Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package kubeseal for openSUSE:Factory
checked in at 2024-12-05 17:10:18
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/kubeseal (Old)
and /work/SRC/openSUSE:Factory/.kubeseal.new.28523 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "kubeseal"
Thu Dec 5 17:10:18 2024 rev:35 rq:1228516 version:0.27.3
Changes:
--------
--- /work/SRC/openSUSE:Factory/kubeseal/kubeseal.changes 2024-11-05
15:41:16.922731971 +0100
+++ /work/SRC/openSUSE:Factory/.kubeseal.new.28523/kubeseal.changes
2024-12-05 17:13:58.627005972 +0100
@@ -1,0 +2,22 @@
+Thu Dec 05 12:22:20 UTC 2024 - opensuse_buildserv...@ojkastl.de
+
+- Update to version 0.27.3:
+ * Release Notes for 0.27.3 (#1651)
+ * Bump k8s.io/apimachinery from 0.31.2 to 0.31.3 (#1642)
+ * Bump k8s.io/code-generator from 0.31.2 to 0.31.3 (#1643)
+ * Bump github.com/onsi/gomega from 1.35.1 to 1.36.0 (#1645)
+ * re-introduce install instructions with to releases (#1649)
+ * Properly error out when input file doesn't exist (#1640)
+ * Bump github.com/onsi/ginkgo/v2 from 2.21.0 to 2.22.0 (#1641)
+ * Bump golang.org/x/crypto from 0.28.0 to 0.29.0 (#1635)
+ * Configure max retries (#1633)
+ * Label "app.kubernetes.io/instance" in the Prometheus metric
+ (#1620)
+ * Bump github.com/onsi/gomega from 1.34.2 to 1.35.1 (#1624)
+ * Adding keyttl and keycutofftime options to helm chart (#1610)
+ * Bump github.com/onsi/ginkgo/v2 from 2.20.2 to 2.21.0 (#1623)
+ * Release carvel package 2.16.2 (#1632)
+ * Release chart 2.16.2 (#1631)
+ * Fix the script to release (#1629)
+
+-------------------------------------------------------------------
Old:
----
kubeseal-0.27.2.obscpio
New:
----
kubeseal-0.27.3.obscpio
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ kubeseal.spec ++++++
--- /var/tmp/diff_new_pack.Nujxsj/_old 2024-12-05 17:14:00.171070702 +0100
+++ /var/tmp/diff_new_pack.Nujxsj/_new 2024-12-05 17:14:00.171070702 +0100
@@ -17,7 +17,7 @@
Name: kubeseal
-Version: 0.27.2
+Version: 0.27.3
Release: 0
Summary: CLI for encrypting secrets to SealedSecrets
License: Apache-2.0
++++++ _service ++++++
--- /var/tmp/diff_new_pack.Nujxsj/_old 2024-12-05 17:14:00.207072211 +0100
+++ /var/tmp/diff_new_pack.Nujxsj/_new 2024-12-05 17:14:00.211072379 +0100
@@ -3,7 +3,7 @@
<param name="url">https://github.com/bitnami-labs/sealed-secrets</param>
<param name="scm">git</param>
<param name="exclude">.git</param>
- <param name="revision">v0.27.2</param>
+ <param name="revision">v0.27.3</param>
<param name="versionformat">@PARENT_TAG@</param>
<param name="versionrewrite-pattern">v(.*)</param>
<param name="changesgenerate">enable</param>
++++++ _servicedata ++++++
--- /var/tmp/diff_new_pack.Nujxsj/_old 2024-12-05 17:14:00.239073553 +0100
+++ /var/tmp/diff_new_pack.Nujxsj/_new 2024-12-05 17:14:00.243073721 +0100
@@ -1,6 +1,6 @@
<servicedata>
<service name="tar_scm">
<param
name="url">https://github.com/bitnami-labs/sealed-secrets</param>
- <param
name="changesrevision">28ec06b4c7e1a42919baeaeab4ab79d6a610af02</param></service></servicedata>
+ <param
name="changesrevision">fa9307a09c01fd8d347cba44db35f42b2ac875bb</param></service></servicedata>
(No newline at EOF)
++++++ kubeseal-0.27.2.obscpio -> kubeseal-0.27.3.obscpio ++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/kubeseal-0.27.2/.goreleaser.yml
new/kubeseal-0.27.3/.goreleaser.yml
--- old/kubeseal-0.27.2/.goreleaser.yml 2024-11-04 10:28:57.000000000 +0100
+++ new/kubeseal-0.27.3/.goreleaser.yml 2024-12-05 12:44:23.000000000 +0100
@@ -58,11 +58,73 @@
New v{{ .Version }} release!
footer: |
- ## Release Notes
+ ## Installation Instructions
+
+ ### Cluster-side
+
+ Install the SealedSecret CRD and server-side controller into the
`kube-system` namespace:
+
+ ```sh
+ kubectl apply -f
https://github.com/bitnami-labs/sealed-secrets/releases/download/v{{ .Version
}}/controller.yaml
+ ```
+
+ ### Client-side
+
+ Install the client-side tool into `/usr/local/bin/`:
+
+ **Linux x86_64:**
+ ```sh
+ curl -OL
"https://github.com/bitnami-labs/sealed-secrets/releases/download/v{{ .Version
}}/kubeseal-{{ .Version }}-linux-amd64.tar.gz"
+ tar -xvzf kubeseal-{{ .Version }}-linux-amd64.tar.gz kubeseal
+ sudo install -m 755 kubeseal /usr/local/bin/kubeseal
+ ```
+
+ **macOS:**
+ The `kubeseal` client is available on
[homebrew](https://formulae.brew.sh/formula/kubeseal):
+
+ ```sh
+ brew install kubeseal
+ ```
+
+ **MacPorts:**
+
+ The `kubeseal` client is available on
[MacPorts](https://ports.macports.org/port/kubeseal/summary):
+
+ ```sh
+ port install kubeseal
+ ```
- Please read the
[RELEASE_NOTES](https://github.com/bitnami-labs/sealed-secrets/blob/main/RELEASE-NOTES.md)
which contain among other things important information for who is upgrading
from previous releases.
+ #### Nixpkgs
+ The `kubeseal` client is available on
[Nixpkgs](https://search.nixos.org/packages?channel=unstable&show=kubeseal&from=0&size=50&sort=relevance&type=packages&query=kubeseal):
(**DISCLAIMER**: Not maintained by bitnami-labs)
+
+ ```sh
+ nix-env -iA nixpkgs.kubeseal
+ ```
+
+ **Other OS/Arch:**
+ Binaries for other OS/arch combinations are attached to this release below.
+
+ If you just want the latest client tool, it can be installed into
+ `$GOPATH/bin` with:
+
+ ```sh
+ go install github.com/bitnami-labs/sealed-secrets/cmd/kubeseal@main
+ ```
+
+ You can specify a release tag or a commit SHA instead of `main`.
