Commit Graph

185 Commits

Author SHA1 Message Date
Sunny 45df2d76c8 Update API descriptions and messages to be consistent
- Update v1beta2 API descriptions and reconciling messages to be
  consistent.
- Replace 'download' with 'fetch'. Since the status condition for
  download failure is called FetchFailed, using the term 'fetch' makes
  the messaging more consistent.
- Replace `BucketOperationSucceed` with `BucketOperationSucceeded` and
  generate api docs.

Signed-off-by: Sunny <darkowlzz@protonmail.com>
2022-02-23 12:35:30 +01:00
Hidde Beydals 8e107ea60e HelmChartReconciler refactor
Signed-off-by: Hidde Beydals <hello@hidde.co>
2022-02-23 12:35:30 +01:00
Hidde Beydals 349739b7e4 Implement new runtime interfaces, prepare testenv
This commit ensures all API objects implement the interfaces used by
the runtime package to work with conditions, etc., and prepares the
test suite to work with the `pkg/runtime/testenv` wrapper.

Changes are made in a backwards compatible way (that being: the
existing code can still be build and works as expected), but without
proper dependency boundaries. The result of this is that the API
package temporary depends on the runtime package, which is resolved
when all reconcilers have been refactored and the API package does
no longer contain condition modifying functions.

Signed-off-by: Hidde Beydals <hello@hidde.co>
2022-02-23 12:35:30 +01:00
Hidde Beydals e42eedd392 Introduce more explicit Condition types
This commit introduces new Condition types to the v1beta1 API,
facilitating easier observation of (potentially) problematic state for
end-users.

- `ArtifactUnavailableCondition`: indicates there is no artifact
  available for the resource. This Condition should be set by the
  reconciler as soon as it observes the absence of an artifact for a
  source.
- `CheckoutFailedCondition`: indicates a transient or persistent
  checkout failure. This Condition should be set by the reconciler as
  soon as it observes a Git checkout failure, including any
  prerequisites like the unavailability of the referenced Secret used
  for authentication. It should be deleted as soon as a successful
  checkout has been observed again.
- `SourceVerifiedCondition`: indicates the integrity of the source has
  been verified. The Condition should be set to True or False by the
  reconciler based on the result of the integrity check.
  If there is no verification mode and/or secret configured, the
  Condition should be removed.
- `IncludeUnavailableCondition`: indicates one of the referenced
  includes is not available. This Condition should for example be set
  by the reconciler when the include does not exist, or does not have
  an artifact. If the includes become available, it should be deleted.
- `ArtifactOutdatedCondition`: indicates the current artifact of the
  source is outdated. This Condition should for example be set by the
  reconciler when it notices there is a newer revision for an artifact,
  or the previously included artifacts differ from the current available
  ones. The Condition should be removed after writing a new artifact
  to the storage.

Signed-off-by: Hidde Beydals <hello@hidde.co>
2022-02-23 12:35:30 +01:00
Sunny cc1e48243d Introduce v1beta2 API package
This commit introduces a v1beta2 API package for the staged breaking
changes around conditions and general usage of the API objects.

Signed-off-by: Hidde Beydals <hello@hidde.co>
Signed-off-by: Sunny <darkowlzz@protonmail.com>
Co-authored-by: Hidde Beydals <hello@hidde.co>
2022-02-23 12:34:35 +01:00
Stefan Prodan e3e9deb3fd
Release v0.21.2
Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com>
2022-02-07 11:50:32 +02:00
Stefan Prodan fb45c9caf6
Increase default timeout to 60s
Increase the default timeout from 20s to 60s for Git repository cloning and Bucket download

Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com>
2022-02-07 10:29:43 +02:00
Hidde Beydals 01946f22a3 Release v0.21.1
Signed-off-by: Hidde Beydals <hello@hidde.co>
2022-01-27 11:16:21 +01:00
Stefan Prodan 2049246adf
Release v0.21.0
Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com>
2022-01-26 15:38:10 +02:00
Maksym Voitko 44836641a8 Fix the missing protocol for the first port in manager config
Signed-off-by: Maksym Voitko <max.voitko@gmail.com>
2022-01-25 00:43:35 +02:00
Paulo Gomes 1c06b3f0c0
Set timeout to fix intermittent errors
Signed-off-by: Paulo Gomes <paulo.gomes@weave.works>
2022-01-20 08:23:43 +00:00
Paulo Gomes 9ba76a1f94
Enforce runAsNonRoot
BREAKING CHANGE: the controller container is now executed under 65534:65534 (userid:groupid). This change may break deployments that hard-coded the user name 'controller' in their PodSecurityPolicy.

