From 67c0eddd580e242950d761c0c45cd1e382262570 Mon Sep 17 00:00:00 2001 From: Catalog Updater Date: Fri, 21 Jun 2024 06:21:12 +0000 Subject: [PATCH] Release sealed-secrets-v0.27.0-kbst.0 --- src/sealed-secrets/base/controller.yaml | 333 ++++++++++++++---------- 1 file changed, 196 insertions(+), 137 deletions(-) diff --git a/src/sealed-secrets/base/controller.yaml b/src/sealed-secrets/base/controller.yaml index ead4b734..3cee3af2 100644 --- a/src/sealed-secrets/base/controller.yaml +++ b/src/sealed-secrets/base/controller.yaml @@ -1,4 +1,76 @@ --- +apiVersion: apps/v1 +kind: Deployment +metadata: + annotations: {} + labels: + name: sealed-secrets-controller + name: sealed-secrets-controller + namespace: kube-system +spec: + minReadySeconds: 30 + replicas: 1 + revisionHistoryLimit: 10 + selector: + matchLabels: + name: sealed-secrets-controller + strategy: + rollingUpdate: + maxSurge: 25% + maxUnavailable: 25% + type: RollingUpdate + template: + metadata: + annotations: {} + labels: + name: sealed-secrets-controller + spec: + containers: + - args: [] + command: + - controller + env: [] + image: docker.io/bitnami/sealed-secrets-controller:0.27.0 + imagePullPolicy: IfNotPresent + livenessProbe: + httpGet: + path: /healthz + port: http + name: sealed-secrets-controller + ports: + - containerPort: 8080 + name: http + - containerPort: 8081 + name: metrics + readinessProbe: + httpGet: + path: /healthz + port: http + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + readOnlyRootFilesystem: true + stdin: false + tty: false + volumeMounts: + - mountPath: /tmp + name: tmp + imagePullSecrets: [] + initContainers: [] + securityContext: + fsGroup: 65534 + runAsNonRoot: true + runAsUser: 1001 + seccompProfile: + type: RuntimeDefault + serviceAccountName: sealed-secrets-controller + terminationGracePeriodSeconds: 30 + volumes: + - emptyDir: {} + name: tmp +--- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: @@ -15,24 +87,30 @@ spec: - name: v1alpha1 schema: openAPIV3Schema: - description: SealedSecret is the K8s representation of a "sealed Secret" - - a regular k8s Secret that has been sealed (encrypted) using the controller's - key. + description: |- + SealedSecret is the K8s representation of a "sealed Secret" - a + regular k8s Secret that has been sealed (encrypted) using the + controller's key. properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object spec: - description: SealedSecretSpec is the specification of a SealedSecret + description: SealedSecretSpec is the specification of a SealedSecret. properties: data: description: Data is deprecated and will be removed eventually. Use @@ -45,18 +123,45 @@ spec: type: object x-kubernetes-preserve-unknown-fields: true template: - description: Template defines the structure of the Secret that will - be created from this sealed secret. + description: |- + Template defines the structure of the Secret that will be + created from this sealed secret. properties: data: additionalProperties: type: string - description: Keys that should be templated using decrypted data + description: Keys that should be templated using decrypted data. nullable: true type: object + immutable: + description: |- + Immutable, if set to true, ensures that data stored in the Secret cannot + be updated (only object metadata can be modified). + If not set to true, the field can be modified at any time. + Defaulted to nil. + type: boolean metadata: - description: 'Standard object''s metadata. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#metadata' + description: |- + Standard object's metadata. + More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#metadata nullable: true + properties: + annotations: + additionalProperties: + type: string + type: object + finalizers: + items: + type: string + type: array + labels: + additionalProperties: + type: string + type: object + name: + type: string + namespace: + type: string type: object x-kubernetes-preserve-unknown-fields: true type: @@ -95,12 +200,14 @@ spec: description: The reason for the condition's last transition. type: string status: - description: 'Status of the condition for a sealed secret. Valid - values for "Synced": "True", "False", or "Unknown".' + description: |- + Status of the condition for a sealed secret. + Valid values for "Synced": "True", "False", or "Unknown". type: string type: - description: 'Type of condition for a sealed secret. Valid value: - "Synced"' + description: |- + Type of condition for a sealed secret. + Valid value: "Synced" type: string required: - status @@ -155,125 +262,6 @@ subjects: name: system:authenticated --- apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - annotations: {} - labels: - name: sealed-secrets-service-proxier - name: sealed-secrets-service-proxier - namespace: kube-system -rules: -- apiGroups: - - "" - resourceNames: - - sealed-secrets-controller - resources: - - services - verbs: - - get -- apiGroups: - - "" - resourceNames: - - 'http:sealed-secrets-controller:' - - http:sealed-secrets-controller:http - - sealed-secrets-controller - resources: - - services/proxy - verbs: - - create - - get ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - annotations: {} - labels: - name: sealed-secrets-key-admin - name: sealed-secrets-key-admin - namespace: kube-system -rules: -- apiGroups: - - "" - resources: - - secrets - verbs: - - create - - list ---- -apiVersion: v1 -kind: ServiceAccount -metadata: - annotations: {} - labels: - name: sealed-secrets-controller - name: sealed-secrets-controller - namespace: kube-system ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - annotations: {} - labels: - name: sealed-secrets-controller - name: sealed-secrets-controller - namespace: kube-system -spec: - minReadySeconds: 30 - replicas: 1 - revisionHistoryLimit: 10 - selector: - matchLabels: - name: sealed-secrets-controller - strategy: - rollingUpdate: - maxSurge: 25% - maxUnavailable: 25% - type: RollingUpdate - template: - metadata: - annotations: {} - labels: - name: sealed-secrets-controller - spec: - containers: - - args: [] - command: - - controller - env: [] - image: docker.io/bitnami/sealed-secrets-controller:v0.20.2 - imagePullPolicy: IfNotPresent - livenessProbe: - httpGet: - path: /healthz - port: http - name: sealed-secrets-controller - ports: - - containerPort: 8080 - name: http - readinessProbe: - httpGet: - path: /healthz - port: http - securityContext: - readOnlyRootFilesystem: true - runAsNonRoot: true - runAsUser: 1001 - stdin: false - tty: false - volumeMounts: - - mountPath: /tmp - name: tmp - imagePullSecrets: [] - initContainers: [] - securityContext: - fsGroup: 65534 - serviceAccountName: sealed-secrets-controller - terminationGracePeriodSeconds: 30 - volumes: - - emptyDir: {} - name: tmp ---- -apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: annotations: {} @@ -352,3 +340,74 @@ rules: - namespaces verbs: - get +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + annotations: {} + labels: + name: sealed-secrets-controller + name: sealed-secrets-controller + namespace: kube-system +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + annotations: {} + labels: + name: sealed-secrets-service-proxier + name: sealed-secrets-service-proxier + namespace: kube-system +rules: +- apiGroups: + - "" + resourceNames: + - sealed-secrets-controller + resources: + - services + verbs: + - get +- apiGroups: + - "" + resourceNames: + - 'http:sealed-secrets-controller:' + - http:sealed-secrets-controller:http + - sealed-secrets-controller + resources: + - services/proxy + verbs: + - create + - get +--- +apiVersion: v1 +kind: Service +metadata: + annotations: {} + labels: + name: sealed-secrets-controller-metrics + name: sealed-secrets-controller-metrics + namespace: kube-system +spec: + ports: + - port: 8081 + targetPort: 8081 + selector: + name: sealed-secrets-controller + type: ClusterIP +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + annotations: {} + labels: + name: sealed-secrets-key-admin + name: sealed-secrets-key-admin + namespace: kube-system +rules: +- apiGroups: + - "" + resources: + - secrets + verbs: + - create + - list