Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package kubeseal for openSUSE:Factory
checked in at 2023-03-16 22:58:12
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/kubeseal (Old)
and /work/SRC/openSUSE:Factory/.kubeseal.new.31432 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "kubeseal"
Thu Mar 16 22:58:12 2023 rev:14 rq:1072222 version:0.20.1
Changes:
--------
--- /work/SRC/openSUSE:Factory/kubeseal/kubeseal.changes 2023-02-16
16:56:08.530770243 +0100
+++ /work/SRC/openSUSE:Factory/.kubeseal.new.31432/kubeseal.changes
2023-03-16 22:58:13.371423309 +0100
@@ -1,0 +2,39 @@
+Thu Mar 16 05:54:42 UTC 2023 - ka...@b1-systems.de
+
+- Update to version 0.20.1:
+ * Release version v0.20.1 (#1148)
+
+-------------------------------------------------------------------
+Thu Mar 16 05:51:54 UTC 2023 - ka...@b1-systems.de
+
+- Update to version 0.20.0:
+ * Release version v0.20.0 (#1147)
+ * Do not require vib-validate for vib-k8s-verify (#1145)
+ * Bump github.com/onsi/gomega from 1.27.2 to 1.27.4 (#1143)
+ * Parametrize cluster role name (#1141)
+ * Run VIB Helm chart validations on push to main (#1140)
+ * Update parameters table (#1139)
+ * Bump k8s.io/client-go from 0.26.1 to 0.26.2 (#1136)
+ * Update docs (#1127)
+ * Bump k8s.io/code-generator from 0.26.1 to 0.26.2 (#1137)
+ * Bump k8s.io/api from 0.26.1 to 0.26.2 (#1135)
+ * Bump github.com/onsi/gomega from 1.27.1 to 1.27.2 (#1134)
+ * Bump k8s.io/apimachinery from 0.26.1 to 0.26.2 (#1133)
+ * Bump k8s.io/klog/v2 from 2.90.0 to 2.90.1 (#1132)
+ * Bump github.com/onsi/ginkgo/v2 from 2.8.3 to 2.9.0 (#1131)
+ * Bump golang.org/x/crypto from 0.6.0 to 0.7.0 (#1130)
+ * Allow automountServiceAccountToken to be set to false (#1128)
+ * Ensure vib runs only when PR is approved (#1121)
+ * Allow to disable secret auto-recreation (#1118)
+ * change drop capabilities to uppercase (#1124)
+ * Run VIB chart checks only after PR approval (#1120)
+ * feat: add drop all capabilities (#1116)
+ * Bump github.com/onsi/gomega from 1.26.0 to 1.27.1 (#1114)
+ * Bump github.com/onsi/ginkgo/v2 from 2.8.0 to 2.8.3 (#1113)
+ * Bump golang.org/x/net from 0.6.0 to 0.7.0 (#1112)
+ * Manually fixing the carvel package version and reference
+ (#1111)
+ * Release Helm Chart 2.7.4 and Carvel package to use release
+ 0.19.5 (#1110)
+
+-------------------------------------------------------------------
Old:
----
sealed-secrets-0.19.5.tar.gz
New:
----
sealed-secrets-0.20.1.tar.gz
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ kubeseal.spec ++++++
--- /var/tmp/diff_new_pack.Z7h4Mr/_old 2023-03-16 22:58:14.963431021 +0100
+++ /var/tmp/diff_new_pack.Z7h4Mr/_new 2023-03-16 22:58:14.967431041 +0100
@@ -21,7 +21,7 @@
%define archive_name sealed-secrets
Name: kubeseal
-Version: 0.19.5
+Version: 0.20.1
Release: 0
Summary: CLI for encrypting secrets to SealedSecrets
License: Apache-2.0
++++++ _service ++++++
--- /var/tmp/diff_new_pack.Z7h4Mr/_old 2023-03-16 22:58:15.003431214 +0100
+++ /var/tmp/diff_new_pack.Z7h4Mr/_new 2023-03-16 22:58:15.007431234 +0100
@@ -3,7 +3,7 @@
<param name="url">https://github.com/bitnami-labs/sealed-secrets</param>
<param name="scm">git</param>
<param name="exclude">.git</param>
- <param name="revision">v0.19.5</param>
+ <param name="revision">v0.20.1</param>
<param name="versionformat">@PARENT_TAG@</param>
<param name="changesgenerate">enable</param>
<param name="versionrewrite-pattern">v(.*)</param>
@@ -16,7 +16,7 @@
<param name="compression">gz</param>
</service>
<service name="go_modules" mode="disabled">
- <param name="archive">sealed-secrets-0.19.5.tar.gz</param>
+ <param name="archive">sealed-secrets-0.20.1.tar.gz</param>
</service>
</services>
++++++ _servicedata ++++++
--- /var/tmp/diff_new_pack.Z7h4Mr/_old 2023-03-16 22:58:15.027431331 +0100
+++ /var/tmp/diff_new_pack.Z7h4Mr/_new 2023-03-16 22:58:15.031431351 +0100
@@ -1,6 +1,6 @@
<servicedata>
<service name="tar_scm">
<param
name="url">https://github.com/bitnami-labs/sealed-secrets</param>
- <param
name="changesrevision">d74823e8258c0e1028023c3d80de46b553f8e27e</param></service></servicedata>
+ <param
name="changesrevision">1f14a092ed016327d77e25a50cd8e910db1a63a7</param></service></servicedata>
(No newline at EOF)
++++++ sealed-secrets-0.19.5.tar.gz -> sealed-secrets-0.20.1.tar.gz ++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/sealed-secrets-0.19.5/.github/workflows/helm-release.yaml
new/sealed-secrets-0.20.1/.github/workflows/helm-release.yaml
--- old/sealed-secrets-0.19.5/.github/workflows/helm-release.yaml
2023-02-15 13:34:44.000000000 +0100
+++ new/sealed-secrets-0.20.1/.github/workflows/helm-release.yaml
2023-03-15 12:38:40.000000000 +0100
@@ -73,8 +73,9 @@
yq -i '.metadata.name = "sealedsecrets.bitnami.com.${{
env.chart_version }}"' carvel/package.yaml
yq -i '.spec.template.spec.fetch.0.imgpkgBundle.image = "ghcr.io/${{
github.repository_owner }}/sealed-secrets-carvel:${{ env.chart_version }}"'
carvel/package.yaml
- - name: Commit package.yaml
- run: |
- git add ./carvel/package.yaml
- git commit -s -m 'Update package to version ${{ env.chart_version }}'
- git push
+ # Commenting the git commit action
+ #- name: Commit package.yaml
+ #run: |
+ #git add ./carvel/package.yaml
+ #git commit -s -m 'Update package to version ${{ env.chart_version
}}'
+ #git push
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/sealed-secrets-0.19.5/.github/workflows/helm-vib-lint.yaml
new/sealed-secrets-0.20.1/.github/workflows/helm-vib-lint.yaml
--- old/sealed-secrets-0.19.5/.github/workflows/helm-vib-lint.yaml
1970-01-01 01:00:00.000000000 +0100
+++ new/sealed-secrets-0.20.1/.github/workflows/helm-vib-lint.yaml
2023-03-15 12:38:40.000000000 +0100
@@ -0,0 +1,26 @@
+name: Lint Helm Chart
+on:
+ workflow_dispatch:
+ pull_request_target:
+ branches:
+ - main
+ - bitnami-labs:main
+ paths:
+ - 'helm/**'
+
+env:
+ CSP_API_URL: https://console.cloud.vmware.com
+ CSP_API_TOKEN: ${{ secrets.CSP_API_TOKEN }}
+ VIB_PUBLIC_URL: https://cp.bromelia.vmware.com
+
+jobs:
+ # make sure chart is linted/safe
+ vib-validate:
+ runs-on: ubuntu-latest
+ name: Lint chart
+ steps:
+ - uses: actions/checkout@v3.1.0
+ with:
+ ref: ${{github.event.pull_request.head.ref}}
+ repository: ${{github.event.pull_request.head.repo.full_name}}
+ - uses: vmware-labs/vmware-image-builder-action@0.4.7
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/sealed-secrets-0.19.5/.github/workflows/helm-vib.yaml
new/sealed-secrets-0.20.1/.github/workflows/helm-vib.yaml
--- old/sealed-secrets-0.19.5/.github/workflows/helm-vib.yaml 2023-02-15
13:34:44.000000000 +0100
+++ new/sealed-secrets-0.20.1/.github/workflows/helm-vib.yaml 2023-03-15
12:38:40.000000000 +0100
@@ -1,13 +1,9 @@
name: Verify Helm Chart
on:
- pull_request_target:
+ workflow_dispatch:
+ push:
branches:
- main
- - bitnami-labs:main
- types:
- - opened
- - synchronize
- - reopened
paths:
- 'helm/**'
@@ -17,22 +13,10 @@
VIB_PUBLIC_URL: https://cp.bromelia.vmware.com
jobs:
- # make sure chart is linted/safe
- vib-validate:
- runs-on: ubuntu-latest
- name: Lint chart
- steps:
- - uses: actions/checkout@v3.1.0
- with:
- ref: ${{github.event.pull_request.head.ref}}
