Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package kubeseal for openSUSE:Factory
checked in at 2023-04-17 18:15:27
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/kubeseal (Old)
and /work/SRC/openSUSE:Factory/.kubeseal.new.2023 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "kubeseal"
Mon Apr 17 18:15:27 2023 rev:16 rq:1079947 version:0.20.3
Changes:
--------
--- /work/SRC/openSUSE:Factory/kubeseal/kubeseal.changes 2023-03-21
17:44:22.310646359 +0100
+++ /work/SRC/openSUSE:Factory/.kubeseal.new.2023/kubeseal.changes
2023-04-17 18:15:28.382197084 +0200
@@ -1,0 +2,24 @@
+Mon Apr 17 13:30:45 UTC 2023 - ka...@b1-systems.de
+
+- Update to version 0.20.3:
+ * Release version v0.20.3 (#1178)
+ * Generate embedded ObjectMeta in CRD (#1177)
+ * Sign images using Cosign v2 (#1176)
+ * Bump golang.org/x/crypto from 0.7.0 to 0.8.0 (#1175)
+ * ReProcess only on spec changes (#1174)
+ * Upgrade sealed secrets to Go 1.20 (#1173)
+ * Feature/updatereadme (#1172)
+ * Bump github.com/onsi/gomega from 1.27.5 to 1.27.6 (#1169)
+ * order certs by notBefore date (#1153)
+ * Feature/updatevib (#1165)
+ * Bump github.com/mattn/go-isatty from 0.0.17 to 0.0.18 (#1167)
+ * Bump github.com/onsi/gomega from 1.27.4 to 1.27.5 (#1168)
+ * Update vib action (#1164)
+ * Verify chart with secret recreation disabled (#1163)
+ * Remove automountServiceAccountToken parameter (#1162)
+ * Bump k8s.io/code-generator from 0.26.2 to 0.26.3 (#1159)
+ * Bump k8s.io/client-go from 0.26.2 to 0.26.3 (#1157)
+ * Release Carvel package 2.8.1 (#1156)
+ * Release chart v2.8.1 (#1155)
+
+-------------------------------------------------------------------
Old:
----
sealed-secrets-0.20.2.obscpio
New:
----
sealed-secrets-0.20.3.obscpio
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ kubeseal.spec ++++++
--- /var/tmp/diff_new_pack.4BLGJg/_old 2023-04-17 18:15:29.430203201 +0200
+++ /var/tmp/diff_new_pack.4BLGJg/_new 2023-04-17 18:15:29.434203225 +0200
@@ -21,7 +21,7 @@
%define archive_name sealed-secrets
Name: kubeseal
-Version: 0.20.2
+Version: 0.20.3
Release: 0
Summary: CLI for encrypting secrets to SealedSecrets
License: Apache-2.0
++++++ _service ++++++
--- /var/tmp/diff_new_pack.4BLGJg/_old 2023-04-17 18:15:29.470203434 +0200
+++ /var/tmp/diff_new_pack.4BLGJg/_new 2023-04-17 18:15:29.474203458 +0200
@@ -3,7 +3,7 @@
<param name="url">https://github.com/bitnami-labs/sealed-secrets</param>
<param name="scm">git</param>
<param name="exclude">.git</param>
- <param name="revision">v0.20.2</param>
+ <param name="revision">v0.20.3</param>
<param name="versionformat">@PARENT_TAG@</param>
<param name="changesgenerate">enable</param>
<param name="versionrewrite-pattern">v(.*)</param>
@@ -17,7 +17,7 @@
<param name="compression">gz</param>
</service>
<service name="go_modules" mode="disabled">
- <param name="archive">sealed-secrets-0.20.2.obscpio</param>
+ <param name="archive">sealed-secrets-0.20.3.obscpio</param>
</service>
</services>
++++++ _servicedata ++++++
--- /var/tmp/diff_new_pack.4BLGJg/_old 2023-04-17 18:15:29.542203855 +0200
+++ /var/tmp/diff_new_pack.4BLGJg/_new 2023-04-17 18:15:29.546203878 +0200
@@ -1,6 +1,6 @@
<servicedata>
<service name="tar_scm">
<param
name="url">https://github.com/bitnami-labs/sealed-secrets</param>
- <param
name="changesrevision">8de5579df4a683d95135275938d9000d4407da8b</param></service></servicedata>
+ <param
name="changesrevision">36da266068a225040d1ed8e60b41277d8126b17a</param></service></servicedata>
(No newline at EOF)
++++++ sealed-secrets-0.20.2.obscpio -> sealed-secrets-0.20.3.obscpio ++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/sealed-secrets-0.20.2/.github/workflows/ci.yml
new/sealed-secrets-0.20.3/.github/workflows/ci.yml
--- old/sealed-secrets-0.20.2/.github/workflows/ci.yml 2023-03-20
15:59:05.000000000 +0100
+++ new/sealed-secrets-0.20.3/.github/workflows/ci.yml 2023-04-17
12:37:45.000000000 +0200
@@ -38,7 +38,7 @@
matrix:
go: ${{ fromJSON(needs.load-versions.outputs.go_version_list) }}
os: [ubuntu-latest]
- golangci-lint: ["1.49.0"]
+ golangci-lint: ["1.52.2"]
steps:
- name: Set up Go 1.x
uses: actions/setup-go@v3.3.1
@@ -64,7 +64,7 @@
matrix:
go: ${{ fromJSON(needs.load-versions.outputs.go_version_list) }}
os: [ubuntu-latest]
- gosec: ["2.12.0"]
+ gosec: ["2.15.0"]
steps:
- name: Set up Go 1.x
uses: actions/setup-go@v3.3.1
@@ -128,18 +128,13 @@
uses: actions/checkout@v3.1.0
- name: Install Cosign
- uses: sigstore/cosign-installer@v2.7.0
+ uses: sigstore/cosign-installer@v3.0.2
- name: Distroless verify
run: |
diff <(grep FROM docker/kubeseal.Dockerfile | awk '{print $2}') \
<(grep FROM docker/controller.Dockerfile | awk '{print $2}')
- cosign verify --key /dev/stdin "$(grep FROM
docker/controller.Dockerfile | awk '{print $2}')" <<EOF
- -----BEGIN PUBLIC KEY-----
- MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEWZzVzkb8A+DbgDpaJId/bOmV8n7Q
- OqxYbK0Iro6GzSmOzxkn+N2AKawLyXi84WSwJQBK//psATakCgAQKkNTAA==
- -----END PUBLIC KEY-----
- EOF
+ cosign verify "$(grep FROM docker/controller.Dockerfile | awk '{print
$2}')" --certificate-oidc-issuer https://accounts.google.com
--certificate-identity keyl...@distroless.iam.gserviceaccount.com
- name: Setup kubecfg
run: |
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/sealed-secrets-0.20.2/.github/workflows/helm-vib-lint.yaml
new/sealed-secrets-0.20.3/.github/workflows/helm-vib-lint.yaml
--- old/sealed-secrets-0.20.2/.github/workflows/helm-vib-lint.yaml
2023-03-20 15:59:05.000000000 +0100
+++ new/sealed-secrets-0.20.3/.github/workflows/helm-vib-lint.yaml
2023-04-17 12:37:45.000000000 +0200
@@ -23,4 +23,4 @@
with:
ref: ${{github.event.pull_request.head.ref}}