+
+ The `go install` command will place the `kubeseal` binary at `$GOPATH/bin`:
+
+ ```sh
+ $(go env GOPATH)/bin/kubeseal
+ ```
+
+ ## Release Notes
+
+ Please read the
[RELEASE_NOTES](https://github.com/bitnami-labs/sealed-secrets/blob/main/RELEASE-NOTES.md)
which contain among other things important information for those upgrading
from previous releases.
## Thanks!
+
extra_files:
- glob: ./controller.yaml
- glob: ./controller-norbac.yaml
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/kubeseal-0.27.2/README.md
new/kubeseal-0.27.3/README.md
--- old/kubeseal-0.27.2/README.md 2024-11-04 10:28:57.000000000 +0100
+++ new/kubeseal-0.27.3/README.md 2024-12-05 12:44:23.000000000 +0100
@@ -60,6 +60,7 @@
- [How to use kubeseal if the controller is not running within the
`kube-system`
namespace?](#how-to-use-kubeseal-if-the-controller-is-not-running-within-the-kube-system-namespace)
- [How to verify the images?](#how-to-verify-the-images)
- [How to use one controller for a subset of
namespaces](#How-to-use-one-controller-for-a-subset-of-namespaces)
+ - [Can I configure the controller unseal
retries](#can-i-configure-the-controller-unseal-retries)
- [Community](#community)
- [Related projects](#related-projects)
@@ -826,6 +827,10 @@
If you want to use one controller for more than one namespace, but not all
namespaces, you can provide additional namespaces using the command line flag
`--additional-namespaces=<namespace1>,<namespace2>,<...>`. Make sure you
provide appropriate roles and rolebindings in the target namespaces, so the
controller can manage the secrets in there.
+### Can I configure the Controller unseal retries?
+
+The answer is yes, you can configure the number of retries in your controller
using the flag `--max-unseal-retries`. This flag allows you to configure the
number of maximum retries to unseal your Sealed Secrets.
+
## Community
- [#sealed-secrets on Kubernetes
Slack](https://kubernetes.slack.com/messages/sealed-secrets)
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/kubeseal-0.27.2/RELEASE-NOTES.md
new/kubeseal-0.27.3/RELEASE-NOTES.md
--- old/kubeseal-0.27.2/RELEASE-NOTES.md 2024-11-04 10:28:57.000000000
+0100
+++ new/kubeseal-0.27.3/RELEASE-NOTES.md 2024-12-05 12:44:23.000000000
+0100
@@ -4,6 +4,21 @@
[](https://github.com/bitnami-labs/sealed-secrets/releases/latest)
+## v0.27.3
+
+- Bump k8s.io/apimachinery from 0.31.2 to 0.31.3
([#1642](https://github.com/bitnami-labs/sealed-secrets/pull/1642))
+- Bump k8s.io/code-generator from 0.31.2 to 0.31.3
([#1643](https://github.com/bitnami-labs/sealed-secrets/pull/1643))
+- Bump github.com/onsi/gomega from 1.35.1 to 1.36.0
([#1645](https://github.com/bitnami-labs/sealed-secrets/pull/1645))
+- re-introduce install instructions with to releases
([#1649](https://github.com/bitnami-labs/sealed-secrets/pull/1649))
+- Properly error out when input file doesn't exist
([#1640](https://github.com/bitnami-labs/sealed-secrets/pull/1640))
+- Bump github.com/onsi/ginkgo/v2 from 2.21.0 to 2.22.0
([#1641](https://github.com/bitnami-labs/sealed-secrets/pull/1641))
+- Bump golang.org/x/crypto from 0.28.0 to 0.29.0
([#1635](https://github.com/bitnami-labs/sealed-secrets/pull/1635))
+- Configure max retries
([#1633](https://github.com/bitnami-labs/sealed-secrets/pull/1633))
+- Label "app.kubernetes.io/instance" in the Prometheus metric
([#1620](https://github.com/bitnami-labs/sealed-secrets/pull/1620))
+- Bump github.com/onsi/gomega from 1.34.2 to 1.35.1
([#1624](https://github.com/bitnami-labs/sealed-secrets/pull/1624))
+- Adding keyttl and keycutofftime options to helm chart
([#1610](https://github.com/bitnami-labs/sealed-secrets/pull/1610))
+- Bump github.com/onsi/ginkgo/v2 from 2.20.2 to 2.21.0
([#1623](https://github.com/bitnami-labs/sealed-secrets/pull/1623))
+
## v0.27.2
- feature: Show error if there's no secret to encode
([#1580](https://github.com/bitnami-labs/sealed-secrets/pull/1580))
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/kubeseal-0.27.2/carvel/package.yaml
new/kubeseal-0.27.3/carvel/package.yaml
--- old/kubeseal-0.27.2/carvel/package.yaml 2024-11-04 10:28:57.000000000
+0100
+++ new/kubeseal-0.27.3/carvel/package.yaml 2024-12-05 12:44:23.000000000
+0100
@@ -1,10 +1,10 @@
apiVersion: data.packaging.carvel.dev/v1alpha1
kind: Package
metadata:
- name: "sealedsecrets.bitnami.com.2.16.1"
+ name: "sealedsecrets.bitnami.com.2.16.2"
spec:
refName: "sealedsecrets.bitnami.com"
- version: "2.16.1"
+ version: "2.16.2"
valuesSchema:
openAPIv3:
title: Chart Values
@@ -424,7 +424,7 @@
spec:
fetch:
- imgpkgBundle:
- image:
ghcr.io/bitnami-labs/sealed-secrets-carvel@sha256:b7d1aacb5406401c630142144cd86135cb238eafc0b8f6d5b869aa45a8d30fde
+ image:
ghcr.io/bitnami-labs/sealed-secrets-carvel@sha256:d6936a554e25a759997b5d17cfea47290bdcadedb8e36f6da3d29892f06eef5d
template:
- helmTemplate:
path: sealed-secrets
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/kubeseal-0.27.2/cmd/controller/main.go
new/kubeseal-0.27.3/cmd/controller/main.go
--- old/kubeseal-0.27.2/cmd/controller/main.go 2024-11-04 10:28:57.000000000
+0100
+++ new/kubeseal-0.27.3/cmd/controller/main.go 2024-12-05 12:44:23.000000000
+0100
@@ -58,6 +58,8 @@
fs.DurationVar(&f.KeyRenewPeriod, "rotate-period",
defaultKeyRenewPeriod, "")
_ = fs.MarkDeprecated("rotate-period", "please use key-renew-period
instead")
+
+ fs.IntVar(&f.MaxRetries, "max-unseal-retries", 5, "Max unseal retries.")