- repository: ${{github.event.pull_request.head.repo.full_name}}
- - uses: vmware-labs/vmware-image-builder-action@0.4.7
-
# verify chart in multiple target platforms
vib-k8s-verify:
runs-on: ubuntu-latest
environment: vmware-image-builder
- needs: [ vib-validate ]
strategy:
matrix:
include:
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/sealed-secrets-0.19.5/RELEASE-NOTES.md
new/sealed-secrets-0.20.1/RELEASE-NOTES.md
--- old/sealed-secrets-0.19.5/RELEASE-NOTES.md 2023-02-15 13:34:44.000000000
+0100
+++ new/sealed-secrets-0.20.1/RELEASE-NOTES.md 2023-03-15 12:38:40.000000000
+0100
@@ -4,6 +4,31 @@
[](https://github.com/bitnami-labs/sealed-secrets/releases/latest)
+## v0.20.1
+
+### Changelog
+
+- Parametrize cluster role name
([#1141](https://github.com/bitnami-labs/sealed-secrets/pull/1141))
+- Allow automountServiceAccountToken to be set to false
([#1128](https://github.com/bitnami-labs/sealed-secrets/pull/1128))
+- Allow to disable secret auto-recreation
([#1118](https://github.com/bitnami-labs/sealed-secrets/pull/1118))
+- Bump github.com/onsi/gomega from 1.27.2 to 1.27.4
([#1143](https://github.com/bitnami-labs/sealed-secrets/pull/1143))
+- Bump k8s.io/client-go from 0.26.1 to 0.26.2
([#1136](https://github.com/bitnami-labs/sealed-secrets/pull/1136))
+- Bump k8s.io/code-generator from 0.26.1 to 0.26.2
([#1137](https://github.com/bitnami-labs/sealed-secrets/pull/1137))
+- Bump k8s.io/api from 0.26.1 to 0.26.2
([#1135](https://github.com/bitnami-labs/sealed-secrets/pull/1135))
+- Bump github.com/onsi/gomega from 1.27.1 to 1.27.2
([#1134](https://github.com/bitnami-labs/sealed-secrets/pull/1134))
+- Bump k8s.io/apimachinery from 0.26.1 to 0.26.2
([#1133](https://github.com/bitnami-labs/sealed-secrets/pull/1133))
+- Bump k8s.io/klog/v2 from 2.90.0 to 2.90.1
([#1132](https://github.com/bitnami-labs/sealed-secrets/pull/1132))
+- Bump github.com/onsi/ginkgo/v2 from 2.8.3 to 2.9.0
([#1131](https://github.com/bitnami-labs/sealed-secrets/pull/1131))
+- Bump golang.org/x/crypto from 0.6.0 to 0.7.0
([#1130](https://github.com/bitnami-labs/sealed-secrets/pull/1130))
+- Ensure vib runs only when PR is approved
([#1121](https://github.com/bitnami-labs/sealed-secrets/pull/1121))
+- Run VIB Helm chart validations on push to main
([#1140](https://github.com/bitnami-labs/sealed-secrets/pull/1140))
+- Update parameters table
([#1139](https://github.com/bitnami-labs/sealed-secrets/pull/1139))
+- Update docs
([#1127](https://github.com/bitnami-labs/sealed-secrets/pull/1127))
+
+## v0.20.0
+
+Incomplete release
+
## v0.19.5
### Changelog
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/sealed-secrets-0.19.5/carvel/package.yaml
new/sealed-secrets-0.20.1/carvel/package.yaml
--- old/sealed-secrets-0.19.5/carvel/package.yaml 2023-02-15
13:34:44.000000000 +0100
+++ new/sealed-secrets-0.20.1/carvel/package.yaml 2023-03-15
12:38:40.000000000 +0100
@@ -1,10 +1,10 @@
apiVersion: data.packaging.carvel.dev/v1alpha1
kind: Package
metadata:
- name: "sealedsecrets.bitnami.com.2.7.3"
+ name: "sealedsecrets.bitnami.com.2.7.4"
spec:
refName: "sealedsecrets.bitnami.com"
- version: "2.7.3"
+ version: "2.7.4"
valuesSchema:
openAPIv3:
title: Chart Values
@@ -45,7 +45,7 @@
tag:
type: string
description: Sealed Secrets image tag (immutable tags are
recommended)
- default: v0.19.4
+ default: v0.19.5
pullPolicy:
type: string
description: Sealed Secrets image pull policy
@@ -67,6 +67,10 @@
type: boolean
description: Specifies whether the Sealed Secrets controller should
update the status subresource
default: true
+ skipRecreate:
+ type: boolean
+ description: Specifies whether the Sealed Secrets controller should
skip recreating removed secrets
+ default: false
keyrenewperiod:
type: string
description: Specifies key renewal period. Default 30 days
@@ -420,7 +424,7 @@
spec:
fetch:
- imgpkgBundle:
- image:
ghcr.io/bitnami-labs/sealed-secrets-carvel@sha256:cd484bc9c0416ad1eb5048e4a7bdb33ab0300fd883e4564e1f7e4bb7c6f94318
+ image:
ghcr.io/bitnami-labs/sealed-secrets-carvel:sha256-d55dd41e5221293a68abcd66cca4a4722a10b80f43d52b7e4c98cc5beac8238d.imgpkg
template:
- helmTemplate:
path: sealed-secrets
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/sealed-secrets-0.19.5/cmd/controller/main.go
new/sealed-secrets-0.20.1/cmd/controller/main.go
--- old/sealed-secrets-0.19.5/cmd/controller/main.go 2023-02-15
13:34:44.000000000 +0100
+++ new/sealed-secrets-0.20.1/cmd/controller/main.go 2023-03-15
12:38:40.000000000 +0100
@@ -47,6 +47,8 @@
fs.BoolVar(&f.UpdateStatus, "update-status", true, "beta: if true, the
controller will update the status sub-resource whenever it processes a sealed
secret")
+ fs.BoolVar(&f.SkipRecreate, "skip-recreate", false, "if true the
controller will skip listening for managed secret changes to recreate them.
This helps on limited permission environments.")
+
fs.DurationVar(&f.KeyRenewPeriod, "rotate-period",
defaultKeyRenewPeriod, "")
_ = fs.MarkDeprecated("rotate-period", "please use key-renew-period
instead")
}
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/sealed-secrets-0.19.5/docs/bring-your-own-certificates.md
new/sealed-secrets-0.20.1/docs/bring-your-own-certificates.md
--- old/sealed-secrets-0.19.5/docs/bring-your-own-certificates.md
2023-02-15 13:34:44.000000000 +0100
+++ new/sealed-secrets-0.20.1/docs/bring-your-own-certificates.md
2023-03-15 12:38:40.000000000 +0100
@@ -18,9 +18,9 @@
```
## Generate a new RSA key pair (certificates)
-
+* Note to change `-days` option to set certificate expiry date; default is 1
year
```bash
-openssl req -x509 -nodes -newkey rsa:4096 -keyout "$PRIVATEKEY" -out
"$PUBLICKEY" -subj "/CN=sealed-secret/O=sealed-secret"
+openssl req -x509 -days 365 -nodes -newkey rsa:4096 -keyout "$PRIVATEKEY" -out
"$PUBLICKEY" -subj "/CN=sealed-secret/O=sealed-secret"
```
## Create a tls k8s secret, using your recently created RSA key pair
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/sealed-secrets-0.19.5/go.mod
new/sealed-secrets-0.20.1/go.mod
--- old/sealed-secrets-0.19.5/go.mod 2023-02-15 13:34:44.000000000 +0100
+++ new/sealed-secrets-0.20.1/go.mod 2023-03-15 12:38:40.000000000 +0100
@@ -7,19 +7,19 @@
github.com/google/renameio v0.1.0
github.com/mattn/go-isatty v0.0.17
github.com/mkmik/multierror v0.3.0
- github.com/onsi/ginkgo/v2 v2.8.0
- github.com/onsi/gomega v1.26.0
+ github.com/onsi/ginkgo/v2 v2.9.1
+ github.com/onsi/gomega v1.27.4
github.com/prometheus/client_golang v1.14.0
github.com/spf13/pflag v1.0.5
github.com/throttled/throttled v2.2.5+incompatible
- golang.org/x/crypto v0.6.0
+ golang.org/x/crypto v0.7.0
gopkg.in/yaml.v2 v2.4.0
- k8s.io/api v0.26.1
- k8s.io/apimachinery v0.26.1
- k8s.io/client-go v0.26.1
- k8s.io/code-generator v0.26.1
+ k8s.io/api v0.26.2
+ k8s.io/apimachinery v0.26.2
+ k8s.io/client-go v0.26.2
+ k8s.io/code-generator v0.26.2
k8s.io/klog v1.0.0
- k8s.io/klog/v2 v2.90.0
+ k8s.io/klog/v2 v2.90.1
)
require (
@@ -32,12 +32,14 @@
github.com/go-openapi/jsonpointer v0.19.5 // indirect
github.com/go-openapi/jsonreference v0.20.0 // indirect
github.com/go-openapi/swag v0.21.1 // indirect
