From 469b280bc9bccd9ab73a27972b757921735a4333 Mon Sep 17 00:00:00 2001 From: mefjush Date: Thu, 7 Mar 2024 15:33:12 +0100 Subject: [PATCH 01/16] Add watch permission for customresourcedefinitions This fixes the: [2024-03-07 10:21:05,210] kopf._core.reactor.o [WARNING ] Not enough permissions to watch for resources: changes (creation/deletion/updates) will not be noticed; the resources are only refreshed on operator restarts. --- charts/cluster-secret/templates/role-cluster-rbac.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/charts/cluster-secret/templates/role-cluster-rbac.yaml b/charts/cluster-secret/templates/role-cluster-rbac.yaml index 7dad726..a7a7a30 100644 --- a/charts/cluster-secret/templates/role-cluster-rbac.yaml +++ b/charts/cluster-secret/templates/role-cluster-rbac.yaml @@ -22,6 +22,7 @@ rules: - list - get - patch + - watch - apiGroups: - events.k8s.io resources: From c79efacc29027ce9ddb0320a76c8da5b2f568f75 Mon Sep 17 00:00:00 2001 From: nkowenski Date: Wed, 20 Mar 2024 15:40:27 +0100 Subject: [PATCH 02/16] do not nest values --- .github/workflows/e2e-testing.yaml | 2 +- .../cluster-secret/templates/deployment.yaml | 5 ++--- charts/cluster-secret/values.yaml | 20 +++++++++---------- 3 files changed, 13 insertions(+), 14 deletions(-) diff --git a/.github/workflows/e2e-testing.yaml b/.github/workflows/e2e-testing.yaml index cd732e9..fe65299 100644 --- a/.github/workflows/e2e-testing.yaml +++ b/.github/workflows/e2e-testing.yaml @@ -57,7 +57,7 @@ jobs: run: kind load docker-image cluster-secret:${{ github.sha }} --name=chart-testing - name: Run helm install - run: helm install cluster-secret ./charts/cluster-secret -n cluster-secret --create-namespace --set clustersecret.clustersecret.image.repository=cluster-secret,clustersecret.clustersecret.image.tag=${{ github.sha }} + run: helm install cluster-secret ./charts/cluster-secret -n cluster-secret --create-namespace --set image.repository=cluster-secret,image.tag=${{ github.sha }} - run: pip3 install -r conformance/requirements.txt name: Install python requirements diff --git a/charts/cluster-secret/templates/deployment.yaml b/charts/cluster-secret/templates/deployment.yaml index 98a8b77..543c00e 100644 --- a/charts/cluster-secret/templates/deployment.yaml +++ b/charts/cluster-secret/templates/deployment.yaml @@ -32,9 +32,8 @@ spec: - name: CLUSTER_SECRET_VERSION value: {{ .Chart.AppVersion | quote }} - name: REPLACE_EXISTING - value: {{ .Values.clustersecret.clustersecret.replace_existing | default "false" | quote }} - image: {{ .Values.clustersecret.clustersecret.image.repository }}:{{ .Values.clustersecret.clustersecret.image.tag - | default .Chart.AppVersion }} + value: {{ .Values.replace_existing | default "false" | quote }} + image: {{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }} name: clustersecret securityContext: runAsUser: 100 # 100 is set by the container and can NOT be changed here - this would result in a getpwuid() error diff --git a/charts/cluster-secret/values.yaml b/charts/cluster-secret/values.yaml index 64363f2..fec189d 100644 --- a/charts/cluster-secret/values.yaml +++ b/charts/cluster-secret/values.yaml @@ -1,11 +1,11 @@ -clustersecret: - clustersecret: - image: - repository: quay.io/clustersecret/clustersecret - tag: 0.0.10 - # use tag-alt for ARM and other alternative builds - read the readme for more information - # If Clustersecret is about to create a