repository: ${{github.event.pull_request.head.repo.full_name}}
- - uses: vmware-labs/vmware-image-builder-action@0.4.7
+ - uses: vmware-labs/vmware-image-builder-action@v0.6.0
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/sealed-secrets-0.20.2/.github/workflows/helm-vib.yaml
new/sealed-secrets-0.20.3/.github/workflows/helm-vib.yaml
--- old/sealed-secrets-0.20.2/.github/workflows/helm-vib.yaml 2023-03-20
15:59:05.000000000 +0100
+++ new/sealed-secrets-0.20.3/.github/workflows/helm-vib.yaml 2023-04-17
12:37:45.000000000 +0200
@@ -20,20 +20,26 @@
strategy:
matrix:
include:
- - target-platform: gke
+ - name: GKE
+ target-platform: gke
target-platform-id: 91d398a2-25c4-4cda-8732-75a3cfc179a1
target-pipeline: vib-platform-verify.json
- - target-platform: openshift
+ - name: GKE Skip Recreate
+ target-platform: gke
+ target-platform-id: 91d398a2-25c4-4cda-8732-75a3cfc179a1
+ target-pipeline: vib-platform-verify-skip-recreate.json
+ - name: Openshift
+ target-platform: openshift
target-platform-id: ebac9e0d-3931-4515-ba54-e6adada1f174
target-pipeline: vib-platform-verify-openshift.json
fail-fast: false
- name: Verify chart in ${{ matrix.target-platform}}
+ name: Verify chart (${{ matrix.name }})
steps:
- uses: actions/checkout@v3.1.0
with:
ref: ${{ github.event.pull_request.head.ref }}
repository: ${{ github.event.pull_request.head.repo.full_name }}
- - uses: vmware-labs/vmware-image-builder-action@0.4.7
+ - uses: vmware-labs/vmware-image-builder-action@v0.6.0
with:
pipeline: ${{ matrix.target-pipeline }}
env:
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/sealed-secrets-0.20.2/.github/workflows/release.yaml
new/sealed-secrets-0.20.3/.github/workflows/release.yaml
--- old/sealed-secrets-0.20.2/.github/workflows/release.yaml 2023-03-20
15:59:05.000000000 +0100
+++ new/sealed-secrets-0.20.3/.github/workflows/release.yaml 2023-04-17
12:37:45.000000000 +0200
@@ -60,7 +60,7 @@
# Setup Cosign
- name: Install Cosign
- uses: sigstore/cosign-installer@v2.7.0
+ uses: sigstore/cosign-installer@v3.0.2
- name: Write Cosign key
run: echo "$COSIGN_KEY" > /tmp/cosign.key
env:
@@ -134,7 +134,7 @@
tags: ${{ steps.meta_kubeseal.outputs.tags }}
- name: Sign controller image with a key in GHCR
run: |
- echo -n "$COSIGN_PASSWORD" | cosign sign --key /tmp/cosign.key
$TAG_CURRENT
+ echo -n "$COSIGN_PASSWORD" | cosign sign --key /tmp/cosign.key --yes
$TAG_CURRENT
env:
COSIGN_PASSWORD: ${{ secrets.COSIGN_PASSWORD }}
TAG_CURRENT: ${{ steps.meta_controller.outputs.tags }}
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/sealed-secrets-0.20.2/.vib/vib-platform-verify-skip-recreate.json
new/sealed-secrets-0.20.3/.vib/vib-platform-verify-skip-recreate.json
--- old/sealed-secrets-0.20.2/.vib/vib-platform-verify-skip-recreate.json
1970-01-01 01:00:00.000000000 +0100
+++ new/sealed-secrets-0.20.3/.vib/vib-platform-verify-skip-recreate.json
2023-04-17 12:37:45.000000000 +0200
@@ -0,0 +1,37 @@
+{
+ "phases": {
+ "package": {
+ "context": {
+ "resources": {
+ "url": "{SHA_ARCHIVE}",
+ "path": "/helm/sealed-secrets"
+ }
+ },
+ "actions": [
+ {
+ "action_id": "helm-package"
+ }
+ ]
+ },
+ "verify": {
+ "context": {
+ "resources": {
+ "url": "{SHA_ARCHIVE}",
+ "path": "/.vib/"
+ },
+ "runtime_parameters":
"IyMgQ3JlYXRlIFNlYWxlZCBTZWNyZXRzIGNvbnRyb2xsZXIgc2hvdWxkIGJlIGNyZWF0ZWQKY3JlYXRlQ29udHJvbGxlcjogdHJ1ZQojIyBTZWNyZXQgY29udGFpbmluZyB0aGUga2V5IHVzZWQgdG8gZW5jcnlwdCBzZWNyZXRzCnNlY3JldE5hbWU6ICJzZWFsZWQtc2VjcmV0cy1rZXkiCiMjIFJlbmV3IGtleXMgZXZlcnkgd2VlawprZXlyZW5ld3BlcmlvZDogIjE2OGgiCiMgU2tpcCBzZWNyZXQgcmVjcmVhdGlvbgpza2lwUmVjcmVhdGU6IHRydWUKc2VydmljZToKICB0eXBlOiBMb2FkQmFsYW5jZXIKICBwb3J0OiA4MAo=",
+ "target_platform": {
+ "target_platform_id": "{TARGET_PLATFORM}"
+ }
+ },
+ "actions": [
+ {
+ "action_id": "health-check",
+ "params": {
+ "endpoint": "lb-sealed-secrets-http"
+ }
+ }
+ ]
+ }
+ }
+}
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/sealed-secrets-0.20.2/Makefile
new/sealed-secrets-0.20.3/Makefile
--- old/sealed-secrets-0.20.2/Makefile 2023-03-20 15:59:05.000000000 +0100
+++ new/sealed-secrets-0.20.3/Makefile 2023-04-17 12:37:45.000000000 +0200
@@ -55,7 +55,7 @@
cp -r gentmp/github.com/bitnami-labs/sealed-secrets/pkg . && rm -rf
gentmp/
manifests:
- $(CONTROLLER_GEN) crd paths="./pkg/apis/..." output:stdout | tail -n +2
> helm/sealed-secrets/crds/bitnami.com_sealedsecrets.yaml
+ $(CONTROLLER_GEN) crd:generateEmbeddedObjectMeta=true
paths="./pkg/apis/..." output:stdout | tail -n +2 >
helm/sealed-secrets/crds/bitnami.com_sealedsecrets.yaml
yq '.spec.versions[0].schema' <
helm/sealed-secrets/crds/bitnami.com_sealedsecrets.yaml > schema-v1alpha1.yaml
controller: $(GO_FILES)
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/sealed-secrets-0.20.2/README.md
new/sealed-secrets-0.20.3/README.md
--- old/sealed-secrets-0.20.2/README.md 2023-03-20 15:59:05.000000000 +0100
+++ new/sealed-secrets-0.20.3/README.md 2023-04-17 12:37:45.000000000 +0200
@@ -5,7 +5,7 @@
[](https://formulae.brew.sh/formula/kubeseal)
[](https://github.com/bitnami-labs/sealed-secrets/actions/workflows/ci.yml)
[](https://github.com/bitnami-labs/sealed-secrets/releases)
-[](https://github.com/bitnami-labs/sealed-secrets/actions/workflows/helm-vib.yaml)
+[](https://hub.docker.com/r/bitnami/sealed-secrets-controller)
[](https://goreportcard.com/report/github.com/bitnami-labs/sealed-secrets)
@@ -716,6 +716,8 @@
Our images are being signed using
[cosign](https://github.com/sigstore/cosign). The signatures have been saved in
our [GitHub Container
Registry](https://ghcr.io/bitnami-labs/sealed-secrets-controller/signs).
+> Images up to and including v0.20.2 were signed using Cosign v1. Newer images
are signed with Cosign v2.
