454790cee4
feat: add sourceRef.name column to Kustomization print columns
...
closes #556
Signed-off-by: Max Jonas Werner <mail@makk.es>
2022-02-01 16:35:13 +01:00
0d6f5afd04
Merge pull request #555 from fluxcd/release-v0.20.0
...
Release v0.20.0
2022-02-01 10:36:31 +02:00
d188195def
Release v0.20.0
...
Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com>
2022-02-01 10:01:01 +02:00
ceefe5ae09
Merge pull request #552 from fluxcd/impersonation-finalize
...
Ensure object are finalized under impersonation
2022-01-31 14:15:06 +02:00
65aaa1d69a
Ensure object are finalized under impersonation
...
If the service account used for impersonation has been deleted, skip pruning, log the error and continue with finalization to allow tenants removals from clusters.
Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com>
2022-01-31 13:20:12 +02:00
cd6fff0220
Merge pull request #551 from fluxcd/source-controller/api-v0.21.1
...
Update source-controller/api to v0.21.1
2022-01-31 12:40:12 +02:00
ea95f0c85c
Update source-controller/api to v0.21.1
...
Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com>
2022-01-31 12:07:33 +02:00
8e74f2c10c
Merge pull request #527 from fluxcd/ssa-override-kubectl-manager
...
Revoke kubectl managed fields ownership
2022-01-31 12:01:55 +02:00
f353ba44a7
Introduce a dedicated manager for status updates to avoid conflicts
...
Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com>
2022-01-31 11:29:54 +02:00
38541078fa
Revoke kubectl managed fields ownership
...
Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com>
2022-01-31 11:25:11 +02:00
4b59d7705e
Merge pull request #550 from fluxcd/default-service-account
...
Allow setting a default service account for impersonation
2022-01-31 11:23:40 +02:00
4d7cba91b0
Allow setting a default service account for impersonation
...
Introduce the flag `--default-service-account` for allowing cluster admins to enforce impersonation for resources reconciliation.
Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com>
2022-01-27 18:25:02 +02:00
09e6c29593
Merge pull request #549 from fluxcd/no-cross-namespace-refs
...
Allow disabling cross-namespace references
2022-01-27 11:36:28 +02:00
518c8a021b
Allow disabling cross-namespace references
...
Introduce the flag `--no-cross-namespace-refs` (defaults to false) for allowing cluster admins to disable cross-namespace references to sources.
Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com>
2022-01-26 22:50:10 +02:00
d22f98448d
Merge pull request #547 from mvoitko/fix/missing-port-protocol-in-manager-config
...
Fix the missing protocol for the first port in manager config
2022-01-25 10:37:30 +02:00
7a511efe38
Fix the missing protocol for the first port in manager config
...
Signed-off-by: Maksym Voitko <max.voitko@gmail.com>
2022-01-25 00:36:34 +02:00
0b018312e1
Merge pull request #544 from fluxcd/validate-resouces
...
Fix preflight validation
2022-01-21 13:53:22 +02:00
4ee01a2db0
Fix preflight validation
...
Validate that the resources built with kustomize conform to the Kubernetes API conventions before passing them to the server-side apply engine.
Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com>
2022-01-21 13:05:40 +02:00
593ac59f29
Merge pull request #543 from souleb/token-permissions
...
Add Permissions to github Workflows
2022-01-20 18:34:11 +02:00
f1327dca09
Add Permissions to github Workflows
...
Improve GITHUB_TOKEN permissions in the workflows.
Signed-off-by: Soule BA <bah.soule@gmail.com>
2022-01-20 16:35:43 +01:00
b6eeb141f2
Merge pull request #541 from fluxcd/cosign-sbom
...
Publish SBOM and sign release artifacts
2022-01-20 16:13:32 +02:00
be87d12e59
Publish SBOM and sign release artifacts
...
Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com>
2022-01-20 15:04:08 +02:00
6658d78b1b
Merge pull request #538 from souleb/issue-516
...
SOPS: Add support for HashiCorp Vault token-based authentication
2022-01-20 10:53:31 +02:00
12d9fabcc4
Merge pull request #539 from aryan9600/aryan9600/security-context
...
Drop capabilities, enable seccomp and enforce runAsNonRoot
2022-01-20 10:02:31 +02:00
c579e71430
add native support for sops decryption/encryption with Vault
...
If implemented, the kustomize controller will be able to retrieve a
secret containing a VAULT TOKEN and use it to decrypt the sops encrypted
master key. It will then use it to decrypt the data key and finally use the data
key to decrypt the final data.
Signed-off-by: Soule BA <bah.soule@gmail.com>
2022-01-19 21:59:10 +01:00
91e96a2069
Merge pull request #540 from yiannistri/dev-docs
...
Update development documentation
2022-01-19 14:26:20 +02:00
76487334ff
Update dev docs
...
Signed-off-by: Yiannis <yiannis.triantafyllopoulos@gmail.com>
2022-01-19 12:11:32 +00:00
c0d5eeea2d
drop capabilities, enable seccomp and enforce runAsNonRoot
...
