Skip to content

Commit

Permalink
Upgrade and rollout (#84)
Browse files Browse the repository at this point in the history 
* Several changes

 * Support for rollout when a secret is updated
 * Upgrades vals backend libs
 * Upgrades common golang libs and kubebuilder tools

* Fixing pipeline

* Tagging 0.7.11

* Bump golang version
  • Loading branch information
@digiserg
digiserg authored Nov 14, 2024
1 parent abac1df commit 9584368
Show file tree
Hide file tree
Showing 18 changed files with 262 additions and 135 deletions.
2 changes: 1 addition & 1 deletion .github/workflows/pre-commit.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -9,7 +9,7 @@ jobs:
pre-commit:
# Run the test inside a centos8 container
runs-on: ubuntu-latest
container: golang:1.22.5-bookworm
container: golang:1.23-bookworm
steps:

# Make pip3 work
Expand Down
4 changes: 2 additions & 2 deletions .github/workflows/release.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -15,8 +15,8 @@ jobs:
- name: Check out the repo
uses: actions/checkout@v3

- name: Setup mirror
uses: self-actuated/hub-mirror@master
# - name: Setup mirror
# uses: self-actuated/hub-mirror@master

- name: Get TAG
id: get_tag
Expand Down
2 changes: 1 addition & 1 deletion Dockerfile
View file
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
FROM --platform=${BUILDPLATFORM:-linux/amd64} golang:1.22 as builder
FROM --platform=${BUILDPLATFORM:-linux/amd64} golang:1.23 as builder

ARG TARGETPLATFORM
ARG BUILDPLATFORM
Expand Down
2 changes: 1 addition & 1 deletion Makefile
View file
Original file line number Diff line number Diff line change
Expand Up @@ -133,7 +133,7 @@ ENVTEST ?= $(LOCALBIN)/setup-envtest