+
It is pretty simple to verify the images:
```bash
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/sealed-secrets-0.20.2/RELEASE-NOTES.md
new/sealed-secrets-0.20.3/RELEASE-NOTES.md
--- old/sealed-secrets-0.20.2/RELEASE-NOTES.md 2023-03-20 15:59:05.000000000
+0100
+++ new/sealed-secrets-0.20.3/RELEASE-NOTES.md 2023-04-17 12:37:45.000000000
+0200
@@ -4,6 +4,29 @@
[](https://github.com/bitnami-labs/sealed-secrets/releases/latest)
+## v0.20.3
+
+### Changelog
+
+- Generate embedded ObjectMeta in CRD
([#1177](https://github.com/bitnami-labs/sealed-secrets/pull/1177))
+- Sign images using Cosign v2
([#1176](https://github.com/bitnami-labs/sealed-secrets/pull/1176))
+- ReProcess only on spec changes
([#1174](https://github.com/bitnami-labs/sealed-secrets/pull/1174))
+- Upgrade sealed secrets to Go 1.20
([#1173](https://github.com/bitnami-labs/sealed-secrets/pull/1173))
+- Remove automountServiceAccountToken parameter
([#1162](https://github.com/bitnami-labs/sealed-secrets/pull/1162))
+- Verify chart with secret recreation disabled
([#1163](https://github.com/bitnami-labs/sealed-secrets/pull/1163))
+- Bump golang.org/x/crypto from 0.7.0 to 0.8.0
([#1175](https://github.com/bitnami-labs/sealed-secrets/pull/1175))
+- Bump github.com/onsi/gomega from 1.27.5 to 1.27.6
([#1169](https://github.com/bitnami-labs/sealed-secrets/pull/1169))
+- Bump github.com/onsi/gomega from 1.27.4 to 1.27.5
([#1168](https://github.com/bitnami-labs/sealed-secrets/pull/1168))
+- Bump github.com/mattn/go-isatty from 0.0.17 to 0.0.18
([#1167](https://github.com/bitnami-labs/sealed-secrets/pull/1167))
+- Bump github.com/onsi/ginkgo/v2 from 2.9.1 to 2.9.2
([#1166](https://github.com/bitnami-labs/sealed-secrets/pull/1166))
+- Bump k8s.io/apimachinery from 0.26.2 to 0.26.3
([#1160](https://github.com/bitnami-labs/sealed-secrets/pull/1160))
+- Bump k8s.io/code-generator from 0.26.2 to 0.26.3
([#1159](https://github.com/bitnami-labs/sealed-secrets/pull/1159))
+- Bump k8s.io/api from 0.26.2 to 0.26.3
([#1158](https://github.com/bitnami-labs/sealed-secrets/pull/1158))
+- Bump k8s.io/client-go from 0.26.2 to 0.26.3
([#1157](https://github.com/bitnami-labs/sealed-secrets/pull/1157))
+- Update VIB release tag format
([#1165](https://github.com/bitnami-labs/sealed-secrets/pull/1165))
+- Update VIB action
([#1164](https://github.com/bitnami-labs/sealed-secrets/pull/1164))
+- Include dockerhub pull statistics in the project README
([#1172](https://github.com/bitnami-labs/sealed-secrets/pull/1172))
+
## v0.20.2
### Changelog
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/sealed-secrets-0.20.2/carvel/package.yaml
new/sealed-secrets-0.20.3/carvel/package.yaml
--- old/sealed-secrets-0.20.2/carvel/package.yaml 2023-03-20
15:59:05.000000000 +0100
+++ new/sealed-secrets-0.20.3/carvel/package.yaml 2023-04-17
12:37:45.000000000 +0200
@@ -1,10 +1,10 @@
apiVersion: data.packaging.carvel.dev/v1alpha1
kind: Package
metadata:
- name: "sealedsecrets.bitnami.com.2.8.0"
+ name: "sealedsecrets.bitnami.com.2.8.1"
spec:
refName: "sealedsecrets.bitnami.com"
- version: "2.8.0"
+ version: "2.8.1"
valuesSchema:
openAPIv3:
title: Chart Values
@@ -45,7 +45,7 @@
tag:
type: string
description: Sealed Secrets image tag (immutable tags are
recommended)
- default: v0.20.1
+ default: v0.20.2
pullPolicy:
type: string
description: Sealed Secrets image pull policy
@@ -424,7 +424,7 @@
spec:
fetch:
- imgpkgBundle:
- image:
ghcr.io/bitnami-labs/sealed-secrets-carvel:sha256-7756e673751ef59ce0c0e989e04b7986a4fa97f94edbc84ce7f55a5c5fd5ca88.imgpkg
+ image:
ghcr.io/bitnami-labs/sealed-secrets-carvel:sha256-8b2a9f03252d659c687be0089e198bf289d5242d4efbcb2c915ca52ee860aea7.imgpkg
template:
- helmTemplate:
path: sealed-secrets
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/sealed-secrets-0.20.2/cmd/kubeseal/main.go
new/sealed-secrets-0.20.3/cmd/kubeseal/main.go
--- old/sealed-secrets-0.20.2/cmd/kubeseal/main.go 2023-03-20
15:59:05.000000000 +0100
+++ new/sealed-secrets-0.20.3/cmd/kubeseal/main.go 2023-04-17
12:37:45.000000000 +0200
@@ -189,6 +189,7 @@
if err != nil {
return err
}
+ // #nosec: G307 -- this deferred close is fine because it is not on a
writable file
defer f.Close()
if flags.dumpCert {
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/sealed-secrets-0.20.2/go.mod
new/sealed-secrets-0.20.3/go.mod
--- old/sealed-secrets-0.20.2/go.mod 2023-03-20 15:59:05.000000000 +0100
+++ new/sealed-secrets-0.20.3/go.mod 2023-04-17 12:37:45.000000000 +0200
@@ -1,23 +1,23 @@
module github.com/bitnami-labs/sealed-secrets
-go 1.19
+go 1.20
require (
github.com/google/go-cmp v0.5.9
github.com/google/renameio v0.1.0
- github.com/mattn/go-isatty v0.0.17
+ github.com/mattn/go-isatty v0.0.18
github.com/mkmik/multierror v0.3.0
- github.com/onsi/ginkgo/v2 v2.9.1
- github.com/onsi/gomega v1.27.4
+ github.com/onsi/ginkgo/v2 v2.9.2
+ github.com/onsi/gomega v1.27.6
github.com/prometheus/client_golang v1.14.0
github.com/spf13/pflag v1.0.5
github.com/throttled/throttled v2.2.5+incompatible
- golang.org/x/crypto v0.7.0
+ golang.org/x/crypto v0.8.0
gopkg.in/yaml.v2 v2.4.0
- k8s.io/api v0.26.2
- k8s.io/apimachinery v0.26.2
- k8s.io/client-go v0.26.2
- k8s.io/code-generator v0.26.2
+ k8s.io/api v0.26.3
+ k8s.io/apimachinery v0.26.3
+ k8s.io/client-go v0.26.3
+ k8s.io/code-generator v0.26.3
k8s.io/klog v1.0.0
k8s.io/klog/v2 v2.90.1
)
@@ -32,7 +32,7 @@
github.com/go-openapi/jsonpointer v0.19.5 // indirect