secret and then it founds it exists: - # Default is to ignore it. (to not loose any unintentional data) - # It can also reeplace it. Just uncommenting next line. - # replace_existing: 'true' +image: + repository: quay.io/clustersecret/clustersecret + tag: 0.0.10 + # use tag-alt for ARM and other alternative builds - read the readme for more information + # If Clustersecret is about to create a secret and then it founds it exists: + # Default is to ignore it. (to not loose any unintentional data) + # It can also reeplace it. Just uncommenting next line. + # replace_existing: 'true' kubernetesClusterDomain: cluster.local + + From 5346df39d7638f7f7e33502d8f025ac1a56d8af2 Mon Sep 17 00:00:00 2001 From: nkowenski Date: Wed, 20 Mar 2024 15:40:35 +0100 Subject: [PATCH 03/16] bump chart --- charts/cluster-secret/Chart.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/charts/cluster-secret/Chart.yaml b/charts/cluster-secret/Chart.yaml index bedd718..eb28be3 100755 --- a/charts/cluster-secret/Chart.yaml +++ b/charts/cluster-secret/Chart.yaml @@ -3,7 +3,7 @@ name: cluster-secret description: ClusterSecret Operator kubeVersion: '>= 1.16.0-0' type: application -version: 0.4.0 +version: 0.4.1 icon: https://clustersecret.io/assets/csninjasmall.png sources: - https://github.com/zakkg3/ClusterSecret From 3b61a251c7aefbf5e76d1494df7b1ee2389aa319 Mon Sep 17 00:00:00 2001 From: nkowenski Date: Wed, 20 Mar 2024 15:46:52 +0100 Subject: [PATCH 04/16] add node selector affinity and tolerations --- charts/cluster-secret/templates/deployment.yaml | 12 ++++++++++++ charts/cluster-secret/values.yaml | 5 +++++ 2 files changed, 17 insertions(+) diff --git a/charts/cluster-secret/templates/deployment.yaml b/charts/cluster-secret/templates/deployment.yaml index 543c00e..d02d5b3 100644 --- a/charts/cluster-secret/templates/deployment.yaml +++ b/charts/cluster-secret/templates/deployment.yaml @@ -44,3 +44,15 @@ spec: periodSeconds: 120 resources: {} serviceAccountName: {{ include "cluster-secret.fullname" . }}-account + {{- with .Values.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.affinity }} + affinity: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.tolerations }} + tolerations: + {{- toYaml . | nindent 8 }} + {{- end }} \ No newline at end of file diff --git a/charts/cluster-secret/values.yaml b/charts/cluster-secret/values.yaml index fec189d..660eb65 100644 --- a/charts/cluster-secret/values.yaml +++ b/charts/cluster-secret/values.yaml @@ -9,3 +9,8 @@ image: kubernetesClusterDomain: cluster.local +nodeSelector: {} + +tolerations: [] + +affinity: {} From ba816c3a0e969dc920c2cb0dd1b53f93d7454c8c Mon Sep 17 00:00:00 2001 From: nkowenski Date: Wed, 20 Mar 2024 17:06:30 +0100 Subject: [PATCH 05/16] update e2e test k8s versions --- .github/workflows/e2e-testing.yaml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/.github/workflows/e2e-testing.yaml b/.github/workflows/e2e-testing.yaml index fe65299..58cc4c2 100644 --- a/.github/workflows/e2e-testing.yaml +++ b/.github/workflows/e2e-testing.yaml @@ -8,10 +8,11 @@ jobs: strategy: matrix: kind-node-images: + - kindest/node:v1.29.2@sha256:51a1434a5397193442f0be2a297b488b6c919ce8a3931be0ce822606ea5ca245 + - kindest/node:v1.28.7@sha256:9bc6c451a289cf96ad0bbaf33d416901de6fd632415b076ab05f5fa7e4f65c58 - kindest/node:v1.27.3@sha256:3966ac761ae0136263ffdb6cfd4db23ef8a83cba8a463690e98317add2c9ba72 - kindest/node:v1.26.6@sha256:6e2d8b28a5b601defe327b98bd1c2d1930b49e5d8c512e1895099e4504007adb - kindest/node:v1.25.11@sha256:227fa11ce74ea76a0474eeefb84cb75d8dad1b08638371ecf0e86259b35be0c8 - - kindest/node:v1.24.15@sha256:7db4f8bea3e14b82d12e044e25e34bd53754b7f2b0e9d56df21774e6f66a70ab steps: - name: Checkout From 615079d94708315635d95da004b25c624ddaa23d Mon Sep 17 00:00:00 2001 From: nkowenski Date: Wed, 20 Mar 2024 17:06:37 +0100 Subject: [PATCH 06/16] try super linter --- .github/workflows/review-linter copy.yml | 31 ++++++++++++++++++++++++ 1 file changed, 31 insertions(+) create mode 100644 .github/workflows/review-linter copy.yml diff --git a/.github/workflows/review-linter copy.yml b/.github/workflows/review-linter copy.yml new file mode 100644 index 0000000..95f0ebf --- /dev/null +++ b/.github/workflows/review-linter copy.yml @@ -0,0 +1,31 @@ + --- +name: Lint + +on: # yamllint disable-line rule:truthy + push: null + pull_request: null + +jobs: + build: + name: Lint + runs-on: ubuntu-latest + + permissions: + contents: read + packages: read + # To report GitHub Actions status checks + statuses: write + + steps: + - name: Checkout code + uses: actions/checkout@v4 + with: + # super-linter needs the full git history to get the + # list of files that changed across commits + fetch-depth: 0 + + - name: Super-linter + uses: super-linter/super-linter@v6.3.0 # x-release-please-version + env: + # To report GitHub Actions status checks + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} From 44c87f829942ee93e6d69f0f255203051083e83c Mon Sep 17 00:00:00 2001 From: nkowenski Date: Wed, 20 Mar 2024 17:08:43 +0100 Subject: [PATCH 07/16] fix space on yaml --- .github/workflows/review-linter copy.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/review-linter copy.yml b/.github/workflows/review-linter copy.yml index 95f0ebf..ffa58e7 100644 --- a/.github/workflows/review-linter copy.yml +++ b/.github/workflows/review-linter copy.yml @@ -1,4 +1,4 @@ - --- +--- name: Lint on: # yamllint disable-line rule:truthy From a7d3c997cd89f03e826cb86dd746b2cf898e2166 Mon Sep 17 00:00:00 2001 From: nkowenski Date: Wed, 20 Mar 2024 17:23:36 +0100 Subject: [PATCH 08/16] ignore well know gitleacks --- .github/workflows/.gitleacks.toml | 6 ++++++ .../workflows/{review-linter copy.yml => super-linter.yml} | 2 ++ 2 files changed, 8 insertions(+) create mode 100644 .github/workflows/.gitleacks.toml rename .github/workflows/{review-linter copy.yml => super-linter.yml} (90%) diff --git a/.github/workflows/.gitleacks.toml b/.github/workflows/.gitleacks.toml new file mode 100644 index 0000000..a7745b6 --- /dev/null +++ b/.github/workflows/.gitleacks.toml @@ -0,0 +1,6 @@ +[allowlist] +description = "global allow list" +paths = [ + '''*/yaml/Object_example/*.yaml''', + '''*/conformance/tests.py''' +] \ No newline at end of file diff --git a/.github/workflows/review-linter copy.yml b/.github/workflows/super-linter.yml similarity index 90% rename from .github/workflows/review-linter copy.yml rename to .github/workflows/super-linter.yml index ffa58e7..f27e2e7 100644 --- a/.github/workflows/review-linter copy.yml +++ b/.github/workflows/super-linter.yml @@ -29,3 +29,5 @@ jobs: env: # To report GitHub Actions status checks GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + GITLEAKS_CONFIG_FILE: .github/workflows/.gitleacks.toml + From 035f1867c93ae9505f94abed29ac1a2c348591c3 Mon Sep 17 00:00:00 2001 From: nkowenski Date: Thu, 21 Mar 2024 10:48:43 +0100 Subject: [PATCH 09/16] rename e2e tests --- .github/workflows/e2e-testing.