Merge pull request #67 from zakkg3/non-root

[tag 0.0.9] Run as non root

Author: zakkg3

Dockerfile

@@ -1,3 +1,6 @@
 FROM flag5/clustersecretbase:0.0.5
 ADD /src /src
+
+RUN adduser --system --no-create-home secretmonkey
+USER secretmonkey
 CMD kopf run -A /src/handlers.py

Dockerfile.arm

@@ -1,3 +1,7 @@
 FROM flag5/clustersecretbase:0.0.5_arm32
 ADD /src /src
+
+RUN adduser --system --no-create-home secretmonkey
+USER secretmonkey
+
 CMD kopf run -A /src/handlers.py

Makefile

@@ -1,7 +1,7 @@
 IMG_NAMESPACE = flag5
 IMG_NAME = clustersecret
 IMG_FQNAME = $(IMG_NAMESPACE)/$(IMG_NAME)
-IMG_VERSION = 0.0.8
+IMG_VERSION = 0.0.9
 
 .PHONY: container push clean arm-container arm-push arm-clean
 all: container push
@@ -32,11 +32,18 @@ beta:
 	sudo docker build -t $(IMG_FQNAME):$(IMG_VERSION)-beta .
 	sudo docker push $(IMG_FQNAME):$(IMG_VERSION)-beta
 
+install:
+	helm install clustersecret ./charts/Clustersecret -n clustersecret --create-namespace
+
 test-env:
 	podman machine start
 	KIND_EXPERIMENTAL_PROVIDER=podman kind create cluster
-	helm install clustersecret ./charts/cluster-secret -n clustersecret --create-namespace
+	helm install clustersecret ./charts/clustersecret -n clustersecret --create-namespace
 
 stop-test-env:
 	KIND_EXPERIMENTAL_PROVIDER=podman kind delete cluster
 	podman machine stop
+
+chart-update:
+	helm package charts/clustersecret/ -d docs/
+	helm repo index ./docs

README.md

@@ -6,10 +6,13 @@
 ## Kubernetes ClusterSecret 
 [*clustersecret.io*](https://clustersecret.io/)
 
-Global inter-namespace cluster secrets - Secrets that work across namespaces  - Clusterwide secrets
+Cluster wide secrets
 
-ClusterSecret operator makes sure all the matching namespaces have the secret available. New namespaces, if they match the pattern, will also have the secret.
-Any change on the ClusterSecret will update all related secrets. Deleting the ClusterSecret deletes "child" secrets (all cloned secrets) too.
+ClusterSecret operator makes sure all the matching namespaces have the secret available and up to date.
+
+ - New namespaces, if they match the pattern, will also have the secret.
+ - Any change on the ClusterSecret will update all related secrets. Including changing the match pattern. 
+ - Deleting the ClusterSecret deletes "child" secrets (all cloned secrets) too.
 
 Full documentation available at [https://clustersecret.io](https://clustersecret.io/)
 
@@ -63,17 +66,18 @@ Clustersecrets automates this. It keep track of any modification in your secret
 
 ## Requirements
 
-Current version 0.0.8 is tested for Kubernetes >= 1.19 up to 1.27.1
+Current version `0.0.9` is tested for Kubernetes >= 1.19 up to 1.27.1
+For ARM architectures user `0.0.9_arm32` tag
 
-For older kubernetes (<1.19) use the image tag "0.0.6" in your helm values file.
+For older kubernetes (<1.19) use the image tag `0.0.6` in your helm values file.
 
 ## Install
 
 # Using the official helm chart
 
 ```bash
 helm repo add clutersecret https://charts.clustersecret.io/
-helm install cluster-secret clutersecret/cluster-secret --version 0.1.0
+helm install clustersecret clutersecret/ClusterSecret --version 0.1.1 -n clustersecret --create-namespace
 ```
 
 # with just kubectl
@@ -125,13 +129,14 @@ data:
 
  - [x] Fix #59
  - [x] implement `source` to specify a source secret to sync instead of `data` field. (https://github.com/zakkg3/ClusterSecret/issues/3)
- - [ ] Fix bug #48 
+ - [x] Fix bug #48 
 
 
 ## Tag 0.1.0 :
-
+- [ ] update base-image to latest
+- [ ] update kopf package to latest
 - [ ] react to changes on source secret. #36
-- [ ] react on changes on data on clustersecret. #48 
+- [ ] add source from Externalsecrets or other providers. 
 
 
  * * *
@@ -142,3 +147,5 @@ data:
  You can open issues and we will try to address them. 
 