github.com/go-openapi/jsonreference v0.20.0 // indirect
github.com/go-openapi/swag v0.21.1 // indirect
- github.com/go-task/slim-sprig v0.0.0-20210107165309-348f09dbbbc0 //
indirect
+ github.com/go-task/slim-sprig v0.0.0-20230315185526-52ccab3ef572 //
indirect
github.com/gogo/protobuf v1.3.2 // indirect
github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da //
indirect
github.com/golang/protobuf v1.5.3 // indirect
@@ -54,11 +54,11 @@
github.com/prometheus/common v0.37.0 // indirect
github.com/prometheus/procfs v0.8.0 // indirect
golang.org/x/mod v0.9.0 // indirect
- golang.org/x/net v0.8.0 // indirect
+ golang.org/x/net v0.9.0 // indirect
golang.org/x/oauth2 v0.0.0-20220223155221-ee480838109b // indirect
- golang.org/x/sys v0.6.0 // indirect
- golang.org/x/term v0.6.0 // indirect
- golang.org/x/text v0.8.0 // indirect
+ golang.org/x/sys v0.7.0 // indirect
+ golang.org/x/term v0.7.0 // indirect
+ golang.org/x/text v0.9.0 // indirect
golang.org/x/time v0.0.0-20220210224613-90d013bbcef8 // indirect
golang.org/x/tools v0.7.0 // indirect
google.golang.org/appengine v1.6.7 // indirect
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/sealed-secrets-0.20.2/go.sum
new/sealed-secrets-0.20.3/go.sum
--- old/sealed-secrets-0.20.2/go.sum 2023-03-20 15:59:05.000000000 +0100
+++ new/sealed-secrets-0.20.3/go.sum 2023-04-17 12:37:45.000000000 +0200
@@ -99,8 +99,8 @@
github.com/go-openapi/swag v0.21.1
h1:wm0rhTb5z7qpJRHBdPOMuY4QjVUMbF6/kwoYeRAOrKU=
github.com/go-openapi/swag v0.21.1/go.mod
h1:QYRuS/SOXUCsnplDa677K7+DxSOj6IPNl/eQntq43wQ=
github.com/go-stack/stack v1.8.0/go.mod
h1:v0f6uXyyMGvRgIKkXu+yp6POWl0qKG85gN/melR3HDY=
-github.com/go-task/slim-sprig v0.0.0-20210107165309-348f09dbbbc0
h1:p104kn46Q8WdvHunIJ9dAyjPVtrBPhSr3KT2yUst43I=
-github.com/go-task/slim-sprig v0.0.0-20210107165309-348f09dbbbc0/go.mod
h1:fyg7847qk6SyHyPtNmDHnmrv/HOrqktSC+C9fM+CJOE=
+github.com/go-task/slim-sprig v0.0.0-20230315185526-52ccab3ef572
h1:tfuBGBXKqDEevZMzYi5KSi8KkcZtzBcTgAUUtapy0OI=
+github.com/go-task/slim-sprig v0.0.0-20230315185526-52ccab3ef572/go.mod
h1:9Pwr4B2jHnOSGXyyzV8ROjYa2ojvAY6HCGYYfMoC3Ls=
github.com/gogo/protobuf v1.1.1/go.mod
h1:r8qH/GZQm5c6nD/R0oafs1akxWv10x8SbQlK7atdtwQ=
github.com/gogo/protobuf v1.3.2 h1:Ov1cvc58UF3b5XjBnZv7+opcTcQFZebYjWzi34vdm4Q=
github.com/gogo/protobuf v1.3.2/go.mod
h1:P1XiOD3dCwIKUDQYPy72D8LYyHL2YPYrpS2s69NZV8Q=
@@ -208,8 +208,8 @@
github.com/mailru/easyjson v0.7.6/go.mod
h1:xzfreul335JAWq5oZzymOObrkdz5UnU4kGfJJLY9Nlc=
github.com/mailru/easyjson v0.7.7
h1:UGYAvKxe3sBsEDzO8ZeWOSlIQfWFlxbzLZe7hwFURr0=
github.com/mailru/easyjson v0.7.7/go.mod
h1:xzfreul335JAWq5oZzymOObrkdz5UnU4kGfJJLY9Nlc=
-github.com/mattn/go-isatty v0.0.17
h1:BTarxUcIeDqL27Mc+vyvdWYSL28zpIhv3RoTdsLMPng=
-github.com/mattn/go-isatty v0.0.17/go.mod
h1:kYGgaQfpe5nmfYZH+SKPsOc2e4SrIfOl2e/yFXSvRLM=
+github.com/mattn/go-isatty v0.0.18
h1:DOKFKCQ7FNG2L1rbrmstDN4QVRdS89Nkh85u68Uwp98=
+github.com/mattn/go-isatty v0.0.18/go.mod
h1:W+V8PltTTMOvKvAeJH7IuucS94S2C6jfK/D7dTCTo3Y=
github.com/matttproud/golang_protobuf_extensions v1.0.1
h1:4hp9jkHxhMHkqkrB3Ix0jegS5sx/RkqARlsWZ6pIwiU=
github.com/matttproud/golang_protobuf_extensions v1.0.1/go.mod
h1:D8He9yQNgCq6Z5Ld7szi9bcBfOoFv/3dc6xSMkL2PC0=
github.com/mkmik/multierror v0.3.0
h1:FHr3n5BEVlzlTz8GRbuwimkL2zbdD2gTPcSh0wpRpUg=
@@ -227,10 +227,10 @@
github.com/mwitkow/go-conntrack v0.0.0-20190716064945-2f068394615f/go.mod
h1:qRWi+5nqEBWmkhHvq77mSJWrCKwh8bxhgT7d/eI7P4U=
github.com/niemeyer/pretty v0.0.0-20200227124842-a10e7caefd8e
h1:fD57ERR4JtEqsWbfPhv4DMiApHyliiK5xCTNVSPiaAs=
github.com/niemeyer/pretty v0.0.0-20200227124842-a10e7caefd8e/go.mod
h1:zD1mROLANZcx1PVRCS0qkT7pwLkGfwJo4zjcN/Tysno=
-github.com/onsi/ginkgo/v2 v2.9.1
h1:zie5Ly042PD3bsCvsSOPvRnFwyo3rKe64TJlD6nu0mk=
-github.com/onsi/ginkgo/v2 v2.9.1/go.mod
h1:FEcmzVcCHl+4o9bQZVab+4dC9+j+91t2FHSzmGAPfuo=
-github.com/onsi/gomega v1.27.4 h1:Z2AnStgsdSayCMDiCU42qIz+HLqEPcgiOCXjAU/w+8E=
-github.com/onsi/gomega v1.27.4/go.mod
h1:riYq/GJKh8hhoM01HN6Vmuy93AarCXCBGpvFDK3q3fQ=
+github.com/onsi/ginkgo/v2 v2.9.2
h1:BA2GMJOtfGAfagzYtrAlufIP0lq6QERkFmHLMLPwFSU=
+github.com/onsi/ginkgo/v2 v2.9.2/go.mod
h1:WHcJJG2dIlcCqVfBAwUCrJxSPFb6v4azBwgxeMeDuts=
+github.com/onsi/gomega v1.27.6 h1:ENqfyGeS5AX/rlXDd/ETokDz93u0YufY1Pgxuy/PvWE=
+github.com/onsi/gomega v1.27.6/go.mod
h1:PIQNjfQwkP3aQAH7lf7j87O/5FiNr+ZR8+ipb+qQlhg=
github.com/pkg/errors v0.8.0/go.mod
h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
github.com/pkg/errors v0.8.1/go.mod
h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4=
@@ -301,8 +301,8 @@
golang.org/x/crypto v0.0.0-20190605123033-f99c8df09eb5/go.mod
h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod
h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod
h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
-golang.org/x/crypto v0.7.0 h1:AvwMYaRytfdeVt3u6mLaxYtErKYjxA2OXjJ1HHq6t3A=
-golang.org/x/crypto v0.7.0/go.mod
h1:pYwdfH91IfpZVANVyUOhSIPZaFoJGxTFbZhFTx+dXZU=
+golang.org/x/crypto v0.8.0 h1:pd9TJtTueMTVQXzk8E2XESSMQDj/U7OUu0PqJqPXQjQ=
+golang.org/x/crypto v0.8.0/go.mod
h1:mRqEX+O9/h5TFCrQhkgjo2yKi0yYA+9ecGkdQoHrywE=
golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod
h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
golang.org/x/exp v0.0.0-20190306152737-a1d7652674e8/go.mod
h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
golang.org/x/exp v0.0.0-20190510132918-efd6b22b2522/go.mod
