json:"licenseSecretName"`
-	Server            Container `json:"server"`
-	ImagePullPolicy   string    `json:"imagePullPolicy"`
+	FullnameOverride string    `json:"fullnameOverride"`
+	ReplicaCount     int32     `json:"replicaCount"`
+	RegistryFQDN     string    `json:"registryFQDN"`
+	Server           Container `json:"server"`
+	ImagePullPolicy  string    `json:"imagePullPolicy"`
 	//+optional
 	ImagePullSecrets []string `json:"imagePullSecrets"`
 	//+optional
diff --git a/charts/kubevault-webhook-server/README.md b/charts/kubevault-webhook-server/README.md
index 97b920b8..da5d4bfd 100644
--- a/charts/kubevault-webhook-server/README.md
+++ b/charts/kubevault-webhook-server/README.md
@@ -45,47 +45,45 @@ The command removes all the Kubernetes components associated with the chart and
 
 The following table lists the configurable parameters of the `kubevault-webhook-server` chart and their default values.
 
-|              Parameter               |                                                                                                                                                                                        Description                                                                                                                                                                                        |                                                                       Default                                                                       |
-|--------------------------------------|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|-----------------------------------------------------------------------------------------------------------------------------------------------------|
-| nameOverride                         | Overrides name template                                                                                                                                                                                                                                                                                                                                                                   | <code>""</code>                                                                                                                                     |
-| fullnameOverride                     | Overrides fullname template                                                                                                                                                                                                                                                                                                                                                               | <code>""</code>                                                                                                                                     |
-| replicaCount                         | Number of KubeVault webhook server replicas to create (only 1 is supported)                                                                                                                                                                                                                                                                                                               | <code>1</code>                                                                                                                                      |
-| license                              | License for the product. Get a license by following the steps from [here](https://kubevault.com/docs/latest/setup/install/enterprise/#get-a-trial-license). <br> Example: <br> `helm install appscode/kubevault-ops-manager \` <br> `--set-file license=/path/to/license/file` <br> `or` <br> `helm install appscode/kubevault-ops-manager \` <br> `--set license=<license file content>` | <code>""</code>                                                                                                                                     |
-| licenseSecretName                    | Name of Secret with the license as key.txt key                                                                                                                                                                                                                                                                                                                                            | <code>""</code>                                                                                                                                     |
-| registryFQDN                         | Docker registry fqdn used to pull docker images Set this to use docker registry hosted at ${registryFQDN}/${registry}/${image}                                                                                                                                                                                                                                                            | <code>ghcr.io</code>                                                                                                                                |
-| server.registry                      | Docker registry used to pull KubeVault webhook server image                                                                                                                                                                                                                                                                                                                               | <code>kubevault</code>                                                                                                                              |
-| server.repository                    | KubeVault webhook server container image                                                                                                                                                                                                                                                                                                                                                  | <code>vault-operator</code>                                                                                                                         |
-| server.tag                           | KubeVault webhook server container image tag                                                                                                                                                                                                                                                                                                                                              | <code>""</code>                                                                                                                                     |
-| server.securityContext               | Security options this container should run with                                                                                                                                                                                                                                                                                                                                           | <code>{"allowPrivilegeEscalation":false,"capabilities":{"drop":["ALL"]},"readOnlyRootFilesystem":true,"runAsNonRoot":true,"runAsUser":65534}</code> |
-| server.resources                     | Compute Resources required by the webhook server container                                                                                                                                                                                                                                                                                                                                | <code>{}</code>                                                                                                                                     |