Signed-off-by: Paulo Gomes <paulo.gomes@weave.works>
2022-01-19 14:57:26 +00:00
Paulo Gomes 7b04b44706
security: Drop capabilities and enable seccomp
Further restricts the SecurityContext that the controller runs under, by enabling the default seccomp profile and dropping all linux capabilities.
This was set at container-level to ensure backwards compatibility with
use cases in which sidecars are injected into the source-controller pod
without setting less restrictive settings.

BREAKING CHANGE: The use of new seccomp API requires Kubernetes 1.19.

Co-authored-by: Sanskar Jaiswal <sanskar.jaiswal@weave.works>
Signed-off-by: Paulo Gomes <paulo.gomes@weave.works>
2022-01-19 14:57:25 +00:00
Stefan Prodan 9b6726cc19
Release v0.20.1
Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com>
2022-01-07 11:00:29 +02:00
Stefan Prodan c1ad3aade5
Release v0.20.0
Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com>
2022-01-05 16:30:03 +02:00
Hidde Beydals 981d457d97 Release v0.19.2
Signed-off-by: Hidde Beydals <hello@hidde.co>
2021-12-09 15:11:12 +01:00
York Chen 9eab99fe00 crds: set default observedGeneration to -1
This ensures the resources aren't marked as Healthy prematurely
by tools as e.g. kstatus. Which will now report a status of
`InProgress` instead of `Ready`.

Signed-off-by: York Chen <ychen@d2iq.com>
2021-12-09 14:19:09 +01:00
Jonathan Innis 8870a0b3af Change bucket JSONPath from url to endpoint
Signed-off-by: Jonathan Innis <jonathan.innis.ji@gmail.com>
2021-12-04 15:15:49 -08:00
Hidde Beydals 865523a077 Release v0.19.1
Signed-off-by: Hidde Beydals <hello@hidde.co>
2021-12-03 13:40:09 +01:00
Hidde Beydals 30ae5565cb Release v0.19.0
Signed-off-by: Hidde Beydals <hello@hidde.co>
2021-11-23 10:32:02 +01:00
Stefan Prodan 058a016a60 Add ACL optional field to Source API
Cherry-picked from 525be388ec.

Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com>
2021-11-22 11:41:55 +01:00
Stefan Prodan f26ce87c0d
Release v0.18.0
Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com>
2021-11-12 14:51:44 +02:00
Hidde Beydals fb688ffe8a
storage: change Artifact checksum to SHA256
This changes the format of the Artifact checksum from SHA1 to SHA256 to
mitigate chosen-prefix and length extension attacks, and ensures it can
be used to secure content against malicious modifications.

Source consumers (including our own {kustomize,helm}-controllers)
should ensure the SHA256 of a downloaded artifact matches the
advertised checksum before making use of it.

Signed-off-by: Hidde Beydals <hello@hidde.co>
2021-11-11 22:47:49 +01:00
Sunny ede3295bd6 Release v0.17.2
Signed-off-by: Sunny <darkowlzz@protonmail.com>
2021-11-04 17:19:23 +05:30
Hidde Beydals d98cfaa815 Release v0.17.1
Signed-off-by: Hidde Beydals <hello@hidde.co>
2021-10-30 11:36:28 +02:00
Hidde Beydals 4d7812ea64 Release v0.17.0
Signed-off-by: Hidde Beydals <hello@hidde.co>
2021-10-28 15:11:58 +02:00
Hidde Beydals b7376ce94c gogit: allow checkout of commit without branch
This commit changes the `gogit` behavior for commit checkouts,
now allowing one to reference to just a commit while omitting any
branch reference. Doing this creates an Artifact with a
`HEAD/<commit>` revision.

If both a `branch` and `commit` are defined, the commit is expected
to exist within the branch. This results in a more efficient clone
of just the target branch, and also makes this change backwards
compatible.

Fixes #407
Fixes #315

Signed-off-by: Hidde Beydals <hello@hidde.co>
2021-10-27 00:43:31 +05:30
Hidde Beydals bef17ae851 Release v0.16.1
Signed-off-by: Hidde Beydals <hello@hidde.co>
2021-10-22 14:24:22 +02:00
Hidde Beydals 96ab646cd4 Release v0.16.0
Signed-off-by: Hidde Beydals <hello@hidde.co>
2021-10-14 13:49:52 -05:00
Dylan Arbour 5e6abae9e8 Add ReconcileStrategy to HelmChart
This commit adds a `ReconcileStrategy` field to the `HelmChart` resource, which
allows defining when a new chart should be packaged and/or published if it
originates from a `Bucket` or `GitRepository` resource.

The two available strategies are:

- `ChartVersion`: creates a new artifact when the version of the Helm chart as
  defined in the `Chart.yaml` from the Source is different from the current
  version.
- `Revision`: creates a new artifact when the revision of the Source is
  different from the current revision.

For the `Revision` strategy, the (checksum part of the) revision of the
artifact the chart originatesfrom is added as SemVer metadata.