h1:ZjyILWgesfNpC6sMxTJOJm9Kp84zZh5NQWvqDGG3Qr8=
@@ -369,8 +369,8 @@
golang.org/x/net v0.0.0-20210805182204-aaa1db679c0d/go.mod
h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
golang.org/x/net v0.0.0-20220127200216-cd36cc0744dd/go.mod
h1:CfG3xpIq0wQ8r1q4Su4UZFWDARRcnwPjda9FqA0JpMk=
golang.org/x/net v0.0.0-20220225172249-27dd8689420f/go.mod
h1:CfG3xpIq0wQ8r1q4Su4UZFWDARRcnwPjda9FqA0JpMk=
-golang.org/x/net v0.8.0 h1:Zrh2ngAOFYneWTAIAPethzeaQLuHwhuBkuV6ZiRnUaQ=
-golang.org/x/net v0.8.0/go.mod h1:QVkue5JL9kW//ek3r6jTKnTFis1tRmNAW2P1shuFdJc=
+golang.org/x/net v0.9.0 h1:aWJ/m6xSmxWBx+V0XRHTlrYrPG56jKsLdTFmsSsCzOM=
+golang.org/x/net v0.9.0/go.mod h1:d48xBJpPfHeWQsugry2m+kC02ZBRGRgulfHnEXEuWns=
golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod
h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U=
golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod
h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45/go.mod
h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
@@ -430,13 +430,13 @@
golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod
h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/sys v0.0.0-20211216021012-1d35b9e2eb4e/go.mod
h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/sys v0.0.0-20220114195835-da31bd327af9/go.mod
h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.0.0-20220811171246-fbc7d0a398ab/go.mod
h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.6.0 h1:MVltZSvRTcU2ljQOhs94SXPftV6DCNnZViHeQps87pQ=
golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.7.0 h1:3jlCCIQZPdOYu1h8BkNvLz8Kgwtae2cagcG/VamtZRU=
+golang.org/x/sys v0.7.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod
h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod
h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
-golang.org/x/term v0.6.0 h1:clScbb1cHjoCkyRbWwBEUZ5H/tIFu5TAXIqaZD0Gcjw=
-golang.org/x/term v0.6.0/go.mod h1:m6U89DPEgQRMq3DNkDClhWw02AUbt2daBVO4cn4Hv9U=
+golang.org/x/term v0.7.0 h1:BEvjmm5fURWqcfbSKTdpkDXYBrUS1c0m8agp14W48vQ=
+golang.org/x/term v0.7.0/go.mod h1:P32HKFT3hSsZrRxla30E9HqToFYAQPCMs/zFMBUFqPY=
golang.org/x/text v0.0.0-20170915032832-14c0d48ead0c/go.mod
h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
golang.org/x/text v0.3.1-0.20180807135948-17ff2d5776d2/go.mod
h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
@@ -445,8 +445,8 @@
golang.org/x/text v0.3.5/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ=
-golang.org/x/text v0.8.0 h1:57P1ETyNKtuIjB4SRd15iJxuhj8Gc416Y78H3qgMh68=
-golang.org/x/text v0.8.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8=
+golang.org/x/text v0.9.0 h1:2sjJmO8cDvYveuX97RDLsxlyUxLl+GHoLxBiRdHllBE=
+golang.org/x/text v0.9.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8=
golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod
h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
golang.org/x/time v0.0.0-20190308202827-9d24e82272b4/go.mod
h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
golang.org/x/time v0.0.0-20191024005414-555d28b269f0/go.mod
h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
@@ -615,14 +615,14 @@
honnef.co/go/tools v0.0.1-2019.2.3/go.mod
h1:a3bituU0lyd329TUQxRnasdCoJDkEUEAqEt0JzvZhAg=
honnef.co/go/tools v0.0.1-2020.1.3/go.mod
h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k=
honnef.co/go/tools v0.0.1-2020.1.4/go.mod
h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k=
-k8s.io/api v0.26.2 h1:dM3cinp3PGB6asOySalOZxEG4CZ0IAdJsrYZXE/ovGQ=
-k8s.io/api v0.26.2/go.mod h1:1kjMQsFE+QHPfskEcVNgL3+Hp88B80uj0QtSOlj8itU=
-k8s.io/apimachinery v0.26.2 h1:da1u3D5wfR5u2RpLhE/ZtZS2P7QvDgLZTi9wrNZl/tQ=
-k8s.io/apimachinery v0.26.2/go.mod
h1:ats7nN1LExKHvJ9TmwootT00Yz05MuYqPXEXaVeOy5I=
-k8s.io/client-go v0.26.2 h1:s1WkVujHX3kTp4Zn4yGNFK+dlDXy1bAAkIl+cFAiuYI=
-k8s.io/client-go v0.26.2/go.mod h1:u5EjOuSyBa09yqqyY7m3abZeovO/7D/WehVVlZ2qcqU=
-k8s.io/code-generator v0.26.2 h1:QMgN5oXUgQe27uMaqpbT0hg6ti+rvgCWaHEDMHVhox8=
-k8s.io/code-generator v0.26.2/go.mod
h1:ryaiIKwfxEJEaywEzx3dhWOydpVctKYbqLajJf0O8dI=
+k8s.io/api v0.26.3 h1:emf74GIQMTik01Aum9dPP0gAypL8JTLl/lHa4V9RFSU=
+k8s.io/api v0.26.3/go.mod h1:PXsqwPMXBSBcL1lJ9CYDKy7kIReUydukS5JiRlxC3qE=
+k8s.io/apimachinery v0.26.3 h1:dQx6PNETJ7nODU3XPtrwkfuubs6w7sX0M8n61zHIV/k=
+k8s.io/apimachinery v0.26.3/go.mod
h1:ats7nN1LExKHvJ9TmwootT00Yz05MuYqPXEXaVeOy5I=
+k8s.io/client-go v0.26.3 h1:k1UY+KXfkxV2ScEL3gilKcF7761xkYsSD6BC9szIu8s=
+k8s.io/client-go v0.26.3/go.mod h1:ZPNu9lm8/dbRIPAgteN30RSXea6vrCpFvq+MateTUuQ=
+k8s.io/code-generator v0.26.3 h1:DNYPsWoeFwmg4qFg97Z1cHSSv7KSG10mAEIFoZGTQM8=
+k8s.io/code-generator v0.26.3/go.mod
h1:ryaiIKwfxEJEaywEzx3dhWOydpVctKYbqLajJf0O8dI=
k8s.io/gengo v0.0.0-20220902162205-c0856e24416d
h1:U9tB195lKdzwqicbJvyJeOXV7Klv+wNAWENRnXEGi08=
k8s.io/gengo v0.0.0-20220902162205-c0856e24416d/go.mod
h1:FiNAH4ZV3gBg2Kwh89tzAEV2be7d5xI0vBa/VySYy3E=
k8s.io/klog v1.0.0 h1:Pt+yjF5aB1xDSVbau4VsWe+dQNzA0qv1LlXdC2dF6Q8=
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/sealed-secrets-0.20.2/helm/sealed-secrets/Chart.yaml
new/sealed-secrets-0.20.3/helm/sealed-secrets/Chart.yaml
--- old/sealed-secrets-0.20.2/helm/sealed-secrets/Chart.yaml 2023-03-20
15:59:05.000000000 +0100
+++ new/sealed-secrets-0.20.3/helm/sealed-secrets/Chart.yaml 2023-04-17
12:37:45.000000000 +0200
@@ -1,7 +1,7 @@
annotations:
category: DeveloperTools
apiVersion: v2
-appVersion: v0.20.1
+appVersion: v0.20.2
description: Helm chart for the sealed-secrets controller.
