diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index d32a1a06..5fd5db34 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -1,6 +1,6 @@ repos: - repo: https://github.com/pre-commit/pre-commit-hooks - rev: v3.2.0 + rev: v3.4.0 hooks: - id: check-symlinks - id: check-merge-conflict diff --git a/Makefile b/Makefile index 52c045a7..95c7224f 100644 --- a/Makefile +++ b/Makefile @@ -1,6 +1,6 @@ SHELL := /bin/bash GO := GO15VENDOREXPERIMENT=1 GO111MODULE=on GOPROXY=https://proxy.golang.org go -SOPS_SEC_OPERATOR_VERSION := 0.1.8 +SOPS_SEC_OPERATOR_VERSION := 0.1.9 # https://github.com/kubernetes-sigs/controller-tools/releases CONTROLLER_TOOLS_VERSION := "v0.3.0" @@ -8,8 +8,9 @@ CONTROLLER_TOOLS_VERSION := "v0.3.0" # Use existing cluster instead of starting processes USE_EXISTING_CLUSTER ?= true # Image URL to use all building/pushing image targets -IMG ?= isindir/sops-secrets-operator:${SOPS_SEC_OPERATOR_VERSION} -IMG_LATEST = isindir/sops-secrets-operator:latest +IMG_NAME ?= isindir/sops-secrets-operator +IMG ?= ${IMG_NAME}:${SOPS_SEC_OPERATOR_VERSION} +IMG_LATEST ?= ${IMG_NAME}:latest # Produce CRDs that work back to Kubernetes 1.11 (no version conversion) CRD_OPTIONS ?= "crd:trivialVersions=true" @@ -32,14 +33,12 @@ package-helm: @{ \ ( cd docs; \ helm package ../chart/helm3/sops-secrets-operator ; \ - helm package ../chart/helm2/sops-secrets-operator ; \ helm repo index . --url https://isindir.github.io/sops-secrets-operator ) ; \ } ## test-helm: test helm charts test-helm: @{ \ - $(MAKE) -C chart/helm2/sops-secrets-operator all ; \ $(MAKE) -C chart/helm3/sops-secrets-operator all ; \ } diff --git a/chart/helm2/sops-secrets-operator/README.md b/chart/helm2/sops-secrets-operator/README.md index a42b85ff..a36f6393 100644 --- a/chart/helm2/sops-secrets-operator/README.md +++ b/chart/helm2/sops-secrets-operator/README.md @@ -1,3 +1,7 @@ +# !!! Depricated !!! + +Development of helm chart for helm v2 is stopped. + # sops-secrets-operator Installs [sops-secrets-operator](https://github.com/isindir/sops-secrets-operator.git) to provide encrypted secrets in Weaveworks GitOps Flux environment. diff --git a/chart/helm3/sops-secrets-operator/Chart.yaml b/chart/helm3/sops-secrets-operator/Chart.yaml index b78b9a25..4b95b8eb 100644 --- a/chart/helm3/sops-secrets-operator/Chart.yaml +++ b/chart/helm3/sops-secrets-operator/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v2 -version: 0.6.3 -appVersion: 0.1.8 +version: 0.6.4 +appVersion: 0.1.9 type: application description: sops secrets operator name: sops-secrets-operator @@ -9,3 +9,21 @@ sources: maintainers: - name: isindir email: isindir@users.sf.net +metadata: + annotations: + artifacthub.io/operator: "true" + artifacthub.io/links: + - name: "SOPS: Secrets OPerationS - Kubernetes Operator github project" + url: "https://github.com/isindir/sops-secrets-operator.git" + - name: "SOPS: Secrets OPerationS" + url: "https://github.com/mozilla/sops" + artifacthub.io/maintainers: + - name: isindir + email: isindir@users.sf.net + artifacthub.io/operatorCapabilities: "Full Lifecycle" + artifacthub.io/crds: + - kind: SopsSecret + version: isindir.github.com/v1alpha2 + name: sopssecret + displayName: SopsSecret + description: SopsSecret - encapsulates sops encrypted kubernetes secrets definitions diff --git a/chart/helm3/sops-secrets-operator/README.md b/chart/helm3/sops-secrets-operator/README.md index 77576c04..2c42a8e5 100644 --- a/chart/helm3/sops-secrets-operator/README.md +++ b/chart/helm3/sops-secrets-operator/README.md @@ -83,13 +83,14 @@ The following table lists the configurable parameters of the Sops-secrets-operat | ------------------------ | ----------------------- | -------------- | | `replicaCount` | Deployment replica count - should not be modified | `1` | | `image.repository` | Operator image | `"isindir/sops-secrets-operator"` | -| `image.tag` | Operator image tag | `"0.1.8"` | +| `image.tag` | Operator