-| imagePullSecrets                     | Specify an array of imagePullSecrets. Secrets must be manually created in the namespace. <br> Example: <br> `helm template charts/kubevault-webhook-server \` <br> `--set imagePullSecrets[0].name=sec0 \` <br> `--set imagePullSecrets[1].name=sec1`                                                                                                                                     | <code>[]</code>                                                                                                                                     |
-| imagePullPolicy                      | Container image pull policy                                                                                                                                                                                                                                                                                                                                                               | <code>IfNotPresent</code>                                                                                                                           |
-| criticalAddon                        | If true, installs KubeVault webhook server as critical addon                                                                                                                                                                                                                                                                                                                              | <code>false</code>                                                                                                                                  |
-| logLevel                             | Log level for webhook server                                                                                                                                                                                                                                                                                                                                                              | <code>3</code>                                                                                                                                      |
-| annotations                          | Annotations applied to webhook server deployment                                                                                                                                                                                                                                                                                                                                          | <code>{}</code>                                                                                                                                     |
-| podAnnotations                       | Annotations passed to webhook server pod(s).                                                                                                                                                                                                                                                                                                                                              | <code>{}</code>                                                                                                                                     |
-| nodeSelector                         | Node labels for pod assignment                                                                                                                                                                                                                                                                                                                                                            | <code>{"kubernetes.io/os":"linux"}</code>                                                                                                           |
-| tolerations                          | Tolerations for pod assignment                                                                                                                                                                                                                                                                                                                                                            | <code>[]</code>                                                                                                                                     |
-| affinity                             | Affinity rules for pod assignment                                                                                                                                                                                                                                                                                                                                                         | <code>{}</code>                                                                                                                                     |
-| podSecurityContext                   | Security options the webhook server pod should run with.                                                                                                                                                                                                                                                                                                                                  | <code>{}</code>                                                                                                                                     |
-| serviceAccount.create                | Specifies whether a service account should be created                                                                                                                                                                                                                                                                                                                                     | <code>true</code>                                                                                                                                   |
-| serviceAccount.annotations           | Annotations to add to the service account                                                                                                                                                                                                                                                                                                                                                 | <code>{}</code>                                                                                                                                     |
-| serviceAccount.name                  | The name of the service account to use. If not set and create is true, a name is generated using the fullname template                                                                                                                                                                                                                                                                    | <code>""</code>                                                                                                                                     |
-| apiserver.groupPriorityMinimum       | The minimum priority the webhook api group should have at least. Please see https://github.com/kubernetes/kube-aggregator/blob/release-1.9/pkg/apis/apiregistration/v1beta1/types.go#L58-L64 for more information on proper values of this field.                                                                                                                                         | <code>10000</code>                                                                                                                                  |
-| apiserver.versionPriority            | The ordering of the webhook api inside of the group. Please see https://github.com/kubernetes/kube-aggregator/blob/release-1.9/pkg/apis/apiregistration/v1beta1/types.go#L66-L70 for more information on proper values of this field                                                                                                                                                      | <code>15</code>                                                                                                                                     |