home: https://github.com/bitnami-labs/sealed-secrets
icon:
https://bitnami.com/assets/stacks/sealed-secrets/img/sealed-secrets-stack-220x234.png
@@ -14,4 +14,4 @@
url: https://github.com/bitnami-labs/sealed-secrets
name: sealed-secrets
type: application
-version: 2.8.0
+version: 2.8.1
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/sealed-secrets-0.20.2/helm/sealed-secrets/README.md
new/sealed-secrets-0.20.3/helm/sealed-secrets/README.md
--- old/sealed-secrets-0.20.2/helm/sealed-secrets/README.md 2023-03-20
15:59:05.000000000 +0100
+++ new/sealed-secrets-0.20.3/helm/sealed-secrets/README.md 2023-04-17
12:37:45.000000000 +0200
@@ -22,7 +22,7 @@
- [Upgrading](#upgrading)
- [To 2.0.0](#to-200)
-<!-- END doctoc generated TOC please keep comment here to allow auto update -->
+<!-- END doctoc generated TOC please keep comment here to allow auto-update -->
## TL;DR
@@ -37,7 +37,7 @@
This chart bootstraps a [Sealed Secret
Controller](https://github.com/bitnami-labs/sealed-secrets) Deployment in
[Kubernetes](http://kubernetes.io) using the [Helm](https://helm.sh) package
manager.
-Bitnami charts can be used with [Kubeapps](https://kubeapps.com/) for
deployment and management of Helm Charts in clusters.
+Bitnami charts can be used with [Kubeapps](https://kubeapps.com/) for the
deployment and management of Helm Charts in clusters.
## Prerequisites
@@ -85,7 +85,7 @@
| ------------------------------------------------- |
--------------------------------------------------------------------------------------
| ----------------------------------- |
| `image.registry` | Sealed Secrets image
registry | `docker.io`
|
| `image.repository` | Sealed Secrets image
repository |
`bitnami/sealed-secrets-controller` |
-| `image.tag` | Sealed Secrets image tag
(immutable tags are recommended) | `v0.20.1`
|
+| `image.tag` | Sealed Secrets image tag
(immutable tags are recommended) | `v0.20.2`
|
| `image.pullPolicy` | Sealed Secrets image
pull policy |
`IfNotPresent` |
| `image.pullSecrets` | Sealed Secrets image
pull secrets | `[]`
|
| `createController` | Specifies whether the
Sealed Secrets controller should be created | `true`
|
@@ -128,7 +128,6 @@
| `containerSecurityContext.runAsNonRoot` | Indicates that the
Sealed Secret container must run as a non-root user | `true`
|
| `containerSecurityContext.runAsUser` | Set Sealed Secret
containers' Security Context runAsUser | `1001`
|
| `containerSecurityContext.capabilities` | Adds and removes POSIX
capabilities from running containers (see `values.yaml`) |
|
-| `automountServiceAccountToken` | whether to automatically
mount the service account API-token to a particular pod | `true`
|
| `podLabels` | Extra labels for Sealed
Secret pods | `{}`
|
| `podAnnotations` | Annotations for Sealed
Secret pods | `{}`
|
| `priorityClassName` | Sealed Secret pods'
priorityClassName | `""`
|
@@ -166,18 +165,17 @@
### Other Parameters
-| Name | Description
| Value |
-| --------------------------------------------- |
------------------------------------------------------------- |
------------------ |
-| `serviceAccount.annotations` | Annotations for Sealed
Secret service account | `{}` |
-| `serviceAccount.create` | Specifies whether a
ServiceAccount should be created | `true` |
-| `serviceAccount.labels` | Extra labels to be added to
the ServiceAccount | `{}` |
-| `serviceAccount.name` | The name of the
ServiceAccount to use. | `""` |
-| `serviceAccount.automountServiceAccountToken` | Specifies, whether to mount
the service account API-token | `true` |
-| `rbac.create` | Specifies whether RBAC
resources should be created | `true` |
-| `rbac.clusterRole` | Specifies whether the
Cluster Role resource should be created | `true` |
-| `rbac.clusterRoleName` | Specifies the name for the
Cluster Role resource | `secrets-unsealer` |
-| `rbac.labels` | Extra labels to be added to
RBAC resources | `{}` |
-| `rbac.pspEnabled` | PodSecurityPolicy
| `false` |
+| Name | Description
| Value |
+| ---------------------------- |
------------------------------------------------------------- |
------------------ |
+| `serviceAccount.annotations` | Annotations for Sealed Secret service account
| `{}` |
+| `serviceAccount.create` | Specifies whether a ServiceAccount should be
created | `true` |
+| `serviceAccount.labels` | Extra labels to be added to the
ServiceAccount | `{}` |
+| `serviceAccount.name` | The name of the ServiceAccount to use.
| `""` |
+| `rbac.create` | Specifies whether RBAC resources should be
created | `true` |
+| `rbac.clusterRole` | Specifies whether the Cluster Role resource
should be created | `true` |
+| `rbac.clusterRoleName` | Specifies the name for the Cluster Role
resource | `secrets-unsealer` |
+| `rbac.labels` | Extra labels to be added to RBAC resources
| `{}` |
+| `rbac.pspEnabled` | PodSecurityPolicy
| `false` |
### Metrics parameters
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/sealed-secrets-0.20.2/helm/sealed-secrets/crds/bitnami.com_sealedsecrets.yaml
new/sealed-secrets-0.20.3/helm/sealed-secrets/crds/bitnami.com_sealedsecrets.yaml
---
old/sealed-secrets-0.20.2/helm/sealed-secrets/crds/bitnami.com_sealedsecrets.yaml
2023-03-20 15:59:05.000000000 +0100
+++
new/sealed-secrets-0.20.3/helm/sealed-secrets/crds/bitnami.com_sealedsecrets.yaml
2023-04-17 12:37:45.000000000 +0200
@@ -2,7 +2,7 @@
kind: CustomResourceDefinition
metadata:
annotations:
- controller-gen.kubebuilder.io/version: v0.9.2
+ controller-gen.kubebuilder.io/version: v0.11.3
creationTimestamp: null
name: sealedsecrets.bitnami.com
spec:
@@ -59,6 +59,23 @@
metadata:
description: 'Standard object''s metadata. More info:
https://git.k8s.io/community/contributors/devel/api-conventions.md#metadata'
nullable: true
+ properties:
+ annotations:
+ additionalProperties:
+ type: string
+ type: object
+ finalizers:
+ items:
+ type: string
+ type: array
+ labels:
+ additionalProperties:
+ type: string
+ type: object
+ name:
+ type: string
+ namespace:
+ type: string
type: object
x-kubernetes-preserve-unknown-fields: true
type:
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/sealed-secrets-0.20.2/helm/sealed-secrets/templates/deployment.yaml
