Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package kubeseal for openSUSE:Factory
checked in at 2022-06-05 00:45:44
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/kubeseal (Old)
and /work/SRC/openSUSE:Factory/.kubeseal.new.1548 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "kubeseal"
Sun Jun 5 00:45:44 2022 rev:4 rq:980799 version:0.18.0
Changes:
--------
--- /work/SRC/openSUSE:Factory/kubeseal/kubeseal.changes 2022-04-26
20:17:56.692773486 +0200
+++ /work/SRC/openSUSE:Factory/.kubeseal.new.1548/kubeseal.changes
2022-06-05 00:45:47.700382529 +0200
@@ -1,0 +2,26 @@
+Sat Jun 04 18:56:53 UTC 2022 - ka...@b1-systems.de
+
+- Update to version 0.18.0:
+ * New v0.18.0 release (#855)
+ * Update golang target version to latest release 1.18.3 (#854)
+ * Add capability to watch multiple namespaces (#572)
+ * Update gopkg.in/yaml.v3 to v3.0.0 (#852)
+ * Publish images in GHCR (#851)
+ * Remove operator links (#845)
+ * Indent controller installation instructions (#844)
+ * Made gosec a step of the CI (#798)
+ * Update resourcenames in the controller.jsonnet to align it with the helm
rbac rules (#838)
+ * fix: rbac permission (#828)
+ * Fix gosec warnings (#837)
+ * Cosign signature setup for release and docker image in CI (#810)
+ * Remove race condition in merge (#789)
+ * Gosec g304 (#795)
+ * Update the vmware-image-builder action with the latest release (#834)
+ * Add runtimeClassName as configurable value (#832)
+ * Fix make generate and set up temporally an specific code-generator version
(#817)
+ * #791 Check if kubeseal encrypts using an expired certificate (#818)
+ * Bump prometheus/client_golang dependency to avoid CVE-2022-21698 and
crypto dependency to avoid CVE-2022-27191 (#831)
+ * Chart: update registry and bump version (#825)
+ * Bump goreleaser to v1.7.0 (#826)
+
+-------------------------------------------------------------------
Old:
----
sealed-secrets-0.17.5.tar.gz
New:
----
sealed-secrets-0.18.0.tar.gz
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ kubeseal.spec ++++++
--- /var/tmp/diff_new_pack.yQL9K0/_old 2022-06-05 00:45:48.552383250 +0200
+++ /var/tmp/diff_new_pack.yQL9K0/_new 2022-06-05 00:45:48.560383258 +0200
@@ -21,7 +21,7 @@
%define archive_name sealed-secrets
Name: kubeseal
-Version: 0.17.5
+Version: 0.18.0
Release: 0
Summary: CLI for encrypting secrets to SealedSecrets
License: Apache-2.0
++++++ _service ++++++
--- /var/tmp/diff_new_pack.yQL9K0/_old 2022-06-05 00:45:48.600383291 +0200
+++ /var/tmp/diff_new_pack.yQL9K0/_new 2022-06-05 00:45:48.604383295 +0200
@@ -3,7 +3,7 @@
<param name="url">https://github.com/bitnami-labs/sealed-secrets</param>
<param name="scm">git</param>
<param name="exclude">.git</param>
- <param name="revision">v0.17.5</param>
+ <param name="revision">v0.18.0</param>
<param name="versionformat">@PARENT_TAG@</param>
<param name="changesgenerate">enable</param>
<param name="versionrewrite-pattern">v(.*)</param>
@@ -16,7 +16,7 @@
<param name="compression">gz</param>
</service>
<service name="go_modules" mode="disabled">
- <param name="archive">sealed-secrets-0.17.5.tar.gz</param>
+ <param name="archive">sealed-secrets-0.18.0.tar.gz</param>
</service>
</services>
++++++ _servicedata ++++++
--- /var/tmp/diff_new_pack.yQL9K0/_old 2022-06-05 00:45:48.624383311 +0200
+++ /var/tmp/diff_new_pack.yQL9K0/_new 2022-06-05 00:45:48.628383315 +0200
@@ -1,6 +1,6 @@
<servicedata>
<service name="tar_scm">
<param
name="url">https://github.com/bitnami-labs/sealed-secrets</param>
- <param
name="changesrevision">e3ec8c0bd83b708b524f74dbea30c94c3a6c59e2</param></service></servicedata>
+ <param
name="changesrevision">20afb24ae9d8cbc7d064473d18a86d1a006a268c</param></service></servicedata>
(No newline at EOF)
++++++ sealed-secrets-0.17.5.tar.gz -> sealed-secrets-0.18.0.tar.gz ++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/sealed-secrets-0.17.5/.github/workflows/ci.yml
new/sealed-secrets-0.18.0/.github/workflows/ci.yml
--- old/sealed-secrets-0.17.5/.github/workflows/ci.yml 2022-04-20
17:20:34.000000000 +0200
+++ new/sealed-secrets-0.18.0/.github/workflows/ci.yml 2022-06-02
17:57:36.000000000 +0200
@@ -15,7 +15,7 @@
runs-on: ubuntu-latest
strategy:
matrix:
- go: ["1.17.8", "1.18.0"]
+ go: ["1.17.11", "1.18.3"]
os: [ubuntu-latest]
golangci-lint: ["1.44.2"]
steps:
@@ -35,12 +35,37 @@
- name: Run linter
run: make lint
+ gosec:
+ name: Run gosec
+ runs-on: ubuntu-latest
+ strategy:
+ matrix:
+ go: ["1.17.11", "1.18.3"]
+ os: [ubuntu-latest]
+ gosec: ["2.11.0"]
+ steps:
+ - name: Set up Go 1.x
+ uses: actions/setup-go@v2
+ with:
+ go-version: ${{ matrix.go }}
+ id: go
+
+ - name: Check out code into the Go module directory
+ uses: actions/checkout@v2
+
+ - name: Install dependencies
+ run: |
+ go install github.com/securego/gosec/v2/cmd/gosec@v${{ matrix.gosec }}
+
+ - name: Run gosec
+ run: make lint-gosec
+
test:
name: Build
runs-on: ${{ matrix.os }}
strategy:
matrix:
- go: ["1.17.8", "1.18.0"]
+ go: ["1.17.11", "1.18.3"]
os: [macos-latest, windows-latest, ubuntu-latest]
steps:
@@ -65,7 +90,7 @@
uses: actions/checkout@v2
- name: Install Cosign
- uses: sigstore/cosign-installer@v2.1.0
+ uses: sigstore/cosign-installer@v2.3.0
- name: Distroless verify
run: |
@@ -85,7 +110,7 @@
- name: Set up Go 1.x
uses: actions/setup-go@v2
with:
- go-version: 1.17.8
+ go-version: 1.18.3
id: go
- name: Docker build
@@ -125,7 +150,7 @@
- name: Set up Go 1.x
uses: actions/setup-go@v2
with:
- go-version: 1.17.8
+ go-version: 1.18.3
id: go
- name: Set up Ginkgo
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/sealed-secrets-0.17.5/.github/workflows/helm-vib.yaml
new/sealed-secrets-0.18.0/.github/workflows/helm-vib.yaml
--- old/sealed-secrets-0.17.5/.github/workflows/helm-vib.yaml 2022-04-20
17:20:34.000000000 +0200
+++ new/sealed-secrets-0.18.0/.github/workflows/helm-vib.yaml 2022-06-02
17:57:36.000000000 +0200
@@ -26,7 +26,7 @@
with:
ref: ${{github.event.pull_request.head.ref}}
repository: ${{github.event.pull_request.head.repo.full_name}}
- - uses: vmware-labs/vmware-image-builder-action@main
+ - uses: vmware-labs/vmware-image-builder-action@0.2.0
# verify chart in multiple target platforms
vib-k8s-verify:
@@ -45,7 +45,7 @@
with:
ref: ${{ github.event.pull_request.head.ref }}
repository: ${{ github.event.pull_request.head.repo.full_name }}
- - uses: vmware-labs/vmware-image-builder-action@main
+ - uses: vmware-labs/vmware-image-builder-action@0.2.0
with:
pipeline: vib-platform-verify.json
env:
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/sealed-secrets-0.17.5/.github/workflows/release.yaml
new/sealed-secrets-0.18.0/.github/workflows/release.yaml
--- old/sealed-secrets-0.17.5/.github/workflows/release.yaml 2022-04-20
17:20:34.000000000 +0200
+++ new/sealed-secrets-0.18.0/.github/workflows/release.yaml 2022-06-02
17:57:36.000000000 +0200
@@ -10,7 +10,8 @@
build:
runs-on: ubuntu-latest
env:
- image_name: docker.io/bitnami/sealed-secrets-controller
+ dockerhub_image_name: docker.io/bitnami/sealed-secrets-controller
+ ghcr_image_name: ghcr.io/bitnami-labs/sealed-secrets-controller
steps:
# Checkout and set env
- name: Checkout
@@ -18,7 +19,7 @@
- name: Set up Go
uses: actions/setup-go@v2
with:
- go-version: 1.17.8
+ go-version: 1.18.3
- name: Setup kubecfg
run: |
mkdir -p ~/bin
@@ -33,7 +34,7 @@
- name: K8s manifests
run: |
export PATH=~/bin:$PATH
- make CONTROLLER_IMAGE=${{ env.image_name }}:${{ github.ref_name }}
controller.yaml controller-norbac.yaml
+ make CONTROLLER_IMAGE=${{ env.dockerhub_image_name }}:${{
github.ref_name }} controller.yaml controller-norbac.yaml
# Setup env for multi-arch builds
- name: Set up QEMU
@@ -44,6 +45,14 @@
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v1
+ # Setup Cosign
+ - name: Install Cosign
+ uses: sigstore/cosign-installer@v2.3.0
+ - name: Write Cosign key
+ run: echo "$COSIGN_KEY" > /tmp/cosign.key
+ env:
+ COSIGN_KEY: ${{ secrets.COSIGN_KEY }}
+
# Build & Release binaries
- name: Run GoReleaser
uses: goreleaser/goreleaser-action@v2
@@ -53,6 +62,7 @@
args: release --rm-dist
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+ COSIGN_PASSWORD: ${{ secrets.COSIGN_PASSWORD }}
# Build & Publish multi-arch image
- name: Login to Docker Hub
@@ -60,6 +70,19 @@
with:
username: ${{ secrets.DOCKERHUB_USERNAME }}
password: ${{ secrets.DOCKERHUB_PASSWORD }}
+ - name: Login to GHRC
+ uses: docker/login-action@f054a8b539a109f9f41c372932f1ae047eff08c9
+ with:
+ registry: ghcr.io
+ username: ${{ github.actor }}
+ password: ${{ secrets.GITHUB_TOKEN }}
+ - name: Extract metadata (tags, labels) for Docker
+ id: meta
+ uses: docker/metadata-action@98669ae865ea3cffbcbaa878cf57c20bbf1c6c38
+ with:
+ images: |
+ ${{ env.dockerhub_image_name }}
+ ${{ env.ghcr_image_name }}
- name: Build and push
id: docker_build
uses: docker/build-push-action@v2
@@ -67,5 +90,11 @@
context: .
