Skip to content
Permalink

Comparing changes

Choose two branches to see what’s changed or to start a new pull request. If you need to, you can also or learn more about diff comparisons.

Open a pull request

Create a new pull request by comparing changes across two branches. If you need to, you can also . Learn more about diff comparisons here.
base repository: fluxcd/kustomize-controller
Failed to load repositories. Confirm that selected base ref is valid, then try again.
Loading
base: v0.22.3
Choose a base ref
...
head repository: fluxcd/kustomize-controller
Failed to load repositories. Confirm that selected head ref is valid, then try again.
Loading
compare: v0.23.0
Choose a head ref
6 contributors

Commits on Apr 1, 2022

  1. docs/spec/v1beta2: fix recommended settings typo 

    Signed-off-by: Sunny <darkowlzz@protonmail.com>
    @darkowlzz
    darkowlzz committed Apr 1, 2022
    Copy the full SHA
    1e616ed View commit details

  2. Merge pull request #609 from fluxcd/example-typo 

    docs/spec/v1beta2: fix recommended settings typo
    @stefanprodan
    stefanprodan authored Apr 1, 2022
    Copy the full SHA
    412877c View commit details

  3. Fix build tag syntax 

    Signed-off-by: Paulo Gomes <paulo.gomes@weave.works>
    Paulo Gomes committed Apr 1, 2022
    Copy the full SHA
    1ba9507 View commit details

  4. Align Makefile with other repositories 

    Signed-off-by: Paulo Gomes <paulo.gomes@weave.works>
    Paulo Gomes committed Apr 1, 2022
    Copy the full SHA
    bce675b View commit details

  5. Download SOPS when running tests 

    Some tests requires the sops CLI to be installed,
by adding it as a requirement of the Makefile tests
target we make it easier for new contributors to
engage with the codebase.

Signed-off-by: Paulo Gomes <paulo.gomes@weave.works>
    Paulo Gomes committed Apr 1, 2022
    Copy the full SHA
    74a8258 View commit details

  6. Add flags to control kubeconfig support 

    Two new flags were added to allow users to enable the
use of user.Exec and InsecureTLS in the kubeconfigs
provided remote apply reconciliations.

Breaking change: both functionalities are no longer
enabled by default.

Signed-off-by: Paulo Gomes <paulo.gomes@weave.works>
    Paulo Gomes committed Apr 1, 2022
    Copy the full SHA
    d29032e View commit details

  7. Merge pull request #593 from pjbgf/new-kube-flag 

    Add kubeconfig flags
    @stefanprodan
    stefanprodan authored Apr 1, 2022
    Copy the full SHA
    55f14b7 View commit details

  8. add custom statusreader for jobs 

    Signed-off-by: Sanskar Jaiswal <sanskar.jaiswal@weave.works>
    Sanskar Jaiswal committed Apr 1, 2022
    Copy the full SHA
    ed5fb9f View commit details

  9. Merge pull request #608 from aryan9600/job-status 

    Implement health check for Kubernetes jobs
    @stefanprodan
    stefanprodan authored Apr 1, 2022
    Copy the full SHA
    3ebc24e View commit details

Commits on Apr 4, 2022

  1. Update KubeConfig documentation 

    When the flag --default-service-account was added it changed
slightly the behaviour of the spec.KubeConfig field. It forces
the impersonation to always take place, either via the contents
of spec.ServiceAccountName or its fallback at controller level.

Signed-off-by: Paulo Gomes <paulo.gomes@weave.works>
    Paulo Gomes committed Apr 4, 2022
    Copy the full SHA
    d006970 View commit details

  2. Merge pull request #611 from pjbgf/documentation-v1beta2 

    Update KubeConfig documentation
    @stefanprodan
    stefanprodan authored Apr 4, 2022
    Copy the full SHA
    97a4518 View commit details

  3. sops/keyservice: remove prompt capabilities 

    The original keyservice implementation was forked from SOPS, keeping
the prompt capabilities intact. However, since the implementations have
started to grow, it is better to remove this capability and resort to
a hardcoded `false` default for the fallback server. As the controller
is never expected to have an interactive TTY/shell.

Signed-off-by: Hidde Beydals <hello@hidde.co>
    @hiddeco
    hiddeco committed Apr 4, 2022
    Copy the full SHA
    31bfd5a View commit details

  4. sops/keyservice: simplify switch logic 

    These bits of code have a history of accidents around the fallback
behavior. By simplifying it, the fallback should generally always work,
unless you put in instructions to take another route.

Signed-off-by: Hidde Beydals <hello@hidde.co>
    @hiddeco
    hiddeco committed Apr 4, 2022
    Copy the full SHA
    7450a1a View commit details

  5. sops/keyservice: keep server fields private 

    This ensures data used for decryption is not exposed widely after
constructing the Server, and prevents a bypass to the default server
fallback.