}
func bindFlags(f *controller.Flags, fs *flag.FlagSet, gofs *goflag.FlagSet) {
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/kubeseal-0.27.2/cmd/kubeseal/main.go
new/kubeseal-0.27.3/cmd/kubeseal/main.go
--- old/kubeseal-0.27.2/cmd/kubeseal/main.go 2024-11-04 10:28:57.000000000
+0100
+++ new/kubeseal-0.27.3/cmd/kubeseal/main.go 2024-12-05 12:44:23.000000000
+0100
@@ -144,7 +144,7 @@
// #nosec G304 -- should open user provided file
f, err := os.Open(flags.inputFileName)
if err != nil {
- return nil
+ return fmt.Errorf("Could not read file specified with
--secret-file")
}
// #nosec: G307 -- this deferred close is fine because it is
not on a writable file
defer f.Close()
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/kubeseal-0.27.2/go.mod new/kubeseal-0.27.3/go.mod
--- old/kubeseal-0.27.2/go.mod 2024-11-04 10:28:57.000000000 +0100
+++ new/kubeseal-0.27.3/go.mod 2024-12-05 12:44:23.000000000 +0100
@@ -8,17 +8,17 @@
github.com/google/renameio v0.1.0
github.com/mattn/go-isatty v0.0.20
github.com/mkmik/multierror v0.4.0
- github.com/onsi/ginkgo/v2 v2.20.2
- github.com/onsi/gomega v1.34.2
+ github.com/onsi/ginkgo/v2 v2.22.0
+ github.com/onsi/gomega v1.36.0
github.com/prometheus/client_golang v1.20.5
github.com/spf13/pflag v1.0.5
github.com/throttled/throttled v2.2.5+incompatible
- golang.org/x/crypto v0.28.0
+ golang.org/x/crypto v0.29.0
gopkg.in/yaml.v2 v2.4.0
k8s.io/api v0.30.3
- k8s.io/apimachinery v0.31.2
+ k8s.io/apimachinery v0.31.3
k8s.io/client-go v0.30.3
- k8s.io/code-generator v0.31.2
+ k8s.io/code-generator v0.31.3
k8s.io/klog v1.0.0
k8s.io/klog/v2 v2.130.1
k8s.io/utils v0.0.0-20240711033017-18e509b52bc8
@@ -45,7 +45,7 @@
github.com/gomodule/redigo v2.0.0+incompatible // indirect
github.com/google/gnostic-models v0.6.8 // indirect
github.com/google/gofuzz v1.2.0 // indirect
- github.com/google/pprof v0.0.0-20240827171923-fa2c70bbbfe5 // indirect
+ github.com/google/pprof v0.0.0-20241029153458-d1b30febd7db // indirect
github.com/google/uuid v1.6.0 // indirect
github.com/hashicorp/golang-lru v1.0.2 // indirect
github.com/huandu/xstrings v1.5.0 // indirect
@@ -66,16 +66,16 @@
github.com/shopspring/decimal v1.4.0 // indirect
github.com/spf13/cast v1.7.0 // indirect
github.com/x448/float16 v0.8.4 // indirect
- golang.org/x/mod v0.20.0 // indirect
- golang.org/x/net v0.28.0 // indirect
+ golang.org/x/mod v0.21.0 // indirect
+ golang.org/x/net v0.30.0 // indirect
golang.org/x/oauth2 v0.21.0 // indirect
- golang.org/x/sync v0.8.0 // indirect
- golang.org/x/sys v0.26.0 // indirect
- golang.org/x/term v0.25.0 // indirect
- golang.org/x/text v0.19.0 // indirect
+ golang.org/x/sync v0.9.0 // indirect
+ golang.org/x/sys v0.27.0 // indirect
+ golang.org/x/term v0.26.0 // indirect
+ golang.org/x/text v0.20.0 // indirect
golang.org/x/time v0.5.0 // indirect
- golang.org/x/tools v0.24.0 // indirect
- google.golang.org/protobuf v1.34.2 // indirect
+ golang.org/x/tools v0.26.0 // indirect
+ google.golang.org/protobuf v1.35.1 // indirect
gopkg.in/inf.v0 v0.9.1 // indirect
gopkg.in/yaml.v3 v3.0.1 // indirect
k8s.io/gengo/v2 v2.0.0-20240228010128-51d4e06bde70 // indirect
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/kubeseal-0.27.2/go.sum new/kubeseal-0.27.3/go.sum
--- old/kubeseal-0.27.2/go.sum 2024-11-04 10:28:57.000000000 +0100
+++ new/kubeseal-0.27.3/go.sum 2024-12-05 12:44:23.000000000 +0100
@@ -49,8 +49,8 @@
github.com/google/gofuzz v1.0.0/go.mod
h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg=
github.com/google/gofuzz v1.2.0 h1:xRy4A+RhZaiKjJ1bPfwQ8sedCA+YS2YcCHW6ec7JMi0=
github.com/google/gofuzz v1.2.0/go.mod
h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg=
-github.com/google/pprof v0.0.0-20240827171923-fa2c70bbbfe5
h1:5iH8iuqE5apketRbSFBy+X1V0o+l+8NF1avt4HWl7cA=
-github.com/google/pprof v0.0.0-20240827171923-fa2c70bbbfe5/go.mod
h1:vavhavw2zAxS5dIdcRluK6cSGGPlZynqzFM8NdvU144=
+github.com/google/pprof v0.0.0-20241029153458-d1b30febd7db
h1:097atOisP2aRj7vFgYQBbFN4U4JNXUNYpxael3UzMyo=
+github.com/google/pprof v0.0.0-20241029153458-d1b30febd7db/go.mod
h1:vavhavw2zAxS5dIdcRluK6cSGGPlZynqzFM8NdvU144=
github.com/google/renameio v0.1.0
h1:GOZbcHa3HfsPKPlmyPyN2KEohoMXOhdMbHrvbpl2QaA=
github.com/google/renameio v0.1.0/go.mod
h1:KWCgfxg9yswjAJkECMjeO8J8rahYeXnNhOm40UhjYkI=
github.com/google/uuid v1.6.0 h1:NIvaJDMOsjHA8n1jAhLSgzrAzy1Hgr+hNrb57e+94F0=
@@ -92,10 +92,10 @@
github.com/modern-go/reflect2 v1.0.2/go.mod
h1:yWuevngMOJpCy52FWWMvUC8ws7m/LJsjYzDa0/r8luk=
github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822
h1:C3w9PqII01/Oq1c1nUAm88MOHcQC9l5mIlSMApZMrHA=
github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822/go.mod
h1:+n7T8mK8HuQTcFwEeznm/DIxMOiR9yIdICNftLE1DvQ=
-github.com/onsi/ginkgo/v2 v2.20.2
h1:7NVCeyIWROIAheY21RLS+3j2bb52W0W82tkberYytp4=
-github.com/onsi/ginkgo/v2 v2.20.2/go.mod
h1:K9gyxPIlb+aIvnZ8bd9Ak+YP18w3APlR+5coaZoE2ag=
-github.com/onsi/gomega v1.34.2 h1:pNCwDkzrsv7MS9kpaQvVb1aVLahQXyJ/Tv5oAZMI3i8=
-github.com/onsi/gomega v1.34.2/go.mod
h1:v1xfxRgk0KIsG+QOdm7p8UosrOzPYRo60fd3B/1Dukc=
+github.com/onsi/ginkgo/v2 v2.22.0
h1:Yed107/8DjTr0lKCNt7Dn8yQ6ybuDRQoMGrNFKzMfHg=
+github.com/onsi/ginkgo/v2 v2.22.0/go.mod
h1:7Du3c42kxCUegi0IImZ1wUQzMBVecgIHjR1C+NkhLQo=
+github.com/onsi/gomega v1.36.0 h1:Pb12RlruUtj4XUuPUqeEWc6j5DkVVVA49Uf6YLfC95Y=