platforms: linux/amd64,linux/arm64,linux/arm
push: true
- tags: ${{ env.image_name }}:latest,${{ env.image_name }}:${{
github.ref_name }}
-
+ tags: ${{ steps.meta.outputs.tags }}
+ - name: Sign image with a key in GHCR
+ run: |
+ echo -n "$COSIGN_PASSWORD" | cosign sign --key /tmp/cosign.key
$TAG_CURRENT
+ env:
+ COSIGN_PASSWORD: ${{ secrets.COSIGN_PASSWORD }}
+ TAG_CURRENT: ${{ steps.meta.outputs.tags }}
+ COSIGN_REPOSITORY: ${{ env.ghcr_image_name }}/signs
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/sealed-secrets-0.17.5/.gitignore
new/sealed-secrets-0.18.0/.gitignore
--- old/sealed-secrets-0.17.5/.gitignore 2022-04-20 17:20:34.000000000
+0200
+++ new/sealed-secrets-0.18.0/.gitignore 2022-06-02 17:57:36.000000000
+0200
@@ -34,3 +34,6 @@
# GoReleaser output dir
dist/
+
+# Vendor folder
+vendor/
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/sealed-secrets-0.17.5/.goreleaser.yml
new/sealed-secrets-0.18.0/.goreleaser.yml
--- old/sealed-secrets-0.17.5/.goreleaser.yml 2022-04-20 17:20:34.000000000
+0200
+++ new/sealed-secrets-0.18.0/.goreleaser.yml 2022-06-02 17:57:36.000000000
+0200
@@ -40,6 +40,16 @@
- '^helm:'
- '^integration:'
- '^vendor_jsonnet:'
+signs:
+ - cmd: cosign
+ stdin: '{{ .Env.COSIGN_PASSWORD }}'
+ output: true
+ artifacts: all
+ args:
+ - 'sign-blob'
+ - '--key=/tmp/cosign.key'
+ - '--output-signature=${signature}'
+ - '${artifact}'
release:
name_template: "{{ .ProjectName }}-v{{ .Version }}"
header: |
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/sealed-secrets-0.17.5/Makefile
new/sealed-secrets-0.18.0/Makefile
--- old/sealed-secrets-0.17.5/Makefile 2022-04-20 17:20:34.000000000 +0200
+++ new/sealed-secrets-0.18.0/Makefile 2022-06-02 17:57:36.000000000 +0200
@@ -42,7 +42,7 @@
all: controller kubeseal
generate: $(GO_FILES)
- $(GO) generate $(GO_PACKAGES)
+ $(GO) mod vendor && $(GO) generate $(GO_PACKAGES)
controller: $(GO_FILES)
$(GO) build -o $@ $(GO_FLAGS) -ldflags "$(GO_LD_FLAGS)" ./cmd/controller
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/sealed-secrets-0.17.5/README.md
new/sealed-secrets-0.18.0/README.md
--- old/sealed-secrets-0.17.5/README.md 2022-04-20 17:20:34.000000000 +0200
+++ new/sealed-secrets-0.18.0/README.md 2022-06-02 17:57:36.000000000 +0200
@@ -26,9 +26,8 @@
- [Scopes](#scopes)
- [Installation](#installation)
- [Controller](#controller)
- - [Kustomize](#kustomize)
- - [Helm Chart](#helm-chart)
- - [Operator Framework](#operator-framework)
+ - [Kustomize](#kustomize)
+ - [Helm Chart](#helm-chart)
- [Homebrew](#homebrew)
- [MacPorts](#macports)
- [Installation from source](#installation-from-source)
@@ -55,6 +54,9 @@
- [How do I update parts of JSON/YAML/TOML/.. file encrypted with sealed
secrets?](#how-do-i-update-parts-of-jsonyamltoml-file-encrypted-with-sealed-secrets)
- [Can I bring my own (pre-generated)
certificates?](#can-i-bring-my-own-pre-generated-certificates)
- [How to use kubeseal if the controller is not running within the
`kube-system`
namespace?](#how-to-use-kubeseal-if-the-controller-is-not-running-within-the-kube-system-namespace)
+ - [How to verify the images?](#how-to-verify-the-images)
+ - [How to use one controller for a subset of
namespaces](#How-to-use-one-controller-for-a-subset-of-namespaces)
+
- [Community](#community)
- [Related projects](#related-projects)
@@ -257,7 +259,7 @@
and be ready for operation. If it does not, check the controller
logs.
-### Kustomize
+#### Kustomize
The official controller manifest installation mechanism is just a YAML file.
@@ -265,7 +267,7 @@
`kubectl` has native support for that, see [kustomize](https://kustomize.io/).
-### Helm Chart
+#### Helm Chart
The Sealed Secrets helm chart is now official supported and hosted in this
GitHub repo.
@@ -297,12 +299,6 @@
Alternatively, you can override `fullnameOverride` on the helm chart install.
-### Operator Framework
-
-Install Sealed Secrets as Kubernetes Operator via the Operator Lifecycle
Manager of your cluster. The `Sealed Secrets Operator (Helm)` is published at
[OperatorHub.io](https://operatorhub.io/operator/sealed-secrets-operator-helm)
for Kubernetes, as community operator in OpenShift's integrated OperatorHub or
at the [GitHub
repository](https://github.com/disposab1e/sealed-secrets-operator-helm) of the
project.
-
-NOTE: the sealed secrets operator is an independently maintained project, so
please contact the maintainers directly for support, help or
[documentation](https://sealed-secrets-operator-helm.readthedocs.io/en/latest/).
-
### Homebrew
The `kubeseal` client is also available on
[homebrew](https://formulae.brew.sh/formula/kubeseal):
@@ -637,6 +633,27 @@
kubeseal <mysecret.json >mysealedsecret.json
```
+### How to verify the images?
+
+Our images are being signed using
[cosign](https://github.com/sigstore/cosign). The signatures have been saved in
our [GitHub Container
Registry](https://github.com/bitnami-labs/sealed-secrets/pkgs/container/sealed-secrets/signs).
+
+It is pretty simple to verify the images:
+
+```bash
+# export the COSIGN_VARIABLE setting up the GitHub container registry signs
path
+export COSIGN_REPOSITORY=ghcr.io/bitnami-labs/sealed-secrets-controller/signs
+
+# verify the image uploaded in GHCR
+cosign verify --key .github/workflows/cosign.pub
ghcr.io/bitnami-labs/sealed-secrets-controller:latest
+
+# verify the image uploaded in Dockerhub
+cosign verify --key .github/workflows/cosign.pub
docker.io/bitnami/sealed-secrets-controller:latest
+```
+
+### How to use one controller for a subset of namespaces
+
+If you want to use one controller for more than one namespace, but not all
namespaces, you can provide additional namespaces using the command line flag
`--additional-namespaces=<namespace1>,<namespace2>,<...>`. Make sure you
provide appropriate roles and rolebindings in the target namespaces, so the
controller can manage the secrets in there.