new/sealed-secrets-0.20.3/helm/sealed-secrets/templates/deployment.yaml
--- old/sealed-secrets-0.20.2/helm/sealed-secrets/templates/deployment.yaml
2023-03-20 15:59:05.000000000 +0100
+++ new/sealed-secrets-0.20.3/helm/sealed-secrets/templates/deployment.yaml
2023-04-17 12:37:45.000000000 +0200
@@ -46,7 +46,6 @@
securityContext: {{- omit .Values.podSecurityContext "enabled" | toYaml
| nindent 8 }}
{{- end }}
serviceAccountName: {{ include "sealed-secrets.serviceAccountName" . }}
- automountServiceAccountToken: {{ .Values.automountServiceAccountToken }}
{{- if .Values.hostNetwork }}
hostNetwork: true
{{- end }}
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/sealed-secrets-0.20.2/helm/sealed-secrets/templates/service-account.yaml
new/sealed-secrets-0.20.3/helm/sealed-secrets/templates/service-account.yaml
---
old/sealed-secrets-0.20.2/helm/sealed-secrets/templates/service-account.yaml
2023-03-20 15:59:05.000000000 +0100
+++
new/sealed-secrets-0.20.3/helm/sealed-secrets/templates/service-account.yaml
2023-04-17 12:37:45.000000000 +0200
@@ -1,7 +1,6 @@
{{ if .Values.serviceAccount.create }}
apiVersion: v1
kind: ServiceAccount
-automountServiceAccountToken: {{
.Values.serviceAccount.automountServiceAccountToken }}
metadata:
name: {{ include "sealed-secrets.serviceAccountName" . }}
namespace: {{ include "sealed-secrets.namespace" . }}
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/sealed-secrets-0.20.2/helm/sealed-secrets/values.yaml
new/sealed-secrets-0.20.3/helm/sealed-secrets/values.yaml
--- old/sealed-secrets-0.20.2/helm/sealed-secrets/values.yaml 2023-03-20
15:59:05.000000000 +0100
+++ new/sealed-secrets-0.20.3/helm/sealed-secrets/values.yaml 2023-04-17
12:37:45.000000000 +0200
@@ -33,7 +33,7 @@
image:
registry: docker.io
repository: bitnami/sealed-secrets-controller
- tag: v0.20.1
+ tag: v0.20.2
## Specify a imagePullPolicy
## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images
@@ -169,9 +169,6 @@
drop:
- ALL
-## @param automountServiceAccountToken whether to automatically mount the
service account API-token to a particular pod
-automountServiceAccountToken: true
-
## @param podLabels [object] Extra labels for Sealed Secret pods
## ref:
https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/
##
@@ -347,8 +344,6 @@
## If not set and create is true, a name is generated using the
sealed-secrets.fullname template
##
name: ""
- ## @param serviceAccount.automountServiceAccountToken Specifies, whether to
mount the service account API-token
- automountServiceAccountToken: true
## RBAC configuration
##
rbac:
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/sealed-secrets-0.20.2/pkg/apis/sealedsecrets/v1alpha1/types.go
new/sealed-secrets-0.20.3/pkg/apis/sealedsecrets/v1alpha1/types.go
--- old/sealed-secrets-0.20.2/pkg/apis/sealedsecrets/v1alpha1/types.go
2023-03-20 15:59:05.000000000 +0100
+++ new/sealed-secrets-0.20.3/pkg/apis/sealedsecrets/v1alpha1/types.go
2023-04-17 12:37:45.000000000 +0200
@@ -36,7 +36,7 @@
// More info:
https://git.k8s.io/community/contributors/devel/api-conventions.md#metadata
// +optional
// +nullable
- // +kubebuilder:validation:XPreserveUnknownFields
+ // +kubebuilder:pruning:PreserveUnknownFields
metav1.ObjectMeta `json:"metadata,omitempty"
protobuf:"bytes,1,opt,name=metadata"`
// Used to facilitate programmatic handling of secret data.
@@ -61,7 +61,7 @@
EncryptedData SealedSecretEncryptedData `json:"encryptedData"`
}
-// +kubebuilder:validation:XPreserveUnknownFields
+// +kubebuilder:pruning:PreserveUnknownFields
type SealedSecretEncryptedData map[string]string
func (s *SealedSecretEncryptedData) UnmarshalJSON(data []byte) error {
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/sealed-secrets-0.20.2/pkg/controller/controller.go
new/sealed-secrets-0.20.3/pkg/controller/controller.go
--- old/sealed-secrets-0.20.2/pkg/controller/controller.go 2023-03-20
15:59:05.000000000 +0100
+++ new/sealed-secrets-0.20.3/pkg/controller/controller.go 2023-04-17
12:37:45.000000000 +0200
@@ -7,6 +7,7 @@
"errors"
"fmt"
"log"
+ "reflect"
"time"
corev1 "k8s.io/api/core/v1"
@@ -109,9 +110,7 @@
}
func watchSealedSecrets(ssinformer ssinformer.SharedInformerFactory, queue
workqueue.RateLimitingInterface) (cache.SharedIndexInformer, error) {
- ssInformer := ssinformer.Bitnami().V1alpha1().
- SealedSecrets().
- Informer()
+ ssInformer := ssinformer.Bitnami().V1alpha1().SealedSecrets().Informer()
_, err := ssInformer.AddEventHandler(cache.ResourceEventHandlerFuncs{
AddFunc: func(obj interface{}) {
key, err := cache.MetaNamespaceKeyFunc(obj)
@@ -122,7 +121,11 @@
UpdateFunc: func(oldObj, newObj interface{}) {
key, err := cache.MetaNamespaceKeyFunc(newObj)
if err == nil {
- queue.Add(key)
+ if sealedSecretChanged(oldObj, newObj) {
+ queue.Add(key)
+ } else {
+ log.Printf("update suppressed, no
changes in sealed secret spec of %v", key)
+ }
}
},
DeleteFunc: func(obj interface{}) {
@@ -141,6 +144,18 @@
return ssInformer, nil
}
+func sealedSecretChanged(oldObj, newObj interface{}) bool {
+ oldSealedSecret, err := convertSealedSecret(oldObj)
+ if err != nil {
+ return true // any conversion error means we assume it might
have changed
+ }
+ newSealedSecret, err := convertSealedSecret(newObj)
+ if err != nil {
+ return true
+ }
+ return !reflect.DeepEqual(oldSealedSecret.Spec, newSealedSecret.Spec)
+}
+
func watchSecrets(sinformer informers.SharedInformerFactory, ssclientset
ssclientset.Interface, queue workqueue.RateLimitingInterface)
(cache.SharedIndexInformer, error) {
sInformer := sinformer.Core().V1().Secrets().Informer()
_, err := sInformer.AddEventHandler(cache.ResourceEventHandlerFuncs{
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/sealed-secrets-0.20.2/pkg/controller/keyregistry.go
new/sealed-secrets-0.20.3/pkg/controller/keyregistry.go
--- old/sealed-secrets-0.20.2/pkg/controller/keyregistry.go 2023-03-20
15:59:05.000000000 +0100
+++ new/sealed-secrets-0.20.3/pkg/controller/keyregistry.go 2023-04-17
12:37:45.000000000 +0200
@@ -20,7 +20,7 @@
private *rsa.PrivateKey
cert *x509.Certificate
fingerprint string
- creationTime time.Time
+ orderingTime time.Time
}
// A KeyRegistry manages the key pairs used to (un)seal secrets.