+github.com/onsi/gomega v1.36.0/go.mod
h1:PvZbdDc8J6XJEpDK4HCuRBm8a6Fzp9/DmhC9C7yFlog=
github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4=
github.com/pkg/errors v0.9.1/go.mod
h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
github.com/pmezard/go-difflib v1.0.0/go.mod
h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
@@ -130,51 +130,51 @@
golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod
h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod
h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod
h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
-golang.org/x/crypto v0.28.0 h1:GBDwsMXVQi34v5CCYUm2jkJvu4cbtru2U4TN2PSyQnw=
-golang.org/x/crypto v0.28.0/go.mod
h1:rmgy+3RHxRZMyY0jjAJShp2zgEdOqj2AO7U0pYmeQ7U=
+golang.org/x/crypto v0.29.0 h1:L5SG1JTTXupVV3n6sUqMTeWbjAyfPwoda2DLX8J8FrQ=
+golang.org/x/crypto v0.29.0/go.mod
h1:+F4F4N5hv6v38hfeYwTdx20oUvLLc+QfrE9Ax9HtgRg=
golang.org/x/mod v0.2.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
golang.org/x/mod v0.3.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
-golang.org/x/mod v0.20.0 h1:utOm6MM3R3dnawAiJgn0y+xvuYRsm1RKM/4giyfDgV0=
-golang.org/x/mod v0.20.0/go.mod h1:hTbmBsO62+eylJbnUtE2MGJUyE7QWk4xUqPFrRgJ+7c=
+golang.org/x/mod v0.21.0 h1:vvrHzRwRfVKSiLrG+d4FMl/Qi4ukBCE6kZlTUkDYRT0=
+golang.org/x/mod v0.21.0/go.mod h1:6SkKJ3Xj0I0BrPOZoBy3bdMptDDU9oJrpohJ3eWZ1fY=
golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod
h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod
h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
golang.org/x/net v0.0.0-20200226121028-0de0cce0169b/go.mod
h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
golang.org/x/net v0.0.0-20201021035429-f5854403a974/go.mod
h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU=
-golang.org/x/net v0.28.0 h1:a9JDOJc5GMUJ0+UDqmLT86WiEy7iWyIhz8gz8E4e5hE=
-golang.org/x/net v0.28.0/go.mod h1:yqtgsTWOOnlGLG9GFRrK3++bGOUEkNBoHZc8MEDWPNg=
+golang.org/x/net v0.30.0 h1:AcW1SDZMkb8IpzCdQUaIq2sP4sZ4zw+55h6ynffypl4=
+golang.org/x/net v0.30.0/go.mod h1:2wGyMJ5iFasEhkwi13ChkO/t1ECNC4X4eBKkVFyYFlU=
golang.org/x/oauth2 v0.21.0 h1:tsimM75w1tF/uws5rbeHzIWxEqElMehnc+iW793zsZs=
golang.org/x/oauth2 v0.21.0/go.mod
h1:XYTD2NtWslqkgxebSiOHnXEap4TF09sJSc7H1sXbhtI=
golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod
h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
golang.org/x/sync v0.0.0-20190911185100-cd5d95a43a6e/go.mod
h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9/go.mod
h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
-golang.org/x/sync v0.8.0 h1:3NFvSEYkUoMifnESzZl15y791HH1qU2xm6eCJU5ZPXQ=
-golang.org/x/sync v0.8.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk=
+golang.org/x/sync v0.9.0 h1:fEo0HyrW1GIgZdpbhCRO0PkJajUS5H9IFUztCgEo2jQ=
+golang.org/x/sync v0.9.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk=
golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod
h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod
h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/sys v0.0.0-20200930185726-fdedc70b468f/go.mod
h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.26.0 h1:KHjCJyddX0LoSTb3J+vWpupP9p0oznkqVk/IfjymZbo=
-golang.org/x/sys v0.26.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
-golang.org/x/term v0.25.0 h1:WtHI/ltw4NvSUig5KARz9h521QvRC8RmF/cuYqifU24=
-golang.org/x/term v0.25.0/go.mod
h1:RPyXicDX+6vLxogjjRxjgD2TKtmAO6NZBsBRfrOLu7M=
+golang.org/x/sys v0.27.0 h1:wBqf8DvsY9Y/2P8gAfPDEYNuS30J4lPHJxXSb/nJZ+s=
+golang.org/x/sys v0.27.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
+golang.org/x/term v0.26.0 h1:WEQa6V3Gja/BhNxg540hBip/kkaYtRg3cxg4oXSw4AU=
+golang.org/x/term v0.26.0/go.mod
h1:Si5m1o57C5nBNQo5z1iq+XDijt21BDBDp2bK0QI8e3E=
golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
-golang.org/x/text v0.19.0 h1:kTxAhCbGbxhK0IwgSKiMO5awPoDQ0RpfiVYBfK860YM=
-golang.org/x/text v0.19.0/go.mod
h1:BuEKDfySbSR4drPmRPG/7iBdf8hvFMuRexcpahXilzY=
+golang.org/x/text v0.20.0 h1:gK/Kv2otX8gz+wn7Rmb3vT96ZwuoxnQlY+HlJVj7Qug=
+golang.org/x/text v0.20.0/go.mod
h1:D4IsuqiFMhST5bX19pQ9ikHC2GsaKyk/oF+pn3ducp4=
golang.org/x/time v0.5.0 h1:o7cqy6amK/52YcAKIPlM3a+Fpj35zvRj2TP+e1xFSfk=
golang.org/x/time v0.5.0/go.mod h1:3BpzKBy/shNhVucY/MWOyx10tF3SFh9QdLuxbVysPQM=
golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod
h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod
h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
golang.org/x/tools v0.0.0-20200619180055-7c47624df98f/go.mod
h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE=
golang.org/x/tools v0.0.0-20210106214847-113979e3529a/go.mod
h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA=
-golang.org/x/tools v0.24.0 h1:J1shsA93PJUEVaUSaay7UXAyE8aimq3GW0pjlolpa24=
-golang.org/x/tools v0.24.0/go.mod
h1:YhNqVBIfWHdzvTLs0d8LCuMhkKUgSUKldakyV7W/WDQ=
+golang.org/x/tools v0.26.0 h1:v/60pFQmzmT9ExmjDv2gGIfi3OqfKoEP6I5+umXlbnQ=
+golang.org/x/tools v0.26.0/go.mod
h1:TPVVj70c7JJ3WCazhD8OdXcZg/og+b9+tH/KxylGwH0=
golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod
h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod
h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod
h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1/go.mod