  That said, if you have questions, or just want to establish contact, reach out one way or another. [https://flag5.com](https://flag5.com) || nico at flag5.com
+ 
+ Global inter-namespace cluster secrets - Secrets that work across namespaces  - Cluster wide secrets

charts/cluster-secret/.helmignore charts/ClusterSecret/.helmignore

@@ -1,13 +1,13 @@
 apiVersion: v2
-name: cluster-secret
+name: ClusterSecret
 description: ClusterSecret Operator
 kubeVersion: '>= 1.16.0-0'
 type: application
-version: 0.1.0
+version: 0.1.1
 icon: https://clustersecret.io/assets/csninjasmall.png
 sources:
 - https://github.com/zakkg3/ClusterSecret
-appVersion: "0.8.0"
+appVersion: "0.0.9"
 maintainers:
 - email: [email protected]
   name: zakkg3

charts/cluster-secret/Chart.yaml charts/ClusterSecret/Chart.yaml

@@ -54,17 +54,14 @@ kubectl get secret <secret-name> -n <source-namespace> -o yaml \
 Clustersecrets automates this. It keep track of any modification in your secret and it will also react to new namespaces. 
 
 
-# installation
 
 ## Requirements
 
-Current version 0.0.9 is tested for Kubernetes >= 1.19 up to 1.25
+Current version 0.0.9 is tested for Kubernetes >= 1.19 up to 1.27.1
 
 For older kubernes (<1.19) use the image tag "0.0.6" in  yaml/02_deployment.yaml
 
-## tl;dr install
-
-# Using the official helm chart
+## Install
 
 ```bash
 helm repo add clutersecret https://charts.clustersecret.io/

charts/cluster-secret/README.md charts/ClusterSecret/README.md

@@ -2,5 +2,6 @@ clustersecret:
   clustersecret:
     image:
       repository: flag5/clustersecret
-      tag: 0.0.8-beta
+      tag: 0.0.9
+      # use tag__arm32 for ARM builds
 kubernetesClusterDomain: cluster.local

charts/cluster-secret/templates/_helpers.tpl charts/ClusterSecret/templates/_helpers.tpl

@@ -1,9 +1,27 @@
 apiVersion: v1
 entries:
+  ClusterSecret:
+  - apiVersion: v2
+    appVersion: 0.0.9
+    created: "2023-05-25T18:22:13.043992+02:00"
+    description: ClusterSecret Operator
+    digest: 0614f789838c979c505575ea9ae021059fbf1d3eb08a8edc281d384b5d1cdbc3
+    icon: https://clustersecret.io/assets/csninjasmall.png
+    kubeVersion: '>= 1.16.0-0'
+    maintainers:
+    - email: [email protected]
+      name: zakkg3
+    name: ClusterSecret
+    sources:
+    - https://github.com/zakkg3/ClusterSecret
+    type: application
+    urls:
+    - ClusterSecret-0.1.1.tgz
+    version: 0.1.1
   cluster-secret:
   - apiVersion: v2
     appVersion: 0.8.0
-    created: "2023-05-24T21:26:49.32438+02:00"
+    created: "2023-05-25T18:22:13.044723+02:00"
     description: ClusterSecret Operator
     digest: 030f57727851526c0faa73e20a7d5efbf1e22264ad6e229670e9c5645ba1e845
     icon: https://clustersecret.io/assets/csninjasmall.png
@@ -18,4 +36,4 @@ entries:
     urls:
     - cluster-secret-0.1.0.tgz
     version: 0.1.0
-generated: "2023-05-24T21:26:49.323843+02:00"
+generated: "2023-05-25T18:22:13.043451+02:00"

charts/cluster-secret/templates/clustersecret-crd.yaml charts/ClusterSecret/templates/clustersecret-crd.yaml

@@ -19,7 +19,7 @@ spec:
         # - name: regcred
         containers:
         - name: clustersecret
-          image: flag5/clustersecret:0.0.8-beta
+          image: flag5/clustersecret:0.0.9
           # imagePullPolicy: Always
           # Uncomment next lines for debug:
           # command:

charts/cluster-secret/templates/deployment.yaml charts/ClusterSecret/templates/deployment.yaml

@@ -20,7 +20,7 @@ spec:
         # - name: regcred
         containers:
         - name: clustersecret
-          image: flag5/clustersecret:0.0.6_arm32
+          image: flag5/clustersecret:0.0.9_arm32
           # imagePullPolicy: Always
           # Uncomment next lines for debug:
           # command: