As the forked code has been contributed upstream in a modified format.
We continue to inject our own default credentials in the key server if
none are provided by the Kustomization, to ensure we do not shell out
to `az`.
Signed-off-by: Hidde Beydals <hidde@hhh.computer>
This updates `go.mozilla.org/sops/v3` to the `v3.8.0-rc.1` release of
`github.com/getsops/sops/v3`.
This (finally) allows us to drop our forked key sources, as they have
now been contributed upstream in a slightly modified form which still
allows us to maintain control over the used credentials in isolation.
Signed-off-by: Hidde Beydals <hidde@hhh.computer>
This flag can be used to set the number of concurrent server-side apply operations.
Defaults to 4 concurrent operations per reconciliation.
Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com>
The metrics helper now accepts owned finalizers to determine if an
object is no longer managed by the controller and is being deleted, and
deletes the metrics associated with the object.
Signed-off-by: Sunny <darkowlzz@protonmail.com>
Add a `--interval-jitter-percentage` flag to the controller to
add a +/- percentage jitter to the `Kustomization.spec.interval`.
Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com>
Fail the health check as soon as a resource becomes stalled
without waiting for the timeout to expire.
This behavior can be disabled using the `DisableFailFastBehavior` feature flag.
Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com>
In Reconcile() method, move the object deletion above add finalizer.
Finalizers can't be set when an object is being deleted.
Signed-off-by: Sunny <darkowlzz@protonmail.com>
Kustomize controller uses the namespace of the kustomization resource
if the sourceRef is empty. However, this policy doesn't applied to
dependencies. This can be problematic if the same named `Sources`
without explicit namespace is in different namespace.
This commit fixes this issue by using kustomization's namespace when
checking dependencies if the namespace in sourceRef is empty.
Signed-off-by: Sunghoon Kang <me@hoon.dev>
Changes made due to breaking changes in controller-runtime:
* `Watches` accepts a plain `client.Object` instead of a `source.Kind`
object.
* Some fields in `controller.Options` are now in `config.Controller` which
is embedded in `controller.Options`.
* `handler.MapFunc` now accepts a context.
* `ctrlcache.Options` uses `ByObject` instead of `SelectorByObject`.
Signed-off-by: Sanskar Jaiswal <jaiswalsanskar078@gmail.com>
At the moment, the envCred logic can't actually set the Azure credentials.
This commit fixes the logic so that the environment variables can
actually be used to set the Azure credentials.
There are other issues that come up from this block of code, but those
can be dealt with separately.
Signed-off-by: Aaron Peschel <aaron.peschel@gmail.com>
This commit allows the disabling of the caching cluster reader used by
the status poller while waiting and/or checking the health of resources.
Potentially reducing the memory usage of the controller on large scale
clusters, at the cost of an increase in direct API calls.
The feature can be enabled using
`--feature-gates=DisableStatusPollerCache=true`.
Signed-off-by: Hidde Beydals <hidde@hhh.computer>
You can re-enable caching by starting the controller with the argument
`--feature-gates=CacheSecretsAndConfigMaps=true`.
Signed-off-by: Hidde Beydals <hello@hidde.co>
- Update Go to 1.19 in CI
- Use Go 1.19 in base image
- Update controller-gen v0.8.0 (v0.7 fails with Go 1.19) and regenerate manifests
Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com>
The existing fuzzers are converted into the Go native format. This
works well with most fuzzers, apart from the one that fuzzes the
controller.
That specific test depends on funcs and vars that are defined on
suite_test.go, which is not supported when building fuzzers leveraging
Go native fuzz for oss-fuzz. That test is therefore ignored when
executed with make fuzz-native. But, all tests are covered with
make fuzz-smoketest, in order to support oss-fuzz.
Once the controller is rewritten we can revist this and ensure that
fuzzers does not require envtest nor embedded CRDs.
Signed-off-by: Paulo Gomes <paulo.gomes@weave.works>
Hidde Beydals