-| apiserver.enableMutatingWebhook      | If true, mutating webhook is configured for KubeVault CRDss                                                                                                                                                                                                                                                                                                                               | <code>true</code>                                                                                                                                   |
-| apiserver.enableValidatingWebhook    | If true, validating webhook is configured for KubeVault CRDss                                                                                                                                                                                                                                                                                                                             | <code>true</code>                                                                                                                                   |
-| apiserver.ca                         | CA certificate used by the Kubernetes api server. This field is automatically assigned by the webhook server.                                                                                                                                                                                                                                                                             | <code>not-ca-cert</code>                                                                                                                            |
-| apiserver.useKubeapiserverFqdnForAks | If true, uses kube-apiserver FQDN for AKS cluster to workaround https://github.com/Azure/AKS/issues/522 (default true)                                                                                                                                                                                                                                                                    | <code>true</code>                                                                                                                                   |
-| apiserver.healthcheck.enabled        | healthcheck configures the readiness and liveliness probes for the webhook server pod.                                                                                                                                                                                                                                                                                                    | <code>false</code>                                                                                                                                  |
-| apiserver.port                       | Port used to expose the webhook server apiserver                                                                                                                                                                                                                                                                                                                                          | <code>8443</code>                                                                                                                                   |
-| apiserver.servingCerts.generate      | If true, generates on install/upgrade the certs that allow the kube-apiserver (and potentially ServiceMonitor) to authenticate webhook servers pods. Otherwise specify certs in `apiserver.servingCerts.{caCrt, serverCrt, serverKey}`.                                                                                                                                                   | <code>true</code>                                                                                                                                   |
-| apiserver.servingCerts.caCrt         | CA certficate used by serving certificate of webhook server.                                                                                                                                                                                                                                                                                                                              | <code>""</code>                                                                                                                                     |
-| apiserver.servingCerts.serverCrt     | Serving certficate used by webhook server.                                                                                                                                                                                                                                                                                                                                                | <code>""</code>                                                                                                                                     |
-| apiserver.servingCerts.serverKey     | Private key for the serving certificate used by webhook server.                                                                                                                                                                                                                                                                                                                           | <code>""</code>                                                                                                                                     |
-| apiserver.webhook.failurePolicy      |                                                                                                                                                                                                                                                                                                                                                                                           | <code>Ignore</code>                                                                                                                                 |
-| monitoring.agent                     | Name of monitoring agent (one of "prometheus.io", "prometheus.io/operator", "prometheus.io/builtin")                                                                                                                                                                                                                                                                                      | <code>""</code>                                                                                                                                     |
-| monitoring.serviceMonitor.labels     | Specify the labels for ServiceMonitor. Prometheus crd will select ServiceMonitor using these labels. Only usable when monitoring agent is `prometheus.io/webhook server`.                                                                                                                                                                                                                 | <code>{}</code>                                                                                                                                     |
+|              Parameter               |                                                                                                                      Description                                                                                                                      |                                                                       Default                                                                       |
+|--------------------------------------|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|-----------------------------------------------------------------------------------------------------------------------------------------------------|