Further restricts the SecurityContext that the controller runs under, by enabling the default seccomp profile and dropping all linux capabilities.
This was set at container-level to ensure backwards compatibility with use cases in which sidecars are injected into the source-controller pod
without setting less restrictive settings.
Add a uid and gid for the container to enforce runAsNonRoot and ensure
the use of non root users.
BREAKING CHANGES:
1) The use of new seccomp API requires Kubernetes 1.19.
2) the controller container is now executed under 65534:65534 (userid:groupid).
This change may break deployments that hard-coded the user name 'controller' in their PodSecurityPolicy.
Signed-off-by: Sanskar Jaiswal <sanskar.jaiswal@weave.works>
Co-authored-by: Paulo Gomes <paulo.gomes@weave.works>
2022-01-19 12:54:29 +05:30
c626836c41
Merge pull request #536 from pjbgf/fuzz
...
Refactor Fuzz implementation
2022-01-17 16:05:14 +02:00
0a6505fc59
Merge pull request #537 from gvillafanetapia/doc-escape-vars
...
Docs - Add var substitution operator escape syntax
2022-01-17 09:47:27 +02:00
6c343e15ae
Docs - Add var substitution operator escape syntax
...
Signed-off-by: Gonzalo Villafañe Tapia <gvillafanetapia@gmail.com>
2022-01-14 17:46:10 -03:00
50c043eb4f
Refactor fuzzing
...
Structure the fuzz implementation to be closer to what go native will support.
Add Makefile target to enable smoketesting fuzzers.
Add smoketest as CI workflow.
Signed-off-by: Paulo Gomes <paulo.gomes@weave.works>
2022-01-14 15:38:24 +00:00
7f8441672e
Fuzzing: Initial commit
...
Signed-off-by: AdamKorcz <adam@adalogics.com>
2022-01-14 14:55:37 +00:00
b18584a652
Merge pull request #535 from kingdonb/patch-finalizers
...
Use patch instead of update when adding finalizers
2022-01-14 08:24:26 +02:00
441b48aeef
Use patch instead of update when adding finalizers
...
Signed-off-by: Kingdon Barrett <kingdon@weave.works>
2022-01-13 19:44:10 -05:00
4e8fd15c64
Merge pull request #534 from fluxcd/release-v0.19.1
...
Release v0.19.1
2022-01-13 20:09:24 +02:00
57cf14430d
Release v0.19.1
...
Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com>
2022-01-13 19:54:39 +02:00
f39a7712fd
Merge pull request #533 from fluxcd/ssa-exclude-status
...
Update fluxcd/pkg/ssa to exclude the status field from apply
2022-01-13 19:17:03 +02:00
02c6708362
Update fluxcd/pkg/ssa to exclude the status field from apply
...
Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com>
2022-01-13 18:50:56 +02:00
ea07b48278
Merge pull request #529 from aryan9600/aryan9600/go-install-tool
...
Use go install instead of go get in Makefile
2022-01-11 17:52:56 +02:00
9075b72d57
use go install instead of go get in Makefile
...
Signed-off-by: Sanskar Jaiswal <sanskar.jaiswal@weave.works>
2022-01-11 20:22:38 +05:30
a195294799
Merge pull request #528 from fluxcd/release-v0.19.0
...
Release v0.19.0
2022-01-10 16:06:50 +02:00
d4e13e5c0c
Release v0.19.0
...
Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com>
2022-01-10 15:29:01 +02:00
748120f6b0
Merge pull request #521 from HardBrainer/main
...
Add condition to checkDependencies when SourceRef is the same
2022-01-10 11:21:09 +02:00
8435a5ba41
If applied, this commit will solve race condition when using two Kustomizations with the same SourceRef
...
Signed-off-by: Florian Fl Bauer <florian.fl.bauer@deutschebahn.com>
2022-01-07 14:17:40 +01:00
ed4d153c37
Merge pull request #526 from fluxcd/hpa-diff-fix
...
Fix HPA diff (upstream bug)
2022-01-06 11:11:49 +02:00
9b0bb3dcf9
Fix HPA diff (upstream bug)
...
Update fluxcd/ssa to v0.8.0 that implements a workaround for a Kubernetes API server-side apply dry-run bug where the HPA custom metrics are duplicated.
Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com>
2022-01-06 10:45:42 +02:00
23efa8212a
Merge pull request #525 from fluxcd/update-runc
...
Restore runc and image-spec patches
2022-01-06 09:22:38 +02:00
75b6130490
Restore runc and image-spec patches
...
Fix for CVE-2021-30465 and CVE-2021-41190
Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com>
2022-01-05 19:52:15 +02:00
00257e0cc9
Merge pull request #478 from fluxcd/go-v1.17
...
Update Go to v1.17 and controller-runtime to v0.11
2022-01-05 18:08:38 +02:00
Max Jonas Werner
Stefan Prodan
Max Voitko
Soule BA
Yiannis
Sanskar Jaiswal
Gonzalo Villafañe Tapia
Paulo Gomes
AdamKorcz
Kingdon Barrett
Florian Fl Bauer