h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
-google.golang.org/protobuf v1.34.2
h1:6xV6lTsCfpGD21XK49h7MhtcApnLqkfYgPcdHftf6hg=
-google.golang.org/protobuf v1.34.2/go.mod
h1:qYOHts0dSfpeUzUFpOMr/WGzszTmLH+DiWniOlNbLDw=
+google.golang.org/protobuf v1.35.1
h1:m3LfL6/Ca+fqnjnlqQXNpFPABW1UD7mjh8KO2mKFytA=
+google.golang.org/protobuf v1.35.1/go.mod
h1:9fA7Ob0pmnwhb644+1+CVWFRbNajQ6iRojtC/QF5bRE=
gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod
h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c
h1:Hei/4ADfdWqJk1ZMxUNpqntNwaWcugrBjAiHlqqRiVk=
gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c/go.mod
h1:JHkPIbrfpd72SG/EVd6muEfDQjcINNoR0C8j2r3qZ4Q=
@@ -187,12 +187,12 @@
gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
k8s.io/api v0.30.3 h1:ImHwK9DCsPA9uoU3rVh4QHAHHK5dTSv1nxJUapx8hoQ=
k8s.io/api v0.30.3/go.mod h1:GPc8jlzoe5JG3pb0KJCSLX5oAFIW3/qNJITlDj8BH04=
-k8s.io/apimachinery v0.31.2 h1:i4vUt2hPK56W6mlT7Ry+AO8eEsyxMD1U44NR22CLTYw=
-k8s.io/apimachinery v0.31.2/go.mod
h1:rsPdaZJfTfLsNJSQzNHQvYoTmxhoOEofxtOsF3rtsMo=
+k8s.io/apimachinery v0.31.3 h1:6l0WhcYgasZ/wk9ktLq5vLaoXJJr5ts6lkaQzgeYPq4=
+k8s.io/apimachinery v0.31.3/go.mod
h1:rsPdaZJfTfLsNJSQzNHQvYoTmxhoOEofxtOsF3rtsMo=
k8s.io/client-go v0.30.3 h1:bHrJu3xQZNXIi8/MoxYtZBBWQQXwy16zqJwloXXfD3k=
k8s.io/client-go v0.30.3/go.mod h1:8d4pf8vYu665/kUbsxWAQ/JDBNWqfFeZnvFiVdmx89U=
-k8s.io/code-generator v0.31.2 h1:xLWxG0HEpMSHfcM//3u3Ro2Hmc6AyyLINQS//Z2GEOI=
-k8s.io/code-generator v0.31.2/go.mod
h1:eEQHXgBU/m7LDaToDoiz3t97dUUVyOblQdwOr8rivqc=
+k8s.io/code-generator v0.31.3 h1:Pj0fYOBms+ZrsulLi4DMsCEx1jG8fWKRLy44onHsLBI=
+k8s.io/code-generator v0.31.3/go.mod
h1:/umCIlT84g1+Yu5ZXtP1KGSRTnGiIzzX5AzUAxsNlts=
k8s.io/gengo/v2 v2.0.0-20240228010128-51d4e06bde70
h1:NGrVE502P0s0/1hudf8zjgwki1X/TByhmAoILTarmzo=
k8s.io/gengo/v2 v2.0.0-20240228010128-51d4e06bde70/go.mod
h1:VH3AT8AaQOqiGjMF9p0/IM1Dj+82ZwjfxUP1IxaHE+8=
k8s.io/klog v1.0.0 h1:Pt+yjF5aB1xDSVbau4VsWe+dQNzA0qv1LlXdC2dF6Q8=
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/kubeseal-0.27.2/helm/sealed-secrets/Chart.yaml
new/kubeseal-0.27.3/helm/sealed-secrets/Chart.yaml
--- old/kubeseal-0.27.2/helm/sealed-secrets/Chart.yaml 2024-11-04
10:28:57.000000000 +0100
+++ new/kubeseal-0.27.3/helm/sealed-secrets/Chart.yaml 2024-12-05
12:44:23.000000000 +0100
@@ -1,7 +1,7 @@
annotations:
category: DeveloperTools
apiVersion: v2
-appVersion: 0.27.1
+appVersion: 0.27.2
description: Helm chart for the sealed-secrets controller.
home: https://github.com/bitnami-labs/sealed-secrets
icon:
https://bitnami.com/assets/stacks/sealed-secrets/img/sealed-secrets-stack-220x234.png
@@ -14,6 +14,6 @@
url: https://github.com/bitnami-labs/sealed-secrets
name: sealed-secrets
type: application
-version: 2.16.1
+version: 2.16.2
sources:
- https://github.com/bitnami-labs/sealed-secrets
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/kubeseal-0.27.2/helm/sealed-secrets/README.md
new/kubeseal-0.27.3/helm/sealed-secrets/README.md
--- old/kubeseal-0.27.2/helm/sealed-secrets/README.md 2024-11-04
10:28:57.000000000 +0100
+++ new/kubeseal-0.27.3/helm/sealed-secrets/README.md 2024-12-05
12:44:23.000000000 +0100
@@ -82,74 +82,77 @@
### Sealed Secrets Parameters
-| Name | Description
|
Value |
-| ------------------------------------------------- |
-----------------------------------------------------------------------------------------------------
| ----------------------------------- |
-| `image.registry` | Sealed Secrets image
registry
| `docker.io` |
-| `image.repository` | Sealed Secrets image
repository
| `bitnami/sealed-secrets-controller` |
-| `image.tag` | Sealed Secrets image tag
(immutable tags are recommended) |
`0.27.1` |
-| `image.pullPolicy` | Sealed Secrets image
pull policy
| `IfNotPresent` |
-| `image.pullSecrets` | Sealed Secrets image
pull secrets
| `[]` |
-| `revisionHistoryLimit` | Number of old history to
retain to allow rollback (If not set, default Kubernetes value is set to 10) |
`""` |
-| `createController` | Specifies whether the
Sealed Secrets controller should be created
| `true` |
-| `secretName` | The name of an existing
TLS secret containing the key used to encrypt secrets |
`sealed-secrets-key` |
-| `updateStatus` | Specifies whether the
Sealed Secrets controller should update the status subresource
| `true` |
-| `skipRecreate` | Specifies whether the
Sealed Secrets controller should skip recreating removed secrets
| `false` |
-| `keyrenewperiod` | Specifies key renewal
period. Default 30 days
| `""` |
-| `rateLimit` | Number of allowed
sustained request per second for verify endpoint
| `""` |
-| `rateLimitBurst` | Number of requests
allowed to exceed the rate limit per second for verify endpoint
| `""` |
-| `additionalNamespaces` | List of namespaces used
to manage the Sealed Secrets |
`[]` |
-| `privateKeyAnnotations` | Map of annotations to be
set on the sealing keypairs |
`{}` |
-| `privateKeyLabels` | Map of labels to be set
on the sealing keypairs |
`{}` |
-| `logInfoStdout` | Specifies whether the
Sealed Secrets controller will log info to stdout
| `false` |
-| `logLevel` | Specifies log level of
controller (INFO,ERROR)
| `""` |
-| `logFormat` | Specifies log format
(text,json)
| `""` |
-| `command` | Override default
container command
| `[]` |