+| nameOverride                         | Overrides name template                                                                                                                                                                                                                               | <code>""</code>                                                                                                                                     |
+| fullnameOverride                     | Overrides fullname template                                                                                                                                                                                                                           | <code>""</code>                                                                                                                                     |
+| replicaCount                         | Number of KubeVault webhook server replicas to create (only 1 is supported)                                                                                                                                                                           | <code>1</code>                                                                                                                                      |
+| registryFQDN                         | Docker registry fqdn used to pull docker images Set this to use docker registry hosted at ${registryFQDN}/${registry}/${image}                                                                                                                        | <code>ghcr.io</code>                                                                                                                                |
+| server.registry                      | Docker registry used to pull KubeVault webhook server image                                                                                                                                                                                           | <code>kubevault</code>                                                                                                                              |
+| server.repository                    | KubeVault webhook server container image                                                                                                                                                                                                              | <code>vault-operator</code>                                                                                                                         |
+| server.tag                           | KubeVault webhook server container image tag                                                                                                                                                                                                          | <code>""</code>                                                                                                                                     |
+| server.securityContext               | Security options this container should run with                                                                                                                                                                                                       | <code>{"allowPrivilegeEscalation":false,"capabilities":{"drop":["ALL"]},"readOnlyRootFilesystem":true,"runAsNonRoot":true,"runAsUser":65534}</code> |
+| server.resources                     | Compute Resources required by the webhook server container                                                                                                                                                                                            | <code>{}</code>                                                                                                                                     |
+| imagePullSecrets                     | Specify an array of imagePullSecrets. Secrets must be manually created in the namespace. <br> Example: <br> `helm template charts/kubevault-webhook-server \` <br> `--set imagePullSecrets[0].name=sec0 \` <br> `--set imagePullSecrets[1].name=sec1` | <code>[]</code>                                                                                                                                     |
+| imagePullPolicy                      | Container image pull policy                                                                                                                                                                                                                           | <code>IfNotPresent</code>                                                                                                                           |
+| criticalAddon                        | If true, installs KubeVault webhook server as critical addon                                                                                                                                                                                          | <code>false</code>                                                                                                                                  |
+| logLevel                             | Log level for webhook server                                                                                                                                                                                                                          | <code>3</code>                                                                                                                                      |
+| annotations                          | Annotations applied to webhook server deployment                                                                                                                                                                                                      | <code>{}</code>                                                                                                                                     |
+| podAnnotations                       | Annotations passed to webhook server pod(s).                                                                                                                                                                                                          | <code>{}</code>                                                                                                                                     |
+| nodeSelector                         | Node labels for pod assignment                                                                                                                                                                                                                        | <code>{"kubernetes.io/os":"linux"}</code>                                                                                                           |
+| tolerations                          | Tolerations for pod assignment                                                                                                                                                                                                                        | <code>[]</code>                                                                                                                                     |
+| affinity                             | Affinity rules for pod assignment                                                                                                                                                                                                                     | <code>{}</code>                                                                                                                                     |
+| podSecurityContext                   | Security options the webhook server pod should run with.                                                                                                                                                                                              | <code>{}</code>                                                                                                                                     |
