Skip to content
Permalink

Comparing changes

Choose two branches to see what’s changed or to start a new pull request. If you need to, you can also or learn more about diff comparisons.

Open a pull request

Create a new pull request by comparing changes across two branches. If you need to, you can also . Learn more about diff comparisons here.
base repository: SparebankenVest/azure-key-vault-to-kubernetes
Failed to load repositories. Confirm that selected base ref is valid, then try again.
Loading
base: 1.3.1
Choose a base ref
...
head repository: SparebankenVest/azure-key-vault-to-kubernetes
Failed to load repositories. Confirm that selected head ref is valid, then try again.
Loading
compare: 1.4.0
Choose a head ref
  • 10 commits
  • 13 files changed
  • 5 contributors

Commits on Apr 18, 2022

  1. Add changelog for 1.3.1

    181192 committed Apr 18, 2022
    Copy the full SHA
    44777ae View commit details

Commits on Jun 13, 2022

  1. Copy the full SHA
    4e9ede9 View commit details
  2. Verified

    This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
    Copy the full SHA
    9c9cb94 View commit details

Commits on Aug 17, 2022

  1. Merge pull request #371 from wimi/custom_resync_periods

    Custom resync periods
    181192 authored Aug 17, 2022

    Verified

    This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
    Copy the full SHA
    15dee5b View commit details

Commits on Aug 31, 2022

  1. Remove survey

    torresdal authored Aug 31, 2022

    Verified

    This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
    Copy the full SHA
    9aed6f3 View commit details

Commits on Oct 10, 2022

  1. Patch golang x/net vulnerability

    Signed-off-by: Thomas Spear <tspear@conquestcyber.com>
    Thomas Spear committed Oct 10, 2022

    Unverified

    No user is associated with the committer email.
    Copy the full SHA
    e75c67f View commit details
  2. Merge pull request #418 from tspearconquest/patch_cve

    Patch golang x/net vulnerability
    181192 authored Oct 10, 2022

    Verified

    This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
    Copy the full SHA
    b5da5a5 View commit details

Commits on Nov 11, 2022

  1. build(deps): bump kindest/node from v1.17.5 to v1.25.3

    Bumps kindest/node from v1.17.5 to v1.25.3.
    
    ---
    updated-dependencies:
    - dependency-name: kindest/node
      dependency-type: direct:production
    ...
    
    Signed-off-by: dependabot[bot] <support@github.com>
    dependabot[bot] authored Nov 11, 2022

    Verified

    This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
    Copy the full SHA
    7532b0e View commit details

Commits on Dec 8, 2022

  1. Upgrade dependencies

    Upgrade k8s 1.25.5
    Upgrade go 1.19.4
    Upgrade build agent ubuntu 22.04
    181192 committed Dec 8, 2022
    Copy the full SHA
    15d87b2 View commit details
  2. Merge pull request #428 from SparebankenVest/dependabot/docker/kindes…

    …t/node-v1.25.3
    
    build(deps): bump kindest/node from v1.17.5 to v1.25.3
    181192 authored Dec 8, 2022

    Verified

    This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
    Copy the full SHA
    4c77638 View commit details
4 changes: 2 additions & 2 deletions .github/workflows/controller-build.yaml
Original file line number Diff line number Diff line change
@@ -19,14 +19,14 @@ on:

jobs:
build-deploy:
runs-on: ubuntu-18.04
runs-on: ubuntu-22.04
steps:
- uses: actions/checkout@master

- name: Setup Golang
uses: actions/setup-go@v1
with:
go-version: '1.18.1'
go-version: '1.19.4'

- name: Build
uses: ./.github/actions/build
4 changes: 2 additions & 2 deletions .github/workflows/pull-request.yaml
Original file line number Diff line number Diff line change
@@ -14,14 +14,14 @@ on:

jobs:
build-deploy:
runs-on: ubuntu-18.04
runs-on: ubuntu-22.04
steps:
- uses: actions/checkout@master

- name: Setup Golang
uses: actions/setup-go@v1
with:
go-version: '1.18.1'
go-version: '1.19.4'

- name: Test
run: make test
4 changes: 2 additions & 2 deletions .github/workflows/vaultenv-build.yaml
Original file line number Diff line number Diff line change
@@ -19,14 +19,14 @@ on:

jobs:
build-deploy:
runs-on: ubuntu-18.04
runs-on: ubuntu-22.04
steps:
- uses: actions/checkout@master

- name: Setup Golang
uses: actions/setup-go@v1
with:
go-version: '1.18.1'
go-version: '1.19.4'