-| `args` | Override default
container args
| `[]` |
-| `livenessProbe.enabled` | Enable livenessProbe on
Sealed Secret containers |
`true` |
-| `livenessProbe.initialDelaySeconds` | Initial delay seconds
for livenessProbe
| `0` |
-| `livenessProbe.periodSeconds` | Period seconds for
livenessProbe
| `10` |
-| `livenessProbe.timeoutSeconds` | Timeout seconds for
livenessProbe
| `1` |
-| `livenessProbe.failureThreshold` | Failure threshold for
livenessProbe
| `3` |
-| `livenessProbe.successThreshold` | Success threshold for
livenessProbe
| `1` |
-| `readinessProbe.enabled` | Enable readinessProbe on
Sealed Secret containers |
`true` |
-| `readinessProbe.initialDelaySeconds` | Initial delay seconds
for readinessProbe
| `0` |
-| `readinessProbe.periodSeconds` | Period seconds for
readinessProbe
| `10` |
-| `readinessProbe.timeoutSeconds` | Timeout seconds for
readinessProbe
| `1` |
-| `readinessProbe.failureThreshold` | Failure threshold for
readinessProbe
| `3` |
-| `readinessProbe.successThreshold` | Success threshold for
readinessProbe
| `1` |
-| `startupProbe.enabled` | Enable startupProbe on
Sealed Secret containers
| `false` |
-| `startupProbe.initialDelaySeconds` | Initial delay seconds
for startupProbe
| `0` |
-| `startupProbe.periodSeconds` | Period seconds for
startupProbe
| `10` |
-| `startupProbe.timeoutSeconds` | Timeout seconds for
startupProbe
| `1` |
-| `startupProbe.failureThreshold` | Failure threshold for
startupProbe
| `3` |
-| `startupProbe.successThreshold` | Success threshold for
startupProbe
| `1` |
-| `customLivenessProbe` | Custom livenessProbe
that overrides the default one
| `{}` |
-| `customReadinessProbe` | Custom readinessProbe
that overrides the default one
| `{}` |
-| `customStartupProbe` | Custom startupProbe that
overrides the default one |
`{}` |
-| `resources.limits` | The resources limits for
the Sealed Secret containers |
`{}` |
-| `resources.requests` | The requested resources
for the Sealed Secret containers |
`{}` |
-| `podSecurityContext.enabled` | Enabled Sealed Secret
pods' Security Context
| `true` |
-| `podSecurityContext.fsGroup` | Set Sealed Secret pod's
Security Context fsGroup |
`65534` |
-| `containerSecurityContext.enabled` | Enabled Sealed Secret
containers' Security Context
| `true` |
-| `containerSecurityContext.readOnlyRootFilesystem` | Whether the Sealed
Secret container has a read-only root filesystem
| `true` |
-| `containerSecurityContext.runAsNonRoot` | Indicates that the
Sealed Secret container must run as a non-root user
| `true` |
-| `containerSecurityContext.runAsUser` | Set Sealed Secret
containers' Security Context runAsUser
| `1001` |
-| `containerSecurityContext.capabilities` | Adds and removes POSIX
capabilities from running containers (see `values.yaml`)
| |
-| `podLabels` | Extra labels for Sealed
Secret pods |
`{}` |
-| `podAnnotations` | Annotations for Sealed
Secret pods
| `{}` |
-| `priorityClassName` | Sealed Secret pods'
priorityClassName
| `""` |
-| `runtimeClassName` | Sealed Secret pods'
runtimeClassName
| `""` |
-| `affinity` | Affinity for Sealed
Secret pods assignment
| `{}` |
-| `nodeSelector` | Node labels for Sealed
Secret pods assignment
| `{}` |
-| `tolerations` | Tolerations for Sealed
Secret pods assignment
| `[]` |
-| `additionalVolumes` | Extra Volumes for the
Sealed Secrets Controller Deployment
| `{}` |
-| `additionalVolumeMounts` | Extra volumeMounts for
the Sealed Secrets Controller container
| `{}` |
-| `hostNetwork` | Sealed Secrets pods'
hostNetwork
| `false` |
-| `containerPorts.http` | Controller HTTP Port on
the Host and Container |
`8080` |
-| `containerPorts.metrics` | Metrics HTTP Port on the
Host and Container |
`8081` |
-| `hostPorts.http` | Controller HTTP Port on
the Host |
`""` |
-| `hostPorts.metrics` | Metrics HTTP Port on the
Host |
`""` |
-| `dnsPolicy` | Sealed Secrets pods'
dnsPolicy
| `""` |
+| Name | Description
| Value |
+| ------------------------------------------------- |
------------------------------------------------------------------------------------------------------------------
| ----------------------------------- |
+| `image.registry` | Sealed Secrets image
registry
| `docker.io` |
+| `image.repository` | Sealed Secrets image
repository
| `bitnami/sealed-secrets-controller` |
+| `image.tag` | Sealed Secrets image tag
(immutable tags are recommended)
| `0.27.2` |
+| `image.pullPolicy` | Sealed Secrets image
pull policy
| `IfNotPresent` |
+| `image.pullSecrets` | Sealed Secrets image
pull secrets
| `[]` |
+| `revisionHistoryLimit` | Number of old history to
retain to allow rollback (If not set, default Kubernetes value is set to 10)
| `""` |
+| `createController` | Specifies whether the
Sealed Secrets controller should be created
| `true` |
+| `secretName` | The name of an existing
TLS secret containing the key used to encrypt secrets
| `sealed-secrets-key` |
+| `updateStatus` | Specifies whether the
Sealed Secrets controller should update the status subresource
| `true` |
+| `skipRecreate` | Specifies whether the
Sealed Secrets controller should skip recreating removed secrets
| `false` |
+| `keyrenewperiod` | Specifies key renewal
period. Default 30 days
| `""` |
+| `keyttl` | Specifies the
certificate validity duration. Default 10 years.