+
## Community
- [#sealed-secrets on Kubernetes
Slack](https://kubernetes.slack.com/messages/sealed-secrets)
@@ -648,3 +665,4 @@
- Visual Studio Code extension:
https://marketplace.visualstudio.com/items?itemName=codecontemplator.kubeseal
- WebSeal: generates secrets in the browser :
https://socialgouv.github.io/webseal
- HybridEncrypt TypeScript implementation :
https://github.com/SocialGouv/aes-gcm-rsa-oaep
+- [DEPRACATED] Sealed Secrets Operator:
https://github.com/disposab1e/sealed-secrets-operator-helm
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/sealed-secrets-0.17.5/RELEASE-NOTES.md
new/sealed-secrets-0.18.0/RELEASE-NOTES.md
--- old/sealed-secrets-0.17.5/RELEASE-NOTES.md 2022-04-20 17:20:34.000000000
+0200
+++ new/sealed-secrets-0.18.0/RELEASE-NOTES.md 2022-06-02 17:57:36.000000000
+0200
@@ -4,6 +4,15 @@
[](https://github.com/bitnami-labs/sealed-secrets/releases/latest)
+## v0.18.0
+
+### Changelog
+
+- Add capability to watch multiple namespaces
([#572](https://github.com/bitnami-labs/sealed-secrets/pull/572))
+- Bump `gopkg.in/yaml.v3` to avoid CVE-2022-28948
([#852](https://github.com/bitnami-labs/sealed-secrets/pull/852))
+- Bump `prometheus/client_golang` and `crypto` dependencies to avoid
CVE-2022-21698 and CVE-2022-27191
([#831](https://github.com/bitnami-labs/sealed-secrets/pull/831))
+- Sign container images with cosign
([#810](https://github.com/bitnami-labs/sealed-secrets/pull/810) and
[#851](https://github.com/bitnami-labs/sealed-secrets/pull/851))
+
## v0.17.5
### Changelog
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/sealed-secrets-0.17.5/cmd/controller/funcs.go
new/sealed-secrets-0.18.0/cmd/controller/funcs.go
--- old/sealed-secrets-0.17.5/cmd/controller/funcs.go 2022-04-20
17:20:34.000000000 +0200
+++ new/sealed-secrets-0.18.0/cmd/controller/funcs.go 2022-06-02
17:57:36.000000000 +0200
@@ -45,3 +45,15 @@
}
return name, nil
}
+
+func removeDuplicates(strSlice []string) []string {
+ allKeys := make(map[string]bool)
+ list := []string{}
+ for _, item := range strSlice {
+ if _, value := allKeys[item]; !value {
+ allKeys[item] = true
+ list = append(list, item)
+ }
+ }
+ return list
+}
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/sealed-secrets-0.17.5/cmd/controller/main.go
new/sealed-secrets-0.18.0/cmd/controller/main.go
--- old/sealed-secrets-0.17.5/cmd/controller/main.go 2022-04-20
17:20:34.000000000 +0200
+++ new/sealed-secrets-0.18.0/cmd/controller/main.go 2022-06-02
17:57:36.000000000 +0200
@@ -39,16 +39,17 @@
)
var (
- keyPrefix = flag.String("key-prefix", "sealed-secrets-key",
"Prefix used to name keys.")
- keySize = flag.Int("key-size", 4096, "Size of encryption key.")
- validFor = flag.Duration("key-ttl", 10*365*24*time.Hour,
"Duration that certificate is valid for.")
- myCN = flag.String("my-cn", "", "Common name to be used as
issuer/subject DN in generated certificate.")
- printVersion = flag.Bool("version", false, "Print version information
and exit")
- keyRenewPeriod = flag.Duration("key-renew-period",
defaultKeyRenewPeriod, "New key generation period (automatic rotation disabled
if 0)")
- acceptV1Data = flag.Bool("accept-deprecated-v1-data", true, "Accept
deprecated V1 data field.")
- keyCutoffTime = flag.String("key-cutoff-time", "", "Create a new key
if latest one is older than this cutoff time. RFC1123 format with numeric
timezone expected.")
- namespaceAll = flag.Bool("all-namespaces", true, "Scan all namespaces
or only the current namespace (default=true).")
- labelSelector = flag.String("label-selector", "", "Label selector
which can be used to filter sealed secrets.")
+ keyPrefix = flag.String("key-prefix", "sealed-secrets-key",
"Prefix used to name keys.")
+ keySize = flag.Int("key-size", 4096, "Size of encryption
key.")
+ validFor = flag.Duration("key-ttl", 10*365*24*time.Hour,
"Duration that certificate is valid for.")
+ myCN = flag.String("my-cn", "", "Common name to be used
as issuer/subject DN in generated certificate.")
+ printVersion = flag.Bool("version", false, "Print version
information and exit")
+ keyRenewPeriod = flag.Duration("key-renew-period",
defaultKeyRenewPeriod, "New key generation period (automatic rotation disabled
if 0)")
+ acceptV1Data = flag.Bool("accept-deprecated-v1-data", true,
"Accept deprecated V1 data field.")
+ keyCutoffTime = flag.String("key-cutoff-time", "", "Create a new
key if latest one is older than this cutoff time. RFC1123 format with numeric
timezone expected.")
+ namespaceAll = flag.Bool("all-namespaces", true, "Scan all
namespaces or only the current namespace (default=true).")
+ additionalNamespaces = flag.String("additional-namespaces", "",
"Comma-separated list of additional namespaces to be scanned.")
+ labelSelector = flag.String("label-selector", "", "Label
selector which can be used to filter sealed secrets.")
oldGCBehavior = flag.Bool("old-gc-behaviour", false, "Revert to old GC
behavior where the controller deletes secrets instead of delegating that to k8s
itself.")
@@ -210,8 +211,9 @@
initKeyGenSignalListener(trigger)
namespace := v1.NamespaceAll
- if !*namespaceAll {
+ if !*namespaceAll || *additionalNamespaces != "" {
namespace = myNamespace()
+ log.Printf("Starting informer for namespace: %s\n", namespace)
}
var tweakopts func(*metav1.ListOptions) = nil
@@ -231,6 +233,31 @@
go controller.Run(stop)
+ if *additionalNamespaces != "" {
+ addNS := removeDuplicates(strings.Split(*additionalNamespaces,
","))
+
+ var inf ssinformers.SharedInformerFactory
+ var ctlr *Controller
+
+ for _, ns := range addNS {
+ if _, err := clientset.CoreV1().Namespaces().Get(ctx,
ns, metav1.GetOptions{}); err != nil {
+ if errors.IsNotFound(err) {
+ log.Printf("Warning: namespace '%s'
doesn't exist\n", ns)
+ continue
+ }
+ return err
+ }
+ if ns != namespace {
+ inf =
ssinformers.NewFilteredSharedInformerFactory(ssclientset, 0, ns, tweakopts)
+ ctlr = NewController(clientset, ssclientset,
inf, keyRegistry)
+ ctlr.oldGCBehavior = *oldGCBehavior
+ ctlr.updateStatus = *updateStatus
+ log.Printf("Starting informer for namespace:
%s\n", ns)
+ go ctlr.Run(stop)
+ }
+ }
+ }
+
cp := func() ([]*x509.Certificate, error) {
cert, err := keyRegistry.getCert()
if err != nil {
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/sealed-secrets-0.17.5/cmd/kubeseal/main.go
new/sealed-secrets-0.18.0/cmd/kubeseal/main.go
--- old/sealed-secrets-0.17.5/cmd/kubeseal/main.go 2022-04-20
17:20:34.000000000 +0200
+++ new/sealed-secrets-0.18.0/cmd/kubeseal/main.go 2022-06-02
17:57:36.000000000 +0200
@@ -17,6 +17,7 @@
"os"
"path/filepath"
"strings"
+ "time"
"github.com/google/renameio"
"github.com/mattn/go-isatty"
@@ -129,6 +130,10 @@
return nil, fmt.Errorf("Expected RSA public key but found %v",
certs[0].PublicKey)
}
+ if time.Now().After(certs[0].NotAfter) {
+ return nil, fmt.Errorf("failed to encrypt using an expired
certificate on %v", certs[0].NotBefore.Format("January 2, 2006"))
+ }
+
return cert, nil
}
@@ -193,6 +198,7 @@
if ok, err := isFilename(filenameOrURI); err != nil {
return nil, err
} else if ok {
+ // #nosec G304 -- should open user provided file
return os.Open(filenameOrURI)
}
return openCertURI(filenameOrURI)
@@ -429,7 +435,15 @@
}
func sealMergingInto(in io.Reader, filename string, codecs
runtimeserializer.CodecFactory, pubKey *rsa.PublicKey, scope
ssv1alpha1.SealingScope, allowEmptyData bool) error {
- b, err := ioutil.ReadFile(filename)
+ // #nosec G304 -- should open user provided file
+ f, err := os.OpenFile(filename, os.O_RDWR, 0)
+ if err != nil {
+ return err
+ }
+ // #nosec G307 -- we are explicitly managing a potential error from
f.Close() at the end of the function
+ defer f.Close()
+
+ b, err := io.ReadAll(f)
if err != nil {
return err
}
@@ -468,13 +482,21 @@
if err := sealedSecretOutput(&out, codecs, orig); err != nil {
return err
}
- // On windows the permission bits are used also when truncating
existing files
- // (see https://github.com/golang/go/issues/38225)
- // Thus we need to set some reasonable permissions.
- // The actual permissions will be filtered by the user's umask.
- // We still drop any permissions to the other group because despite the
sealed secret
- // being encrypted, we still don't know how the end users feel about it.
