Merge pull request #67 from zakkg3/non-root

[tag 0.0.9] Run as non root

Author: zakkg3

Dockerfile

@@ -1,3 +1,6 @@
 FROM flag5/clustersecretbase:0.0.5
 ADD /src /src
+
+RUN adduser --system --no-create-home secretmonkey
+USER secretmonkey
 CMD kopf run -A /src/handlers.py

Dockerfile.arm

@@ -1,3 +1,7 @@
 FROM flag5/clustersecretbase:0.0.5_arm32
 ADD /src /src
+
+RUN adduser --system --no-create-home secretmonkey
+USER secretmonkey
+
 CMD kopf run -A /src/handlers.py

Makefile

@@ -1,7 +1,7 @@
 IMG_NAMESPACE = flag5
 IMG_NAME = clustersecret
 IMG_FQNAME = $(IMG_NAMESPACE)/$(IMG_NAME)
-IMG_VERSION = 0.0.8
+IMG_VERSION = 0.0.9
 
 .PHONY: container push clean arm-container arm-push arm-clean
 all: container push
@@ -32,11 +32,18 @@ beta:
 	sudo docker build -t $(IMG_FQNAME):$(IMG_VERSION)-beta .
 	sudo docker push $(IMG_FQNAME):$(IMG_VERSION)-beta
 
+install:
+	helm install clustersecret ./charts/Clustersecret -n clustersecret --create-namespace
+
 test-env:
 	podman machine start
 	KIND_EXPERIMENTAL_PROVIDER=podman kind create cluster
-	helm install clustersecret ./charts/cluster-secret -n clustersecret --create-namespace
+	helm install clustersecret ./charts/clustersecret -n clustersecret --create-namespace
 
 stop-test-env:
 	KIND_EXPERIMENTAL_PROVIDER=podman kind delete cluster
 	podman machine stop
+
+chart-update:
+	helm package charts/clustersecret/ -d docs/
+	helm repo index ./docs

README.md

@@ -6,10 +6,13 @@
 ## Kubernetes ClusterSecret 
 [*clustersecret.io*](https://clustersecret.io/)
 
-Global inter-namespace cluster secrets - Secrets that work across namespaces  - Clusterwide secrets
+Cluster wide secrets
 
-ClusterSecret operator makes sure all the matching namespaces have the secret available. New namespaces, if they match the pattern, will also have the secret.
-Any change on the ClusterSecret will update all related secrets. Deleting the ClusterSecret deletes "child" secrets (all cloned secrets) too.
+ClusterSecret operator makes sure all the matching namespaces have the secret available and up to date.
+
+ - New namespaces, if they match the pattern, will also have the secret.
+ - Any change on the ClusterSecret will update all related secrets. Including changing the match pattern. 
+ - Deleting the ClusterSecret deletes "child" secrets (all cloned secrets) too.
 
 Full documentation available at [https://clustersecret.io](https://clustersecret.io/)
 
@@ -63,17 +66,18 @@ Clustersecrets automates this. It keep track of any modification in your secret
 
 ## Requirements
 
-Current version 0.0.8 is tested for Kubernetes >= 1.19 up to 1.27.1
+Current version `0.0.9` is tested for Kubernetes >= 1.19 up to 1.27.1
+For ARM architectures user `0.0.9_arm32` tag
 
-For older kubernetes (<1.19) use the image tag "0.0.6" in your helm values file.
+For older kubernetes (<1.19) use the image tag `0.0.6` in your helm values file.
 
 ## Install
 
 # Using the official helm chart
 
 ```bash
 helm repo add clutersecret https://charts.clustersecret.io/
-helm install cluster-secret clutersecret/cluster-secret --version 0.1.0
+helm install clustersecret clutersecret/ClusterSecret --version 0.1.1 -n clustersecret --create-namespace
 ```
 
 # with just kubectl
@@ -125,13 +129,14 @@ data:
 
  - [x] Fix #59
  - [x] implement `source` to specify a source secret to sync instead of `data` field. (https://github.com/zakkg3/ClusterSecret/issues/3)
- - [ ] Fix bug #48 
+ - [x] Fix bug #48 
 
 
 ## Tag 0.1.0 :
-
+- [ ] update base-image to latest
+- [ ] update kopf package to latest
 - [ ] react to changes on source secret. #36
-- [ ] react on changes on data on clustersecret. #48 
+- [ ] add source from Externalsecrets or other providers. 
 
 
  * * *
@@ -142,3 +147,5 @@ data:
  You can open issues and we will try to address them. 
 
  That said, if you have questions, or just want to establish contact, reach out one way or another. [https://flag5.com](https://flag5.com) || nico at flag5.com
+ 
+ Global inter-namespace cluster secrets - Secrets that work across namespaces  - Cluster wide secrets

charts/cluster-secret/.helmignore renamed to charts/ClusterSecret/.helmignore

@@ -1,13 +1,13 @@
 apiVersion: v2
-name: cluster-secret
+name: ClusterSecret
 description: ClusterSecret Operator
 kubeVersion: '>= 1.16.0-0'
 type: application
-version: 0.1.0
+version: 0.1.1
 icon: https://clustersecret.io/assets/csninjasmall.png
 sources:
 - https://github.com/zakkg3/ClusterSecret
-appVersion: "0.8.0"
+appVersion: "0.0.9"
 maintainers:
 - email: [email protected]
   name: zakkg3

charts/cluster-secret/Chart.yaml renamed to charts/ClusterSecret/Chart.yaml

@@ -54,17 +54,14 @@ kubectl get secret <secret-name> -n <source-namespace> -o yaml \
 Clustersecrets automates this. It keep track of any modification in your secret and it will also react to new namespaces. 
 
 
-# installation
 
 ## Requirements
 
-Current version 0.0.9 is tested for Kubernetes >= 1.19 up to 1.25
+Current version 0.0.9 is tested for Kubernetes >= 1.19 up to 1.27.1
 
 For older kubernes (<1.19) use the image tag "0.0.6" in  yaml/02_deployment.yaml
 
-## tl;dr install
-
-# Using the official helm chart
+## Install
 
 ```bash
 helm repo add clutersecret https://charts.clustersecret.io/