+ github.com/go-task/slim-sprig v0.0.0-20210107165309-348f09dbbbc0 //
indirect
github.com/gogo/protobuf v1.3.2 // indirect
github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da //
indirect
- github.com/golang/protobuf v1.5.2 // indirect
+ github.com/golang/protobuf v1.5.3 // indirect
github.com/gomodule/redigo v2.0.0+incompatible // indirect
github.com/google/gnostic v0.6.9 // indirect
github.com/google/gofuzz v1.1.0 // indirect
+ github.com/google/pprof v0.0.0-20210407192527-94a9f03dee38 // indirect
github.com/hashicorp/golang-lru v0.5.1 // indirect
github.com/imdario/mergo v0.3.6 // indirect
github.com/josharian/intern v1.0.0 // indirect
@@ -51,14 +53,14 @@
github.com/prometheus/client_model v0.3.0 // indirect
github.com/prometheus/common v0.37.0 // indirect
github.com/prometheus/procfs v0.8.0 // indirect
- golang.org/x/mod v0.7.0 // indirect
- golang.org/x/net v0.6.0 // indirect
+ golang.org/x/mod v0.9.0 // indirect
+ golang.org/x/net v0.8.0 // indirect
golang.org/x/oauth2 v0.0.0-20220223155221-ee480838109b // indirect
- golang.org/x/sys v0.5.0 // indirect
- golang.org/x/term v0.5.0 // indirect
- golang.org/x/text v0.7.0 // indirect
+ golang.org/x/sys v0.6.0 // indirect
+ golang.org/x/term v0.6.0 // indirect
+ golang.org/x/text v0.8.0 // indirect
golang.org/x/time v0.0.0-20220210224613-90d013bbcef8 // indirect
- golang.org/x/tools v0.5.0 // indirect
+ golang.org/x/tools v0.7.0 // indirect
google.golang.org/appengine v1.6.7 // indirect
google.golang.org/protobuf v1.28.1 // indirect
gopkg.in/inf.v0 v0.9.1 // indirect
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/sealed-secrets-0.19.5/go.sum
new/sealed-secrets-0.20.1/go.sum
--- old/sealed-secrets-0.19.5/go.sum 2023-02-15 13:34:44.000000000 +0100
+++ new/sealed-secrets-0.20.1/go.sum 2023-03-15 12:38:40.000000000 +0100
@@ -99,6 +99,8 @@
github.com/go-openapi/swag v0.21.1
h1:wm0rhTb5z7qpJRHBdPOMuY4QjVUMbF6/kwoYeRAOrKU=
github.com/go-openapi/swag v0.21.1/go.mod
h1:QYRuS/SOXUCsnplDa677K7+DxSOj6IPNl/eQntq43wQ=
github.com/go-stack/stack v1.8.0/go.mod
h1:v0f6uXyyMGvRgIKkXu+yp6POWl0qKG85gN/melR3HDY=
+github.com/go-task/slim-sprig v0.0.0-20210107165309-348f09dbbbc0
h1:p104kn46Q8WdvHunIJ9dAyjPVtrBPhSr3KT2yUst43I=
+github.com/go-task/slim-sprig v0.0.0-20210107165309-348f09dbbbc0/go.mod
h1:fyg7847qk6SyHyPtNmDHnmrv/HOrqktSC+C9fM+CJOE=
github.com/gogo/protobuf v1.1.1/go.mod
h1:r8qH/GZQm5c6nD/R0oafs1akxWv10x8SbQlK7atdtwQ=
github.com/gogo/protobuf v1.3.2 h1:Ov1cvc58UF3b5XjBnZv7+opcTcQFZebYjWzi34vdm4Q=
github.com/gogo/protobuf v1.3.2/go.mod
h1:P1XiOD3dCwIKUDQYPy72D8LYyHL2YPYrpS2s69NZV8Q=
@@ -130,8 +132,9 @@
github.com/golang/protobuf v1.4.2/go.mod
h1:oDoupMAO8OvCJWAcko0GGGIgR6R6ocIYbsSw735rRwI=
github.com/golang/protobuf v1.4.3/go.mod
h1:oDoupMAO8OvCJWAcko0GGGIgR6R6ocIYbsSw735rRwI=
github.com/golang/protobuf v1.5.0/go.mod
h1:FsONVRAS9T7sI+LIUmWTfcYkHO4aIWwzhcaSAoJOfIk=
-github.com/golang/protobuf v1.5.2
h1:ROPKBNFfQgOUMifHyP+KYbvpjbdoFNs+aK7DXlji0Tw=
github.com/golang/protobuf v1.5.2/go.mod
h1:XVQd3VNwM+JqD3oG2Ue2ip4fOMUkwXdXDdiuN0vRsmY=
+github.com/golang/protobuf v1.5.3
h1:KhyjKVUg7Usr/dYsdSqoFveMYd5ko72D+zANwlG1mmg=
+github.com/golang/protobuf v1.5.3/go.mod
h1:XVQd3VNwM+JqD3oG2Ue2ip4fOMUkwXdXDdiuN0vRsmY=
github.com/gomodule/redigo v2.0.0+incompatible
h1:K/R+8tc58AaqLkqG2Ol3Qk+DR/TlNuhuh457pBFPtt0=
github.com/gomodule/redigo v2.0.0+incompatible/go.mod
h1:B4C85qUVwatsJoIUNIfCRsp7qO0iAmpGFZ4EELWSbC4=
github.com/google/btree v0.0.0-20180813153112-4030bb1f1f0c/go.mod
h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ5JPQ=
@@ -161,6 +164,8 @@
github.com/google/pprof v0.0.0-20200229191704-1ebb73c60ed3/go.mod
h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM=
github.com/google/pprof v0.0.0-20200430221834-fc25d7d30c6d/go.mod
h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM=
github.com/google/pprof v0.0.0-20200708004538-1a94d8640e99/go.mod
h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM=
+github.com/google/pprof v0.0.0-20210407192527-94a9f03dee38
h1:yAJXTCF9TqKcTiHJAE8dj7HMvPfh66eeA2JYW7eFpSE=
+github.com/google/pprof v0.0.0-20210407192527-94a9f03dee38/go.mod
h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE=
github.com/google/renameio v0.1.0
h1:GOZbcHa3HfsPKPlmyPyN2KEohoMXOhdMbHrvbpl2QaA=
github.com/google/renameio v0.1.0/go.mod
h1:KWCgfxg9yswjAJkECMjeO8J8rahYeXnNhOm40UhjYkI=
github.com/google/uuid v1.1.2 h1:EVhdT+1Kseyi1/pUmXKaFxYsDNy9RQYkMWRH68J/W7Y=
@@ -172,6 +177,7 @@
github.com/hashicorp/golang-lru v0.5.1
h1:0hERBMJE1eitiLkihrMvRVBYAkpHzc/J3QdDN+dAcgU=
github.com/hashicorp/golang-lru v0.5.1/go.mod
h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8=
github.com/ianlancetaylor/demangle v0.0.0-20181102032728-5e5cf60278f6/go.mod
h1:aSSvb/t6k1mPoxDqO4vJh6VOCGPwU4O0C2/Eqndh1Sc=
+github.com/ianlancetaylor/demangle v0.0.0-20200824232613-28f6c0f3b639/go.mod
h1:aSSvb/t6k1mPoxDqO4vJh6VOCGPwU4O0C2/Eqndh1Sc=
github.com/imdario/mergo v0.3.6 h1:xTNEAn+kxVO7dTZGu0CegyqKZmoWFI0rF8UxjlB2d28=
github.com/imdario/mergo v0.3.6/go.mod
h1:2EnlNZ0deacrJVfApfmtdGgDfMuh/nq6Ok1EcJh5FfA=
github.com/josharian/intern v1.0.0
h1:vlS4z54oSdjm0bgjRigI+G1HpF+tI+9rE5LLzOg8HmY=
@@ -221,10 +227,10 @@
github.com/mwitkow/go-conntrack v0.0.0-20190716064945-2f068394615f/go.mod
h1:qRWi+5nqEBWmkhHvq77mSJWrCKwh8bxhgT7d/eI7P4U=
github.com/niemeyer/pretty v0.0.0-20200227124842-a10e7caefd8e
h1:fD57ERR4JtEqsWbfPhv4DMiApHyliiK5xCTNVSPiaAs=
github.com/niemeyer/pretty v0.0.0-20200227124842-a10e7caefd8e/go.mod
h1:zD1mROLANZcx1PVRCS0qkT7pwLkGfwJo4zjcN/Tysno=
-github.com/onsi/ginkgo/v2 v2.8.0
h1:pAM+oBNPrpXRs+E/8spkeGx9QgekbRVyr74EUvRVOUI=
-github.com/onsi/ginkgo/v2 v2.8.0/go.mod
h1:6JsQiECmxCa3V5st74AL/AmsV482EDdVrGaVW6z3oYU=
-github.com/onsi/gomega v1.26.0 h1:03cDLK28U6hWvCAns6NeydX3zIm4SF3ci69ulidS32Q=
-github.com/onsi/gomega v1.26.0/go.mod
h1:r+zV744Re+DiYCIPRlYOTxn0YkOLcAnW8k1xXdMPGhM=
+github.com/onsi/ginkgo/v2 v2.9.1
h1:zie5Ly042PD3bsCvsSOPvRnFwyo3rKe64TJlD6nu0mk=
+github.com/onsi/ginkgo/v2 v2.9.1/go.mod
h1:FEcmzVcCHl+4o9bQZVab+4dC9+j+91t2FHSzmGAPfuo=
+github.com/onsi/gomega v1.27.4 h1:Z2AnStgsdSayCMDiCU42qIz+HLqEPcgiOCXjAU/w+8E=
+github.com/onsi/gomega v1.27.4/go.mod
h1:riYq/GJKh8hhoM01HN6Vmuy93AarCXCBGpvFDK3q3fQ=
github.com/pkg/errors v0.8.0/go.mod
h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
github.com/pkg/errors v0.8.1/go.mod
h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4=
@@ -295,8 +301,8 @@
golang.org/x/crypto v0.0.0-20190605123033-f99c8df09eb5/go.mod
h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod
h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod
h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
-golang.org/x/crypto v0.6.0 h1:qfktjS5LUO+fFKeJXZ+ikTRijMmljikvG68fpMMruSc=
-golang.org/x/crypto v0.6.0/go.mod
h1:OFC/31mSvZgRz0V1QTNCzfAI1aIRzbiufJtkMIlEp58=
+golang.org/x/crypto v0.7.0 h1:AvwMYaRytfdeVt3u6mLaxYtErKYjxA2OXjJ1HHq6t3A=
+golang.org/x/crypto v0.7.0/go.mod
h1:pYwdfH91IfpZVANVyUOhSIPZaFoJGxTFbZhFTx+dXZU=
golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod
h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
golang.org/x/exp v0.0.0-20190306152737-a1d7652674e8/go.mod
h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
