Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package kubeseal for openSUSE:Factory
checked in at 2024-01-05 21:42:35
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/kubeseal (Old)
and /work/SRC/openSUSE:Factory/.kubeseal.new.28375 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "kubeseal"
Fri Jan 5 21:42:35 2024 rev:27 rq:1136917 version:0.24.5
Changes:
--------
--- /work/SRC/openSUSE:Factory/kubeseal/kubeseal.changes 2023-11-16
20:30:18.876247368 +0100
+++ /work/SRC/openSUSE:Factory/.kubeseal.new.28375/kubeseal.changes
2024-01-05 21:44:02.992065303 +0100
@@ -1,0 +2,15 @@
+Thu Jan 04 17:55:17 UTC 2024 - opensuse_buildserv...@ojkastl.de
+
+- Update to version 0.24.5:
+ * Release notes for v0.24.5 (#1399)
+ * Update golang to the latest tooling version (#1398)
+ * Bump github.com/onsi/ginkgo/v2 from 2.13.1 to 2.13.2 (#1397)
+ * Bump golang.org/x/crypto from 0.15.0 to 0.16.0 (#1394)
+ * feat: Helm - Add sources (#1383)
+ * Expose controller metrics in an isolated port (#1369)
+ * Bump k8s.io/client-go from 0.28.3 to 0.28.4 (#1389)
+ * Bump k8s.io/code-generator from 0.28.3 to 0.28.4 (#1390)
+ * Update carvel package to v2.13.3 (#1381)
+ * Release chart 2.13.3 (#1380)
+
+-------------------------------------------------------------------
Old:
----
sealed-secrets-0.24.4.obscpio
New:
----
sealed-secrets-0.24.5.obscpio
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ kubeseal.spec ++++++
--- /var/tmp/diff_new_pack.lvV7lq/_old 2024-01-05 21:44:04.384116246 +0100
+++ /var/tmp/diff_new_pack.lvV7lq/_new 2024-01-05 21:44:04.384116246 +0100
@@ -1,7 +1,7 @@
#
# spec file for package kubeseal
#
-# Copyright (c) 2023 SUSE LLC
+# Copyright (c) 2024 SUSE LLC
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@@ -21,7 +21,7 @@
%define archive_name sealed-secrets
Name: kubeseal
-Version: 0.24.4
+Version: 0.24.5
Release: 0
Summary: CLI for encrypting secrets to SealedSecrets
License: Apache-2.0
++++++ _service ++++++
--- /var/tmp/diff_new_pack.lvV7lq/_old 2024-01-05 21:44:04.412117271 +0100
+++ /var/tmp/diff_new_pack.lvV7lq/_new 2024-01-05 21:44:04.416117417 +0100
@@ -3,7 +3,7 @@
<param name="url">https://github.com/bitnami-labs/sealed-secrets</param>
<param name="scm">git</param>
<param name="exclude">.git</param>
- <param name="revision">v0.24.4</param>
+ <param name="revision">v0.24.5</param>
<param name="versionformat">@PARENT_TAG@</param>
<param name="changesgenerate">enable</param>
<param name="versionrewrite-pattern">v(.*)</param>
@@ -17,7 +17,7 @@
<param name="compression">gz</param>
</service>
<service name="go_modules" mode="manual">
- <param name="archive">sealed-secrets-0.24.4.obscpio</param>
+ <param name="archive">sealed-secrets-0.24.5.obscpio</param>
</service>
</services>
++++++ _servicedata ++++++
--- /var/tmp/diff_new_pack.lvV7lq/_old 2024-01-05 21:44:04.432118002 +0100
+++ /var/tmp/diff_new_pack.lvV7lq/_new 2024-01-05 21:44:04.436118149 +0100
@@ -1,6 +1,6 @@
<servicedata>
<service name="tar_scm">
<param
name="url">https://github.com/bitnami-labs/sealed-secrets</param>
- <param
name="changesrevision">8fe2b61f3e553749ec18f288741579876d3b7c15</param></service></servicedata>
+ <param
name="changesrevision">64693897d3f03934d1c0063c0dec4175d93c9680</param></service></servicedata>
(No newline at EOF)
++++++ sealed-secrets-0.24.4.obscpio -> sealed-secrets-0.24.5.obscpio ++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/sealed-secrets-0.24.4/RELEASE-NOTES.md
new/sealed-secrets-0.24.5/RELEASE-NOTES.md
--- old/sealed-secrets-0.24.4/RELEASE-NOTES.md 2023-11-15 12:18:05.000000000
+0100
+++ new/sealed-secrets-0.24.5/RELEASE-NOTES.md 2023-12-15 11:36:28.000000000
+0100
@@ -4,6 +4,18 @@
[](https://github.com/bitnami-labs/sealed-secrets/releases/latest)
+## v0.24.5
+
+### Changelog
+
+- feat: Helm - Add sources
([#1383](https://github.com/bitnami-labs/sealed-secrets/pull/1383))
+- Update golang to the latest tooling version
([#1398](https://github.com/bitnami-labs/sealed-secrets/pull/1398))
+- Bump github.com/onsi/ginkgo/v2 from 2.13.1 to 2.13.2
([#1397](https://github.com/bitnami-labs/sealed-secrets/pull/1397))
+- Bump golang.org/x/crypto from 0.15.0 to 0.16.0
([#1394](https://github.com/bitnami-labs/sealed-secrets/pull/1394))
+- Bump k8s.io/code-generator from 0.28.3 to 0.28.4
([#1390](https://github.com/bitnami-labs/sealed-secrets/pull/1390))
+- Bump k8s.io/client-go from 0.28.3 to 0.28.4
([#1389](https://github.com/bitnami-labs/sealed-secrets/pull/1389))
+- Bump k8s.io/client-go from 0.28.3 to 0.28.4
([#1389](https://github.com/bitnami-labs/sealed-secrets/pull/1389))
+
## v0.24.4
### Changelog
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/sealed-secrets-0.24.4/carvel/package.yaml
new/sealed-secrets-0.24.5/carvel/package.yaml
--- old/sealed-secrets-0.24.4/carvel/package.yaml 2023-11-15
12:18:05.000000000 +0100
+++ new/sealed-secrets-0.24.5/carvel/package.yaml 2023-12-15
11:36:28.000000000 +0100
@@ -1,10 +1,10 @@
apiVersion: data.packaging.carvel.dev/v1alpha1
kind: Package
metadata:
- name: "sealedsecrets.bitnami.com.2.13.2"
+ name: "sealedsecrets.bitnami.com.2.13.3"
spec:
refName: "sealedsecrets.bitnami.com"
- version: "2.13.2"
+ version: "2.13.3"
valuesSchema:
openAPIv3:
title: Chart Values
@@ -45,7 +45,7 @@
tag:
type: string
description: Sealed Secrets image tag (immutable tags are
recommended)
- default: v0.24.3
+ default: v0.24.4
pullPolicy:
type: string
description: Sealed Secrets image pull policy
@@ -424,7 +424,7 @@
spec:
fetch:
- imgpkgBundle:
- image:
ghcr.io/bitnami-labs/sealed-secrets-carvel:sha256-929569be32748b3271ca245bc9c7a0c0586ab6b32437283df7e402ed27ea0e58.imgpkg
+ image:
ghcr.io/bitnami-labs/sealed-secrets-carvel:sha256-17aebe4754893fb5aacc501ba340f40c6675755daa087bb1df03e141475a982a.imgpkg
template:
- helmTemplate:
path: sealed-secrets
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/sealed-secrets-0.24.4/contrib/prometheus-mixin/README.md
new/sealed-secrets-0.24.5/contrib/prometheus-mixin/README.md
--- old/sealed-secrets-0.24.4/contrib/prometheus-mixin/README.md
2023-11-15 12:18:05.000000000 +0100
+++ new/sealed-secrets-0.24.5/contrib/prometheus-mixin/README.md
2023-12-15 11:36:28.000000000 +0100
@@ -1,7 +1,7 @@
# Sealed Secrets Metrics
The Sealed Secrets Controller running in Kubernetes exposes Prometheus
-metrics on `*:8080/metrics`.
+metrics on `*:8081/metrics`.
These metrics enable operators to observe how it is performing. For example
how many `SealedSecret` unseals have been attempted and how many errors may
@@ -30,13 +30,13 @@
Kubernetes port-forward to your pod:
```
-$ kubectl port-forward sealed-secrets-controller-6566dc69c6-lqr6x 8080 &
+$ kubectl port-forward sealed-secrets-controller-6566dc69c6-lqr6x 8081 &
[1] 293283
```
Then query the metrics endpoint:
```
-$ curl localhost:8080/metrics
+$ curl localhost:8081/metrics
<snip>
# HELP sealed_secrets_controller_build_info Build information.
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/sealed-secrets-0.24.4/controller-norbac.jsonnet
new/sealed-secrets-0.24.5/controller-norbac.jsonnet
--- old/sealed-secrets-0.24.4/controller-norbac.jsonnet 2023-11-15
12:18:05.000000000 +0100
+++ new/sealed-secrets-0.24.5/controller-norbac.jsonnet 2023-12-15
11:36:28.000000000 +0100
@@ -34,6 +34,21 @@
target_pod: $.controller.spec.template,
},
+ service_metrics: kube.Service('sealed-secrets-controller-metrics') +
$.namespace {
+ local service = self,
+ target_pod: $.controller.spec.template,
+ spec: {
+ selector: service.target_pod.metadata.labels,
+ ports: [
+ {
+ port: 8081,
+ targetPort: 8081,
+ },
+ ],
+ type: "ClusterIP",
+ },
+ },
+
controller: kube.Deployment('sealed-secrets-controller') + $.namespace {
spec+: {
template+: {
@@ -57,6 +72,7 @@
livenessProbe: self.readinessProbe,
ports_+: {
http: { containerPort: 8080 },
+ metrics: { containerPort: 8081 },
},
securityContext+: {
allowPrivilegeEscalation: false,
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/sealed-secrets-0.24.4/docker/controller.Dockerfile
new/sealed-secrets-0.24.5/docker/controller.Dockerfile
--- old/sealed-secrets-0.24.4/docker/controller.Dockerfile 2023-11-15
12:18:05.000000000 +0100
+++ new/sealed-secrets-0.24.5/docker/controller.Dockerfile 2023-12-15
11:36:28.000000000 +0100
@@ -6,6 +6,6 @@
ARG TARGETARCH
COPY dist/controller_linux_${TARGETARCH}*/controller /usr/local/bin/
-EXPOSE 8080
+EXPOSE 8080 8081
ENTRYPOINT ["controller"]
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/sealed-secrets-0.24.4/docs/GKE.md
new/sealed-secrets-0.24.5/docs/GKE.md
--- old/sealed-secrets-0.24.4/docs/GKE.md 2023-11-15 12:18:05.000000000
+0100
+++ new/sealed-secrets-0.24.5/docs/GKE.md 2023-12-15 11:36:28.000000000
+0100
@@ -82,3 +82,14 @@
--target-tags "$NETWORK_TARGET_TAG" \
--priority 1000
```
+
+Create the firewall rule to see the metrics
+
+```bash
+gcloud compute firewall-rules create gke-to-metrics-8081 \
+ --network "$NETWORK" \
+ --allow "tcp:8081" \
+ --source-ranges "$CP_IPV4_CIDR" \
+ --target-tags "$NETWORK_TARGET_TAG" \
+ --priority 1000
+```
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/sealed-secrets-0.24.4/go.mod
new/sealed-secrets-0.24.5/go.mod
--- old/sealed-secrets-0.24.4/go.mod 2023-11-15 12:18:05.000000000 +0100
+++ new/sealed-secrets-0.24.5/go.mod 2023-12-15 11:36:28.000000000 +0100
@@ -7,17 +7,17 @@
github.com/google/renameio v0.1.0
github.com/mattn/go-isatty v0.0.20
github.com/mkmik/multierror v0.3.0
- github.com/onsi/ginkgo/v2 v2.13.1
+ github.com/onsi/ginkgo/v2 v2.13.2
github.com/onsi/gomega v1.30.0
github.com/prometheus/client_golang v1.17.0
github.com/spf13/pflag v1.0.5
github.com/throttled/throttled v2.2.5+incompatible
- golang.org/x/crypto v0.15.0
+ golang.org/x/crypto v0.16.0
gopkg.in/yaml.v2 v2.4.0
- k8s.io/api v0.28.3
