4ec51ca306
Add option to copy the OCI layer to storage
...
Add on optional field to the `OCIRepository.spec.layerSelector` called `operation` that accepts one of the following values: `extract` or `copy`. When the operation is set to `copy`, instead of extracting the compressed layer, the controller copies the compressed blob as it is to storage, thus keeping the original content unaltered.
Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com>
2022-09-23 19:00:30 +03:00
9c6dc330ae
Merge pull request #904 from fluxcd/add-ca-cert
...
Add custom CA certificates to system certificates
2022-09-23 11:11:52 +03:00
7a139647a2
add custom CA certificates to system certificates
...
When a custom CA certificate is provided in a Secret's `caCert` field
referenced in `HelmRelease.spec.secretRef` then that CA cert is now
added to the list of system certificates instead of it replacing the
system certificates. This makes HelmRepositories work in mixed
environments where charts are pulled from both, a public repository
and a private repository (e.g. through a chart dependency).
The test that is added as part of this change will fail without the
change and passes with it.
closes #866
closes fluxcd/helm-controller#519
Signed-off-by: Max Jonas Werner <max@e13.dev>
2022-09-23 10:57:00 +03:00
20fa94acc4
Merge pull request #911 from fluxcd/update-bucket-deps
...
Update Bucket related SDK dependencies
2022-09-22 16:42:47 +00:00
588fe0d15a
Update Bucket related SDK dependencies
...
Signed-off-by: Hidde Beydals <hello@hidde.co>
2022-09-22 14:57:25 +00:00
ebbc9983e9
Merge pull request #907 from fluxcd/summarize-with-bipolarity
...
Consider bipolarity conditions in Ready condition summarization
2022-09-22 15:26:32 +03:00
90b7cec915
ocirepo: Fix event trace type value
...
Signed-off-by: Sunny <darkowlzz@protonmail.com>
2022-09-22 15:42:53 +05:30
64bd34f116
Use bipolarity option in gitrepo and ocirepo
...
Use the bipolarity condition options in OCIRepository and GitRepository
reconcilers.
Signed-off-by: Sunny <darkowlzz@protonmail.com>
2022-09-22 15:42:53 +05:30
e5d3aa3701
summarize: consider bipolarity in status condition
...
This introduces the consideration of bipolarity conditions in the status
condition summary for Ready condition. The summarize.HelperOptions can
now be configured with a list of bipolarity conditions which are used in
SummarizeAndPatch() to set the Ready condition to failing bipolarity
condition with the highest priority.
Bipolarity condition is not a typical status property. It is a mix of
positive and negative polarities. It's "normal-true" and
"abnormal-false". Failing bipolarity conditions are prioritized over
other conditions to show the actual reason of failure on the Ready
status.
Signed-off-by: Sunny <darkowlzz@protonmail.com>
2022-09-22 15:42:53 +05:30
c9a5a56cfb
Merge pull request #876 from developer-guy/feature/863
...
[RFC-0003] Implement OCIRepository verification using Cosign
2022-09-22 13:04:55 +03:00
3b637a82fe
Add tests for keyless verification
...
Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com>
2022-09-22 12:25:40 +03:00
b5ffc9fc65
Update sigstore/cosign to v1.12.1
...
Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com>
2022-09-22 11:52:19 +03:00
7c92949d17
Retry failed verifications with exponential backoff
...
Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com>
2022-09-20 21:26:34 +03:00
082028e115
Refactor internal OCI package
...
Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com>
2022-09-20 18:34:02 +03:00
21af88fbea
Document the Cosign verification procedure
...
Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com>
2022-09-20 14:07:11 +03:00
03af4f6418
fix: ocirepository_controller reviews
...
Signed-off-by: Furkan <furkan.turkal@trendyol.com>
2022-09-20 14:07:11 +03:00
2db2715988
feat: add condition tests for verification logic
...
Signed-off-by: Batuhan Apaydın <batuhan.apaydin@trendyol.com>
2022-09-20 14:07:11 +03:00
07b532674c
Add omitempty to cosgin secretRef
...
Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com>
2022-09-20 14:07:11 +03:00
3cb8046866
Add SourceVerifiedCondition to OCI source conditions
...
Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com>
2022-09-20 14:07:11 +03:00
44b8288d83
Add basic cosign verification tests
...
Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com>
2022-09-20 14:07:11 +03:00
7c72acc5b0
Set timeout for cosgin verification
...
Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com>
2022-09-20 14:07:11 +03:00
697f260dba
Introduce Initial OCIRepository Source Verification
...
Fixes #863
Signed-off-by: Furkan <furkan.turkal@trendyol.com>
Co-authored-by: Batuhan <batuhan.apaydin@trendyol.com>
Signed-off-by: Batuhan Apaydın <batuhan.apaydin@trendyol.com>
2022-09-20 14:07:10 +03:00
54d706a226
Merge pull request #903 from fluxcd/api-validate-duration
...
api: add custom validation for v1.Duration types
2022-09-20 09:46:23 +00:00
27f4ed5a47
api: add custom validation for v1.Duration types
...
To solve discrepancies between parsing versus validation.
xref: https://github.com/kubernetes/apimachinery/issues/131
Signed-off-by: Hidde Beydals <hello@hidde.co>
2022-09-20 08:03:01 +00:00
7b4a1934ee
Merge pull request #900 from fluxcd/fix-build-cosign
...