golang.org/x/exp v0.0.0-20190510132918-efd6b22b2522/go.mod
h1:ZjyILWgesfNpC6sMxTJOJm9Kp84zZh5NQWvqDGG3Qr8=
@@ -327,8 +333,8 @@
golang.org/x/mod v0.1.1-0.20191107180719-034126e5016b/go.mod
h1:QqPTAvyqsEbceGzBzNggFXnrqF1CaUcvgkdR5Ot7KZg=
golang.org/x/mod v0.2.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
golang.org/x/mod v0.3.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
-golang.org/x/mod v0.7.0 h1:LapD9S96VoQRhi/GrNTqeBJFrUjs5UHCAtTlgwA5oZA=
-golang.org/x/mod v0.7.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs=
+golang.org/x/mod v0.9.0 h1:KENHtAZL2y3NLMYZeHY9DW8HW8V+kQyJsY/V9JlKvCs=
+golang.org/x/mod v0.9.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs=
golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod
h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod
h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
golang.org/x/net v0.0.0-20181114220301-adae6a3d119a/go.mod
h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
@@ -363,8 +369,8 @@
golang.org/x/net v0.0.0-20210805182204-aaa1db679c0d/go.mod
h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
golang.org/x/net v0.0.0-20220127200216-cd36cc0744dd/go.mod
h1:CfG3xpIq0wQ8r1q4Su4UZFWDARRcnwPjda9FqA0JpMk=
golang.org/x/net v0.0.0-20220225172249-27dd8689420f/go.mod
h1:CfG3xpIq0wQ8r1q4Su4UZFWDARRcnwPjda9FqA0JpMk=
-golang.org/x/net v0.6.0 h1:L4ZwwTvKW9gr0ZMS1yrHD9GZhIuVjOBBnaKH+SPQK0Q=
-golang.org/x/net v0.6.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs=
+golang.org/x/net v0.8.0 h1:Zrh2ngAOFYneWTAIAPethzeaQLuHwhuBkuV6ZiRnUaQ=
+golang.org/x/net v0.8.0/go.mod h1:QVkue5JL9kW//ek3r6jTKnTFis1tRmNAW2P1shuFdJc=
golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod
h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U=
golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod
h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45/go.mod
h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
@@ -425,12 +431,12 @@
golang.org/x/sys v0.0.0-20211216021012-1d35b9e2eb4e/go.mod
h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/sys v0.0.0-20220114195835-da31bd327af9/go.mod
h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/sys v0.0.0-20220811171246-fbc7d0a398ab/go.mod
h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.5.0 h1:MUK/U/4lj1t1oPg0HfuXDN/Z1wv31ZJ/YcPiGccS4DU=
-golang.org/x/sys v0.5.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.6.0 h1:MVltZSvRTcU2ljQOhs94SXPftV6DCNnZViHeQps87pQ=
+golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod
h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod
h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
-golang.org/x/term v0.5.0 h1:n2a8QNdAb0sZNpU9R1ALUXBbY+w51fCQDN+7EdxNBsY=
-golang.org/x/term v0.5.0/go.mod h1:jMB1sMXY+tzblOD4FWmEbocvup2/aLOaQEp7JmGp78k=
+golang.org/x/term v0.6.0 h1:clScbb1cHjoCkyRbWwBEUZ5H/tIFu5TAXIqaZD0Gcjw=
+golang.org/x/term v0.6.0/go.mod h1:m6U89DPEgQRMq3DNkDClhWw02AUbt2daBVO4cn4Hv9U=
golang.org/x/text v0.0.0-20170915032832-14c0d48ead0c/go.mod
h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
golang.org/x/text v0.3.1-0.20180807135948-17ff2d5776d2/go.mod
h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
@@ -439,8 +445,8 @@
golang.org/x/text v0.3.5/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ=
-golang.org/x/text v0.7.0 h1:4BRB4x83lYWy72KwLD/qYDuTu7q9PjSagHvijDw7cLo=
-golang.org/x/text v0.7.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8=
+golang.org/x/text v0.8.0 h1:57P1ETyNKtuIjB4SRd15iJxuhj8Gc416Y78H3qgMh68=
+golang.org/x/text v0.8.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8=
golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod
h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
golang.org/x/time v0.0.0-20190308202827-9d24e82272b4/go.mod
h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
golang.org/x/time v0.0.0-20191024005414-555d28b269f0/go.mod
h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
@@ -489,8 +495,8 @@
golang.org/x/tools v0.0.0-20200804011535-6c149bb5ef0d/go.mod
h1:njjCfa9FT2d7l9Bc6FUM5FLjQPp3cFF28FI3qnDFljA=
golang.org/x/tools v0.0.0-20200825202427-b303f430e36d/go.mod
h1:njjCfa9FT2d7l9Bc6FUM5FLjQPp3cFF28FI3qnDFljA=
golang.org/x/tools v0.0.0-20210106214847-113979e3529a/go.mod
h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA=
-golang.org/x/tools v0.5.0 h1:+bSpV5HIeWkuvgaMfI3UmKRThoTA5ODJTUd8T17NO+4=
-golang.org/x/tools v0.5.0/go.mod
h1:N+Kgy78s5I24c24dU8OfWNEotWjutIs8SnJvn5IDq+k=
+golang.org/x/tools v0.7.0 h1:W4OVu8VVOaIO0yzWMNdepAulS7YfoS3Zabrm8DOXXU4=
+golang.org/x/tools v0.7.0/go.mod
h1:4pg6aUX35JBAogB10C9AtvVL+qowtN4pT3CGSQex14s=
golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod
h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod
h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod
h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
@@ -609,21 +615,21 @@
honnef.co/go/tools v0.0.1-2019.2.3/go.mod
h1:a3bituU0lyd329TUQxRnasdCoJDkEUEAqEt0JzvZhAg=
honnef.co/go/tools v0.0.1-2020.1.3/go.mod
h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k=
honnef.co/go/tools v0.0.1-2020.1.4/go.mod
h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k=
-k8s.io/api v0.26.1 h1:f+SWYiPd/GsiWwVRz+NbFyCgvv75Pk9NK6dlkZgpCRQ=
-k8s.io/api v0.26.1/go.mod h1:xd/GBNgR0f707+ATNyPmQ1oyKSgndzXij81FzWGsejg=
-k8s.io/apimachinery v0.26.1 h1:8EZ/eGJL+hY/MYCNwhmDzVqq2lPl3N3Bo8rvweJwXUQ=
-k8s.io/apimachinery v0.26.1/go.mod
h1:tnPmbONNJ7ByJNz9+n9kMjNP8ON+1qoAIIC70lztu74=
-k8s.io/client-go v0.26.1 h1:87CXzYJnAMGaa/IDDfRdhTzxk/wzGZ+/HUQpqgVSZXU=
-k8s.io/client-go v0.26.1/go.mod h1:IWNSglg+rQ3OcvDkhY6+QLeasV4OYHDjdqeWkDQZwGE=
-k8s.io/code-generator v0.26.1 h1:dusFDsnNSKlMFYhzIM0jAO1OlnTN5WYwQQ+Ai12IIlo=
-k8s.io/code-generator v0.26.1/go.mod
h1:OMoJ5Dqx1wgaQzKgc+ZWaZPfGjdRq/Y3WubFrZmeI3I=
+k8s.io/api v0.26.2 h1:dM3cinp3PGB6asOySalOZxEG4CZ0IAdJsrYZXE/ovGQ=
+k8s.io/api v0.26.2/go.mod h1:1kjMQsFE+QHPfskEcVNgL3+Hp88B80uj0QtSOlj8itU=
+k8s.io/apimachinery v0.26.2 h1:da1u3D5wfR5u2RpLhE/ZtZS2P7QvDgLZTi9wrNZl/tQ=
+k8s.io/apimachinery v0.26.2/go.mod
h1:ats7nN1LExKHvJ9TmwootT00Yz05MuYqPXEXaVeOy5I=
+k8s.io/client-go v0.26.2 h1:s1WkVujHX3kTp4Zn4yGNFK+dlDXy1bAAkIl+cFAiuYI=
+k8s.io/client-go v0.26.2/go.mod h1:u5EjOuSyBa09yqqyY7m3abZeovO/7D/WehVVlZ2qcqU=
+k8s.io/code-generator v0.26.2 h1:QMgN5oXUgQe27uMaqpbT0hg6ti+rvgCWaHEDMHVhox8=
+k8s.io/code-generator v0.26.2/go.mod
h1:ryaiIKwfxEJEaywEzx3dhWOydpVctKYbqLajJf0O8dI=
k8s.io/gengo v0.0.0-20220902162205-c0856e24416d
h1:U9tB195lKdzwqicbJvyJeOXV7Klv+wNAWENRnXEGi08=
k8s.io/gengo v0.0.0-20220902162205-c0856e24416d/go.mod
h1:FiNAH4ZV3gBg2Kwh89tzAEV2be7d5xI0vBa/VySYy3E=
k8s.io/klog v1.0.0 h1:Pt+yjF5aB1xDSVbau4VsWe+dQNzA0qv1LlXdC2dF6Q8=
k8s.io/klog v1.0.0/go.mod h1:4Bi6QPql/J/LkTDqv7R/cd3hPo4k2DG6Ptcz060Ez5I=
k8s.io/klog/v2 v2.2.0/go.mod h1:Od+F08eJP+W3HUb4pSrPpgp9DGU4GzlpG/TmITuYh/Y=
-k8s.io/klog/v2 v2.90.0 h1:VkTxIV/FjRXn1fgNNcKGM8cfmL1Z33ZjXRTVxKCoF5M=
-k8s.io/klog/v2 v2.90.0/go.mod h1:y1WjHnz7Dj687irZUWR/WLkLc5N1YHtjLdmgWjndZn0=
+k8s.io/klog/v2 v2.90.1 h1:m4bYOKall2MmOiRaR1J+We67Do7vm9KiQVlT96lnHUw=
+k8s.io/klog/v2 v2.90.1/go.mod h1:y1WjHnz7Dj687irZUWR/WLkLc5N1YHtjLdmgWjndZn0=
k8s.io/kube-openapi v0.0.0-20221012153701-172d655c2280