- return ioutil.WriteFile(filename, out.Bytes(), 0660)
+
+ if err := f.Truncate(0); err != nil {
+ return err
+ }
+ if _, err := f.Seek(0, 0); err != nil {
+ return err
+ }
+ if _, err := io.Copy(f, &out); err != nil {
+ return err
+ }
+ // we explicitly call f.Close() to return a pontential error when
closing the file that wouldn't be returned in the deferred f.Close()
+ if err := f.Close(); err != nil {
+ return err
+ }
+ return nil
}
func encryptSecretItem(w io.Writer, secretName, ns string, data []byte, scope
ssv1alpha1.SealingScope, pubKey *rsa.PublicKey) error {
@@ -500,6 +522,7 @@
}
func readPrivKeysFromFile(filename string) ([]*rsa.PrivateKey, error) {
+ // #nosec G304 -- should open user provided file
b, err := ioutil.ReadFile(filename)
if err != nil {
return nil, err
@@ -622,6 +645,7 @@
var input io.Reader = os.Stdin
if inputFileName != "" {
+ // #nosec G304 -- should open user provided file
f, err := os.Open(inputFileName)
if err != nil {
return nil
@@ -724,6 +748,7 @@
}
_, filename := parseFromFile(fromFile[0])
+ // #nosec G304 -- should open user provided file
data, err = ioutil.ReadFile(filename)
} else {
if isatty.IsTerminal(os.Stdin.Fd()) {
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/sealed-secrets-0.17.5/controller.jsonnet
new/sealed-secrets-0.18.0/controller.jsonnet
--- old/sealed-secrets-0.17.5/controller.jsonnet 2022-04-20
17:20:34.000000000 +0200
+++ new/sealed-secrets-0.18.0/controller.jsonnet 2022-06-02
17:57:36.000000000 +0200
@@ -71,6 +71,7 @@
],
resourceNames: [
'http:sealed-secrets-controller:', // kubeseal uses
net.JoinSchemeNamePort when crafting proxy subresource URLs
+ 'http:sealed-secrets-controller:http',
'sealed-secrets-controller', // but often services are referred by
name only, let's not make it unnecessarily cryptic
],
verbs: [
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/sealed-secrets-0.17.5/go.mod
new/sealed-secrets-0.18.0/go.mod
--- old/sealed-secrets-0.17.5/go.mod 2022-04-20 17:20:34.000000000 +0200
+++ new/sealed-secrets-0.18.0/go.mod 2022-06-02 17:57:36.000000000 +0200
@@ -11,15 +11,15 @@
github.com/mkmik/multierror v0.3.0
github.com/onsi/ginkgo v1.16.5
github.com/onsi/gomega v1.18.1
- github.com/prometheus/client_golang v1.11.0
+ github.com/prometheus/client_golang v1.12.1
github.com/spf13/pflag v1.0.5
github.com/throttled/throttled v2.2.5+incompatible
- golang.org/x/crypto v0.0.0-20211215153901-e495a2d5b3d3
+ golang.org/x/crypto v0.0.0-20220411220226-7b82a4e95df4
gopkg.in/yaml.v2 v2.4.0
k8s.io/api v0.23.4
k8s.io/apimachinery v0.23.4
k8s.io/client-go v0.23.4
- k8s.io/code-generator v0.23.4
+ k8s.io/code-generator v0.15.12
k8s.io/klog v1.0.0
k8s.io/klog/v2 v2.40.1
)
@@ -32,19 +32,13 @@
github.com/Azure/go-autorest/autorest/date v0.3.0 // indirect
github.com/Azure/go-autorest/logger v0.2.1 // indirect
github.com/Azure/go-autorest/tracing v0.6.0 // indirect
- github.com/PuerkitoBio/purell v1.1.1 // indirect
- github.com/PuerkitoBio/urlesc v0.0.0-20170810143723-de5bf2ad4578 //
indirect
github.com/beorn7/perks v1.0.1 // indirect
- github.com/cespare/xxhash/v2 v2.1.1 // indirect
+ github.com/cespare/xxhash/v2 v2.1.2 // indirect
github.com/davecgh/go-spew v1.1.1 // indirect
- github.com/emicklei/go-restful v2.9.5+incompatible // indirect
github.com/evanphx/json-patch v4.12.0+incompatible // indirect
github.com/form3tech-oss/jwt-go v3.2.3+incompatible // indirect
github.com/fsnotify/fsnotify v1.4.9 // indirect
github.com/go-logr/logr v1.2.0 // indirect
- github.com/go-openapi/jsonpointer v0.19.5 // indirect
- github.com/go-openapi/jsonreference v0.19.5 // indirect
- github.com/go-openapi/swag v0.19.14 // indirect
github.com/gogo/protobuf v1.3.2 // indirect
github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da //
indirect
github.com/golang/protobuf v1.5.2 // indirect
@@ -53,31 +47,30 @@
github.com/googleapis/gnostic v0.5.5 // indirect
github.com/hashicorp/golang-lru v0.5.1 // indirect
github.com/imdario/mergo v0.3.5 // indirect
- github.com/josharian/intern v1.0.0 // indirect
github.com/json-iterator/go v1.1.12 // indirect
- github.com/mailru/easyjson v0.7.6 // indirect
github.com/matttproud/golang_protobuf_extensions v1.0.1 // indirect
github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd //
indirect
github.com/modern-go/reflect2 v1.0.2 // indirect
github.com/nxadm/tail v1.4.8 // indirect
github.com/pkg/errors v0.9.1 // indirect
github.com/prometheus/client_model v0.2.0 // indirect
- github.com/prometheus/common v0.26.0 // indirect
- github.com/prometheus/procfs v0.6.0 // indirect
+ github.com/prometheus/common v0.32.1 // indirect
+ github.com/prometheus/procfs v0.7.3 // indirect
golang.org/x/mod v0.4.2 // indirect
golang.org/x/net v0.0.0-20211209124913-491a49abca63 // indirect
golang.org/x/oauth2 v0.0.0-20210819190943-2bc19b11175f // indirect
- golang.org/x/sys v0.0.0-20211216021012-1d35b9e2eb4e // indirect
+ golang.org/x/sys v0.0.0-20220114195835-da31bd327af9 // indirect
golang.org/x/term v0.0.0-20210615171337-6886f2dfbf5b // indirect
golang.org/x/text v0.3.7 // indirect
golang.org/x/time v0.0.0-20210723032227-1f47c861a9ac // indirect
golang.org/x/tools v0.1.6-0.20210820212750-d4cc65f0b2ff // indirect
golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1 // indirect
+ gonum.org/v1/gonum v0.0.0-20190331200053-3d26580ed485 // indirect
google.golang.org/appengine v1.6.7 // indirect
google.golang.org/protobuf v1.27.1 // indirect
gopkg.in/inf.v0 v0.9.1 // indirect
gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7 // indirect
- gopkg.in/yaml.v3 v3.0.0-20210107192922-496545a6307b // indirect
+ gopkg.in/yaml.v3 v3.0.0 // indirect
k8s.io/gengo v0.0.0-20210813121822-485abfe95c7c // indirect
k8s.io/kube-openapi v0.0.0-20211115234752-e816edb12b65 // indirect
k8s.io/utils v0.0.0-20211116205334-6203023598ed // indirect
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/sealed-secrets-0.17.5/go.sum
new/sealed-secrets-0.18.0/go.sum
--- old/sealed-secrets-0.17.5/go.sum 2022-04-20 17:20:34.000000000 +0200
+++ new/sealed-secrets-0.18.0/go.sum 2022-06-02 17:57:36.000000000 +0200
@@ -54,9 +54,7 @@
github.com/BurntSushi/toml v0.3.1/go.mod
h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU=
github.com/BurntSushi/xgb v0.0.0-20160522181843-27f122750802/go.mod
h1:IVnqGOEym/WlBOVXweHU+Q+/VP0lqqI8lqeDx9IjBqo=
github.com/NYTimes/gziphandler v0.0.0-20170623195520-56545f4a5d46/go.mod
h1:3wb06e3pkSAbeQ52E9H9iFoQsEEwGN64994WTCIhntQ=
-github.com/PuerkitoBio/purell v1.1.1
h1:WEQqlqaGbrPkxLJWfBwQmfEAE1Z7ONdDLqrN38tNFfI=
github.com/PuerkitoBio/purell v1.1.1/go.mod
h1:c11w/QuzBsJSee3cPx9rAFu61PvFxuPbtSwDGJws/X0=
-github.com/PuerkitoBio/urlesc v0.0.0-20170810143723-de5bf2ad4578
h1:d+Bc7a5rLufV/sSk/8dngufqelfh6jnri85riMAaF/M=
github.com/PuerkitoBio/urlesc v0.0.0-20170810143723-de5bf2ad4578/go.mod
h1:uGdkoq3SwY9Y+13GIhn11/XLaGBb4BfwItxLd5jeuXE=
github.com/alecthomas/template v0.0.0-20160405071501-a0175ee3bccc/go.mod
h1:LOuyumcjzFXgccqObfd/Ljyb9UuFJ6TxHnclSeseNhc=
github.com/alecthomas/template v0.0.0-20190718012654-fb15b899a751/go.mod
h1:LOuyumcjzFXgccqObfd/Ljyb9UuFJ6TxHnclSeseNhc=
@@ -73,8 +71,9 @@
github.com/bitnami-labs/pflagenv v0.0.0-20190702160147-b4d9f048d98f
h1:FiYyJvRfqfM1kSqYZ+OCRIBi7udnR0wMa2HStMGvFic=
github.com/bitnami-labs/pflagenv v0.0.0-20190702160147-b4d9f048d98f/go.mod
h1:Lw3ejf6HTt4DqBIAXlkOIvFjnpj8Zq+zD/UtH29ILFA=
github.com/census-instrumentation/opencensus-proto v0.2.1/go.mod
h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU=
-github.com/cespare/xxhash/v2 v2.1.1
h1:6MnRN8NT7+YBpUIWxHtefFZOKTAPgGjpQSxqLNn0+qY=
github.com/cespare/xxhash/v2 v2.1.1/go.mod
h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs=
+github.com/cespare/xxhash/v2 v2.1.2
h1:YRXhKfTDauu4ajMg1TPgFO5jnlC2HCbmLXMcTG5cbYE=
+github.com/cespare/xxhash/v2 v2.1.2/go.mod
h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs=
github.com/chzyer/logex v1.1.10/go.mod
h1:+Ywpsq7O8HXn0nuIou7OrIPyXbp3wmkHB+jjWRnGsAI=
github.com/chzyer/readline v0.0.0-20180603132655-2972be24d48e/go.mod
h1:nSuG5e5PlCu98SY8svDHJxuZscDgtXS6KTTbou5AhLI=
github.com/chzyer/test v0.0.0-20180213035817-a1ea475d72b1/go.mod
h1:Q3SI9o4m/ZMnBNeIyt5eFwwo7qiLfzFZmjNmxjkiQlU=
@@ -89,8 +88,6 @@
github.com/docopt/docopt-go v0.0.0-20180111231733-ee0de3bc6815/go.mod
h1:WwZ+bS3ebgob9U8Nd0kOddGdZWjyMGR8Wziv+TBNwSE=
github.com/elazarl/goproxy v0.0.0-20180725130230-947c36da3153/go.mod
h1:/Zj4wYkgs4iZTTu3o/KG3Itv/qCCa8VVMlb3i9OVuzc=
github.com/emicklei/go-restful v0.0.0-20170410110728-ff4f55a20633/go.mod
h1:otzb+WCGbkyDHkqmQmT5YD2WR4BBwUdeQoFo8l/7tVs=
-github.com/emicklei/go-restful v2.9.5+incompatible
h1:spTtZBk5DYEvbxMVutUuTyh1Ao2r4iyvLdACqsl/Ljk=
-github.com/emicklei/go-restful v2.9.5+incompatible/go.mod
h1:otzb+WCGbkyDHkqmQmT5YD2WR4BBwUdeQoFo8l/7tVs=
github.com/envoyproxy/go-control-plane v0.9.0/go.mod
h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4=
github.com/envoyproxy/go-control-plane
v0.9.1-0.20191026205805-5f8ba28d4473/go.mod
h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4=
github.com/envoyproxy/go-control-plane v0.9.4/go.mod
h1:6rpuAdCZL397s3pYoYcLgu1mIlRU8Am5FuJP05cCM98=
@@ -121,16 +118,12 @@
github.com/go-logr/logr v1.2.0 h1:QK40JKJyMdUDz+h+xvCsru/bJhvG0UxvePV0ufL/AcE=
github.com/go-logr/logr v1.2.0/go.mod
h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A=
github.com/go-openapi/jsonpointer v0.19.3/go.mod
h1:Pl9vOtqEWErmShwVjC8pYs9cog34VGT37dQOVbmoatg=
-github.com/go-openapi/jsonpointer v0.19.5
h1:gZr+CIYByUqjcgeLXnQu2gHYQC9o73G2XUeOFYEICuY=
github.com/go-openapi/jsonpointer v0.19.5/go.mod
h1:Pl9vOtqEWErmShwVjC8pYs9cog34VGT37dQOVbmoatg=
github.com/go-openapi/jsonreference v0.19.3/go.mod
h1:rjx6GuL8TTa9VaixXglHmQmIL98+wF9xc8zWvFonSJ8=
-github.com/go-openapi/jsonreference v0.19.5
h1:1WJP/wi4OjB4iV8KVbH73rQaoialJrqv8gitZLxGLtM=
-github.com/go-openapi/jsonreference v0.19.5/go.mod
h1:RdybgQwPxbL4UEjuAruzK1x3nE69AqPYEJeo/TWfEeg=
github.com/go-openapi/swag v0.19.5/go.mod
h1:POnQmlKehdgb5mhVOsnJFsivZCEZ/vjK9gh66Z9tfKk=
-github.com/go-openapi/swag v0.19.14
h1:gm3vOOXfiuw5i9p5N9xJvfjvuofpyvLA9Wr6QfK5Fng=
-github.com/go-openapi/swag v0.19.14/go.mod
h1:QYRuS/SOXUCsnplDa677K7+DxSOj6IPNl/eQntq43wQ=
github.com/go-stack/stack v1.8.0/go.mod
h1:v0f6uXyyMGvRgIKkXu+yp6POWl0qKG85gN/melR3HDY=
github.com/go-task/slim-sprig v0.0.0-20210107165309-348f09dbbbc0/go.mod
h1:fyg7847qk6SyHyPtNmDHnmrv/HOrqktSC+C9fM+CJOE=
+github.com/gogo/protobuf v0.0.0-20171007142547-342cbe0a0415/go.mod
h1:r8qH/GZQm5c6nD/R0oafs1akxWv10x8SbQlK7atdtwQ=
github.com/gogo/protobuf v1.1.1/go.mod
h1:r8qH/GZQm5c6nD/R0oafs1akxWv10x8SbQlK7atdtwQ=
github.com/gogo/protobuf v1.3.2 h1:Ov1cvc58UF3b5XjBnZv7+opcTcQFZebYjWzi34vdm4Q=
github.com/gogo/protobuf v1.3.2/go.mod
h1:P1XiOD3dCwIKUDQYPy72D8LYyHL2YPYrpS2s69NZV8Q=
@@ -202,8 +195,8 @@
github.com/google/pprof v0.0.0-20210122040257-d980be63207e/go.mod
h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE=
github.com/google/pprof v0.0.0-20210226084205-cbba55b83ad5/go.mod
h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE=
github.com/google/pprof v0.0.0-20210407192527-94a9f03dee38/go.mod
h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE=
-github.com/google/renameio v0.1.0/go.mod
h1:KWCgfxg9yswjAJkECMjeO8J8rahYeXnNhOm40UhjYkI=
github.com/google/renameio v0.1.0
h1:GOZbcHa3HfsPKPlmyPyN2KEohoMXOhdMbHrvbpl2QaA=
+github.com/google/renameio v0.1.0/go.mod
h1:KWCgfxg9yswjAJkECMjeO8J8rahYeXnNhOm40UhjYkI=
github.com/google/uuid v1.1.2 h1:EVhdT+1Kseyi1/pUmXKaFxYsDNy9RQYkMWRH68J/W7Y=
github.com/google/uuid v1.1.2/go.mod
h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
github.com/googleapis/gax-go/v2 v2.0.4/go.mod
h1:0Wqv26UfaUD9n4G6kQubkQ+KchISgw+vpHVxEJEs9eg=
@@ -222,8 +215,6 @@
github.com/ianlancetaylor/demangle v0.0.0-20200824232613-28f6c0f3b639/go.mod
h1:aSSvb/t6k1mPoxDqO4vJh6VOCGPwU4O0C2/Eqndh1Sc=
github.com/imdario/mergo v0.3.5 h1:JboBksRwiiAJWvIYJVo46AfV+IAIKZpfrSzVKj42R4Q=
github.com/imdario/mergo v0.3.5/go.mod
h1:2EnlNZ0deacrJVfApfmtdGgDfMuh/nq6Ok1EcJh5FfA=
-github.com/josharian/intern v1.0.0
h1:vlS4z54oSdjm0bgjRigI+G1HpF+tI+9rE5LLzOg8HmY=
-github.com/josharian/intern v1.0.0/go.mod
h1:5DoeVV0s6jJacbCEi61lwdGj/aVlrQvzHFFd8Hwg//Y=
github.com/jpillora/backoff v1.0.0/go.mod
h1:J/6gKK9jxlEcS3zixgDgUAsiuZ7yrSoa/FX5e0EB2j4=
github.com/json-iterator/go v1.1.6/go.mod
h1:+SdeFBvtyEkXs7REEP0seUULqWtbJapLOCVDaaPEHmU=
github.com/json-iterator/go v1.1.10/go.mod
h1:KdQUCv79m/52Kvf8AW2vK1V8akMuk1QjK/uOdHXbAo4=
@@ -247,8 +238,6 @@
github.com/kr/text v0.2.0/go.mod
h1:eLer722TekiGuMkidMxC/pM04lWEeraHUUmBw8l2grE=
github.com/mailru/easyjson v0.0.0-20190614124828-94de47d64c63/go.mod
h1:C1wdFJiN94OJF2b5HbByQZoLdCWB1Yqtg26g4irojpc=
github.com/mailru/easyjson v0.0.0-20190626092158-b2ccc519800e/go.mod
h1:C1wdFJiN94OJF2b5HbByQZoLdCWB1Yqtg26g4irojpc=
-github.com/mailru/easyjson v0.7.6
h1:8yTIVnZgCoiM1TgqoeTl+LfU5Jg6/xL3QhGQnimLYnA=
-github.com/mailru/easyjson v0.7.6/go.mod
h1:xzfreul335JAWq5oZzymOObrkdz5UnU4kGfJJLY9Nlc=
github.com/mattn/go-isatty v0.0.14
h1:yVuAays6BHfxijgZPzw+3Zlu5yQgKGP2/hcQbHb7S9Y=
github.com/mattn/go-isatty v0.0.14/go.mod
h1:7GGIvUiUoEMVVmxf/4nioHXj79iQHKdU27kJ6hsGG94=
