Add `values.yaml` to the supported kubeconfig secret key names in order for SOPS to correctly detect the storage format based on the file extension.
Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com>
When checking the health status of each declared resource, kstatus
might return nil for certain resources (for whatever reason). In that
case, this information is now conveyed in the health status event.
https://github.com/fluxcd/kustomize-controller/pull/374
Signed-off-by: Max Jonas Werner <mail@makk.es>
Whenever a health check times out now, the most recently collected
error for each resource will be printed as part of the error message.
This excludes errors for those resources for which no error was
reported in the last update. This is because whenever a timeout
occurs, an error is reported on ALL resources, even those that have
been seen as healthy before.
Also, this commit causes all successfully checked resources to be
omitted in the error event.
Signed-off-by: Max Jonas Werner <mail@makk.es>
Allow patching multiple resources instead of a single existing one as
StrategicMerge & JSON6902 are forced to target existing named resources.
Signed-off-by: Guillaume Le Biller <glebiller@Traveldoo.com>
- Bump controller-runtime to v0.9.0
- Bump controller-gen to v0.5.0
- Use Environment.AddUser to generate the envtest cluster admin kubeconfig
Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com>
Reduce the log level from error to info to match the level of the event.
Signed-off-by: Allen Porter <allen.porter@gmail.com>
Signed-off-by: Allen Porter <allen@thebends.org>
This should give users some guidance when `kubectl apply` itself does
not give any useful output back itself, till date only observed when
it times out waiting.
Signed-off-by: Hidde Beydals <hello@hidde.co>
The previous `.txt` is very generic and could have resulted in
collisions when a new encryption format would be introduced in the
future.
Signed-off-by: Hidde Beydals <hello@hidde.co>
Allow passing --force to kubectl apply. Useful when dealing with
immutable field changes in resources.
Signed-off-by: Aurel Canciu <aurelcanciu@gmail.com>
- record the last health assessment result in a dedicated status condition
- use the condition status when issuing events to prevent notifications spam
Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com>
When running in a cluster, the BearerTokenFile is set to point to
`/var/run/secrets/kubernetes.io/serviceaccount/token` where the service
account's token is auto-mounted. If this value is not cleared, the
setting of the BearerToken field will have no effect. Relevant
documentation:
https://pkg.go.dev/k8s.io/client-go@v0.20.2/rest#Config.BearerTokenFile
Signed-off-by: Brian Atkinson <brian@atkinson.mn>
Log the reconciliation error instead of returning it, so that controller-runtime doesn't requeue immediately. Reconciliation failures should be scheduled at the specified retry interval.
Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com>
Before this commit we only checked if a `kustomization.yaml` existed at
the root of the given directory, this caused problems when people for
example used `.yml` as the extension, as the generated
`kustomization.yaml` would conflict with the `.yml` file.
After this commit all recognized Kustomization filenames as listed by
Kustomize itself are accepted, including files _without_ an extension
(`Kustomization`).
Signed-off-by: Hidde Beydals <hello@hidde.co>
To include a bug fix to the `ReconcilateAtChangedPredicate`
and renaming to `ReconcileRequestedPredicate`.
Signed-off-by: Hidde Beydals <hello@hidde.co>
This commit ensures that relative (user configurable) paths never
traverse outside their working directory.
It does _not_ provide protection against path traversal within
`kustomization.yaml` files.
Signed-off-by: Hidde Beydals <hello@hidde.co>
- filter kubectl apply output and extract errors
- limit apply output to 20K charts (avoid reaching max etcd size)
- log kubectl exit code when the process is killed
Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com>
- `github.com/fluxcd/pkg/apis/meta` to `v0.5.0`
- `github.com/fluxcd/pkg/runtime` to `v0.4.0`
- `github.com/fluxcd/source-controller/api` to `v0.5.1`
- `k8s.io/{api,apiextensions-apiserver,apimachinery,cli-runtime,client-go}` to `v0.19.4`
- `sigs.k8s.io/controller-runtime` to `v0.6.4`
Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com>
Drop the ServiceAccount field in favour of ServiceAccountName to prevent privilege escalation in multi-tenancy environments.
Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com>
Updates to use metav1.Condition type and removes references for
deprecated corev1.Condition* constants and uses the new k8s api/meta
helpers in place of the old pkg/apis/meta types.
Signed-off-by: Aurel Canciu <aurelcanciu@gmail.com>
The reason for this is the `EnqueueRequestsFromMapFunc` calling the
enqueuer for _both_ the old and the new object, and we only want to act
on the ones that contain a revision different from the one that we have
recorded in the status object of the `Kustomization`.
Signed-off-by: Hidde Beydals <hello@hidde.co>
Stefan Prodan
Somtochi Onyekwere
Sunny
Max Jonas Werner
Vincent Boutour
Jodok Batlogg
Jane Liu L
Guillaume Le Biller
Gorka Maiztegi
Hidehito Yabuuchi
bob.rohan
Kazuki Suda
Chanwit Kaewkasi
Hidde Beydals
Allen Porter
Hidde Beydals
Florian Richter
Aurel Canciu
David J. M. Karlsen
Laszlo Fogas
Christian Hernvall
Brian Atkinson
Philip Laine
Michał Flendrich
Nicolas Lamirault
Sylvain Rabot