Signed-off-by: Hidde Beydals <hello@hidde.co>
    @hiddeco
    hiddeco committed Apr 4, 2022
    Copy the full SHA
    2e30a18 View commit details

  6. sops/keyservice: allow config of server via opts 

    Signed-off-by: Hidde Beydals <hello@hidde.co>
    @hiddeco
    hiddeco committed Apr 4, 2022
    Copy the full SHA
    e5c2730 View commit details

  7. sops/keyservice: handle nil key requests 

    Signed-off-by: Hidde Beydals <hello@hidde.co>
    @hiddeco
    hiddeco committed Apr 4, 2022
    Copy the full SHA
    512e749 View commit details

  8. sops/keyservice: error on unfulfilled requirements 

    This ensures we signal early that we will be unable to fulfill the
request, instead of letting the underlying keysource implementation
run into mayhem. Which can be problematic for e.g. PGP, which has
assumptions about things being located relative to the given home
directory, resulting in possible unexpected behavior if an empty path
is given.

Signed-off-by: Hidde Beydals <hello@hidde.co>
    @hiddeco
    hiddeco committed Apr 4, 2022
    Copy the full SHA
    2487b51 View commit details

  9. sops/age: tidy and test keysource implementation 

    Signed-off-by: Hidde Beydals <hello@hidde.co>
    @hiddeco
    hiddeco committed Apr 4, 2022
    Copy the full SHA
    182ddbf View commit details

  10. sops/pgp: tidy and test keysource implementation 

    This revises the PGP keysource implementation, removing bits of code
that were not actually in use, or not viable in combination with how we
work with keys. In short:

- crypto/openpgp implementation has been removed. As it is unable to read
  the keystore created by newer versions of GnuPG. Given we import user
  provided keys _with_ GnuPG, this was basically dead code.
- All capabilities around fetching public keys from a server have been
  removed.
- "Jailing" of GnuPG shell-out is now handled in `gpgExec`, in addition,
  arguments for encrypt and decrypt execs have been revised to ensure
  they e.g. do not instruct to use the agent.

Signed-off-by: Hidde Beydals <hello@hidde.co>
    @hiddeco
    hiddeco committed Apr 4, 2022
    Copy the full SHA
    6554be2 View commit details

  11. sops/hcvault: tidy and test keysource impl 

    Signed-off-by: Hidde Beydals <hello@hidde.co>
    @hiddeco
    hiddeco committed Apr 4, 2022
    Copy the full SHA
    eaec2b9 View commit details

  12. sops/pgp: add GnuPGHome utility type 

    This adds a new GnuPGHome type which can be used to create a new
contained GnuPG home directory. The type is self-validating, ensuring
it adheres to e.g. permission rules set out by GnuPG, and allows for
importing keys from armored bytes and files.

Because of this introduction, the decryptor service no longer has to
write data from a Secret to a temporary file, but is instead able to
directly import them into the keyring from the Secret entry's bytes.

Signed-off-by: Hidde Beydals <hello@hidde.co>
    @hiddeco
    hiddeco committed Apr 4, 2022
    Copy the full SHA
    ed49f84 View commit details

Commits on Apr 5, 2022

  1. sops/age: add ParsedIdentities utility type 

    This adds a new ParsedIdentities type which can be used to parse a set
of age identities just once, instead of parsing them for every Decrypt
request.

Signed-off-by: Hidde Beydals <hello@hidde.co>
    @hiddeco
    hiddeco committed Apr 5, 2022
    Copy the full SHA
    dfbeae9 View commit details

  2. sops/azkv: add Token utility type 

    This adds a new Token type which can be used to configure an
azcore.TokenCredential on a master key. Due to this introduction, the
server only has to go through the AADConfig once.

Signed-off-by: Hidde Beydals <hello@hidde.co>
    @hiddeco
    hiddeco committed Apr 5, 2022
    Copy the full SHA
    ffdda3f View commit details

  3. sops/keyservice: tidy and add tests 

    Signed-off-by: Hidde Beydals <hello@hidde.co>
    @hiddeco
    hiddeco committed Apr 5, 2022
    Copy the full SHA
    9db141d View commit details

  4. decryptor: mention Secret name in import errors 

    Signed-off-by: Hidde Beydals <hello@hidde.co>
    @hiddeco
    hiddeco committed Apr 5, 2022
    Copy the full SHA
    bf4cefe View commit details

  5. decryptor: switch Printf to Errorf 

    Signed-off-by: Hidde Beydals <hello@hidde.co>
    @hiddeco
    hiddeco committed Apr 5, 2022
    Copy the full SHA
    62dafa1 View commit details

  6. Merge pull request #607 from fluxcd/sops-keyservice-imprv

    @hiddeco
    hiddeco authored Apr 5, 2022
    Copy the full SHA
    cbd02ea View commit details

  7. Release v0.23.0 

    Signed-off-by: Paulo Gomes <paulo.gomes@weave.works>
    Paulo Gomes committed Apr 5, 2022
    Copy the full SHA
    f90dbc9 View commit details

  8. Merge pull request #614 from pjbgf/release-v0.23.0

    @hiddeco
    hiddeco authored Apr 5, 2022
    Copy the full SHA
    6bc847b View commit details
Loading