@@ -66,7 +66,7 @@
return generatedName, nil
}
-func (kr *KeyRegistry) registerNewKey(keyName string, privKey *rsa.PrivateKey,
cert *x509.Certificate, creationTime time.Time) error {
+func (kr *KeyRegistry) registerNewKey(keyName string, privKey *rsa.PrivateKey,
cert *x509.Certificate, orderingTime time.Time) error {
fingerprint, err := crypto.PublicKeyFingerprint(&privKey.PublicKey)
if err != nil {
return err
@@ -76,11 +76,11 @@
private: privKey,
cert: cert,
fingerprint: fingerprint,
- creationTime: creationTime,
+ orderingTime: orderingTime,
}
kr.keys[k.fingerprint] = k
- if kr.mostRecentKey == nil ||
kr.mostRecentKey.creationTime.Before(creationTime) {
+ if kr.mostRecentKey == nil ||
kr.mostRecentKey.orderingTime.Before(orderingTime) {
kr.mostRecentKey = k
}
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/sealed-secrets-0.20.2/pkg/controller/keys_test.go
new/sealed-secrets-0.20.3/pkg/controller/keys_test.go
--- old/sealed-secrets-0.20.2/pkg/controller/keys_test.go 2023-03-20
15:59:05.000000000 +0100
+++ new/sealed-secrets-0.20.3/pkg/controller/keys_test.go 2023-04-17
12:37:45.000000000 +0200
@@ -28,6 +28,10 @@
return crypto.SignKey(r, key, time.Hour, "testcn")
}
+func signKeyWithNotBefore(r io.Reader, key *rsa.PrivateKey, notBefore
time.Time) (*x509.Certificate, error) {
+ return crypto.SignKeyWithNotBefore(r, key, notBefore, time.Hour,
"testcn")
+}
+
func TestReadKey(t *testing.T) {
rand := testRand()
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/sealed-secrets-0.20.2/pkg/controller/main.go
new/sealed-secrets-0.20.3/pkg/controller/main.go
--- old/sealed-secrets-0.20.2/pkg/controller/main.go 2023-03-20
15:59:05.000000000 +0100
+++ new/sealed-secrets-0.20.3/pkg/controller/main.go 2023-04-17
12:37:45.000000000 +0200
@@ -82,8 +82,7 @@
if err != nil {
log.Printf("Error reading key %s: %v", secret.Name, err)
}
- ct := secret.CreationTimestamp
- if err := keyRegistry.registerNewKey(secret.Name, key,
certs[0], ct.Time); err != nil {
+ if err := keyRegistry.registerNewKey(secret.Name, key,
certs[0], certs[0].NotBefore); err != nil {
return nil, err
}
log.Printf("----- %s", secret.Name)
@@ -112,7 +111,7 @@
func initKeyRenewal(ctx context.Context, registry *KeyRegistry, period,
validFor time.Duration, cutoffTime time.Time, cn string) (func(), error) {
// Create a new key if it's the first key,
// or if it's older than cutoff time.
- if len(registry.keys) == 0 ||
registry.mostRecentKey.creationTime.Before(cutoffTime) {
+ if len(registry.keys) == 0 ||
registry.mostRecentKey.orderingTime.Before(cutoffTime) {
if _, err := registry.generateKey(ctx, validFor, cn); err !=
nil {
return nil, err
}
@@ -130,7 +129,7 @@
// If key rotation is enabled, we'll rotate the key when the most recent
// key becomes stale (older than period).
- mostRecentKeyAge := time.Since(registry.mostRecentKey.creationTime)
+ mostRecentKeyAge := time.Since(registry.mostRecentKey.orderingTime)
initialDelay := period - mostRecentKeyAge
if initialDelay < 0 {
initialDelay = 0
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/sealed-secrets-0.20.2/pkg/controller/main_test.go
new/sealed-secrets-0.20.3/pkg/controller/main_test.go
--- old/sealed-secrets-0.20.2/pkg/controller/main_test.go 2023-03-20
15:59:05.000000000 +0100
+++ new/sealed-secrets-0.20.3/pkg/controller/main_test.go 2023-04-17
12:37:45.000000000 +0200
@@ -204,11 +204,6 @@
t.Fatalf("Failed to generate test key: %v", err)
}
- cert, err := signKey(rand, key)
- if err != nil {
- t.Fatalf("signKey failed: %v", err)
- }
-
// we'll simulate the existence of a secret that is about to expire
// by making it old enough so that it's just "staleness" short of using
// the full rotation "period".
@@ -217,11 +212,17 @@
staleness = 100 * time.Millisecond
oldAge = period - staleness
)
+ notBefore := time.Now().Add(-oldAge)
+
+ cert, err := signKeyWithNotBefore(rand, key, notBefore)
+ if err != nil {
+ t.Fatalf("signKey failed: %v", err)
+ }
+
client := fake.NewSimpleClientset()
client.PrependReactor("create", "secrets", generateNameReactor)
- _, err = writeKey(ctx, client, key, []*x509.Certificate{cert},
"namespace", SealedSecretsKeyLabel, "prefix",
-
writeKeyWithCreationTime(metav1.NewTime(time.Now().Add(-oldAge))))
+ _, err = writeKey(ctx, client, key, []*x509.Certificate{cert},
"namespace", SealedSecretsKeyLabel, "prefix")
if err != nil {
t.Errorf("writeKey() failed with: %v", err)
}
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/sealed-secrets-0.20.2/pkg/crypto/keys.go
new/sealed-secrets-0.20.3/pkg/crypto/keys.go
--- old/sealed-secrets-0.20.2/pkg/crypto/keys.go 2023-03-20
15:59:05.000000000 +0100
+++ new/sealed-secrets-0.20.3/pkg/crypto/keys.go 2023-04-17
12:37:45.000000000 +0200
@@ -29,7 +29,13 @@
// TODO: use certificates API to get this signed by the cluster root CA
// See https://kubernetes.io/docs/tasks/tls/managing-tls-in-a-cluster/
- notBefore := time.Now()
+ return SignKeyWithNotBefore(r, key, time.Now(), validFor, cn)
+}
+
+// SignKeyWithNotBefore returns a signed certificate with custom notBefore.
+func SignKeyWithNotBefore(r io.Reader, key *rsa.PrivateKey, notBefore
time.Time, validFor time.Duration, cn string) (*x509.Certificate, error) {
+ // TODO: use certificates API to get this signed by the cluster root CA
+ // See https://kubernetes.io/docs/tasks/tls/managing-tls-in-a-cluster/
serialNo, err := rand.Int(r, new(big.Int).Lsh(big.NewInt(1), 128))
if err != nil {
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/sealed-secrets-0.20.2/schema-v1alpha1.yaml
new/sealed-secrets-0.20.3/schema-v1alpha1.yaml
--- old/sealed-secrets-0.20.2/schema-v1alpha1.yaml 2023-03-20
15:59:05.000000000 +0100
+++ new/sealed-secrets-0.20.3/schema-v1alpha1.yaml 2023-04-17
12:37:45.000000000 +0200
@@ -33,6 +33,23 @@
metadata:
description: 'Standard object''s metadata. More info:
https://git.k8s.io/community/contributors/devel/api-conventions.md#metadata'
nullable: true
+ properties:
+ annotations:
+ additionalProperties:
+ type: string
+ type: object
+ finalizers:
+ items:
+ type: string
+ type: array
+ labels:
+ additionalProperties:
+ type: string
+ type: object
+ name:
+ type: string
+ namespace:
+ type: string
type: object
x-kubernetes-preserve-unknown-fields: true
type:
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/sealed-secrets-0.20.2/versions.env
new/sealed-secrets-0.20.3/versions.env
--- old/sealed-secrets-0.20.2/versions.env 2023-03-20 15:59:05.000000000
+0100
+++ new/sealed-secrets-0.20.3/versions.env 2023-04-17 12:37:45.000000000
+0200
@@ -1,2 +1,2 @@
-GO_VERSION=1.19.4
+GO_VERSION=1.20.3
GO_VERSION_LIST="[\"$GO_VERSION\"]"
++++++ sealed-secrets.obsinfo ++++++
--- /var/tmp/diff_new_pack.4BLGJg/_old 2023-04-17 18:15:29.842205606 +0200
+++ /var/tmp/diff_new_pack.4BLGJg/_new 2023-04-17 18:15:29.842205606 +0200
@@ -1,5 +1,5 @@
name: sealed-secrets
-version: 0.20.2
-mtime: 1679324345
-commit: 8de5579df4a683d95135275938d9000d4407da8b
+version: 0.20.3
+mtime: 1681727865
+commit: 36da266068a225040d1ed8e60b41277d8126b17a
++++++ vendor.tar.gz ++++++
/work/SRC/openSUSE:Factory/kubeseal/vendor.tar.gz
/work/SRC/openSUSE:Factory/.kubeseal.new.2023/vendor.tar.gz differ: char 5,
line 1