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/e2e-testing.yaml b/.github/workflows/e2e-testing.yaml index 58cc4c2..79c4b82 100644 --- a/.github/workflows/e2e-testing.yaml +++ b/.github/workflows/e2e-testing.yaml @@ -3,7 +3,7 @@ name: E2E Testing on: [push, pull_request] jobs: - lint-test: + e2e-tests: runs-on: ubuntu-latest strategy: matrix: From afbc820c78d3b5b3599262a9b79384a0117827f9 Mon Sep 17 00:00:00 2001 From: nkowenski Date: Thu, 21 Mar 2024 10:51:12 +0100 Subject: [PATCH 10/16] fix typo .gitleaks.toml --- .github/workflows/{.gitleacks.toml => .gitleaks.toml} | 0 .github/workflows/super-linter.yml | 4 ++-- 2 files changed, 2 insertions(+), 2 deletions(-) rename .github/workflows/{.gitleacks.toml => .gitleaks.toml} (100%) diff --git a/.github/workflows/.gitleacks.toml b/.github/workflows/.gitleaks.toml similarity index 100% rename from .github/workflows/.gitleacks.toml rename to .github/workflows/.gitleaks.toml diff --git a/.github/workflows/super-linter.yml b/.github/workflows/super-linter.yml index f27e2e7..f0b3d70 100644 --- a/.github/workflows/super-linter.yml +++ b/.github/workflows/super-linter.yml @@ -29,5 +29,5 @@ jobs: env: # To report GitHub Actions status checks GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - GITLEAKS_CONFIG_FILE: .github/workflows/.gitleacks.toml - + GITLEAKS_CONFIG_FILE: .github/workflows/.gitleaks.toml + From a60fbb24606ac540efa2e58356b1641440ec166d Mon Sep 17 00:00:00 2001 From: nkowenski Date: Thu, 21 Mar 2024 11:43:15 +0100 Subject: [PATCH 11/16] mv gitleaks file to default folder --- .github/{workflows => linters}/.gitleaks.toml | 0 .github/workflows/super-linter.yml | 4 +++- 2 files changed, 3 insertions(+), 1 deletion(-) rename .github/{workflows => linters}/.gitleaks.toml (100%) diff --git a/.github/workflows/.gitleaks.toml b/.github/linters/.gitleaks.toml similarity index 100% rename from .github/workflows/.gitleaks.toml rename to .github/linters/.gitleaks.toml diff --git a/.github/workflows/super-linter.yml b/.github/workflows/super-linter.yml index f0b3d70..06d4d24 100644 --- a/.github/workflows/super-linter.yml +++ b/.github/workflows/super-linter.yml @@ -29,5 +29,7 @@ jobs: env: # To report GitHub Actions status checks GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - GITLEAKS_CONFIG_FILE: .github/workflows/.gitleaks.toml + VALIDATE_PYTHON: true + # GITLEAKS_CONFIG_FILE: .github/workflows/.gitleaks.toml + From 982174d3bf63b5cc31e092fa084ec4f501b2e178 Mon Sep 17 00:00:00 2001 From: nkowenski Date: Thu, 21 Mar 2024 11:49:17 +0100 Subject: [PATCH 12/16] super-linter specify path --- .github/workflows/super-linter.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/super-linter.yml b/.github/workflows/super-linter.yml index 06d4d24..9165352 100644 --- a/.github/workflows/super-linter.yml +++ b/.github/workflows/super-linter.yml @@ -30,6 +30,7 @@ jobs: # To report GitHub Actions status checks GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} VALIDATE_PYTHON: true + LINTER_RULES_PATH: `.github/workflows/linters` # GITLEAKS_CONFIG_FILE: .github/workflows/.gitleaks.toml From a3d22e416a112fe75c466bb0a354fb0ee87b6db3 Mon Sep 17 00:00:00 2001 From: nkowenski Date: Thu, 21 Mar 2024 11:56:00 +0100 Subject: [PATCH 13/16] error on linter? --- .github/workflows/super-linter.