| `""` |
+| `keycutofftime` | Specifies a date at
which the controller should generate a new certificate. Useful in early key
renewal scenarios. | `""` |
+| `rateLimit` | Number of allowed
sustained request per second for verify endpoint
| `""` |
+| `rateLimitBurst` | Number of requests
allowed to exceed the rate limit per second for verify endpoint
| `""` |
+| `additionalNamespaces` | List of namespaces used
to manage the Sealed Secrets
| `[]` |
+| `privateKeyAnnotations` | Map of annotations to be
set on the sealing keypairs
| `{}` |
+| `privateKeyLabels` | Map of labels to be set
on the sealing keypairs
| `{}` |
+| `logInfoStdout` | Specifies whether the
Sealed Secrets controller will log info to stdout
| `false` |
+| `logLevel` | Specifies log level of
controller (INFO,ERROR)
| `""` |
+| `logFormat` | Specifies log format
(text,json)
| `""` |
+| `maxRetries` | Number of maximum
retries
| `""` |
+| `command` | Override default
container command
| `[]` |
+| `args` | Override default
container args
| `[]` |
+| `livenessProbe.enabled` | Enable livenessProbe on
Sealed Secret containers
| `true` |
+| `livenessProbe.initialDelaySeconds` | Initial delay seconds
for livenessProbe
| `0` |
+| `livenessProbe.periodSeconds` | Period seconds for
livenessProbe
| `10` |
+| `livenessProbe.timeoutSeconds` | Timeout seconds for
livenessProbe
| `1` |
+| `livenessProbe.failureThreshold` | Failure threshold for
livenessProbe
| `3` |
+| `livenessProbe.successThreshold` | Success threshold for
livenessProbe
| `1` |
+| `readinessProbe.enabled` | Enable readinessProbe on
Sealed Secret containers
| `true` |
+| `readinessProbe.initialDelaySeconds` | Initial delay seconds
for readinessProbe
| `0` |
+| `readinessProbe.periodSeconds` | Period seconds for
readinessProbe
| `10` |
+| `readinessProbe.timeoutSeconds` | Timeout seconds for
readinessProbe
| `1` |
+| `readinessProbe.failureThreshold` | Failure threshold for
readinessProbe
| `3` |
+| `readinessProbe.successThreshold` | Success threshold for
readinessProbe
| `1` |
+| `startupProbe.enabled` | Enable startupProbe on
Sealed Secret containers
| `false` |
+| `startupProbe.initialDelaySeconds` | Initial delay seconds
for startupProbe
| `0` |
+| `startupProbe.periodSeconds` | Period seconds for
startupProbe
| `10` |
+| `startupProbe.timeoutSeconds` | Timeout seconds for
startupProbe
| `1` |
+| `startupProbe.failureThreshold` | Failure threshold for
startupProbe
| `3` |
+| `startupProbe.successThreshold` | Success threshold for
startupProbe
| `1` |
+| `customLivenessProbe` | Custom livenessProbe
that overrides the default one
| `{}` |
+| `customReadinessProbe` | Custom readinessProbe
that overrides the default one
| `{}` |
+| `customStartupProbe` | Custom startupProbe that
overrides the default one
| `{}` |
+| `resources.limits` | The resources limits for
the Sealed Secret containers
| `{}` |
+| `resources.requests` | The requested resources
for the Sealed Secret containers
| `{}` |
+| `podSecurityContext.enabled` | Enabled Sealed Secret
pods' Security Context
| `true` |
+| `podSecurityContext.fsGroup` | Set Sealed Secret pod's
Security Context fsGroup
| `65534` |
+| `containerSecurityContext.enabled` | Enabled Sealed Secret
containers' Security Context
| `true` |
+| `containerSecurityContext.readOnlyRootFilesystem` | Whether the Sealed
Secret container has a read-only root filesystem
| `true` |
+| `containerSecurityContext.runAsNonRoot` | Indicates that the
Sealed Secret container must run as a non-root user
| `true` |
+| `containerSecurityContext.runAsUser` | Set Sealed Secret
containers' Security Context runAsUser
| `1001` |
+| `containerSecurityContext.capabilities` | Adds and removes POSIX
capabilities from running containers (see `values.yaml`)
| |
+| `podLabels` | Extra labels for Sealed
Secret pods
| `{}` |
+| `podAnnotations` | Annotations for Sealed
Secret pods
| `{}` |
+| `priorityClassName` | Sealed Secret pods'
priorityClassName
| `""` |
+| `runtimeClassName` | Sealed Secret pods'
runtimeClassName
| `""` |
+| `affinity` | Affinity for Sealed
Secret pods assignment
| `{}` |
+| `nodeSelector` | Node labels for Sealed
Secret pods assignment
| `{}` |
+| `tolerations` | Tolerations for Sealed
Secret pods assignment
| `[]` |
+| `additionalVolumes` | Extra Volumes for the
Sealed Secrets Controller Deployment
| `{}` |
+| `additionalVolumeMounts` | Extra volumeMounts for
the Sealed Secrets Controller container
| `{}` |
+| `hostNetwork` | Sealed Secrets pods'
hostNetwork
| `false` |
+| `containerPorts.http` | Controller HTTP Port on
the Host and Container
| `8080` |
+| `containerPorts.metrics` | Metrics HTTP Port on the
Host and Container
| `8081` |
+| `hostPorts.http` | Controller HTTP Port on
the Host
| `""` |
+| `hostPorts.metrics` | Metrics HTTP Port on the
Host
| `""` |
+| `dnsPolicy` | Sealed Secrets pods'
dnsPolicy
| `""` |
### Traffic Exposure Parameters
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/kubeseal-0.27.2/helm/sealed-secrets/templates/deployment.yaml
new/kubeseal-0.27.3/helm/sealed-secrets/templates/deployment.yaml
--- old/kubeseal-0.27.2/helm/sealed-secrets/templates/deployment.yaml
2024-11-04 10:28:57.000000000 +0100
+++ new/kubeseal-0.27.3/helm/sealed-secrets/templates/deployment.yaml
2024-12-05 12:44:23.000000000 +0100
@@ -82,6 +82,14 @@
- --key-renew-period
- {{ .Values.keyrenewperiod | quote }}
{{- end }}
+ {{- if .Values.keyttl }}
+ - --key-ttl
+ - {{ .Values.keyttl | quote }}
+ {{- end }}
+ {{- if .Values.keycutofftime }}
+ - --key-cutoff-time
+ - {{ .Values.keycutofftime | quote }}
+ {{- end }}
{{- if .Values.rateLimit }}
- --rate-limit
- {{ .Values.rateLimit | quote }}
@@ -137,6 +145,10 @@
- --listen-metrics-addr
- {{ printf ":%s" (.Values.containerPorts.metrics | toString) }}
{{- end }}
+ {{- if .Values.maxRetries }}
+ - --max-unseal-retries
+ - {{ .Values.maxRetries | quote }}
+ {{- end }}
{{- end }}
image: {{ printf "%s/%s:%s" .Values.image.registry
.Values.image.repository .Values.image.tag }}
imagePullPolicy: {{ .Values.image.pullPolicy }}
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/kubeseal-0.27.2/helm/sealed-secrets/values.yaml
new/kubeseal-0.27.3/helm/sealed-secrets/values.yaml
--- old/kubeseal-0.27.2/helm/sealed-secrets/values.yaml 2024-11-04
10:28:57.000000000 +0100
+++ new/kubeseal-0.27.3/helm/sealed-secrets/values.yaml 2024-12-05
12:44:23.000000000 +0100
@@ -39,7 +39,7 @@
image:
registry: docker.io
repository: bitnami/sealed-secrets-controller
- tag: 0.27.1
+ tag: 0.27.2
## Specify a imagePullPolicy
## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images
@@ -77,6 +77,17 @@
## To disable use "0", with quotes!
##
keyrenewperiod: ""
+## @param keyttl Specifies the certificate validity duration. Default 10 years.
+## e.g for one year
+## keyttl: "8760h00m00s"
+##
+keyttl: ""
+## @param keycutofftime Specifies a date at which the controller should
generate a new certificate. Useful in early key renewal scenarios.
+## Takes a date formated according to RFC1123. Can be obtained with the 'date
-R' command on a unix system.