- name: Build
uses: ./.github/actions/build
4 changes: 2 additions & 2 deletions .github/workflows/webhook-build.yaml
Original file line number Diff line number Diff line change
@@ -19,14 +19,14 @@ on:

jobs:
build-deploy:
runs-on: ubuntu-18.04
runs-on: ubuntu-22.04
steps:
- uses: actions/checkout@master

- name: Setup Golang
uses: actions/setup-go@v1
with:
go-version: '1.18.1'
go-version: '1.19.4'

- name: Build
uses: ./.github/actions/build
41 changes: 41 additions & 0 deletions CHANGELOG-1.3.md
Original file line number Diff line number Diff line change
@@ -5,6 +5,47 @@ description: "All changes in version 1.3"

# Changelog for Version 1.3

## Version 1.3.1

The most notable changes in this release are:

* Fallback to the Pod generated name when creating a secret for an unnamed pod #322
* Use a more refined regex to match valid injectable secret names #320 #281
* Fixes correct RBAC Role vs ClusterRole when `watchAllNamespaces` is `false` SparebankenVest/public-helm-charts#62
* Upgrade k8s client v0.23.5
* Upgrade go 1.18
* Upgrade alpine base image 3.15.6

### Controller

#### Features

* Upgrade k8s client v0.23.5
* Upgrade go 1.18
* Upgrade alpine base image 3.15.6

#### Bug Fixes

* Fallback to the Pod generated name when creating a secret for an unnamed pod #322
* Use a more refined regex to match valid injectable secret names #320 #281

### Helm Charts

* Add priorityClassName spec to akv2k8s controller deployment SparebankenVest/public-helm-charts#60
* Fixes correct RBAC Role vs ClusterRole when `watchAllNamespaces` is `false` SparebankenVest/public-helm-charts#62
* Remove duplicate MTLS_PORT environment variable SparebankenVest/public-helm-charts#70
* Upgrade PodDistributionBudget api version to v1 SparebankenVest/public-helm-charts#71
* Update generated CRD

### Chart and Image versions

| Type | Component | Version |
| ------------ | -------------------------------------------------------------------------------------------------- | ------- |
| Helm Chart | [akv2k8s](https://github.com/SparebankenVest/public-helm-charts/tree/akv2k8s-2.2.0/stable/akv2k8s) | 2.2.0 |
| Docker Image | spvest/azure-keyvault-controller | 1.3.1 |
| Docker Image | spvest/azure-keyvault-webhook | 1.3.1 |
| Docker Image | spvest/azure-keyvault-env | 1.3.1 |

## Version 1.3.0

The most notable changes in this release are:
4 changes: 2 additions & 2 deletions Dockerfile
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
ARG BASEIMAGE=gcr.io/distroless/static:nonroot
ARG BASE_ALPINE=alpine:3.15.4
ARG GO_VERSION=1.18.1
ARG BASE_ALPINE=alpine:3.17.0
ARG GO_VERSION=1.19.4

# -------
# Builder
2 changes: 0 additions & 2 deletions README.md
Original file line number Diff line number Diff line change
@@ -32,8 +32,6 @@

<p align="center"><i>Documentation available at <a href="https://akv2k8s.io">https://akv2k8s.io</a>. Join our <a href="https://join.slack.com/t/akv2k8s/shared_invite/zt-lfx2qdky-SGjwN8qTfca6bdeIyk46lg">Slack Workspace</a> to ask questions to the akv2k8s community.</i></p>

<p align="center"><i>Please spare one minute to take our survey: <a href="https://www.surveymonkey.com/r/HMFZVYR">https://www.surveymonkey.com/r/HMFZVYR</a>. Why? We have no idea how many are using Akv2k8s, except through user interaction here on GitHub. More importantly - what can we do to make Akv2k8s even better?</i></p>

## Overview

Azure Key Vault to Kubernetes (akv2k8s) will make Azure Key Vault objects available to Kubernetes in two ways:
24 changes: 14 additions & 10 deletions cmd/azure-keyvault-controller/main.go
Original file line number Diff line number Diff line change
@@ -39,7 +39,7 @@ import (
"k8s.io/client-go/tools/clientcmd"
"k8s.io/client-go/tools/record"

componentBaseConfig "k8s.io/component-base/config"
logConfig "k8s.io/component-base/logs/api/v1"
jsonlogs "k8s.io/component-base/logs/json"
"k8s.io/klog/v2"