## Tool Versions
KUSTOMIZE_VERSION ?= v3.8.7
CONTROLLER_TOOLS_VERSION ?= v0.10.0
CONTROLLER_TOOLS_VERSION ?= v0.16.5

KUSTOMIZE_INSTALL_SCRIPT ?= "https://raw.githubusercontent.com/kubernetes-sigs/kustomize/master/hack/install_kustomize.sh"
.PHONY: kustomize
Expand Down
5 changes: 4 additions & 1 deletion README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -93,7 +93,7 @@ metadata:
owner: digitalis.io
spec:
name: my-secret # Optional, default is the resource name
ttl: 3600 # Optional, default is 0. The secret will be checked at every "reconcile period". See below.
ttl: 3600 # Optional, default is 5 minutes. The secret will be checked at every "reconcile period". See below.
type: Opaque # Default type, others supported
data:
username:
Expand Down Expand Up @@ -121,6 +121,9 @@ spec:
{{- if .url }}
url: {{ .url | lower }}
{{ end }}
rollout: # optional: run a `rollout` to make the pods use new secret
- kind: Deployment
name: myapp
```
The example above will create a secret named `my-secret` and get the values from the different sources. The secret will be kept in sync against the backed secrets store.
Expand Down
9 changes: 9 additions & 0 deletions apis/digitalis.io/v1/valssecret_types.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -70,6 +70,15 @@ type ValsSecretSpec struct {
Type string `json:"type,omitempty"`
Databases []Database `json:"databases,omitempty"`
Template map[string]string `json:"template,omitempty"`
Rollout []RolloutTarget `json:"rollout,omitempty"`
}

// RolloutTarget sets up what deployment or sts to restart
type RolloutTarget struct {
// Kind is either Deployment, Pod or StatefulSet
Kind string `json:"kind"`
// Name is the object name
Name string `json:"name"`
}

// ValsSecretStatus defines the observed state of ValsSecret
Expand Down
21 changes: 20 additions & 1 deletion apis/digitalis.io/v1/zz_generated.deepcopy.go
View file

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

1 change: 0 additions & 1 deletion apis/digitalis.io/v1beta1/zz_generated.deepcopy.go
View file

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

4 changes: 2 additions & 2 deletions charts/vals-operator/Chart.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -16,10 +16,10 @@ kubeVersion: ">= 1.19.0-0"
type: application

# Chart version
version: 0.7.10
version: 0.7.11

# Latest container tag
appVersion: v0.7.10
appVersion: v0.7.11

maintainers:
- email: [email protected]
Expand Down
20 changes: 12 additions & 8 deletions charts/vals-operator/crds/dbsecrets.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,10 +3,9 @@ apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.10.0
controller-gen.kubebuilder.io/version: v0.16.5
"helm.sh/hook": crd-install
"helm.sh/hook-delete-policy": "before-hook-creation"
creationTimestamp: null
name: dbsecrets.digitalis.io
spec:
group: digitalis.io
Expand All @@ -23,14 +22,19 @@ spec:
description: DbSecret is the Schema for the dbsecrets API
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
description: |-
APIVersion defines the versioned schema of this representation of an object.
Servers should convert recognized schemas to the latest internal value, and
may reject unrecognized values.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
type: string
kind:
description: 'Kind is a string value representing the REST resource this
object represents. Servers may infer this from the endpoint the client
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
description: |-
Kind is a string value representing the REST resource this object represents.
Servers may infer this from the endpoint the client submits requests to.
Cannot be updated.
In CamelCase.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
type: string
metadata:
type: object
Expand Down
49 changes: 32 additions & 17 deletions charts/vals-operator/crds/valssecrets.yaml
View file
Original file line number Diff line number Diff line change
@@ -1,13 +1,11 @@

---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.4.1
controller-gen.kubebuilder.io/version: v0.16.5
"helm.sh/hook": crd-install
"helm.sh/hook-delete-policy": "before-hook-creation"
creationTimestamp: null
name: valssecrets.digitalis.io
spec:
group: digitalis.io
Expand All @@ -24,14 +22,19 @@ spec:
description: ValsSecret is the Schema for the valssecrets API
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
description: |-
APIVersion defines the versioned schema of this representation of an object.
Servers should convert recognized schemas to the latest internal value, and
may reject unrecognized values.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
type: string
kind:
description: 'Kind is a string value representing the REST resource this
object represents. Servers may infer this from the endpoint the client
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
description: |-
Kind is a string value representing the REST resource this object represents.
Servers may infer this from the endpoint the client submits requests to.
Cannot be updated.
In CamelCase.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
type: string
metadata:
type: object
Expand All @@ -40,13 +43,15 @@ spec:
properties:
data:
additionalProperties:
description: DataSource defines a secret
properties:
encoding:
description: Encoding type for the secret. Only base64 supported.
Optional
type: string
ref:
description: Ref value to the secret in the format ref+backend://path
description: |-
Ref value to the secret in the format ref+backend://path
https://github.com/helmfile/vals
type: string
required:
Expand All @@ -55,6 +60,7 @@ spec:
type: object
databases:
items:
description: Database defines a DB connection
properties:
driver:
description: Defines the database type
Expand Down Expand Up @@ -106,10 +112,25 @@ spec:
type: array
name:
type: string
rollout:
items:
description: RolloutTarget sets up what deployment or sts to restart
properties:
kind:
description: Kind is either Deployment, Pod or StatefulSet
type: string
name:
description: Name is the object name
type: string
required:
- kind
- name
type: object
type: array
template:
type: object
additionalProperties:
type: string
type: object
ttl:
format: int64
type: integer
Expand All @@ -126,9 +147,3 @@ spec:
storage: true
subresources:
status: {}
status:
acceptedNames:
kind: ""
plural: ""
conditions: []
storedVersions: []
20 changes: 12 additions & 8 deletions config/crd/bases/digitalis.io_dbsecrets.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,8 +3,7 @@ apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.10.0
creationTimestamp: null
controller-gen.kubebuilder.io/version: v0.16.5
name: dbsecrets.digitalis.io
spec:
group: digitalis.io
Expand All @@ -21,14 +20,19 @@ spec:
description: DbSecret is the Schema for the dbsecrets API
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
description: |-
APIVersion defines the versioned schema of this representation of an object.
Servers should convert recognized schemas to the latest internal value, and
may reject unrecognized values.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
type: string
kind:
description: 'Kind is a string value representing the REST resource this
object represents. Servers may infer this from the endpoint the client
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
description: |-
Kind is a string value representing the REST resource this object represents.
Servers may infer this from the endpoint the client submits requests to.
Cannot be updated.
In CamelCase.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
type: string
metadata:
type: object
Expand Down
38 changes: 29 additions & 9 deletions config/crd/bases/digitalis.io_valssecrets.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,8 +3,7 @@ apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.10.0
creationTimestamp: null
controller-gen.kubebuilder.io/version: v0.16.5
name: valssecrets.digitalis.io
spec:
group: digitalis.io
Expand All @@ -21,14 +20,19 @@ spec:
description: ValsSecret is the Schema for the valssecrets API
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
description: |-
APIVersion defines the versioned schema of this representation of an object.
Servers should convert recognized schemas to the latest internal value, and
may reject unrecognized values.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
type: string
kind:
description: 'Kind is a string value representing the REST resource this
object represents. Servers may infer this from the endpoint the client
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
description: |-
Kind is a string value representing the REST resource this object represents.
Servers may infer this from the endpoint the client submits requests to.
Cannot be updated.
In CamelCase.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
type: string
metadata:
type: object
Expand All @@ -44,7 +48,8 @@ spec:
Optional
type: string
ref:
description: Ref value to the secret in the format ref+backend://path
description: |-
Ref value to the secret in the format ref+backend://path
https://github.com/helmfile/vals
type: string
required:
Expand Down Expand Up @@ -105,6 +110,21 @@ spec:
type: array
name:
type: string
rollout:
items:
description: RolloutTarget sets up what deployment or sts to restart
properties:
kind:
description: Kind is either Deployment, Pod or StatefulSet
type: string
name:
description: Name is the object name
type: string
required:
- kind
- name
type: object
type: array
template:
additionalProperties:
type: string
Expand Down
Loading

0 comments on commit 9584368

Please sign in to comment.