+| serviceAccount.create                | Specifies whether a service account should be created                                                                                                                                                                                                 | <code>true</code>                                                                                                                                   |
+| serviceAccount.annotations           | Annotations to add to the service account                                                                                                                                                                                                             | <code>{}</code>                                                                                                                                     |
+| serviceAccount.name                  | The name of the service account to use. If not set and create is true, a name is generated using the fullname template                                                                                                                                | <code>""</code>                                                                                                                                     |
+| apiserver.groupPriorityMinimum       | The minimum priority the webhook api group should have at least. Please see https://github.com/kubernetes/kube-aggregator/blob/release-1.9/pkg/apis/apiregistration/v1beta1/types.go#L58-L64 for more information on proper values of this field.     | <code>10000</code>                                                                                                                                  |
+| apiserver.versionPriority            | The ordering of the webhook api inside of the group. Please see https://github.com/kubernetes/kube-aggregator/blob/release-1.9/pkg/apis/apiregistration/v1beta1/types.go#L66-L70 for more information on proper values of this field                  | <code>15</code>                                                                                                                                     |
+| apiserver.enableMutatingWebhook      | If true, mutating webhook is configured for KubeVault CRDss                                                                                                                                                                                           | <code>true</code>                                                                                                                                   |
+| apiserver.enableValidatingWebhook    | If true, validating webhook is configured for KubeVault CRDss                                                                                                                                                                                         | <code>true</code>                                                                                                                                   |
+| apiserver.ca                         | CA certificate used by the Kubernetes api server. This field is automatically assigned by the webhook server.                                                                                                                                         | <code>not-ca-cert</code>                                                                                                                            |
+| apiserver.useKubeapiserverFqdnForAks | If true, uses kube-apiserver FQDN for AKS cluster to workaround https://github.com/Azure/AKS/issues/522 (default true)                                                                                                                                | <code>true</code>                                                                                                                                   |
+| apiserver.healthcheck.enabled        | healthcheck configures the readiness and liveliness probes for the webhook server pod.                                                                                                                                                                | <code>false</code>                                                                                                                                  |
+| apiserver.port                       | Port used to expose the webhook server apiserver                                                                                                                                                                                                      | <code>8443</code>                                                                                                                                   |
+| apiserver.servingCerts.generate      | If true, generates on install/upgrade the certs that allow the kube-apiserver (and potentially ServiceMonitor) to authenticate webhook servers pods. Otherwise specify certs in `apiserver.servingCerts.{caCrt, serverCrt, serverKey}`.               | <code>true</code>                                                                                                                                   |
+| apiserver.servingCerts.caCrt         | CA certficate used by serving certificate of webhook server.                                                                                                                                                                                          | <code>""</code>                                                                                                                                     |
+| apiserver.servingCerts.serverCrt     | Serving certficate used by webhook server.                                                                                                                                                                                                            | <code>""</code>                                                                                                                                     |
+| apiserver.servingCerts.serverKey     | Private key for the serving certificate used by webhook server.                                                                                                                                                                                       | <code>""</code>                                                                                                                                     |
+| apiserver.webhook.failurePolicy      |                                                                                                                                                                                                                                                       | <code>Ignore</code>                                                                                                                                 |
+| monitoring.agent                     | Name of monitoring agent (one of "prometheus.io", "prometheus.io/operator", "prometheus.io/builtin")                                                                                                                                                  | <code>""</code>                                                                                                                                     |
+| monitoring.serviceMonitor.labels     | Specify the labels for ServiceMonitor. Prometheus crd will select ServiceMonitor using these labels. Only usable when monitoring agent is `prometheus.io/webhook server`.                                                                             | <code>{}</code>                                                                                                                                     |
 
 
 Specify each parameter using the `--set key=value[,key=value]` argument to `helm upgrade -i`. For example:
diff --git a/charts/kubevault-webhook-server/templates/_helpers.tpl b/charts/kubevault-webhook-server/templates/_helpers.tpl
index 1c65b276..84b6991d 100644
--- a/charts/kubevault-webhook-server/templates/_helpers.tpl
+++ b/charts/kubevault-webhook-server/templates/_helpers.tpl
@@ -62,24 +62,6 @@ Create the name of the service account to use
 {{- end }}
 {{- end }}
 
-{{/*
-Returns the appscode license
-*/}}