github.com/matttproud/golang_protobuf_extensions v1.0.1
h1:4hp9jkHxhMHkqkrB3Ix0jegS5sx/RkqARlsWZ6pIwiU=
@@ -298,8 +287,9 @@
github.com/prometheus/client_golang v0.9.1/go.mod
h1:7SWBe2y4D6OKWSNQJUaRYU/AaXPKyh/dDVn+NZz0KFw=
github.com/prometheus/client_golang v1.0.0/go.mod
h1:db9x61etRT2tGnBNRi70OPL5FsnadC4Ky3P0J6CfImo=
github.com/prometheus/client_golang v1.7.1/go.mod
h1:PY5Wy2awLA44sXw4AOSfFBetzPP4j5+D6mVACh+pe2M=
-github.com/prometheus/client_golang v1.11.0
h1:HNkLOAEQMIDv/K+04rukrLx6ch7msSRwf3/SASFAGtQ=
github.com/prometheus/client_golang v1.11.0/go.mod
h1:Z6t4BnS23TR94PD6BsDNk8yVqroYurpAkEiz0P2BEV0=
+github.com/prometheus/client_golang v1.12.1
h1:ZiaPsmm9uiBeaSMRznKsCDNtPCS0T3JVDGF+06gjBzk=
+github.com/prometheus/client_golang v1.12.1/go.mod
h1:3Z9XVyYiZYEO+YQWt3RD2R3jrbd179Rt297l4aS6nDY=
github.com/prometheus/client_model v0.0.0-20180712105110-5c3871d89910/go.mod
h1:MbSGuTsp3dbXC40dX6PRTWyKYBIrTGTE9sqQNg2J8bo=
github.com/prometheus/client_model v0.0.0-20190129233127-fd36f4220a90/go.mod
h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA=
github.com/prometheus/client_model v0.0.0-20190812154241-14fe0d1b01d4/go.mod
h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA=
@@ -307,19 +297,23 @@
github.com/prometheus/client_model v0.2.0/go.mod
h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA=
github.com/prometheus/common v0.4.1/go.mod
h1:TNfzLD0ON7rHzMJeJkieUDPYmFC7Snx/y86RQel1bk4=
github.com/prometheus/common v0.10.0/go.mod
h1:Tlit/dnDKsSWFlCLTWaA1cyBgKHSMdTB80sz/V91rCo=
-github.com/prometheus/common v0.26.0
h1:iMAkS2TDoNWnKM+Kopnx/8tnEStIfpYA0ur0xQzzhMQ=
github.com/prometheus/common v0.26.0/go.mod
h1:M7rCNAaPfAosfx8veZJCuw84e35h3Cfd9VFqTh1DIvc=
+github.com/prometheus/common v0.32.1
h1:hWIdL3N2HoUx3B8j3YN9mWor0qhY/NlEKZEaXxuIRh4=
+github.com/prometheus/common v0.32.1/go.mod
h1:vu+V0TpY+O6vW9J44gczi3Ap/oXXR10b+M/gUGO4Hls=
github.com/prometheus/procfs v0.0.0-20181005140218-185b4288413d/go.mod
h1:c3At6R/oaqEKCNdg8wHV1ftS6bRYblBhIjjI8uT2IGk=
github.com/prometheus/procfs v0.0.2/go.mod
h1:TjEm7ze935MbeOT/UhFTIMYKhuLP4wbCsTZCD3I8kEA=
github.com/prometheus/procfs v0.1.3/go.mod
h1:lV6e/gmhEcM9IjHGsFOCxxuZ+z1YqCvr4OA4YeYWdaU=
-github.com/prometheus/procfs v0.6.0
h1:mxy4L2jP6qMonqmq+aTtOx1ifVWUgG/TAmntgbh3xv4=
github.com/prometheus/procfs v0.6.0/go.mod
h1:cz+aTbrPOrUb4q7XlbU9ygM+/jj0fzG6c1xBZuNvfVA=
+github.com/prometheus/procfs v0.7.3
h1:4jVXhlkAyzOScmCkXBTOLRLTz8EeU+eyjrwB/EPq0VU=
+github.com/prometheus/procfs v0.7.3/go.mod
h1:cz+aTbrPOrUb4q7XlbU9ygM+/jj0fzG6c1xBZuNvfVA=
+github.com/remyoudompheng/bigfft v0.0.0-20170806203942-52369c62f446/go.mod
h1:uYEyJGbgTkfkS4+E/PavXkNJcbFIpEtjt2B0KDQ5+9M=
github.com/rogpeppe/go-internal v1.3.0/go.mod
h1:M8bDsm7K2OlrFYOpmOWEs/qY81heoFRclV5y23lUDJ4=
github.com/sirupsen/logrus v1.2.0/go.mod
h1:LxeOpSwHxABJmUn/MG1IvRgCAasNZTLOkJPxbbu5VWo=
github.com/sirupsen/logrus v1.4.2/go.mod
h1:tLMulIdttU9McNUspp0xgXVQah82FyeX6MwdIuYE2rE=
github.com/sirupsen/logrus v1.6.0/go.mod
h1:7uNnSEd1DgxDLC74fIahvMZmmYsHGZGEOFrfsX/uA88=
github.com/spf13/afero v1.2.2/go.mod
h1:9ZxEEn6pIJ8Rxe320qSDBk6AsU0r9pR7Q4OcevTdifk=
github.com/spf13/pflag v0.0.0-20171106142849-4c012f6dcd95/go.mod
h1:DYY7MBk1bdzusC3SYhjObp+wFpr4gzcvqqNjLnInEg4=
+github.com/spf13/pflag v1.0.1/go.mod
h1:DYY7MBk1bdzusC3SYhjObp+wFpr4gzcvqqNjLnInEg4=
github.com/spf13/pflag v1.0.5 h1:iy+VFUOCP1a+8yFto/drg2CJ5u0yRoB7fZw3DKv/JXA=
github.com/spf13/pflag v1.0.5/go.mod
h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An2Bg=
github.com/stoewer/go-strcase v1.2.0/go.mod
h1:IBiWB2sKIp3wVVQ3Y035++gc+knqhUQag1KpM8ahLw8=
@@ -355,10 +349,12 @@
golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod
h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
golang.org/x/crypto v0.0.0-20201002170205-7f63de1d35b0/go.mod
h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
golang.org/x/crypto v0.0.0-20210817164053-32db794688a5/go.mod
h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc=
-golang.org/x/crypto v0.0.0-20211215153901-e495a2d5b3d3
h1:0es+/5331RGQPcXlMfP+WrnIIS6dNnNRe0WB02W0F4M=
-golang.org/x/crypto v0.0.0-20211215153901-e495a2d5b3d3/go.mod
h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4=
+golang.org/x/crypto v0.0.0-20220411220226-7b82a4e95df4
h1:kUhD7nTDoI3fVd9G4ORWrbV5NY0liEs/Jg2pv5f+bBA=
+golang.org/x/crypto v0.0.0-20220411220226-7b82a4e95df4/go.mod
h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4=
golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod
h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
+golang.org/x/exp v0.0.0-20190125153040-c74c464bbbf2/go.mod
h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
golang.org/x/exp v0.0.0-20190306152737-a1d7652674e8/go.mod
h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
+golang.org/x/exp v0.0.0-20190312203227-4b39c73a6495/go.mod
h1:ZjyILWgesfNpC6sMxTJOJm9Kp84zZh5NQWvqDGG3Qr8=
golang.org/x/exp v0.0.0-20190510132918-efd6b22b2522/go.mod
h1:ZjyILWgesfNpC6sMxTJOJm9Kp84zZh5NQWvqDGG3Qr8=
golang.org/x/exp v0.0.0-20190829153037-c13cbed26979/go.mod
h1:86+5VVa7VpoJ4kLfm080zCjGlMRFzhUhsZKEZO7MGek=
golang.org/x/exp v0.0.0-20191030013958-a1ab85dbe136/go.mod
h1:JXzH8nQsPlswgeRAPE3MuO9GYsAcnJvJ4vnMwN/5qkY=
@@ -366,6 +362,7 @@
golang.org/x/exp v0.0.0-20191227195350-da58074b4299/go.mod
h1:2RIsYlXP63K8oxa1u096TMicItID8zy7Y6sNkU49FU4=
golang.org/x/exp v0.0.0-20200119233911-0405dc783f0a/go.mod
h1:2RIsYlXP63K8oxa1u096TMicItID8zy7Y6sNkU49FU4=
golang.org/x/exp v0.0.0-20200207192155-f17229e696bd/go.mod
h1:J/WKrq2StrnmMY6+EHIKF9dgMWnmCNThgcyBT1FY9mM=
+golang.org/x/exp v0.0.0-20200224162631-6cc2880d07d6
h1:QE6XYQK6naiK1EPAe1g/ILLxN5RBoH5xkJk3CqlMI/Y=
golang.org/x/exp v0.0.0-20200224162631-6cc2880d07d6/go.mod
h1:3jZMyOhIsHpP37uCMkUooju7aAi5cS1Q23tOzKc+0MU=
golang.org/x/image v0.0.0-20190227222117-0694c2d4d067/go.mod
h1:kZ7UVZpmo3dzQBMxlp+ypCbDeSB+sBbTgSJuh5dn5js=
golang.org/x/image v0.0.0-20190802002840-cff245a6509b/go.mod
h1:FeLwcggjj3mMvU+oOTbSwawSJRM1uh48EjtB4UJZlP0=
@@ -432,6 +429,7 @@
golang.org/x/net v0.0.0-20210316092652-d523dce5a7f4/go.mod
h1:RBQZq4jEuRlivfhVLdyRGr576XBO4/greRjx4P4O3yc=
golang.org/x/net v0.0.0-20210405180319-a5a99cb37ef4/go.mod
h1:p54w0d4576C0XHj96bSt6lcn1PtDYWL6XObtHCRCNQM=
golang.org/x/net v0.0.0-20210428140749-89ef3d95e781/go.mod
h1:OJAsFXCWl8Ukc7SiCT/9KSuxbyM7479/AVlXFRxuMCk=
+golang.org/x/net v0.0.0-20210525063256-abc453219eb5/go.mod
h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
golang.org/x/net v0.0.0-20210805182204-aaa1db679c0d/go.mod
h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