- k8s.io/apimachinery v0.28.3
- k8s.io/client-go v0.28.3
- k8s.io/code-generator v0.28.3
+ k8s.io/api v0.28.4
+ k8s.io/apimachinery v0.28.4
+ k8s.io/client-go v0.28.4
+ k8s.io/code-generator v0.28.4
k8s.io/klog v1.0.0
k8s.io/klog/v2 v2.110.1
k8s.io/utils v0.0.0-20230406110748-d93618cff8a2
@@ -58,8 +58,8 @@
golang.org/x/mod v0.13.0 // indirect
golang.org/x/net v0.17.0 // indirect
golang.org/x/oauth2 v0.8.0 // indirect
- golang.org/x/sys v0.14.0 // indirect
- golang.org/x/term v0.14.0 // indirect
+ golang.org/x/sys v0.15.0 // indirect
+ golang.org/x/term v0.15.0 // indirect
golang.org/x/text v0.14.0 // indirect
golang.org/x/time v0.3.0 // indirect
golang.org/x/tools v0.14.0 // indirect
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/sealed-secrets-0.24.4/go.sum
new/sealed-secrets-0.24.5/go.sum
--- old/sealed-secrets-0.24.4/go.sum 2023-11-15 12:18:05.000000000 +0100
+++ new/sealed-secrets-0.24.5/go.sum 2023-12-15 11:36:28.000000000 +0100
@@ -85,8 +85,8 @@
github.com/modern-go/reflect2 v1.0.2/go.mod
h1:yWuevngMOJpCy52FWWMvUC8ws7m/LJsjYzDa0/r8luk=
github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822
h1:C3w9PqII01/Oq1c1nUAm88MOHcQC9l5mIlSMApZMrHA=
github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822/go.mod
h1:+n7T8mK8HuQTcFwEeznm/DIxMOiR9yIdICNftLE1DvQ=
-github.com/onsi/ginkgo/v2 v2.13.1
h1:LNGfMbR2OVGBfXjvRZIZ2YCTQdGKtPLvuI1rMCCj3OU=
-github.com/onsi/ginkgo/v2 v2.13.1/go.mod
h1:XStQ8QcGwLyF4HdfcZB8SFOS/MWCgDuXMSBe6zrvLgM=
+github.com/onsi/ginkgo/v2 v2.13.2
h1:Bi2gGVkfn6gQcjNjZJVO8Gf0FHzMPf2phUei9tejVMs=
+github.com/onsi/ginkgo/v2 v2.13.2/go.mod
h1:XStQ8QcGwLyF4HdfcZB8SFOS/MWCgDuXMSBe6zrvLgM=
github.com/onsi/gomega v1.30.0 h1:hvMK7xYz4D3HapigLTeGdId/NcfQx1VHMJc60ew99+8=
github.com/onsi/gomega v1.30.0/go.mod
h1:9sxs+SwGrKI0+PWe4Fxa9tFQQBG5xSsSbMXOI8PPpoQ=
github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4=
@@ -120,8 +120,8 @@
golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod
h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod
h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod
h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
-golang.org/x/crypto v0.15.0 h1:frVn1TEaCEaZcn3Tmd7Y2b5KKPaZ+I32Q2OA3kYp5TA=
-golang.org/x/crypto v0.15.0/go.mod
h1:4ChreQoLWfG3xLDer1WdlH5NdlQ3+mwnQq1YTKY+72g=
+golang.org/x/crypto v0.16.0 h1:mMMrFzRSCF0GvB7Ne27XVtVAaXLrPmgPC7/v0tkwHaY=
+golang.org/x/crypto v0.16.0/go.mod
h1:gCAAfMLgwOJRpTjQ2zCCt2OcSfYMTeZVSRtQlPC7Nq4=
golang.org/x/mod v0.2.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
golang.org/x/mod v0.3.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
golang.org/x/mod v0.13.0 h1:I/DsJXRlw/8l/0c24sM9yb0T4z9liZTduXvdAWYiysY=
@@ -144,10 +144,10 @@
golang.org/x/sys v0.0.0-20191204072324-ce4227a45e2e/go.mod
h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/sys v0.0.0-20200930185726-fdedc70b468f/go.mod
h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.14.0 h1:Vz7Qs629MkJkGyHxUlRHizWJRG2j8fbQKjELVSNhy7Q=