-{{- define "appscode.license" -}}
-{{- .Values.license }}
-{{- end }}
-
-{{/*
-Returns the appscode license secret name
-*/}}
-{{- define "appscode.licenseSecretName" -}}
-{{- if .Values.licenseSecretName }}
-{{- .Values.licenseSecretName -}}
-{{- else if .Values.license }}
-{{- printf "%s-license" (include "kubevault-webhook-server.fullname" .) -}}
-{{- end }}
-{{- end }}
-
 {{/*
 Returns the registry used for operator docker image
 */}}
diff --git a/charts/kubevault-webhook-server/templates/deployment.yaml b/charts/kubevault-webhook-server/templates/deployment.yaml
index d9f7c3ba..2bb74b8b 100644
--- a/charts/kubevault-webhook-server/templates/deployment.yaml
+++ b/charts/kubevault-webhook-server/templates/deployment.yaml
@@ -50,9 +50,6 @@ spec:
         - --enable-mutating-webhook={{ .Values.apiserver.enableMutatingWebhook }}
         - --enable-validating-webhook={{ .Values.apiserver.enableValidatingWebhook }}
         - --use-kubeapiserver-fqdn-for-aks={{ .Values.apiserver.useKubeapiserverFqdnForAks }}
-        {{- if include "appscode.licenseSecretName" . }}
-        - --license-file=/var/run/secrets/appscode/license/key.txt
-        {{- end }}
         env:
         - name: POD_NAME
           valueFrom:
@@ -70,10 +67,6 @@ spec:
           name: tmpdir
         - mountPath: /var/serving-cert
           name: serving-cert
-        {{- if include "appscode.licenseSecretName" . }}
-        - mountPath: /var/run/secrets/appscode/license
-          name: license
-        {{- end }}
       {{- if .Values.apiserver.healthcheck.enabled }}
         readinessProbe:
           httpGet:
@@ -98,12 +91,6 @@ spec:
         secret:
           defaultMode: 420
           secretName: {{ include "kubevault-webhook-server.fullname" . }}-apiserver-cert
-      {{- if include "appscode.licenseSecretName" . }}
-      - name: license
-        secret:
-          defaultMode: 420
-          secretName: {{ include "appscode.licenseSecretName" . }}
-      {{- end }}
       securityContext:
         {{- toYaml .Values.podSecurityContext | nindent 8 }}
     {{- if or .Values.tolerations $criticalAddon }}
diff --git a/charts/kubevault-webhook-server/templates/license-checker-cluster-role-binding.yaml b/charts/kubevault-webhook-server/templates/license-checker-cluster-role-binding.yaml
deleted file mode 100644
index 88c8613a..00000000
--- a/charts/kubevault-webhook-server/templates/license-checker-cluster-role-binding.yaml
+++ /dev/null
@@ -1,14 +0,0 @@
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRoleBinding
-metadata:
-  name: {{ include "kubevault-webhook-server.fullname" . }}-license-checker
-  labels:
-    {{- include "kubevault-webhook-server.labels" . | nindent 4 }}
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: ClusterRole
-  name: appscode:license-checker
-subjects:
-- kind: ServiceAccount
-  name: {{ include "kubevault-webhook-server.serviceAccountName" . }}
-  namespace: {{ .Release.Namespace }}
diff --git a/charts/kubevault-webhook-server/templates/license-checker-cluster-role.yaml b/charts/kubevault-webhook-server/templates/license-checker-cluster-role.yaml
deleted file mode 100644
index 184b3c7a..00000000
--- a/charts/kubevault-webhook-server/templates/license-checker-cluster-role.yaml
+++ /dev/null
@@ -1,38 +0,0 @@
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRole
-metadata:
-  name: appscode:license-checker
-  annotations:
-    "helm.sh/hook": pre-install,pre-upgrade
-    "helm.sh/hook-delete-policy": before-hook-creation
-rules:
-# Get cluster id
-- apiGroups:
-  - ""
-  resources:
-  - namespaces
-  verbs: ["get"]
-# Issue license
-- apiGroups:
-  - proxyserver.licenses.appscode.com
-  resources:
-  - licenserequests
-  verbs: ["create"]
-# Detect workload/owner of operator pod
-- apiGroups:
-  - ""
-  resources:
-  - pods
-  verbs: ["get"]
-- apiGroups:
-  - apps
-  resources:
-  - deployments
-  - replicasets
-  verbs: ["get"]
-# Write events in case of license verification failure
-- apiGroups:
-  - ""
-  resources:
-  - events
-  verbs: ["get", "list", "create", "patch"]
diff --git a/charts/kubevault-webhook-server/templates/license-reader-cluster-role-binding.yaml b/charts/kubevault-webhook-server/templates/license-reader-cluster-role-binding.yaml
deleted file mode 100644
index 6fe27555..00000000
--- a/charts/kubevault-webhook-server/templates/license-reader-cluster-role-binding.yaml
+++ /dev/null
@@ -1,14 +0,0 @@
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRoleBinding
-metadata:
-  name: {{ include "kubevault-webhook-server.fullname" . }}-license-reader
-  labels:
-    {{- include "kubevault-webhook-server.labels" . | nindent 4 }}
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: ClusterRole
-  name: appscode:license-reader
-subjects:
-- kind: ServiceAccount
-  name: {{ include "kubevault-webhook-server.serviceAccountName" . }}
-  namespace: {{ .Release.Namespace }}
diff --git a/charts/kubevault-webhook-server/templates/license-reader-cluster-role.yaml b/charts/kubevault-webhook-server/templates/license-reader-cluster-role.yaml
deleted file mode 100644
index 655cc6d4..00000000
--- a/charts/kubevault-webhook-server/templates/license-reader-cluster-role.yaml
+++ /dev/null
@@ -1,17 +0,0 @@
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRole
-metadata:
-  name: appscode:license-reader
-  annotations:
-    "helm.sh/hook": pre-install,pre-upgrade
-    "helm.sh/hook-delete-policy": before-hook-creation
-rules:
-# Detect license server endpoint for kubevault addons
-- apiGroups:
-  - apiregistration.k8s.io
-  resources:
-  - apiservices
-  verbs: ["get"]
-- nonResourceURLs:
-  - /appscode/license
-  verbs: ["get"]
diff --git a/charts/kubevault-webhook-server/templates/license.yaml b/charts/kubevault-webhook-server/templates/license.yaml
deleted file mode 100644
index 22253f0e..00000000
--- a/charts/kubevault-webhook-server/templates/license.yaml
+++ /dev/null
@@ -1,13 +0,0 @@
-# if license file is provided, then create a secret for license
-{{- if include "appscode.license" . }}
-apiVersion: v1
-kind: Secret
-metadata:
-  name: {{ include "appscode.licenseSecretName" . }}
-  namespace: {{ .Release.Namespace }}
-  labels:
-    {{- include "kubevault-webhook-server.labels" . | nindent 4 }}
-type: Opaque
-data:
-  key.txt: {{ include "appscode.license" . | b64enc }}
-{{- end }}
diff --git a/charts/kubevault-webhook-server/values.openapiv3_schema.yaml b/charts/kubevault-webhook-server/values.openapiv3_schema.yaml
index 58f9567b..fae1dc04 100644
--- a/charts/kubevault-webhook-server/values.openapiv3_schema.yaml
+++ b/charts/kubevault-webhook-server/values.openapiv3_schema.yaml
@@ -954,10 +954,6 @@ properties:
     items:
       type: string
     type: array
-  license:
-    type: string
-  licenseSecretName:
-    type: string
   logLevel:
     format: int32
     type: integer
diff --git a/charts/kubevault-webhook-server/values.yaml b/charts/kubevault-webhook-server/values.yaml
index d55e2ce1..b8c9fe73 100644
--- a/charts/kubevault-webhook-server/values.yaml
+++ b/charts/kubevault-webhook-server/values.yaml
@@ -9,17 +9,6 @@ nameOverride: ""
 fullnameOverride: ""
 # Number of KubeVault webhook server replicas to create (only 1 is supported)
 replicaCount: 1
-# License for the product.
-# Get a license by following the steps from [here](https://kubevault.com/docs/latest/setup/install/enterprise/#get-a-trial-license).
-# Example:
-# helm install appscode/kubevault-ops-manager \
-#   --set-file license=/path/to/license/file
-# or
-# helm install appscode/kubevault-ops-manager \
-#   --set license=<license file content>
-license: ""
-# Name of Secret with the license as key.txt key
-licenseSecretName: ""
 # Docker registry fqdn used to pull docker images
 # Set this to use docker registry hosted at ${registryFQDN}/${registry}/${image}
 registryFQDN: ghcr.io
diff --git a/charts/kubevault/values.openapiv3_schema.yaml b/charts/kubevault/values.openapiv3_schema.yaml
index f41e74e6..48ea496b 100644
--- a/charts/kubevault/values.openapiv3_schema.yaml
+++ b/charts/kubevault/values.openapiv3_schema.yaml
@@ -2516,10 +2516,6 @@ properties:
         items:
           type: string
         type: array
-      license:
-        type: string
-      licenseSecretName:
-        type: string
       logLevel:
         format: int32
         type: integer