golang.org/x/net v0.0.0-20211112202133-69e39bad7dc2/go.mod
h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
golang.org/x/net v0.0.0-20211209124913-491a49abca63
h1:iocB37TsdFuN6IBRZ+ry36wrkoV51/tl5vOWqkcPGvY=
@@ -447,6 +445,7 @@
golang.org/x/oauth2 v0.0.0-20210218202405-ba52d332ba99/go.mod
h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A=
golang.org/x/oauth2 v0.0.0-20210220000619-9bb904979d93/go.mod
h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A=
golang.org/x/oauth2 v0.0.0-20210313182246-cd4f82c27b84/go.mod
h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A=
+golang.org/x/oauth2 v0.0.0-20210514164344-f6687ab2804c/go.mod
h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A=
golang.org/x/oauth2 v0.0.0-20210819190943-2bc19b11175f
h1:Qmd2pbz05z7z6lm0DrgQVVPuBm92jqujBKMHMOlOQEw=
golang.org/x/oauth2 v0.0.0-20210819190943-2bc19b11175f/go.mod
h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A=
golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod
h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
@@ -516,8 +515,9 @@
golang.org/x/sys v0.0.0-20210630005230-0f9fa26af87c/go.mod
h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/sys v0.0.0-20210809222454-d867a43fc93e/go.mod
h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/sys v0.0.0-20210831042530-f4d43177bf5e/go.mod
h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.0.0-20211216021012-1d35b9e2eb4e
h1:fLOSk5Q00efkSvAm+4xcoXD+RRmLmmulPn5I3Y9F2EM=
golang.org/x/sys v0.0.0-20211216021012-1d35b9e2eb4e/go.mod
h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.0.0-20220114195835-da31bd327af9
h1:XfKQ4OlFl8okEOr5UvAqFRVj8pY/4yfcXrddB8qAbU0=
+golang.org/x/sys v0.0.0-20220114195835-da31bd327af9/go.mod
h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod
h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
golang.org/x/term v0.0.0-20210615171337-6886f2dfbf5b
h1:9zKuko04nR4gjZ4+DNjHqRlAJqbJETHwiNKDqTfOjfE=
golang.org/x/term v0.0.0-20210615171337-6886f2dfbf5b/go.mod
h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
@@ -538,10 +538,12 @@
golang.org/x/time v0.0.0-20210723032227-1f47c861a9ac/go.mod
h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod
h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
golang.org/x/tools v0.0.0-20190114222345-bf090417da8b/go.mod
h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
+golang.org/x/tools v0.0.0-20190206041539-40960b6deb8e/go.mod
h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
golang.org/x/tools v0.0.0-20190226205152-f727befe758c/go.mod
h1:9Yl7xja0Znq3iFh3HoIrodX9oNMXvdceNzlUR8zjMvY=
golang.org/x/tools v0.0.0-20190311212946-11955173bddd/go.mod
h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs=
golang.org/x/tools v0.0.0-20190312151545-0bb0c0a6e846/go.mod
h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs=
golang.org/x/tools v0.0.0-20190312170243-e65039ee4138/go.mod
h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs=
+golang.org/x/tools v0.0.0-20190328211700-ab21143f2384/go.mod
h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs=
golang.org/x/tools v0.0.0-20190425150028-36563e24a262/go.mod
h1:RgjU9mgBXZiqYHBnxXauZ1Gv1EHHAz9KjViQ78xBX0Q=
golang.org/x/tools v0.0.0-20190506145303-2d16b83fe98c/go.mod
h1:RgjU9mgBXZiqYHBnxXauZ1Gv1EHHAz9KjViQ78xBX0Q=
golang.org/x/tools v0.0.0-20190524140312-2c0ae7006135/go.mod
h1:RgjU9mgBXZiqYHBnxXauZ1Gv1EHHAz9KjViQ78xBX0Q=
@@ -594,6 +596,11 @@
golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod
h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1
h1:go1bK/D/BFZV2I8cIQd1NKEZ+0owSTG1fDTci4IqFcE=
golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1/go.mod
h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
+gonum.org/v1/gonum v0.0.0-20190331200053-3d26580ed485
h1:OB/uP/Puiu5vS5QMRPrXCDWUPb+kt8f1KW8oQzFejQw=
+gonum.org/v1/gonum v0.0.0-20190331200053-3d26580ed485/go.mod
h1:2ltnJ7xHfj0zHS40VVPYEAAMTa3ZGguvHGBSJeRWqE0=
+gonum.org/v1/netlib v0.0.0-20190313105609-8cb42192e0e0/go.mod
h1:wa6Ws7BG/ESfp6dHfk7C6KdzKA7wR7u/rKwOGE66zvw=
+gonum.org/v1/netlib v0.0.0-20190331212654-76723241ea4e
h1:jRyg0XfpwWlhEV8mDfdNGBeSJM2fuyh9Yjrnd8kF2Ts=
+gonum.org/v1/netlib v0.0.0-20190331212654-76723241ea4e/go.mod
h1:kS+toOQn6AQKjmKJ7gzohV1XkqsFehRA2FbsbkopSuQ=
google.golang.org/api v0.4.0/go.mod
h1:8k5glujaEP+g9n7WNsDg8QP6cUVNI86fCNMcbazEtwE=
google.golang.org/api v0.7.0/go.mod
h1:WtwebWUNSVBH/HAw79HIFXZNqEvBhG+Ra+ax0hx3E3M=
google.golang.org/api v0.8.0/go.mod
h1:o4eAsZoiT+ibD93RtjEohWalFOjRDx6CVaqeizhEnKg=
@@ -717,8 +724,9 @@
gopkg.in/yaml.v2 v2.4.0/go.mod h1:RDklbk79AGWmwhnvt/jBztapEOGDOx6ZbXqjP6csGnQ=
gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod
h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
gopkg.in/yaml.v3 v3.0.0-20200615113413-eeeca48fe776/go.mod
h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
-gopkg.in/yaml.v3 v3.0.0-20210107192922-496545a6307b
h1:h8qDotaEPuJATrMmW04NCwg7v22aHH28wwpauUhK9Oo=
gopkg.in/yaml.v3 v3.0.0-20210107192922-496545a6307b/go.mod
h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
+gopkg.in/yaml.v3 v3.0.0 h1:hjy8E9ON/egN1tAYqKb61G10WtihqetD4sz2H+8nIeA=
+gopkg.in/yaml.v3 v3.0.0/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod
h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
honnef.co/go/tools v0.0.0-20190106161140-3f1c8253044a/go.mod
h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
honnef.co/go/tools v0.0.0-20190418001031-e561f6794a2a/go.mod
h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
@@ -732,10 +740,12 @@
k8s.io/apimachinery v0.23.4/go.mod
h1:BEuFMMBaIbcOqVIJqNZJXGFTP4W6AycEpb5+m/97hrM=
k8s.io/client-go v0.23.4 h1:YVWvPeerA2gpUudLelvsolzH7c2sFoXXR5wM/sWqNFU=
k8s.io/client-go v0.23.4/go.mod h1:PKnIL4pqLuvYUK1WU7RLTMYKPiIh7MYShLshtRY9cj0=
-k8s.io/code-generator v0.23.4 h1:MmDMH74oo8YD4r+KdUzd/VVmXUeXf5u0owLI9wZWP5Y=
-k8s.io/code-generator v0.23.4/go.mod
h1:S0Q1JVA+kSzTI1oUvbKAxZY/DYbA/ZUb4Uknog12ETk=
+k8s.io/code-generator v0.15.12 h1:gT9pzUFkbaGsyyI88mD2rbYPTqiJ58vHJkzrQemMFgo=
+k8s.io/code-generator v0.15.12/go.mod
h1:G8bQwmHm2eafm5bgtX67XDZQ8CWKSGu9DekI+yN4Y5I=
+k8s.io/gengo v0.0.0-20190116091435-f8a0810f38af/go.mod
h1:ezvh/TsK7cY6rbqRK0oQQ8IAqLxYwwyPxAX1Pzy0ii0=
k8s.io/gengo v0.0.0-20210813121822-485abfe95c7c
h1:GohjlNKauSai7gN4wsJkeZ3WAJx4Sh+oT/b5IYn5suA=
k8s.io/gengo v0.0.0-20210813121822-485abfe95c7c/go.mod
h1:FiNAH4ZV3gBg2Kwh89tzAEV2be7d5xI0vBa/VySYy3E=
+k8s.io/klog v0.3.1/go.mod h1:Gq+BEi5rUBO/HRz0bTSXDUcqjScdoY3a9IHpCEIOOfk=
k8s.io/klog v1.0.0 h1:Pt+yjF5aB1xDSVbau4VsWe+dQNzA0qv1LlXdC2dF6Q8=
k8s.io/klog v1.0.0/go.mod h1:4Bi6QPql/J/LkTDqv7R/cd3hPo4k2DG6Ptcz060Ez5I=