-golang.org/x/sys v0.14.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
-golang.org/x/term v0.14.0 h1:LGK9IlZ8T9jvdy6cTdfKUCltatMFOehAQo9SRC46UQ8=
-golang.org/x/term v0.14.0/go.mod
h1:TySc+nGkYR6qt8km8wUhuFRTVSMIX3XPR58y2lC8vww=
+golang.org/x/sys v0.15.0 h1:h48lPFYpsTvQJZF4EKyI4aLHaev3CxivZmv7yZig9pc=
+golang.org/x/sys v0.15.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
+golang.org/x/term v0.15.0 h1:y/Oo/a/q3IXu26lQgl04j/gjuBDOBlx7X6Om1j2CPW4=
+golang.org/x/term v0.15.0/go.mod
h1:BDl952bC7+uMoWR75FIrCDx79TPU9oHkTZ9yRbYOrX0=
golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
golang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk=
golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
@@ -184,14 +184,14 @@
gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod
h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA=
gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
-k8s.io/api v0.28.3 h1:Gj1HtbSdB4P08C8rs9AR94MfSGpRhJgsS+GF9V26xMM=
-k8s.io/api v0.28.3/go.mod h1:MRCV/jr1dW87/qJnZ57U5Pak65LGmQVkKTzf3AtKFHc=
-k8s.io/apimachinery v0.28.3 h1:B1wYx8txOaCQG0HmYF6nbpU8dg6HvA06x5tEffvOe7A=
-k8s.io/apimachinery v0.28.3/go.mod
h1:uQTKmIqs+rAYaq+DFaoD2X7pcjLOqbQX2AOiO0nIpb8=
-k8s.io/client-go v0.28.3 h1:2OqNb72ZuTZPKCl+4gTKvqao0AMOl9f3o2ijbAj3LI4=
-k8s.io/client-go v0.28.3/go.mod h1:LTykbBp9gsA7SwqirlCXBWtK0guzfhpoW4qSm7i9dxo=
-k8s.io/code-generator v0.28.3 h1:I847QvdpYx7xKiG2KVQeCSyNF/xU9TowaDAg601mvlw=
-k8s.io/code-generator v0.28.3/go.mod
h1:A2EAHTRYvCvBrb/MM2zZBNipeCk3f8NtpdNIKawC43M=
+k8s.io/api v0.28.4 h1:8ZBrLjwosLl/NYgv1P7EQLqoO8MGQApnbgH8tu3BMzY=
+k8s.io/api v0.28.4/go.mod h1:axWTGrY88s/5YE+JSt4uUi6NMM+gur1en2REMR7IRj0=
+k8s.io/apimachinery v0.28.4 h1:zOSJe1mc+GxuMnFzD4Z/U1wst50X28ZNsn5bhgIIao8=
+k8s.io/apimachinery v0.28.4/go.mod
h1:wI37ncBvfAoswfq626yPTe6Bz1c22L7uaJ8dho83mgg=
+k8s.io/client-go v0.28.4 h1:Np5ocjlZcTrkyRJ3+T3PkXDpe4UpatQxj85+xjaD2wY=
+k8s.io/client-go v0.28.4/go.mod h1:0VDZFpgoZfelyP5Wqu0/r/TRYcLYuJ2U1KEeoaPa1N4=
+k8s.io/code-generator v0.28.4 h1:tcOSNIZQvuAvXhOwpbuJkKbAABJQeyCcQBCN/3uI18c=
+k8s.io/code-generator v0.28.4/go.mod
h1:OQAfl6bZikQ/tK6faJ18Vyzo54rUII2NmjurHyiN1g4=
k8s.io/gengo v0.0.0-20220902162205-c0856e24416d
h1:U9tB195lKdzwqicbJvyJeOXV7Klv+wNAWENRnXEGi08=
k8s.io/gengo v0.0.0-20220902162205-c0856e24416d/go.mod
h1:FiNAH4ZV3gBg2Kwh89tzAEV2be7d5xI0vBa/VySYy3E=
k8s.io/klog v1.0.0 h1:Pt+yjF5aB1xDSVbau4VsWe+dQNzA0qv1LlXdC2dF6Q8=
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/sealed-secrets-0.24.4/helm/sealed-secrets/Chart.yaml
new/sealed-secrets-0.24.5/helm/sealed-secrets/Chart.yaml
--- old/sealed-secrets-0.24.4/helm/sealed-secrets/Chart.yaml 2023-11-15
12:18:05.000000000 +0100
+++ new/sealed-secrets-0.24.5/helm/sealed-secrets/Chart.yaml 2023-12-15
11:36:28.000000000 +0100
@@ -1,7 +1,7 @@
annotations:
category: DeveloperTools
apiVersion: v2
-appVersion: v0.24.3
+appVersion: v0.24.4
description: Helm chart for the sealed-secrets controller.