h1:+70TFaan3hfJzs+7VK2o+OGxg8HsuBr/5f6tVAjDu6E=
k8s.io/kube-openapi v0.0.0-20221012153701-172d655c2280/go.mod
h1:+Axhij7bCpeqhklhUTe3xmOn6bWxolyZEeyaFpjGtl4=
k8s.io/utils v0.0.0-20221107191617-1a15be271d1d
h1:0Smp/HP1OH4Rvhe+4B8nWGERtlqAGSftbSbbmm45oFs=
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/sealed-secrets-0.19.5/helm/sealed-secrets/Chart.yaml
new/sealed-secrets-0.20.1/helm/sealed-secrets/Chart.yaml
--- old/sealed-secrets-0.19.5/helm/sealed-secrets/Chart.yaml 2023-02-15
13:34:44.000000000 +0100
+++ new/sealed-secrets-0.20.1/helm/sealed-secrets/Chart.yaml 2023-03-15
12:38:40.000000000 +0100
@@ -1,7 +1,7 @@
annotations:
category: DeveloperTools
apiVersion: v2
-appVersion: v0.19.4
+appVersion: v0.19.5
description: Helm chart for the sealed-secrets controller.
home: https://github.com/bitnami-labs/sealed-secrets
icon:
https://bitnami.com/assets/stacks/sealed-secrets/img/sealed-secrets-stack-220x234.png
@@ -14,4 +14,4 @@
url: https://github.com/bitnami-labs/sealed-secrets
name: sealed-secrets
type: application
-version: 2.7.3
+version: 2.7.6
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/sealed-secrets-0.19.5/helm/sealed-secrets/README.md
new/sealed-secrets-0.20.1/helm/sealed-secrets/README.md
--- old/sealed-secrets-0.19.5/helm/sealed-secrets/README.md 2023-02-15
13:34:44.000000000 +0100
+++ new/sealed-secrets-0.20.1/helm/sealed-secrets/README.md 2023-03-15
12:38:40.000000000 +0100
@@ -79,67 +79,67 @@
| `extraDeploy` | Array of extra objects to deploy with the release
| `[]` |
| `commonAnnotations` | Annotations to add to all deployed resources
| `{}` |
-
### Sealed Secrets Parameters
-| Name | Description
| Value
|
-| ------------------------------------------------- |
------------------------------------------------------------------------------------
| ----------------------------------- |
-| `image.registry` | Sealed Secrets image
registry | `docker.io`
|
-| `image.repository` | Sealed Secrets image
repository |
`bitnami/sealed-secrets-controller` |
-| `image.tag` | Sealed Secrets image tag
(immutable tags are recommended) | `v0.19.4`
|
-| `image.pullPolicy` | Sealed Secrets image
pull policy |
`IfNotPresent` |
-| `image.pullSecrets` | Sealed Secrets image
pull secrets | `[]`
|
-| `createController` | Specifies whether the
Sealed Secrets controller should be created | `true`
|
-| `secretName` | The name of an existing
TLS secret containing the key used to encrypt secrets |
`sealed-secrets-key` |
-| `updateStatus` | Specifies whether the
Sealed Secrets controller should update the status subresource | `true`
|
-| `keyrenewperiod` | Specifies key renewal
period. Default 30 days | `""`
|
-| `rateLimit` | Number of allowed
sustained request per second for verify endpoint | `""`
|
-| `rateLimitBurst` | Number of requests
allowed to exceed the rate limit per second for verify endpoint | `""`
|
-| `additionalNamespaces` | List of namespaces used
to manage the Sealed Secrets | `[]`
|
-| `command` | Override default
container command | `[]`
|
-| `args` | Override default
container args | `[]`
|
-| `livenessProbe.enabled` | Enable livenessProbe on
Sealed Secret containers | `true`
|
-| `livenessProbe.initialDelaySeconds` | Initial delay seconds
for livenessProbe | `0`
|
-| `livenessProbe.periodSeconds` | Period seconds for
livenessProbe | `10`
|
-| `livenessProbe.timeoutSeconds` | Timeout seconds for
livenessProbe | `1`
|
-| `livenessProbe.failureThreshold` | Failure threshold for
livenessProbe | `3`
|
-| `livenessProbe.successThreshold` | Success threshold for
livenessProbe | `1`
|
-| `readinessProbe.enabled` | Enable readinessProbe on
Sealed Secret containers | `true`
|
-| `readinessProbe.initialDelaySeconds` | Initial delay seconds
for readinessProbe | `0`
|
-| `readinessProbe.periodSeconds` | Period seconds for
readinessProbe | `10`
|
-| `readinessProbe.timeoutSeconds` | Timeout seconds for
readinessProbe | `1`
|
-| `readinessProbe.failureThreshold` | Failure threshold for
readinessProbe | `3`
|
-| `readinessProbe.successThreshold` | Success threshold for
readinessProbe | `1`
|
-| `startupProbe.enabled` | Enable startupProbe on
Sealed Secret containers | `false`
|
-| `startupProbe.initialDelaySeconds` | Initial delay seconds
for startupProbe | `0`
|
-| `startupProbe.periodSeconds` | Period seconds for
startupProbe | `10`
|
-| `startupProbe.timeoutSeconds` | Timeout seconds for
startupProbe | `1`
|
-| `startupProbe.failureThreshold` | Failure threshold for
startupProbe | `3`
|
-| `startupProbe.successThreshold` | Success threshold for
startupProbe | `1`
|
-| `customLivenessProbe` | Custom livenessProbe
that overrides the default one | `{}`
|
-| `customReadinessProbe` | Custom readinessProbe
that overrides the default one | `{}`
|
-| `customStartupProbe` | Custom startupProbe that
overrides the default one | `{}`
|
-| `resources.limits` | The resources limits for
the Sealed Secret containers | `{}`
|
-| `resources.requests` | The requested resources
for the Sealed Secret containers | `{}`
|
-| `podSecurityContext.enabled` | Enabled Sealed Secret
pods' Security Context | `true`
|
-| `podSecurityContext.fsGroup` | Set Sealed Secret pod's
Security Context fsGroup | `65534`
|
-| `containerSecurityContext.enabled` | Enabled Sealed Secret
containers' Security Context | `true`
|
-| `containerSecurityContext.readOnlyRootFilesystem` | Whether the Sealed
Secret container has a read-only root filesystem | `true`
|
-| `containerSecurityContext.runAsNonRoot` | Indicates that the
Sealed Secret container must run as a non-root user | `true`
|
-| `containerSecurityContext.runAsUser` | Set Sealed Secret
containers' Security Context runAsUser | `1001`
|
-| `automountServiceAccountToken` | whether to automatically
mount the service account API-token to a particular pod | `""`
|
-| `podLabels` | Extra labels for Sealed
Secret pods | `{}`
|
-| `podAnnotations` | Annotations for Sealed
Secret pods | `{}`
|
-| `priorityClassName` | Sealed Secret pods'
priorityClassName | `""`
|
-| `runtimeClassName` | Sealed Secret pods'
runtimeClassName | `""`
|
-| `affinity` | Affinity for Sealed
Secret pods assignment | `{}`
|
-| `nodeSelector` | Node labels for Sealed
Secret pods assignment | `{}`
|
-| `tolerations` | Tolerations for Sealed
Secret pods assignment | `[]`
|
-| `additionalVolumes` | Extra Volumes for the
Sealed Secrets Controller Deployment | `{}`
|
-| `additionalVolumeMounts` | Extra volumeMounts for
the Sealed Secrets Controller container | `{}`
|
-| `hostNetwork` | Sealed Secrets pods'
hostNetwork | `false`
|
-| `dnsPolicy` | Sealed Secrets pods'
dnsPolicy | `""`
|
-
+| Name | Description
| Value
|
+| ------------------------------------------------- |
--------------------------------------------------------------------------------------
| ----------------------------------- |
+| `image.registry` | Sealed Secrets image
registry | `docker.io`
|
+| `image.repository` | Sealed Secrets image
repository |
`bitnami/sealed-secrets-controller` |
+| `image.tag` | Sealed Secrets image tag
(immutable tags are recommended) | `v0.19.5`
|
+| `image.pullPolicy` | Sealed Secrets image