A chart from a `GitRepository` with Artifact revision
`main/f0faacd5164a875ebdbd9e3fab778f49c5aadbbc` and a chart with e.g. SemVer
`0.1.0` will be published as `0.1.0+f0faacd5164a875ebdbd9e3fab778f49c5aadbbc`.

A chart from a `Bucket` with Artifact revision
`f0faacd5164a875ebdbd9e3fab778f49c5aadbbc` and a chart with e.g. SemVer `0.1.0`
will be published as `0.1.0+f0faacd5164a875ebdbd9e3fab778f49c5aadbbc`.

Signed-off-by: Dylan Arbour <arbourd@users.noreply.github.com>
2021-10-14 13:49:52 -05:00
pa250194 0444c6e16d Service Account Key Authentication to GCP Provider
Signed-off-by: pa250194 <pa250194@ncr.com>
2021-09-16 09:49:56 -05:00
Hidde Beydals fd1b3ce0bb Release v0.15.4
Signed-off-by: Hidde Beydals <hello@hidde.co>
2021-08-05 13:45:07 +02:00
Stefan Prodan be9f05baf1
Release v0.15.3
Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com>
2021-06-29 12:27:52 +03:00
Hidde Beydals bec2d83c2b Release v0.15.2
Signed-off-by: Hidde Beydals <hello@hidde.co>
2021-06-22 14:05:36 +02:00
Hidde Beydals 2c63246ede Change large-repo-* ref.branch to main
Signed-off-by: Hidde Beydals <hello@hidde.co>
2021-06-22 13:01:36 +02:00
Hidde Beydals 7013af77c5 Release v0.15.1
Signed-off-by: Hidde Beydals <hello@hidde.co>
2021-06-18 12:54:34 +02:00
Hidde Beydals 1f27410b34 Update Helm to v3.6.1
v3.6.1 is a a security update from Helm, ensuring that credentials are
always only passed to the defined repository host.

Based on Helm user reports, disabling this behavior may be required for
some Helm repository solutions like Artifactory, and may be done by
setting `PassCredentials` in the `HelmRepositorySpec`.

For more information, see:
https://github.com/helm/helm/security/advisories/GHSA-56hp-xqp3-w2jf

Signed-off-by: Hidde Beydals <hello@hidde.co>
2021-06-18 12:31:23 +02:00
Stefan Prodan 50c15b81b3
Release v0.15.0
Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com>
2021-06-17 18:51:09 +03:00
Hidde Beydals 3c1a27a7c3 Release v0.14.0
Signed-off-by: Hidde Beydals <hello@hidde.co>
2021-06-08 14:19:05 +02:00
Hidde Beydals a76b10cebb Update K8s, controller-runtime and fluxcd/pkg deps
Controller-runtime has been updated to `v0.9.0`, K8s dependencies to
`v0.21.1`, and all `fluxcd/pkg` and other dependencies to the versions
that have matching dependencies and/or build constraints.

Signed-off-by: Hidde Beydals <hello@hidde.co>
2021-06-08 13:41:34 +02:00
Hidde Beydals bbbb3174cd Release v0.13.2
Signed-off-by: Hidde Beydals <hello@hidde.co>
2021-06-02 12:03:26 +02:00
Stefan Prodan 2819924c78
Add e2e tests for large Git repositories
Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com>
2021-06-02 12:45:38 +03:00
Stefan Prodan b3aa9548ec
Release v0.13.1
Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com>
2021-05-28 11:17:27 +03:00
Stefan Prodan 145a82a429
Release v0.13.0
Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com>
2021-05-26 14:45:14 +03:00
Philip Laine fcf7048992 Add include property to GitRepositories
Signed-off-by: Philip Laine <philip.laine@gmail.com>
Signed-off-by: Philip Laine <philip.laine@xenit.se>
2021-05-11 09:46:50 +02:00
Hidde Beydals ba5bd31572 Release v0.12.2
Signed-off-by: Hidde Beydals <hello@hidde.co>
2021-05-10 16:14:52 +02:00
Hidde Beydals fe995a74bf Release v0.12.1
Signed-off-by: Hidde Beydals <hello@hidde.co>
2021-04-23 11:35:34 +02:00
Stefan Prodan bd0f1fdd19
Release v0.12.0
Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com>
2021-04-21 17:57:50 +03:00
Dylan Arbour 4a834e1d2d Add `ValuesFiles` to HelmChart spec
Signed-off-by: Dylan Arbour <arbourd@users.noreply.github.com>
2021-04-19 09:16:53 -04:00
abhinav454 ae24285596 Add shortNames to api resources
Signed-off-by: abhinav454 <43758739+abhinav454@users.noreply.github.com>
2021-04-15 09:03:56 -04:00