home: https://github.com/bitnami-labs/sealed-secrets
icon:
https://bitnami.com/assets/stacks/sealed-secrets/img/sealed-secrets-stack-220x234.png
@@ -14,4 +14,6 @@
url: https://github.com/bitnami-labs/sealed-secrets
name: sealed-secrets
type: application
-version: 2.13.2
+version: 2.13.3
+sources:
+ - https://github.com/bitnami-labs/sealed-secrets
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/sealed-secrets-0.24.4/helm/sealed-secrets/README.md
new/sealed-secrets-0.24.5/helm/sealed-secrets/README.md
--- old/sealed-secrets-0.24.4/helm/sealed-secrets/README.md 2023-11-15
12:18:05.000000000 +0100
+++ new/sealed-secrets-0.24.5/helm/sealed-secrets/README.md 2023-12-15
11:36:28.000000000 +0100
@@ -85,7 +85,7 @@
| ------------------------------------------------- |
-----------------------------------------------------------------------------------------------------
| ----------------------------------- |
| `image.registry` | Sealed Secrets image
registry
| `docker.io` |
| `image.repository` | Sealed Secrets image
repository
| `bitnami/sealed-secrets-controller` |
-| `image.tag` | Sealed Secrets image tag
(immutable tags are recommended) |
`v0.24.3` |
+| `image.tag` | Sealed Secrets image tag
(immutable tags are recommended) |
`v0.24.4` |
| `image.pullPolicy` | Sealed Secrets image
pull policy
| `IfNotPresent` |
| `image.pullSecrets` | Sealed Secrets image
pull secrets
| `[]` |
| `revisionHistoryLimit` | Number of old history to
retain to allow rollback (If not set, default Kubernetes value is set to 10) |
`""` |
@@ -188,21 +188,25 @@
### Metrics parameters
-| Name | Description
| Value |
-| ------------------------------------------ |
--------------------------------------------------------------------------------------
| ------- |
-| `metrics.serviceMonitor.enabled` | Specify if a ServiceMonitor
will be deployed for Prometheus Operator | `false` |
-| `metrics.serviceMonitor.namespace` | Namespace where Prometheus
Operator is running in | `""` |
-| `metrics.serviceMonitor.labels` | Extra labels for the
ServiceMonitor | `{}` |
-| `metrics.serviceMonitor.annotations` | Extra annotations for the
ServiceMonitor | `{}` |
-| `metrics.serviceMonitor.interval` | How frequently to scrape
metrics | `""` |
-| `metrics.serviceMonitor.scrapeTimeout` | Timeout after which the scrape
is ended | `""` |
-| `metrics.serviceMonitor.honorLabels` | Specify if ServiceMonitor
endPoints will honor labels | `true` |
-| `metrics.serviceMonitor.metricRelabelings` | Specify additional relabeling
of metrics | `[]` |
-| `metrics.serviceMonitor.relabelings` | Specify general relabeling
| `[]` |
-| `metrics.dashboards.create` | Specifies whether a ConfigMap
with a Grafana dashboard configuration should be created | `false` |
-| `metrics.dashboards.labels` | Extra labels to be added to the
Grafana dashboard ConfigMap | `{}` |
-| `metrics.dashboards.annotations` | Annotations to be added to the
Grafana dashboard ConfigMap | `{}` |
-| `metrics.dashboards.namespace` | Namespace where Grafana
dashboard ConfigMap is deployed | `""` |
+| Name | Description
| Value |
+| ------------------------------------------ |
--------------------------------------------------------------------------------------
| ----------- |
+| `metrics.serviceMonitor.enabled` | Specify if a ServiceMonitor
will be deployed for Prometheus Operator | `false` |
+| `metrics.serviceMonitor.namespace` | Namespace where Prometheus
Operator is running in | `""` |
+| `metrics.serviceMonitor.labels` | Extra labels for the
ServiceMonitor | `{}`
|
+| `metrics.serviceMonitor.annotations` | Extra annotations for the
ServiceMonitor | `{}` |
+| `metrics.serviceMonitor.interval` | How frequently to scrape
metrics | `""` |
+| `metrics.serviceMonitor.scrapeTimeout` | Timeout after which the scrape
is ended | `""` |
+| `metrics.serviceMonitor.honorLabels` | Specify if ServiceMonitor
endPoints will honor labels | `true` |
+| `metrics.serviceMonitor.metricRelabelings` | Specify additional relabeling
of metrics | `[]` |
+| `metrics.serviceMonitor.relabelings` | Specify general relabeling
| `[]` |
+| `metrics.dashboards.create` | Specifies whether a ConfigMap
with a Grafana dashboard configuration should be created | `false` |
+| `metrics.dashboards.labels` | Extra labels to be added to the
Grafana dashboard ConfigMap | `{}` |
+| `metrics.dashboards.annotations` | Annotations to be added to the
Grafana dashboard ConfigMap | `{}` |
+| `metrics.dashboards.namespace` | Namespace where Grafana
dashboard ConfigMap is deployed | `""` |
+| `metrics.service.type` | Sealed Secret Metrics service
type | `ClusterIP` |
+| `metrics.service.port` | Sealed Secret service Metrics
HTTP port | `8081` |
+| `metrics.service.nodePort` | Node port for HTTP
| `""` |
+| `metrics.service.annotations` | Additional custom annotations
for Sealed Secret Metrics service | `{}` |
### PodDisruptionBudget Parameters
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/sealed-secrets-0.24.4/helm/sealed-secrets/templates/deployment.yaml
new/sealed-secrets-0.24.5/helm/sealed-secrets/templates/deployment.yaml