@@ -57,12 +57,14 @@ import (
const controllerAgentName = "azurekeyvaultcontroller"

var (
version string
kubeconfig string
masterURL string
cloudconfig string
logFormat string
watchAllNamespaces bool
version string
kubeconfig string
masterURL string
cloudconfig string
logFormat string
watchAllNamespaces bool
kubeResyncPeriod int
azureKeyVaultResyncPeriod int
)

func initConfig() {
@@ -82,6 +84,8 @@ func init() {
flag.StringVar(&masterURL, "master", "", "The address of the Kubernetes API server. Overrides any value in kubeconfig. Only required if out-of-cluster.")
flag.StringVar(&cloudconfig, "cloudconfig", "/etc/kubernetes/azure.json", "Path to cloud config. Only required if this is not at default location /etc/kubernetes/azure.json")
flag.BoolVar(&watchAllNamespaces, "watch-all-namespaces", true, "Watch for custom resources in all namespaces, if set to false it will only watch the runtime namespace.")
flag.IntVar(&kubeResyncPeriod, "kube-resync-period", 30, "Resync period for kubernetes changes, in seconds. Defaults to 30.")
flag.IntVar(&azureKeyVaultResyncPeriod, "azure-resync-period", 30, "Resync period for Azure Key Vault changes, in seconds. Defaults to 30.")
}

func main() {
@@ -93,7 +97,7 @@ func main() {

if logFormat == "json" {
loggerFactory := jsonlogs.Factory{}
logger, _ := loggerFactory.Create(componentBaseConfig.FormatOptions{})
logger, _ := loggerFactory.Create(logConfig.LoggingConfiguration{})
klog.SetLogger(logger)
}
klog.InfoS("log settings", "format", logFormat, "level", flag.Lookup("v").Value)
@@ -158,8 +162,8 @@ func main() {
options.LabelSelector = labelSelectorAppender(options.LabelSelector, objectLabelSet)
}))
}
kubeInformerFactory := kubeinformers.NewSharedInformerFactoryWithOptions(kubeClient, time.Second*30, kubeInformerOptions...)
azureKeyVaultSecretInformerFactory := informers.NewSharedInformerFactoryWithOptions(azureKeyVaultSecretClient, time.Second*30, akvInformerOptions...)
kubeInformerFactory := kubeinformers.NewSharedInformerFactoryWithOptions(kubeClient, time.Second*time.Duration(kubeResyncPeriod), kubeInformerOptions...)
azureKeyVaultSecretInformerFactory := informers.NewSharedInformerFactoryWithOptions(azureKeyVaultSecretClient, time.Second*time.Duration(azureKeyVaultResyncPeriod), akvInformerOptions...)

klog.InfoS("Creating event broadcaster")
eventBroadcaster := record.NewBroadcaster()
4 changes: 2 additions & 2 deletions cmd/azure-keyvault-env/main.go
Original file line number Diff line number Diff line change
@@ -36,7 +36,7 @@ import (
"github.com/spf13/viper"
v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
"k8s.io/client-go/rest"
componentBaseConfig "k8s.io/component-base/config"
logConfig "k8s.io/component-base/logs/api/v1"
jsonlogs "k8s.io/component-base/logs/json"
"k8s.io/klog/v2"
)
@@ -160,7 +160,7 @@ func main() {

if logFormat == "json" {
loggerFactory := jsonlogs.Factory{}
logger, _ := loggerFactory.Create(componentBaseConfig.FormatOptions{})
logger, _ := loggerFactory.Create(logConfig.LoggingConfiguration{})
klog.SetLogger(logger)
}

4 changes: 2 additions & 2 deletions cmd/azure-keyvault-secrets-webhook/main.go
Original file line number Diff line number Diff line change
@@ -43,7 +43,7 @@ import (
"github.com/slok/kubewebhook/pkg/webhook/mutating"
"github.com/spf13/viper"
k8sCredentialProvider "github.com/vdemeester/k8s-pkg-credentialprovider"
componentBaseConfig "k8s.io/component-base/config"
logConfig "k8s.io/component-base/logs/api/v1"
jsonlogs "k8s.io/component-base/logs/json"
"k8s.io/klog/v2"
kubernetesConfig "sigs.k8s.io/controller-runtime/pkg/client/config"
@@ -228,7 +228,7 @@ func main() {

if params.logFormat == "json" {
loggerFactory := jsonlogs.Factory{}
logger, _ := loggerFactory.Create(componentBaseConfig.FormatOptions{})
logger, _ := loggerFactory.Create(logConfig.LoggingConfiguration{})
klog.SetLogger(logger)
}

Loading