pull policy |
`IfNotPresent` |
+| `image.pullSecrets` | Sealed Secrets image
pull secrets | `[]`
|
+| `createController` | Specifies whether the
Sealed Secrets controller should be created | `true`
|
+| `secretName` | The name of an existing
TLS secret containing the key used to encrypt secrets |
`sealed-secrets-key` |
+| `updateStatus` | Specifies whether the
Sealed Secrets controller should update the status subresource | `true`
|
+| `skipRecreate` | Specifies whether the
Sealed Secrets controller should skip recreating removed secrets | `false`
|
+| `keyrenewperiod` | Specifies key renewal
period. Default 30 days | `""`
|
+| `rateLimit` | Number of allowed
sustained request per second for verify endpoint | `""`
|
+| `rateLimitBurst` | Number of requests
allowed to exceed the rate limit per second for verify endpoint | `""`
|
+| `additionalNamespaces` | List of namespaces used
to manage the Sealed Secrets | `[]`
|
+| `command` | Override default
container command | `[]`
|
+| `args` | Override default
container args | `[]`
|
+| `livenessProbe.enabled` | Enable livenessProbe on
Sealed Secret containers | `true`
|
+| `livenessProbe.initialDelaySeconds` | Initial delay seconds
for livenessProbe | `0`
|
+| `livenessProbe.periodSeconds` | Period seconds for
livenessProbe | `10`
|
+| `livenessProbe.timeoutSeconds` | Timeout seconds for
livenessProbe | `1`
|
+| `livenessProbe.failureThreshold` | Failure threshold for
livenessProbe | `3`
|
+| `livenessProbe.successThreshold` | Success threshold for
livenessProbe | `1`
|
+| `readinessProbe.enabled` | Enable readinessProbe on
Sealed Secret containers | `true`
|
+| `readinessProbe.initialDelaySeconds` | Initial delay seconds
for readinessProbe | `0`
|
+| `readinessProbe.periodSeconds` | Period seconds for
readinessProbe | `10`
|
+| `readinessProbe.timeoutSeconds` | Timeout seconds for
readinessProbe | `1`
|
+| `readinessProbe.failureThreshold` | Failure threshold for
readinessProbe | `3`
|
+| `readinessProbe.successThreshold` | Success threshold for
readinessProbe | `1`
|
+| `startupProbe.enabled` | Enable startupProbe on
Sealed Secret containers | `false`
|
+| `startupProbe.initialDelaySeconds` | Initial delay seconds
for startupProbe | `0`
|
+| `startupProbe.periodSeconds` | Period seconds for
startupProbe | `10`
|
+| `startupProbe.timeoutSeconds` | Timeout seconds for
startupProbe | `1`
|
+| `startupProbe.failureThreshold` | Failure threshold for
startupProbe | `3`
|
+| `startupProbe.successThreshold` | Success threshold for
startupProbe | `1`
|
+| `customLivenessProbe` | Custom livenessProbe
that overrides the default one | `{}`
|
+| `customReadinessProbe` | Custom readinessProbe
that overrides the default one | `{}`
|
+| `customStartupProbe` | Custom startupProbe that
overrides the default one | `{}`
|
+| `resources.limits` | The resources limits for
the Sealed Secret containers | `{}`
|
+| `resources.requests` | The requested resources
for the Sealed Secret containers | `{}`
|
+| `podSecurityContext.enabled` | Enabled Sealed Secret
pods' Security Context | `true`
|
+| `podSecurityContext.fsGroup` | Set Sealed Secret pod's
Security Context fsGroup | `65534`
|
+| `containerSecurityContext.enabled` | Enabled Sealed Secret
containers' Security Context | `true`
|
+| `containerSecurityContext.readOnlyRootFilesystem` | Whether the Sealed
Secret container has a read-only root filesystem | `true`
|
+| `containerSecurityContext.runAsNonRoot` | Indicates that the
Sealed Secret container must run as a non-root user | `true`
|
+| `containerSecurityContext.runAsUser` | Set Sealed Secret
containers' Security Context runAsUser | `1001`
|
+| `containerSecurityContext.capabilities` | Adds and removes POSIX
capabilities from running containers (see `values.yaml`) |
|
+| `automountServiceAccountToken` | whether to automatically
mount the service account API-token to a particular pod | `true`
|
+| `podLabels` | Extra labels for Sealed
Secret pods | `{}`
|
+| `podAnnotations` | Annotations for Sealed
Secret pods | `{}`
|
+| `priorityClassName` | Sealed Secret pods'
priorityClassName | `""`
|
+| `runtimeClassName` | Sealed Secret pods'
runtimeClassName | `""`
|
+| `affinity` | Affinity for Sealed
Secret pods assignment | `{}`
|
+| `nodeSelector` | Node labels for Sealed
Secret pods assignment | `{}`
|
+| `tolerations` | Tolerations for Sealed
Secret pods assignment | `[]`
|
+| `additionalVolumes` | Extra Volumes for the
Sealed Secrets Controller Deployment | `{}`
|
+| `additionalVolumeMounts` | Extra volumeMounts for
the Sealed Secrets Controller container | `{}`
|
+| `hostNetwork` | Sealed Secrets pods'
hostNetwork | `false`
|
+| `dnsPolicy` | Sealed Secrets pods'
dnsPolicy | `""`
|
### Traffic Exposure Parameters
@@ -164,21 +164,20 @@
| `ingress.secrets` | Custom TLS certificates as secrets
| `[]` |
| `networkPolicy.enabled` | Specifies whether a NetworkPolicy should be
created
| `false` |
-
### Other Parameters
-| Name | Description
| Value |
-| --------------------------------------------- |
------------------------------------------------------------- | ------- |
-| `serviceAccount.annotations` | Annotations for Sealed
Secret service account | `{}` |
-| `serviceAccount.create` | Specifies whether a
ServiceAccount should be created | `true` |
-| `serviceAccount.labels` | Extra labels to be added to
the ServiceAccount | `{}` |
-| `serviceAccount.name` | The name of the
ServiceAccount to use. | `""` |
-| `serviceAccount.automountServiceAccountToken` | Specifies, whether to mount
the service account API-token | `""` |
-| `rbac.create` | Specifies whether RBAC
resources should be created | `true` |
-| `rbac.clusterRole` | Specifies whether the
Cluster Role resource should be created | `true` |
-| `rbac.labels` | Extra labels to be added to
RBAC resources | `{}` |
-| `rbac.pspEnabled` | PodSecurityPolicy
| `false` |
-
+| Name | Description
| Value |
+| --------------------------------------------- |
------------------------------------------------------------- |
------------------ |
+| `serviceAccount.annotations` | Annotations for Sealed
Secret service account | `{}` |
+| `serviceAccount.create` | Specifies whether a
ServiceAccount should be created | `true` |
+| `serviceAccount.labels` | Extra labels to be added to
the ServiceAccount | `{}` |
+| `serviceAccount.name` | The name of the
ServiceAccount to use. | `""` |
+| `serviceAccount.automountServiceAccountToken` | Specifies, whether to mount
the service account API-token | `true` |
+| `rbac.create` | Specifies whether RBAC
resources should be created | `true` |
+| `rbac.clusterRole` | Specifies whether the
Cluster Role resource should be created | `true` |
+| `rbac.clusterRoleName` | Specifies the name for the
Cluster Role resource | `secrets-unsealer` |
+| `rbac.labels` | Extra labels to be added to
RBAC resources | `{}` |
+| `rbac.pspEnabled` | PodSecurityPolicy
| `false` |
### Metrics parameters
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/sealed-secrets-0.19.5/helm/sealed-secrets/templates/cluster-role-binding.yaml
new/sealed-secrets-0.20.1/helm/sealed-secrets/templates/cluster-role-binding.yaml