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/super-linter.yml b/.github/workflows/super-linter.yml index 9165352..219d579 100644 --- a/.github/workflows/super-linter.yml +++ b/.github/workflows/super-linter.yml @@ -31,6 +31,6 @@ jobs: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} VALIDATE_PYTHON: true LINTER_RULES_PATH: `.github/workflows/linters` - # GITLEAKS_CONFIG_FILE: .github/workflows/.gitleaks.toml + From b9d493565c474e5b0d151b7166a3b49be6387f4a Mon Sep 17 00:00:00 2001 From: nkowenski Date: Thu, 21 Mar 2024 11:56:51 +0100 Subject: [PATCH 14/16] no linter monkey --- .github/workflows/review-linter.yml | 17 ----------------- 1 file changed, 17 deletions(-) delete mode 100644 .github/workflows/review-linter.yml diff --git a/.github/workflows/review-linter.yml b/.github/workflows/review-linter.yml deleted file mode 100644 index 8c58d37..0000000 --- a/.github/workflows/review-linter.yml +++ /dev/null @@ -1,17 +0,0 @@ -name: Linter -on: [push] -jobs: - lint: - name: LinterMonkey - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@v2 - name: GitCheckout - - - name: wemake-python-styleguide - uses: wemake-services/wemake-python-styleguide@0.18.0 - with: - reporter: 'github-pr-review' - path: './src' - env: - GITHUB_TOKEN: ${{ secrets.github_token }} From 53628695c140d9a8c0a60b0fc82d4d72162def21 Mon Sep 17 00:00:00 2001 From: Oleg Sukhorukov Date: Fri, 5 Apr 2024 21:07:06 +0300 Subject: [PATCH 15/16] add imagePullSecrets to helm chart --- charts/cluster-secret/templates/deployment.yaml | 1 + charts/cluster-secret/values.yaml | 1 + 2 files changed, 2 insertions(+) diff --git a/charts/cluster-secret/templates/deployment.yaml b/charts/cluster-secret/templates/deployment.yaml index 98a8b77..ad27455 100644 --- a/charts/cluster-secret/templates/deployment.yaml +++ b/charts/cluster-secret/templates/deployment.yaml @@ -25,6 +25,7 @@ spec: spec: securityContext: runAsUser: 100 # 100 is set by the container and can NOT be changed here - this would result in a getpwuid() error + imagePullSecrets: {{ .Values.clustersecret.clustersecret.imagePullSecrets }} containers: - env: - name: KUBERNETES_CLUSTER_DOMAIN diff --git a/charts/cluster-secret/values.yaml b/charts/cluster-secret/values.yaml index 64363f2..4dfe827 100644 --- a/charts/cluster-secret/values.yaml +++ b/charts/cluster-secret/values.yaml @@ -1,5 +1,6 @@ clustersecret: clustersecret: + imagePullSecrets: [] image: repository: quay.io/clustersecret/clustersecret tag: 0.0.10 From 3ae9c216ecb14550295b350792e012643cd0a290 Mon Sep 17 00:00:00 2001 From: Oleg Sukhorukov Date: Fri, 5 Apr 2024 21:41:39 +0300 Subject: [PATCH 16/16] add imagePullSecrets to helm chart --- charts/cluster-secret/templates/deployment.yaml | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/charts/cluster-secret/templates/deployment.yaml b/charts/cluster-secret/templates/deployment.yaml index ad27455..ebdd9c4 100644 --- a/charts/cluster-secret/templates/deployment.yaml +++ b/charts/cluster-secret/templates/deployment.yaml @@ -25,7 +25,10 @@ spec: spec: securityContext: runAsUser: 100 # 100 is set by the container and can NOT be changed here - this would result in a getpwuid() error - imagePullSecrets: {{ .Values.clustersecret.clustersecret.imagePullSecrets }} + {{- with .Values.clustersecret.clustersecret.imagePullSecrets }} + imagePullSecrets: + {{- toYaml . | nindent 8 }} + {{- end }} containers: - env: - name: KUBERNETES_CLUSTER_DOMAIN