+## e.g
+## keycutofftime: "Mon, 14 Oct 2024 21:45:30 +0200"
+##
+keycutofftime: ""
## @param rateLimit Number of allowed sustained request per second for verify
endpoint
##
rateLimit: ""
@@ -101,6 +112,9 @@
## @param logFormat Specifies log format (text,json)
##
logFormat: ""
+## @param maxRetries Number of maximum retries
+##
+maxRetries: ""
## @param command Override default container command
##
command: []
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/kubeseal-0.27.2/pkg/controller/controller.go
new/kubeseal-0.27.3/pkg/controller/controller.go
--- old/kubeseal-0.27.2/pkg/controller/controller.go 2024-11-04
10:28:57.000000000 +0100
+++ new/kubeseal-0.27.3/pkg/controller/controller.go 2024-12-05
12:44:23.000000000 +0100
@@ -38,8 +38,6 @@
)
const (
- maxRetries = 5
-
// SuccessUnsealed is used as part of the Event 'reason' when
// a SealedSecret is unsealed successfully.
SuccessUnsealed = "Unsealed"
@@ -60,6 +58,8 @@
var (
// ErrCast happens when a K8s any type cannot be casted to the expected
type.
ErrCast = errors.New("cast error")
+
+ maxRetries = 5
)
// Controller implements the main sealed-secrets-controller loop.
@@ -77,7 +77,7 @@
}
// NewController returns the main sealed-secrets controller loop.
-func NewController(clientset kubernetes.Interface, ssclientset
ssclientset.Interface, ssinformer ssinformer.SharedInformerFactory, sinformer
informers.SharedInformerFactory, keyRegistry *KeyRegistry) (*Controller, error)
{
+func NewController(clientset kubernetes.Interface, ssclientset
ssclientset.Interface, ssinformer ssinformer.SharedInformerFactory, sinformer
informers.SharedInformerFactory, keyRegistry *KeyRegistry, maxRetriesConfig
int) (*Controller, error) {
queue :=
workqueue.NewRateLimitingQueue(workqueue.DefaultControllerRateLimiter())
utilruntime.Must(ssscheme.AddToScheme(scheme.Scheme))
@@ -102,6 +102,8 @@
}
}
+ maxRetries = maxRetriesConfig
+
return &Controller{
ssInformer: ssInformer,
sInformer: sInformer,
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/kubeseal-0.27.2/pkg/controller/main.go
new/kubeseal-0.27.3/pkg/controller/main.go
--- old/kubeseal-0.27.2/pkg/controller/main.go 2024-11-04 10:28:57.000000000
+0100
+++ new/kubeseal-0.27.3/pkg/controller/main.go 2024-12-05 12:44:23.000000000
+0100
@@ -55,6 +55,7 @@
LogFormat string
PrivateKeyAnnotations string
PrivateKeyLabels string
+ MaxRetries int
}
func initKeyPrefix(keyPrefix string) (string, error) {
@@ -267,7 +268,7 @@
func prepareController(clientset kubernetes.Interface, namespace string,
tweakopts func(*metav1.ListOptions), f *Flags, ssclientset versioned.Interface,
keyRegistry *KeyRegistry) (*Controller, error) {
sinformer := initSecretInformerFactory(clientset, namespace, tweakopts,
f.SkipRecreate)
ssinformer := ssinformers.NewFilteredSharedInformerFactory(ssclientset,
0, namespace, tweakopts)
- controller, err := NewController(clientset, ssclientset, ssinformer,
sinformer, keyRegistry)
+ controller, err := NewController(clientset, ssclientset, ssinformer,
sinformer, keyRegistry, f.MaxRetries)
return controller, err
}
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/kubeseal-0.27.2/pkg/controller/metrics.go
new/kubeseal-0.27.3/pkg/controller/metrics.go
--- old/kubeseal-0.27.2/pkg/controller/metrics.go 2024-11-04
10:28:57.000000000 +0100
+++ new/kubeseal-0.27.3/pkg/controller/metrics.go 2024-12-05
12:44:23.000000000 +0100
@@ -17,6 +17,7 @@
labelNamespace = "namespace"
labelName = "name"
labelCondition = "condition"
+ labelInstance = "ss_app_kubernetes_io_instance"
)
var conditionStatusToGaugeValue = map[v1.ConditionStatus]float64{
@@ -47,11 +48,14 @@
[]string{"reason", "namespace"},
)
- conditionInfo = prometheus.NewGaugeVec(prometheus.GaugeOpts{
- Namespace: metricNamespace,
- Name: "condition_info",
- Help: "Current SealedSecret condition status. Values are
-1 (false), 0 (unknown or absent), 1 (true)",
- }, []string{labelNamespace, labelName, labelCondition})
+ conditionInfo = prometheus.NewGaugeVec(
+ prometheus.GaugeOpts{
+ Namespace: metricNamespace,
+ Name: "condition_info",
+ Help: "Current SealedSecret condition status.
Values are -1 (false), 0 (unknown or absent), 1 (true)",
+ },
+ []string{labelNamespace, labelName, labelCondition,
labelInstance},
+ )
httpRequestsTotal = prometheus.NewCounterVec(
prometheus.CounterOpts{
@@ -102,6 +106,7 @@
labelNamespace: ssecret.Namespace,
labelName: ssecret.Name,
labelCondition: string(condition.Type),
+ labelInstance:
ssecret.Labels["app.kubernetes.io/instance"],
}).Set(conditionStatusToGaugeValue[condition.Status])
}
}
@@ -112,7 +117,7 @@
return
}
for _, condition := range ssecret.Status.Conditions {
- conditionInfo.MetricVec.DeleteLabelValues(ssecret.Namespace,
ssecret.Name, string(condition.Type))
+ conditionInfo.MetricVec.DeleteLabelValues(ssecret.Namespace,
ssecret.Name, string(condition.Type), labelInstance)
}
}
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/kubeseal-0.27.2/scripts/release-check
new/kubeseal-0.27.3/scripts/release-check
--- old/kubeseal-0.27.2/scripts/release-check 2024-11-04 10:28:57.000000000
+0100
+++ new/kubeseal-0.27.3/scripts/release-check 2024-12-05 12:44:23.000000000
+0100
@@ -7,7 +7,7 @@
}
function find_release() {
- curl -v --silent
https://github.com/bitnami-labs/sealed-secrets/releases 2>&1 | grep $1 >
/dev/null
+ curl -v --silent
https://github.com/bitnami-labs/sealed-secrets/releases 2>&1 | grep -w $1 >
/dev/null
echo $?
}
++++++ kubeseal.obsinfo ++++++
--- /var/tmp/diff_new_pack.Nujxsj/_old 2024-12-05 17:14:00.607088981 +0100
+++ /var/tmp/diff_new_pack.Nujxsj/_new 2024-12-05 17:14:00.611089148 +0100
@@ -1,5 +1,5 @@
name: kubeseal
-version: 0.27.2
-mtime: 1730712537
-commit: 28ec06b4c7e1a42919baeaeab4ab79d6a610af02
+version: 0.27.3
+mtime: 1733399063
+commit: fa9307a09c01fd8d347cba44db35f42b2ac875bb
++++++ vendor.tar.gz ++++++
/work/SRC/openSUSE:Factory/kubeseal/vendor.tar.gz
/work/SRC/openSUSE:Factory/.kubeseal.new.28523/vendor.tar.gz differ: char 5,
line 1