Fix build by enabling Cosign experimental
2022-09-15 19:15:33 +03:00
1ff0a20a0e
Fix build by enabling Cosign experimental
...
Cosign 1.12.0 comes with a breaking change where verify blob requires `COSIGN_EXPERIMENTAL=1`
Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com>
2022-09-15 18:06:57 +03:00
9ab1522271
Merge pull request #897 from ManoManoTech/panic-oci-auth
...
Handle nil OCI authenticator with malformed registry
2022-09-14 13:45:12 +02:00
03ba63bec3
Handle nil OCI authenticator with malformed registry
...
Fixes #896
Signed-off-by: Adrien Fillon <adrien.fillon@manomano.com>
2022-09-13 19:53:41 +02:00
9e853a909d
Merge pull request #895 from fluxcd/release-v0.29.0
...
Release v0.29.0
2022-09-09 17:09:52 +03:00
1c72db13bb
Release v0.29.0
...
Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com>
2022-09-09 16:53:38 +03:00
cf0e9ac2fe
Merge pull request #884 from souleb/fix-874
...
[OCI] Static credentials should take precedence over the OIDC provider
2022-09-09 16:34:31 +03:00
869c73d0ad
secretRef take precedence over provider
...
if secretRef is provided, we do not attempt to resolve oidc
Signed-off-by: Soule BA <soule@weave.works>
2022-09-09 14:43:35 +02:00
e22a6643f1
Merge pull request #893 from fluxcd/revert-ecr-public
...
CI: Revert Public ECR push
2022-09-09 12:06:58 +03:00
87b8efa02f
CI: Revert Public ECR push
...
Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com>
2022-09-09 11:23:39 +03:00
172629dfba
Merge pull request #891 from fluxcd/fix-ecr-push
...
CI: Set Public ECR region to us-east-1
2022-09-07 18:54:32 +03:00
8216175daa
CI: Set Public ECR region to us-east-1
...
Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com>
2022-09-07 18:46:49 +03:00
dc80d4f8bd
Merge pull request #889 from fluxcd/push-ecr-public
...
Publish container images to AWS Public ECR
2022-09-07 10:59:07 +03:00
3da8bf27b0
Publish container images to AWS Public ECR
...
Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com>
2022-09-07 10:41:23 +03:00
f97bbb6c5b
Merge pull request #887 from fluxcd/rm-log-rec-id
...
Remove custom reconcileID value from OCI HelmRepo logger and context overwrite
2022-09-05 12:44:39 +03:00
59294bf582
controllers: Remove ctx overwrite
...
Context in the reconcilers were overwritten earlier after adding new
log field `reconcileID` in the logger. Since the `reconcileID` is now
set by controller-runtime, this is no longer needed. The logger in the
context already has the field set and when the context is passed to
other functions, they too have the logger with the reconcileID set.
Signed-off-by: Sunny <darkowlzz@protonmail.com>
2022-09-04 18:56:02 +05:30
658134fe88
Remove setting reconcileID in helmrepo-oci logger
...
With the new controller-runtime, the reconcileID is automatically set
per reconciliation and need not be set explicitly.
Signed-off-by: Sunny <darkowlzz@protonmail.com>
2022-09-04 17:15:06 +05:30
6a560d94e4
Merge pull request #886 from pjbgf/fuzz-update
...
fuzz: Fuzz optimisations
2022-09-03 09:13:14 +03:00
976f4bb3fb
fuzz: Fix cache path
...
Signed-off-by: Paulo Gomes <paulo.gomes@weave.works>
2022-09-03 03:59:03 +01:00
e26f8b4fc6
fuzz: Reuse go cache from host
...
Signed-off-by: Paulo Gomes <paulo.gomes@weave.works>
2022-09-02 17:51:28 +01:00
50ef51b59d
fuzz: Ensure latest base images are used
...
Latest base image should contain Go 1.18, removing
the need of updating that ourselves, apart from
benefiting from latest changes upstream.
Signed-off-by: Paulo Gomes <paulo.gomes@weave.works>
2022-09-02 17:51:11 +01:00
6d479e559b
Merge pull request #882 from somtochiama/update-runtime
...
Align controller logs to Kubernetes structured logging
2022-08-31 17:30:23 +03:00
c38fafe128
Align controller logs to Kubernetes structured logging
...
Signed-off-by: Somtochi Onyekwere <somtochionyekwere@gmail.com>
2022-08-31 14:24:40 +01:00
b4021b1443
Merge pull request #881 from fluxcd/http-oci
...
[OCIRepository] Add support for non-TLS insecure container registries
2022-08-31 12:58:25 +03:00
e1ad5a6fd3
Add `spec.insecure` to OCIRepository API
...
Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com>
2022-08-31 11:10:25 +03:00
181b2177fe
Add support for plain HTTP OCIRepositories
...
Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com>
2022-08-31 10:08:29 +03:00
Stefan Prodan
Max Jonas Werner
Hidde Beydals
Hidde Beydals
Sunny
Furkan
Batuhan Apaydın
Max Jonas Werner
Adrien Fillon
Soule BA
Paulo Gomes
Somtochi Onyekwere