Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Consolidation of Sealed Secrets images in DockerHub #1393

Closed
agarcia-oss opened this issue Nov 27, 2023 · 3 comments · Fixed by #1392
Closed

Consolidation of Sealed Secrets images in DockerHub #1393

agarcia-oss opened this issue Nov 27, 2023 · 3 comments · Fixed by #1392
Labels

Comments

@agarcia-oss
Copy link
Member

agarcia-oss commented Nov 27, 2023

The Sealed Secrets controller's official image is hosted in the Bitnami repository in DockerHub. At the same time, Bitnami produces its own controller and kubeseal image within the same repository. We understand this might create unnecessary confusion among Sealed Secrets users, so we have decided to consolidate both images into a single one.

What will we do?

Bitnami updates its images upon detecting new vulnerabilities. Additionally, these images are also packaged using a very compact scratch base image and compiled using golang best practices regarding code optimization. These features make Bitnami images a better option than their upstream counterparts. Our plan is to delegate the image generation process to the Bitnami team, while the Sealed Secrets team focuses on the generation of the kubeseal binaries.

In turn, the Bitnami team will refactor its current asset (bitnami/sealed-secrets) into two standalone images: (bitnami/sealed-secrets-controller and bitnami/sealed-secrets-kubeseal).

How is this going to affect Sealed Secrets Users?

This modification is an internal change in the pipeline to produce & keep up-to-date the Sealed Secrets images. For that reason, the change should be seamless for any Sealed Secrets user. Existing and new Sealed Secrets releases will continue to be available in the project’s Releases section and the official Sealed Secrets container name in DockerHub (bitnami/sealed-secrets-controller) will remain unchanged.

When will the change take effect?

These changes were already implemented during Sealed Secrets January 2024 release.

@agarcia-oss agarcia-oss pinned this issue Nov 27, 2023
Copy link
Contributor

This Issue has been automatically marked as "stale" because it has not had recent activity (for 15 days). It will be closed if no further activity occurs. Thanks for the feedback.

Copy link
Contributor

This Issue has been automatically marked as "stale" because it has not had recent activity (for 15 days). It will be closed if no further activity occurs. Thanks for the feedback.

@github-actions github-actions bot added the Stale label Dec 31, 2023
Copy link
Contributor

github-actions bot commented Jan 7, 2024

Due to the lack of activity in the last 7 days since it was marked as "stale", we proceed to close this Issue. Do not hesitate to reopen it later if necessary.

@github-actions github-actions bot closed this as not planned Won't fix, can't repro, duplicate, stale Jan 7, 2024
@agarcia-oss agarcia-oss reopened this Jan 18, 2024
@agarcia-oss agarcia-oss added ci/cd and removed Stale labels Jan 18, 2024
alvneiayu added a commit that referenced this issue Jan 18, 2024
… release (#1392)

With these changes, we are going to release the newest Sealed Secrets
version using the containers generated by the Bitnami Container Release
process using the tag of with our release. Then, we will generate the
official release in our project.

Why this decision? Using the Bitnami Release process, the containers are
tested in several environment (OpenShift, AKS, etc) running our
integration tests. Like this, the project will be covered in several
real environments that Sealed Secrets in running by the users.

From the user side, **you will not notice any change at all**. We are
publishing the containers in the same registry and our chart and
controller will use the same containers.

fixes #1393

---------

Signed-off-by: Alvaro Neira Ayuso <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Projects
None yet
1 participant