k8s.io/klog/v2 v2.0.0/go.mod h1:PBfzABfn139FHAV07az/IF9Wp1bkk3vpT2XSJ76fSDE=
@@ -748,6 +758,11 @@
k8s.io/utils v0.0.0-20210802155522-efc7438f0176/go.mod
h1:jPW/WVKK9YHAvNhRxK0md/EJ228hCsBRufyofKtW8HA=
k8s.io/utils v0.0.0-20211116205334-6203023598ed
h1:ck1fRPWPJWsMd8ZRFsWc6mh/zHp5fZ/shhbrgPUxDAE=
k8s.io/utils v0.0.0-20211116205334-6203023598ed/go.mod
h1:jPW/WVKK9YHAvNhRxK0md/EJ228hCsBRufyofKtW8HA=
+modernc.org/cc v1.0.0/go.mod h1:1Sk4//wdnYJiUIxnW8ddKpaOJCF37yAdqYnkxUpaYxw=
+modernc.org/golex v1.0.0/go.mod h1:b/QX9oBD/LhixY6NDh+IdGv17hgB+51fET1i2kPSmvk=
+modernc.org/mathutil v1.0.0/go.mod
h1:wU0vUrJsVWBZ4P6e7xtFJEhFSNsfRLJ8H458uRjg03k=
+modernc.org/strutil v1.0.0/go.mod
h1:lstksw84oURvj9y3tn8lGvRxyRC1S2+g5uuIzNfIOBs=
+modernc.org/xc v1.0.0/go.mod h1:mRNCo0bvLjGhHO9WsyuKVU4q0ceiDDDoEeWDJHrNx8I=
rsc.io/binaryregexp v0.2.0/go.mod
h1:qTv7/COck+e2FymRvadv62gMdZztPaShugOCi3I+8D8=
rsc.io/quote/v3 v3.1.0/go.mod h1:yEA65RcK8LyAZtP9Kv3t0HmxON59tX3rD+tICJqUlj0=
rsc.io/sampler v1.3.0/go.mod h1:T1hPZKmBbMNahiBKFy5HrXp6adAjACjK9JXDnKaTXpA=
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/sealed-secrets-0.17.5/helm/sealed-secrets/Chart.yaml
new/sealed-secrets-0.18.0/helm/sealed-secrets/Chart.yaml
--- old/sealed-secrets-0.17.5/helm/sealed-secrets/Chart.yaml 2022-04-20
17:20:34.000000000 +0200
+++ new/sealed-secrets-0.18.0/helm/sealed-secrets/Chart.yaml 2022-06-02
17:57:36.000000000 +0200
@@ -1,7 +1,7 @@
annotations:
category: DeveloperTools
apiVersion: v2
-appVersion: v0.17.4
+appVersion: v0.17.5
description: Helm chart for the sealed-secrets controller.
home: https://github.com/bitnami-labs/sealed-secrets
icon:
https://bitnami.com/assets/stacks/sealed-secrets/img/sealed-secrets-stack-220x234.png
@@ -16,4 +16,4 @@
email: mmikuli...@gmail.com
name: sealed-secrets
type: application
-version: 2.1.5
+version: 2.1.8
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/sealed-secrets-0.17.5/helm/sealed-secrets/README.md
new/sealed-secrets-0.18.0/helm/sealed-secrets/README.md
--- old/sealed-secrets-0.17.5/helm/sealed-secrets/README.md 2022-04-20
17:20:34.000000000 +0200
+++ new/sealed-secrets-0.18.0/helm/sealed-secrets/README.md 2022-06-02
17:57:36.000000000 +0200
@@ -83,9 +83,9 @@
| Name | Description
| Value
|
| ------------------------------------------------- |
------------------------------------------------------------------------------------
| ----------------------------------- |
-| `image.registry` | Sealed Secrets image
registry | `quay.io`
|
+| `image.registry` | Sealed Secrets image
registry | `docker.io`
|
| `image.repository` | Sealed Secrets image
repository |
`bitnami/sealed-secrets-controller` |
-| `image.tag` | Sealed Secrets image tag
(immutable tags are recommended) | `v0.17.4`
|
+| `image.tag` | Sealed Secrets image tag
(immutable tags are recommended) | `v0.17.5`
|
| `image.pullPolicy` | Sealed Secrets image
pull policy |
`IfNotPresent` |
| `image.pullSecrets` | Sealed Secrets image
pull secrets | `[]`
|
| `createController` | Specifies whether the
Sealed Secrets controller should be created | `true`
|
@@ -126,6 +126,7 @@
| `podLabels` | Extra labels for Sealed
Secret pods | `{}`
|
| `podAnnotations` | Annotations for Sealed
Secret pods | `{}`
|
| `priorityClassName` | Sealed Secret pods'
priorityClassName | `""`
|
+| `runtimeClassName` | Sealed Secret pods'
runtimeClassName | `""`
|
| `affinity` | Affinity for Sealed
Secret pods assignment | `{}`
|
| `nodeSelector` | Node labels for Sealed
Secret pods assignment | `{}`
|
| `tolerations` | Tolerations for Sealed
Secret pods assignment | `[]`
|
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/sealed-secrets-0.17.5/helm/sealed-secrets/templates/deployment.yaml
new/sealed-secrets-0.18.0/helm/sealed-secrets/templates/deployment.yaml
--- old/sealed-secrets-0.17.5/helm/sealed-secrets/templates/deployment.yaml
2022-04-20 17:20:34.000000000 +0200
+++ new/sealed-secrets-0.18.0/helm/sealed-secrets/templates/deployment.yaml
2022-06-02 17:57:36.000000000 +0200
@@ -36,6 +36,9 @@
{{- if .Values.priorityClassName }}
priorityClassName: {{ .Values.priorityClassName | quote }}
{{- end }}
+ {{- if .Values.runtimeClassName }}
+ runtimeClassName: {{ .Values.runtimeClassName | quote }}
+ {{- end }}
{{- if .Values.podSecurityContext.enabled }}
securityContext: {{- omit .Values.podSecurityContext "enabled" | toYaml
| nindent 8 }}
{{- end }}
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/sealed-secrets-0.17.5/helm/sealed-secrets/templates/role.yaml
new/sealed-secrets-0.18.0/helm/sealed-secrets/templates/role.yaml
--- old/sealed-secrets-0.17.5/helm/sealed-secrets/templates/role.yaml
2022-04-20 17:20:34.000000000 +0200
+++ new/sealed-secrets-0.18.0/helm/sealed-secrets/templates/role.yaml
2022-06-02 17:57:36.000000000 +0200
@@ -37,6 +37,8 @@
rules:
- apiGroups:
- ""
+ resourceNames:
+ - {{ include "sealed-secrets.fullname" . }}
resources:
- services
verbs:
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/sealed-secrets-0.17.5/helm/sealed-secrets/values.yaml
new/sealed-secrets-0.18.0/helm/sealed-secrets/values.yaml
--- old/sealed-secrets-0.17.5/helm/sealed-secrets/values.yaml 2022-04-20
17:20:34.000000000 +0200
+++ new/sealed-secrets-0.18.0/helm/sealed-secrets/values.yaml 2022-06-02
17:57:36.000000000 +0200
@@ -19,7 +19,7 @@
## @section Sealed Secrets Parameters
## Sealed Secrets image
-## ref: https://quay.io/repository/bitnami/sealed-secrets-controller?tab=tags
+## ref: https://hub.docker.com/r/bitnami/sealed-secrets-controller/tags
## @param image.registry Sealed Secrets image registry
## @param image.repository Sealed Secrets image repository
## @param image.tag Sealed Secrets image tag (immutable tags are recommended)
@@ -27,9 +27,9 @@
## @param image.pullSecrets [array] Sealed Secrets image pull secrets
##
image:
- registry: quay.io
+ registry: docker.io
repository: bitnami/sealed-secrets-controller
- tag: v0.17.4
+ tag: v0.17.5
## Specify a imagePullPolicy
## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images
@@ -155,6 +155,9 @@
## @param priorityClassName Sealed Secret pods' priorityClassName
##
priorityClassName: ""
+## @param runtimeClassName Sealed Secret pods' runtimeClassName
+##
+runtimeClassName: ""
## @param affinity [object] Affinity for Sealed Secret pods assignment
## ref:
https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity
##
++++++ vendor.tar.gz ++++++
/work/SRC/openSUSE:Factory/kubeseal/vendor.tar.gz
/work/SRC/openSUSE:Factory/.kubeseal.new.1548/vendor.tar.gz differ: char 5,
line 1