--- old/sealed-secrets-0.24.4/helm/sealed-secrets/templates/deployment.yaml
2023-11-15 12:18:05.000000000 +0100
+++ new/sealed-secrets-0.24.5/helm/sealed-secrets/templates/deployment.yaml
2023-12-15 11:36:28.000000000 +0100
@@ -123,6 +123,8 @@
ports:
- containerPort: 8080
name: http
+ - containerPort: 8081
+ name: metrics
{{- if .Values.startupProbe.enabled }}
startupProbe: {{- include "sealed-secrets.render" (dict "value"
(omit .Values.startupProbe "enabled") "context" $) | nindent 12 }}
tcpSocket:
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/sealed-secrets-0.24.4/helm/sealed-secrets/templates/service.yaml
new/sealed-secrets-0.24.5/helm/sealed-secrets/templates/service.yaml
--- old/sealed-secrets-0.24.4/helm/sealed-secrets/templates/service.yaml
2023-11-15 12:18:05.000000000 +0100
+++ new/sealed-secrets-0.24.5/helm/sealed-secrets/templates/service.yaml
2023-12-15 11:36:28.000000000 +0100
@@ -29,4 +29,35 @@
nodePort: null
{{- end }}
selector: {{- include "sealed-secrets.matchLabels" . | nindent 4 }}
+---
+apiVersion: v1
+kind: Service
+metadata:
+ name: {{ include "sealed-secrets.fullname" . }}-metrics
+ namespace: {{ include "sealed-secrets.namespace" . }}
+ {{- if or .Values.metrics.service.annotations .Values.commonAnnotations }}
+ annotations:
+ {{- if .Values.metrics.service.annotations }}
+ {{- include "sealed-secrets.render" (dict "value"
.Values.metrics.service.annotations "context" $) | nindent 4 }}
+ {{- end }}
+ {{- if .Values.commonAnnotations }}
+ {{- include "sealed-secrets.render" ( dict "value"
.Values.commonAnnotations "context" $ ) | nindent 4 }}
+ {{- end }}
+ {{- end }}
+ labels: {{- include "sealed-secrets.labels" . | nindent 4 }}
+ {{- if .Values.metrics.service.labels }}
+ {{- include "sealed-secrets.render" ( dict "value"
.Values.metrics.service.labels "context" $) | nindent 4 }}
+ {{- end }}
+spec:
+ type: {{ .Values.metrics.service.type }}
+ ports:
+ - name: http
+ port: {{ .Values.metrics.service.port }}
+ targetPort: http
+ {{- if and (or (eq .Values.metrics.service.type "NodePort") (eq
.Values.metrics.service.type "LoadBalancer")) (not (empty
.Values.metrics.service.nodePort)) }}
+ nodePort: {{ .Values.metrics.service.nodePort }}
+ {{- else if eq .Values.metrics.service.type "ClusterIP" }}
+ nodePort: null
+ {{- end }}
+ selector: {{- include "sealed-secrets.matchLabels" . | nindent 4 }}
{{- end }}
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/sealed-secrets-0.24.4/helm/sealed-secrets/values.yaml
new/sealed-secrets-0.24.5/helm/sealed-secrets/values.yaml
--- old/sealed-secrets-0.24.4/helm/sealed-secrets/values.yaml 2023-11-15
12:18:05.000000000 +0100
+++ new/sealed-secrets-0.24.5/helm/sealed-secrets/values.yaml 2023-12-15
11:36:28.000000000 +0100
@@ -34,7 +34,7 @@
image:
registry: docker.io
repository: bitnami/sealed-secrets-controller
- tag: v0.24.3
+ tag: v0.24.4
## Specify a imagePullPolicy
## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images
@@ -448,6 +448,25 @@
##
namespace: ""
+ ## Sealed Secret Metrics service parameters
+ ##
+ service:
+ ## @param metrics.service.type Sealed Secret Metrics service type
+ ##
+ type: ClusterIP
+ ## @param metrics.service.port Sealed Secret service Metrics HTTP port
+ ##
+ port: 8081
+ ## @param metrics.service.nodePort Node port for HTTP
+ ## Specify the nodePort value for the LoadBalancer and NodePort service
types
+ ## ref:
https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport
+ ## NOTE: choose port between <30000-32767>
+ ##
+ nodePort: ""
+ ## @param metrics.service.annotations [object] Additional custom
annotations for Sealed Secret Metrics service
+ ##
+ annotations: {}
+
## @section PodDisruptionBudget Parameters
pdb:
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/sealed-secrets-0.24.4/pkg/controller/main.go
new/sealed-secrets-0.24.5/pkg/controller/main.go
--- old/sealed-secrets-0.24.4/pkg/controller/main.go 2023-11-15
12:18:05.000000000 +0100
+++ new/sealed-secrets-0.24.5/pkg/controller/main.go 2023-12-15
11:36:28.000000000 +0100
@@ -248,12 +248,21 @@
}
server := httpserver(cp, controller.AttemptUnseal, controller.Rotate,
f.RateLimitBurst, f.RateLimitPerSecond)
+ serverMetrics := httpserverMetrics()
sigterm := make(chan os.Signal, 1)
signal.Notify(sigterm, syscall.SIGTERM)
<-sigterm
- return server.Shutdown(context.Background())
+ if err := server.Shutdown(context.Background()); err != nil {
+ return err
+ }
+
+ if err := serverMetrics.Shutdown(context.Background()); err != nil {
+ return err
+ }
+
+ return nil
}
func prepareController(clientset kubernetes.Interface, namespace string,
tweakopts func(*metav1.ListOptions), f *Flags, ssclientset versioned.Interface,
keyRegistry *KeyRegistry) (*Controller, error) {
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/sealed-secrets-0.24.4/pkg/controller/server.go
new/sealed-secrets-0.24.5/pkg/controller/server.go
--- old/sealed-secrets-0.24.4/pkg/controller/server.go 2023-11-15
12:18:05.000000000 +0100
+++ new/sealed-secrets-0.24.5/pkg/controller/server.go 2023-12-15
11:36:28.000000000 +0100
@@ -17,9 +17,10 @@
)
var (
- listenAddr = flag.String("listen-addr", ":8080", "HTTP serving
address.")
- readTimeout = flag.Duration("read-timeout", 2*time.Minute, "HTTP
request timeout.")
- writeTimeout = flag.Duration("write-timeout", 2*time.Minute, "HTTP
response timeout.")
+ listenAddr = flag.String("listen-addr", ":8080", "HTTP serving
address.")
+ listenMetricsAddr = flag.String("listen-metrics-addr", ":8081", "HTTP
metrics serving address.")
+ readTimeout = flag.Duration("read-timeout", 2*time.Minute, "HTTP
request timeout.")
+ writeTimeout = flag.Duration("write-timeout", 2*time.Minute, "HTTP
response timeout.")
)
// Called on every request to /cert. Errors will be logged and return a 500.
@@ -44,8 +45,6 @@
}
})
- mux.Handle("/metrics", promhttp.Handler())
-
mux.Handle("/v1/verify", Instrument("/v1/verify",
httpRateLimiter.RateLimit(http.HandlerFunc(func(w http.ResponseWriter, r
*http.Request) {
content, err := io.ReadAll(r.Body)
if err != nil {
@@ -118,6 +117,26 @@
}()
return &server
}
+
+func httpserverMetrics() *http.Server {
+ mux := http.NewServeMux()
+ mux.Handle("/metrics", promhttp.Handler())
+
+ server := http.Server{
+ Addr: *listenMetricsAddr,
+ Handler: mux,
+ ReadTimeout: *readTimeout,
+ ReadHeaderTimeout: *readTimeout,
+ WriteTimeout: *writeTimeout,
+ }
+
+ log.Infof("HTTP metrics server serving on %s", server.Addr)
+ go func() {
+ err := server.ListenAndServe()
+ log.Errorf("HTTP metrics server exiting: %v", err)
+ }()
+ return &server
+}
func rateLimiter(burst int, rate int) throttled.HTTPRateLimiter {
store, err := memstore.New(65536)
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/sealed-secrets-0.24.4/versions.env
new/sealed-secrets-0.24.5/versions.env
--- old/sealed-secrets-0.24.4/versions.env 2023-11-15 12:18:05.000000000
+0100
+++ new/sealed-secrets-0.24.5/versions.env 2023-12-15 11:36:28.000000000
+0100
@@ -1,2 +1,2 @@
-GO_VERSION=1.21.1
+GO_VERSION=1.21.5
GO_VERSION_LIST="[\"$GO_VERSION\"]"
++++++ sealed-secrets.obsinfo ++++++
--- /var/tmp/diff_new_pack.lvV7lq/_old 2024-01-05 21:44:04.744129421 +0100
+++ /var/tmp/diff_new_pack.lvV7lq/_new 2024-01-05 21:44:04.748129567 +0100
@@ -1,5 +1,5 @@
name: sealed-secrets
-version: 0.24.4
-mtime: 1700047085
-commit: 8fe2b61f3e553749ec18f288741579876d3b7c15
+version: 0.24.5
+mtime: 1702636588
+commit: 64693897d3f03934d1c0063c0dec4175d93c9680
++++++ vendor.tar.gz ++++++
/work/SRC/openSUSE:Factory/kubeseal/vendor.tar.gz
/work/SRC/openSUSE:Factory/.kubeseal.new.28375/vendor.tar.gz differ: char 5,
line 1
