fix: change debian to ubuntu and upgrade client-go to improve image s…

…can (#74) * fix: change debian to ubuntu and upgrade client-go to improve image scan * Fix typo * Fix typo * Fix typo
isindir · May 27, 2021 · 00ba647 · 00ba647
1 parent 706ba50
commit 00ba647
Show file tree

Hide file tree

Showing 11 changed files with 205 additions and 85 deletions.
diff --git a/Dockerfile b/Dockerfile
@@ -18,8 +18,8 @@ COPY controllers/ controllers/
 # Build (GOARCH=amd64)
 RUN CGO_ENABLED=0 GO111MODULE=on go build -a -o manager main.go
 
-# https://hub.docker.com/_/debian?tab=tags&page=1&ordering=last_updated
-FROM debian:buster-20210511
+# https://hub.docker.com/_/ubuntu?tab=tags&page=1&ordering=last_updated
+FROM ubuntu:focal-20210416
 
 RUN apt-get -y update \
       && apt-get -y upgrade \

diff --git a/Makefile b/Makefile
@@ -1,5 +1,5 @@
 GO := GOPROXY=https://proxy.golang.org go
-SOPS_SEC_OPERATOR_VERSION := 0.2.1
+SOPS_SEC_OPERATOR_VERSION := 0.2.2
 
 # https://github.com/kubernetes-sigs/controller-tools/releases
 CONTROLLER_GEN_VERSION := "v0.4.1"

diff --git a/chart/helm3/sops-secrets-operator/Chart.yaml b/chart/helm3/sops-secrets-operator/Chart.yaml
@@ -1,6 +1,6 @@
 apiVersion: v2
-version: 0.8.3
-appVersion: 0.2.1
+version: 0.8.4
+appVersion: 0.2.2
 type: application
 description: Helm chart deploys sops-secrets-operator
 name: sops-secrets-operator

diff --git a/chart/helm3/sops-secrets-operator/README.md b/chart/helm3/sops-secrets-operator/README.md
@@ -131,7 +131,7 @@ The following table lists the configurable parameters of the Sops-secrets-operat
 | healthProbes.readiness | object | `{"initialDelaySeconds":5,"periodSeconds":10}` | Readiness probe configuration |
 | image.pullPolicy | string | `"Always"` | Operator image pull policy |
 | image.repository | string | `"isindir/sops-secrets-operator"` | Operator image name |
-| image.tag | string | `"0.2.1"` | Operator image tag |
+| image.tag | string | `"0.2.2"` | Operator image tag |
 | imagePullSecrets | list | `[]` | Secrets to pull image from private docker repository |
 | kubeconfig | object | `{"enabled":false,"path":null}` | Paths to a kubeconfig. Only required if out-of-cluster. |
 | logging | object | `{"encoder":"json","level":"info","stacktraceLevel":"error"}` | Logging configuration section suggested values Development Mode (encoder=consoleEncoder,logLevel=Debug,stackTraceLevel=Warn). Production Mode (encoder=jsonEncoder,logLevel=Info,stackTraceLevel=Error) (default) |

diff --git a/chart/helm3/sops-secrets-operator/tests/operator_test.yaml b/chart/helm3/sops-secrets-operator/tests/operator_test.yaml
@@ -30,8 +30,8 @@ tests:
             app.kubernetes.io/instance: sops
             app.kubernetes.io/managed-by: Helm
             app.kubernetes.io/name: sops-secrets-operator
-            app.kubernetes.io/version: 0.2.1
-            helm.sh/chart: sops-secrets-operator-0.8.3
+            app.kubernetes.io/version: 0.2.2
+            helm.sh/chart: sops-secrets-operator-0.8.4
 
   # template metadata and spec selector
   - it: should correctly render template metadata and spec selector
@@ -140,7 +140,7 @@ tests:
     asserts:
       - equal:
           path: spec.template.spec.containers[0].image
-          value: isindir/sops-secrets-operator:0.2.1
+          value: isindir/sops-secrets-operator:0.2.2
       - equal:
           path: spec.template.spec.containers[0].imagePullPolicy
           value: Always

diff --git a/chart/helm3/sops-secrets-operator/values.yaml b/chart/helm3/sops-secrets-operator/values.yaml
@@ -12,7 +12,7 @@ image:
   # -- Operator image name
   repository: isindir/sops-secrets-operator
   # -- Operator image tag
-  tag: 0.2.1
+  tag: 0.2.2
   # -- Operator image pull policy
   pullPolicy: Always
 

diff --git a/docs/gpg/README.md b/docs/gpg/README.md
@@ -7,7 +7,7 @@ This procedure describes basic setup to use PGP keys with sops-secrets-operator.
 Run docker container in the directory of this README file:
 
 ```bash
-docker run -v $( pwd ):/tmp/scripts -ti ubuntu:16.04 bash
+docker run --rm -v $( pwd ):/tmp/scripts -ti ubuntu:20.04 bash
 ```
 
 Then generate PGP keys inside container. PGP key files will remain in the folder