---
old/sealed-secrets-0.19.5/helm/sealed-secrets/templates/cluster-role-binding.yaml
2023-02-15 13:34:44.000000000 +0100
+++
new/sealed-secrets-0.20.1/helm/sealed-secrets/templates/cluster-role-binding.yaml
2023-03-15 12:38:40.000000000 +0100
@@ -10,7 +10,7 @@
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
- name: secrets-unsealer
+ name: {{ .Values.rbac.clusterRoleName }}
subjects:
- apiGroup: ""
kind: ServiceAccount
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/sealed-secrets-0.19.5/helm/sealed-secrets/templates/cluster-role.yaml
new/sealed-secrets-0.20.1/helm/sealed-secrets/templates/cluster-role.yaml
--- old/sealed-secrets-0.19.5/helm/sealed-secrets/templates/cluster-role.yaml
2023-02-15 13:34:44.000000000 +0100
+++ new/sealed-secrets-0.20.1/helm/sealed-secrets/templates/cluster-role.yaml
2023-03-15 12:38:40.000000000 +0100
@@ -2,7 +2,7 @@
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
- name: secrets-unsealer
+ name: {{ .Values.rbac.clusterRoleName }}
labels: {{- include "sealed-secrets.labels" . | nindent 4 }}
{{- if .Values.rbac.labels }}
{{- include "sealed-secrets.render" ( dict "value" .Values.rbac.labels
"context" $) | nindent 4 }}
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/sealed-secrets-0.19.5/helm/sealed-secrets/templates/deployment.yaml
new/sealed-secrets-0.20.1/helm/sealed-secrets/templates/deployment.yaml
--- old/sealed-secrets-0.19.5/helm/sealed-secrets/templates/deployment.yaml
2023-02-15 13:34:44.000000000 +0100
+++ new/sealed-secrets-0.20.1/helm/sealed-secrets/templates/deployment.yaml
2023-03-15 12:38:40.000000000 +0100
@@ -46,9 +46,7 @@
securityContext: {{- omit .Values.podSecurityContext "enabled" | toYaml
| nindent 8 }}
{{- end }}
serviceAccountName: {{ include "sealed-secrets.serviceAccountName" . }}
- {{- if .Values.automountServiceAccountToken }}
automountServiceAccountToken: {{ .Values.automountServiceAccountToken }}
- {{- end }}
{{- if .Values.hostNetwork }}
hostNetwork: true
{{- end }}
@@ -70,6 +68,9 @@
{{- if .Values.updateStatus }}
- --update-status
{{- end }}
+ {{- if .Values.skipRecreate }}
+ - --skip-recreate
+ {{- end }}
{{- if .Values.keyrenewperiod }}
- --key-renew-period
- {{ .Values.keyrenewperiod | quote }}
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/sealed-secrets-0.19.5/helm/sealed-secrets/templates/service-account.yaml
new/sealed-secrets-0.20.1/helm/sealed-secrets/templates/service-account.yaml
---
old/sealed-secrets-0.19.5/helm/sealed-secrets/templates/service-account.yaml
2023-02-15 13:34:44.000000000 +0100
+++
new/sealed-secrets-0.20.1/helm/sealed-secrets/templates/service-account.yaml
2023-03-15 12:38:40.000000000 +0100
@@ -1,9 +1,7 @@
{{ if .Values.serviceAccount.create }}
apiVersion: v1
kind: ServiceAccount
-{{- if .Values.serviceAccount.automountServiceAccountToken }}
automountServiceAccountToken: {{
.Values.serviceAccount.automountServiceAccountToken }}
-{{- end }}
metadata:
name: {{ include "sealed-secrets.serviceAccountName" . }}
namespace: {{ include "sealed-secrets.namespace" . }}
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/sealed-secrets-0.19.5/helm/sealed-secrets/values.yaml
new/sealed-secrets-0.20.1/helm/sealed-secrets/values.yaml
--- old/sealed-secrets-0.19.5/helm/sealed-secrets/values.yaml 2023-02-15
13:34:44.000000000 +0100
+++ new/sealed-secrets-0.20.1/helm/sealed-secrets/values.yaml 2023-03-15
12:38:40.000000000 +0100
@@ -33,7 +33,7 @@
image:
registry: docker.io
repository: bitnami/sealed-secrets-controller
- tag: v0.19.4
+ tag: v0.19.5
## Specify a imagePullPolicy
## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images
@@ -56,6 +56,12 @@
## @param updateStatus Specifies whether the Sealed Secrets controller should
update the status subresource
##
updateStatus: true
+## @param skipRecreate Specifies whether the Sealed Secrets controller should
skip recreating removed secrets
+## Setting it to false allows to optionally restore backward compatibility in
low priviledge
+## environments when old versions of the controller did not require watch
permissions on secrets
+## for secret re-creation.
+##
+skipRecreate: false
## @param keyrenewperiod Specifies key renewal period. Default 30 days
## e.g
## keyrenewperiod: "720h30m"
@@ -151,15 +157,20 @@
## @param containerSecurityContext.readOnlyRootFilesystem Whether the Sealed
Secret container has a read-only root filesystem
## @param containerSecurityContext.runAsNonRoot Indicates that the Sealed
Secret container must run as a non-root user
## @param containerSecurityContext.runAsUser Set Sealed Secret containers'
Security Context runAsUser
+## @extra containerSecurityContext.capabilities Adds and removes POSIX
capabilities from running containers (see `values.yaml`)
+## @skip containerSecurityContext.capabilities.drop
##
containerSecurityContext:
enabled: true
readOnlyRootFilesystem: true
runAsNonRoot: true
runAsUser: 1001
+ capabilities:
+ drop:
+ - ALL
## @param automountServiceAccountToken whether to automatically mount the
service account API-token to a particular pod
-automountServiceAccountToken: ""
+automountServiceAccountToken: true
## @param podLabels [object] Extra labels for Sealed Secret pods
## ref:
https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/
@@ -337,7 +348,7 @@
##
name: ""
## @param serviceAccount.automountServiceAccountToken Specifies, whether to
mount the service account API-token
- automountServiceAccountToken: ""
+ automountServiceAccountToken: true
## RBAC configuration
##
rbac:
@@ -347,6 +358,9 @@
## @param rbac.clusterRole Specifies whether the Cluster Role resource
should be created
##
clusterRole: true
+ ## @param rbac.clusterRoleName Specifies the name for the Cluster Role
resource
+ ##
+ clusterRoleName: "secrets-unsealer"
## @param rbac.labels Extra labels to be added to RBAC resources
##
labels: {}
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/sealed-secrets-0.19.5/pkg/controller/controller.go
new/sealed-secrets-0.20.1/pkg/controller/controller.go
--- old/sealed-secrets-0.19.5/pkg/controller/controller.go 2023-02-15
13:34:44.000000000 +0100
+++ new/sealed-secrets-0.20.1/pkg/controller/controller.go 2023-03-15
12:38:40.000000000 +0100
@@ -84,10 +84,34 @@
eventBroadcaster.StartRecordingToSink(&v1.EventSinkImpl{Interface:
clientset.CoreV1().Events("")})
recorder := eventBroadcaster.NewRecorder(scheme.Scheme,
corev1.EventSource{Component: "sealed-secrets"})
+ ssInformer, err := watchSealedSecrets(ssinformer, queue)
+ if err != nil {
+ return nil, err
+ }
+
+ var sInformer cache.SharedIndexInformer
+ if sinformer != nil {
+ sInformer, err = watchSecrets(sinformer, ssclientset, queue)
+ if err != nil {
+ return nil, err
+ }
+ }
+
+ return &Controller{
+ ssInformer: ssInformer,
+ sInformer: sInformer,
+ queue: queue,
+ sclient: clientset.CoreV1(),
+ ssclient: ssclientset.BitnamiV1alpha1(),
+ recorder: recorder,
+ keyRegistry: keyRegistry,
+ }, nil
+}
+
+func watchSealedSecrets(ssinformer ssinformer.SharedInformerFactory, queue
workqueue.RateLimitingInterface) (cache.SharedIndexInformer, error) {
ssInformer := ssinformer.Bitnami().V1alpha1().
SealedSecrets().
Informer()
-
_, err := ssInformer.AddEventHandler(cache.ResourceEventHandlerFuncs{
AddFunc: func(obj interface{}) {
key, err := cache.MetaNamespaceKeyFunc(obj)
@@ -114,9 +138,12 @@
if err != nil {
return nil, fmt.Errorf("could not add event handler to sealed
secrets informer: %w", err)
}
+ return ssInformer, nil
+}
+func watchSecrets(sinformer informers.SharedInformerFactory, ssclientset
ssclientset.Interface, queue workqueue.RateLimitingInterface)
(cache.SharedIndexInformer, error) {
sInformer := sinformer.Core().V1().Secrets().Informer()
- _, err = sInformer.AddEventHandler(cache.ResourceEventHandlerFuncs{
+ _, err := sInformer.AddEventHandler(cache.ResourceEventHandlerFuncs{
DeleteFunc: func(obj interface{}) {
skey, err :=
cache.DeletionHandlingMetaNamespaceKeyFunc(obj)
if err != nil {
@@ -154,16 +181,7 @@
if err != nil {
return nil, fmt.Errorf("could not add event handler to secrets
informer: %w", err)
}
-
- return &Controller{
- ssInformer: ssInformer,
- sInformer: sInformer,
- queue: queue,
- sclient: clientset.CoreV1(),
- ssclient: ssclientset.BitnamiV1alpha1(),
- recorder: recorder,
- keyRegistry: keyRegistry,
- }, nil
+ return sInformer, nil
}
// HasSynced returns true once this controller has completed an
@@ -192,7 +210,7 @@
go c.sInformer.Run(stopCh)
if !cache.WaitForCacheSync(stopCh, c.HasSynced) {
- utilruntime.HandleError(fmt.Errorf("Timed out waiting for
caches to sync"))
+ utilruntime.HandleError(fmt.Errorf("timed out waiting for
caches to sync"))
return
}
@@ -417,7 +435,7 @@
}
return true, nil
default:
- return false, fmt.Errorf("Unexpected resource type: %s",
s.GetObjectKind().GroupVersionKind().String())
+ return false, fmt.Errorf("unexpected resource type: %s",
s.GetObjectKind().GroupVersionKind().String())
}
}
@@ -434,20 +452,20 @@
case *ssv1alpha1.SealedSecret:
secret, err := c.attemptUnseal(s)
if err != nil {
- return nil, fmt.Errorf("Error decrypting secret. %v",
err)
+ return nil, fmt.Errorf("error decrypting secret. %v",
err)
}
latestPrivKey := c.keyRegistry.latestPrivateKey()
resealedSecret, err :=
ssv1alpha1.NewSealedSecret(scheme.Codecs, &latestPrivKey.PublicKey, secret)
if err != nil {
- return nil, fmt.Errorf("Error creating new sealed
secret. %v", err)
+ return nil, fmt.Errorf("error creating new sealed
secret. %v", err)
}
data, err := json.Marshal(resealedSecret)
if err != nil {
- return nil, fmt.Errorf("Error marshalling new secret to
json. %v", err)
+ return nil, fmt.Errorf("error marshalling new secret to
json. %v", err)
}
return data, nil
default:
- return nil, fmt.Errorf("Unexpected resource type: %s",
s.GetObjectKind().GroupVersionKind().String())
+ return nil, fmt.Errorf("unexpected resource type: %s",
s.GetObjectKind().GroupVersionKind().String())
}
}
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/sealed-secrets-0.19.5/pkg/controller/controller_test.go
new/sealed-secrets-0.20.1/pkg/controller/controller_test.go
--- old/sealed-secrets-0.19.5/pkg/controller/controller_test.go 2023-02-15
13:34:44.000000000 +0100
+++ new/sealed-secrets-0.20.1/pkg/controller/controller_test.go 2023-03-15
12:38:40.000000000 +0100
@@ -1,11 +1,18 @@
package controller
import (
+ "context"
+ "crypto/rand"
"errors"
"fmt"
"testing"
ssv1alpha1
"github.com/bitnami-labs/sealed-secrets/pkg/apis/sealedsecrets/v1alpha1"
+ metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+ "k8s.io/client-go/kubernetes"
+ "k8s.io/client-go/kubernetes/fake"
+
+ ssfake
"github.com/bitnami-labs/sealed-secrets/pkg/client/clientset/versioned/fake"
)
func TestConvert2SealedSecretBadType(t *testing.T) {
@@ -45,3 +52,54 @@
t.Fatalf("got %v want %v", got, want)
}
}
+
+func TestDefaultConfigDoesNotSkipRecreate(t *testing.T) {
+ ns := "some-namespace"
+ var tweakopts func(*metav1.ListOptions)
+ clientset := fake.NewSimpleClientset()
+ ssc := ssfake.NewSimpleClientset()
+ keyRegistry := testKeyRegister(t, context.Background(), clientset, ns)
+
+ got, err := prepareController(clientset, ns, tweakopts,
&Flags{SkipRecreate: false}, ssc, keyRegistry)
+ if err != nil {
+ t.Fatalf("err %v want %v", got, nil)
+ }
+ if got == nil {
+ t.Fatalf("ctrl %v want non nil", got)
+ }
+ if got.sInformer == nil {
+ t.Fatalf("sInformer %v want non nil", got.sInformer)
+ }
+}
+
+func TestSkipRecreateConfigDoesSkipIt(t *testing.T) {
+ ns := "some-namespace"
+ var tweakopts func(*metav1.ListOptions)
+ clientset := fake.NewSimpleClientset()
+ ssc := ssfake.NewSimpleClientset()
+ keyRegistry := testKeyRegister(t, context.Background(), clientset, ns)
+
+ got, err := prepareController(clientset, ns, tweakopts,
&Flags{SkipRecreate: true}, ssc, keyRegistry)
+ if err != nil {
+ t.Fatalf("err %v want %v", got, nil)
+ }
+ if got == nil {
+ t.Fatalf("ctrl %v want non nil", got)
+ }
+ if got.sInformer != nil {
+ t.Fatalf("sInformer %v want nil", got.sInformer)
+ }
+}
+
+func testKeyRegister(t *testing.T, ctx context.Context, clientset
kubernetes.Interface, ns string) *KeyRegistry {
+ t.Helper()
+
+ keyLabel := SealedSecretsKeyLabel
+ prefix := "test-keys"
+ testKeySize := 4096
+ keyRegistry, err := initKeyRegistry(ctx, clientset, rand.Reader, ns,
prefix, keyLabel, testKeySize)
+ if err != nil {
+ t.Fatalf("failed to provision key registry: %v", err)
+ }
+ return keyRegistry
+}
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/sealed-secrets-0.19.5/pkg/controller/keys.go
new/sealed-secrets-0.20.1/pkg/controller/keys.go
--- old/sealed-secrets-0.19.5/pkg/controller/keys.go 2023-02-15
13:34:44.000000000 +0100
+++ new/sealed-secrets-0.20.1/pkg/controller/keys.go 2023-03-15
12:38:40.000000000 +0100
@@ -21,7 +21,7 @@
var (
// ErrPrivateKeyNotRSA is returned when the private key is not a valid
RSA key.
- ErrPrivateKeyNotRSA = errors.New("Private key is not an RSA key")
+ ErrPrivateKeyNotRSA = errors.New("private key is not an RSA key")
)
func generatePrivateKeyAndCert(keySize int, validFor time.Duration, cn string)
(*rsa.PrivateKey, *x509.Certificate, error) {
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/sealed-secrets-0.19.5/pkg/controller/main.go
new/sealed-secrets-0.20.1/pkg/controller/main.go
--- old/sealed-secrets-0.19.5/pkg/controller/main.go 2023-02-15
13:34:44.000000000 +0100
+++ new/sealed-secrets-0.20.1/pkg/controller/main.go 2023-03-15
12:38:40.000000000 +0100
@@ -23,6 +23,7 @@
"k8s.io/client-go/informers"
ssv1alpha1
"github.com/bitnami-labs/sealed-secrets/pkg/apis/sealedsecrets/v1alpha1"
+ "github.com/bitnami-labs/sealed-secrets/pkg/client/clientset/versioned"
sealedsecrets
"github.com/bitnami-labs/sealed-secrets/pkg/client/clientset/versioned"
ssinformers
"github.com/bitnami-labs/sealed-secrets/pkg/client/informers/externalversions"
)
@@ -48,6 +49,7 @@
RateLimitBurst int
OldGCBehavior bool
UpdateStatus bool
+ SkipRecreate bool
}
func initKeyPrefix(keyPrefix string) (string, error) {
@@ -195,9 +197,7 @@
}
}
- sinformer := informers.NewFilteredSharedInformerFactory(clientset, 0,
namespace, tweakopts)
- ssinformer := ssinformers.NewFilteredSharedInformerFactory(ssclientset,
0, namespace, tweakopts)
- controller, err := NewController(clientset, ssclientset, ssinformer,
sinformer, keyRegistry)
+ controller, err := prepareController(clientset, namespace, tweakopts,
f, ssclientset, keyRegistry)
if err != nil {
return err
}
@@ -212,10 +212,6 @@
if f.AdditionalNamespaces != "" {
addNS := removeDuplicates(strings.Split(f.AdditionalNamespaces,
","))
- var ssinf ssinformers.SharedInformerFactory
- var sinf informers.SharedInformerFactory
- var ctlr *Controller
-
for _, ns := range addNS {
if _, err := clientset.CoreV1().Namespaces().Get(ctx,
ns, metav1.GetOptions{}); err != nil {
if errors.IsNotFound(err) {
@@ -225,9 +221,7 @@
return err
}
if ns != namespace {
- ssinf =
ssinformers.NewFilteredSharedInformerFactory(ssclientset, 0, ns, tweakopts)
- sinf =
informers.NewFilteredSharedInformerFactory(clientset, 0, ns, tweakopts)
- ctlr, err = NewController(clientset,
ssclientset, ssinf, sinf, keyRegistry)
+ ctlr, err := prepareController(clientset, ns,
tweakopts, f, ssclientset, keyRegistry)
if err != nil {
return err
}
@@ -255,3 +249,17 @@
return server.Shutdown(context.Background())
}
+
+func prepareController(clientset kubernetes.Interface, namespace string,
tweakopts func(*metav1.ListOptions), f *Flags, ssclientset versioned.Interface,
keyRegistry *KeyRegistry) (*Controller, error) {
+ sinformer := initSecretInformerFactory(clientset, namespace, tweakopts,
f.SkipRecreate)
+ ssinformer := ssinformers.NewFilteredSharedInformerFactory(ssclientset,
0, namespace, tweakopts)
+ controller, err := NewController(clientset, ssclientset, ssinformer,
sinformer, keyRegistry)
+ return controller, err
+}
+
+func initSecretInformerFactory(clientset kubernetes.Interface, ns string,
tweakopts func(*metav1.ListOptions), skipRecreate bool)
informers.SharedInformerFactory {
+ if skipRecreate {
+ return nil
+ }
+ return informers.NewFilteredSharedInformerFactory(clientset, 0, ns,
tweakopts)
+}
++++++ vendor.tar.gz ++++++
/work/SRC/openSUSE:Factory/kubeseal/vendor.tar.gz
/work/SRC/openSUSE:Factory/.kubeseal.new.31432/vendor.tar.gz differ: char 5,
line 1