image tag | `"0.1.9"` | | `image.pullPolicy` | Operator image pull policy | `"Always"` | | `imagePullSecrets` | Secrets to pull image from private docker repository | `[]` | | `nameOverride` | Overrides auto-generated short resource name | `""` | | `fullnameOverride` | Overrides auto-generated long resource name | `""` | | `podAnnotations` | Annotations to be added to operator pod | `{}` | | `serviceAccount.annotations` | Annotations to be added to the service account | `{}` | +| `requeueAfter` | Requeue decryption errors for reconciliation after 5 minutes. | `5` | | `gpg.enabled` | If `true` gcp secret will be created from provided value and mounted as environment variable | `false` | | `gpg.secret1` | Name of the secret to create - will override default secret name if specified | `"gpg1"` | | `gpg.secret2` | Name of the secret to create - will override default secret name if specified | `"gpg2"` | diff --git a/chart/helm3/sops-secrets-operator/templates/cluster_role.yaml b/chart/helm3/sops-secrets-operator/templates/cluster_role.yaml index a9fca4d6..1fc4e781 100644 --- a/chart/helm3/sops-secrets-operator/templates/cluster_role.yaml +++ b/chart/helm3/sops-secrets-operator/templates/cluster_role.yaml @@ -13,6 +13,12 @@ rules: - secrets verbs: - '*' +- apiGroups: + - events.k8s.io + resources: + - events + verbs: + - '*' - apiGroups: - monitoring.coreos.com resources: diff --git a/chart/helm3/sops-secrets-operator/templates/operator.yaml b/chart/helm3/sops-secrets-operator/templates/operator.yaml index 1cecc5c9..df97fd79 100644 --- a/chart/helm3/sops-secrets-operator/templates/operator.yaml +++ b/chart/helm3/sops-secrets-operator/templates/operator.yaml @@ -68,6 +68,7 @@ spec: args: #- "--metrics-addr=127.0.0.1:8080" - "--enable-leader-election" + - "--requeue-decrypt-after={{ .Values.requeueAfter }}" env: - name: POD_NAME valueFrom: diff --git a/chart/helm3/sops-secrets-operator/tests/operator_test.yaml b/chart/helm3/sops-secrets-operator/tests/operator_test.yaml index 897cdf36..7417efed 100644 --- a/chart/helm3/sops-secrets-operator/tests/operator_test.yaml +++ b/chart/helm3/sops-secrets-operator/tests/operator_test.yaml @@ -30,8 +30,8 @@ tests: app.kubernetes.io/instance: sops app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: sops-secrets-operator - app.kubernetes.io/version: 0.1.8 - helm.sh/chart: sops-secrets-operator-0.6.3 + app.kubernetes.io/version: 0.1.9 + helm.sh/chart: sops-secrets-operator-0.6.4 # template metadata and spec selector - it: should correctly render template metadata and spec selector @@ -140,7 +140,7 @@ tests: asserts: - equal: path: spec.template.spec.containers[0].image - value: isindir/sops-secrets-operator:0.1.8 + value: isindir/sops-secrets-operator:0.1.9 - equal: path: spec.template.spec.containers[0].imagePullPolicy value: Always @@ -250,6 +250,57 @@ tests: name: GNUPGHOME value: /var/secrets/gpg + # Azure env vars + - it: should render Azure env vars if enabled, using existing secret + set: + azure: + enabled: true + tenantId: 'one-two-three' + clientId: 'three-two-one' + existingSecretName: 'existing-azure-secret' + asserts: + - equal: + path: spec.template.spec.containers[0].env[1] + value: + name: AZURE_TENANT_ID + valueFrom: + secretKeyRef: + name: existing-azure-secret + key: tenantId + - equal: + path: spec.template.spec.containers[0].env[2] + value: + name: AZURE_CLIENT_ID + valueFrom: + secretKeyRef: + name: existing-azure-secret + key: clientId + - equal: + path: spec.template.spec.containers[0].env[3] + value: + name: AZURE_CLIENT_SECRET + valueFrom: + secretKeyRef: + name: existing-azure-secret + key: clientSecret + + - it: should render Azure env vars if enabled, using generated secret + set: + azure: + enabled: true + tenantId: 'one-two-three' + clientId: 'three-two-one' + clientSecret: 'my-azure-secret' + asserts: + - equal: + path: spec.template.spec.containers[0].env[1] + value: + name: AZURE_TENANT_ID + valueFrom: + secretKeyRef: + name: sops-secrets-operator-azure-secret + key: tenantId + # custom env vars - it: if secretsAsEnvVars adds new env vars set: @@ -295,3 +346,113 @@ tests: fieldPath: metadata.name - name: AWS_SDK_LOAD_CONFIG value: "1" + + # controller container resources + - it: should not render container resources by default + asserts: + - isEmpty: + path: spec.template.spec.containers[0].resources + + - it: should render container resources if specified + set: + resources: + limits: + cpu: 100m + memory: 128Mi + requests: + cpu: 100m + memory: 128Mi + asserts: + - equal: + path: spec.template.spec.containers[0].resources + value: + limits: + cpu: 100m + memory: 128Mi + requests: + cpu: 100m + memory: 128Mi + + # pod volumes + - it: should not render pod volumes by default + asserts: + - isEmpty: + path: spec.template.spec.volumes + + # GCP volumes + - it: should render GCP volumes + set: + gcp: + enabled: true + asserts: + - equal: + path: spec.template.spec.volumes + value: + - name: sops-operator-gke-svc-account + secret: + secretName: sops-secrets-operator-gcp-secret + + - it: should render GCP volume with custom name + set: + gcp: + enabled: true + svcAccSecretCustomName: my-svc-account-gcp + asserts: + - equal: + path: spec.template.spec.volumes + value: + - name: sops-operator-gke-svc-account + secret: + secretName: my-svc-account-gcp + + # GPG volumes + - it: should render GPG volumes + set: + gpg: + enabled: true + asserts: + - equal: + path: spec.template.spec.volumes + value: + - name: sops-operator-gpg-keys1 + secret: + secretName: gpg1 + - name: sops-operator-gpg-keys2 + secret: + secretName: gpg2 + - name: sops-gpg + emptyDir: {} + + - it: should render GPG volumes with custom secret names + set: + gpg: + enabled: true + secret1: secret-gpg + secret2: secret-gpg + asserts: + - equal: + path: spec.template.spec.volumes + value: + - name: sops-operator-gpg-keys1 + secret: + secretName: secret-gpg + - name: sops-operator-gpg-keys2 + secret: + secretName: secret-gpg + - name: sops-gpg + emptyDir: {} + + # secretsAsFiles volumes + - it: should render custom secrets as files + set: + secretsAsFiles: + - name: foo + mountPath: "/etc/foo" + secretName: mysecret + asserts: + - equal: + path: spec.template.spec.volumes + value: + - name: foo + secret: + secretName: mysecret diff --git a/chart/helm3/sops-secrets-operator/values.yaml b/chart/helm3/sops-secrets-operator/values.yaml index 32e51b0b..28ad26ed 100644 --- a/chart/helm3/sops-secrets-operator/values.yaml +++ b/chart/helm3/sops-secrets-operator/values.yaml @@ -6,7 +6,7 @@ replicaCount: 1 # Deployment replica count - should not be modified image: repository: isindir/sops-secrets-operator # Operator image - tag: 0.1.8 # Operator image tag + tag: 0.1.9 # Operator image tag pullPolicy: Always # Operator image pull policy imagePullSecrets: [] # Secrets to pull image from private docker repository @@ -19,6 +19,8 @@ podAnnotations: {} # Annotations to be added to operator pod serviceAccount: annotations: {} # Annotations to be added to the service account +requeueAfter: 5 # Requeue decryption errors for reconciliation after 5 minutes. + gpg: enabled: false # If `true` GCP secret will be created from provided value and mounted as environment variable secret1: gpg1 # Name of the secret to create - will override default secret name if specified diff --git a/controllers/sopssecret_controller.go b/controllers/sopssecret_controller.go index 92a46e03..8cda5c7c 100644 --- a/controllers/sopssecret_controller.go +++ b/controllers/sopssecret_controller.go @@ -5,6 +5,7 @@ import ( "encoding/json" "fmt" "io/ioutil" + "time" "github.com/go-logr/logr" "github.com/sirupsen/logrus" @@ -32,8 +33,9 @@ import ( // SopsSecretReconciler reconciles a SopsSecret object type SopsSecretReconciler struct { client.Client - Log logr.Logger - Scheme *runtime.Scheme + Log logr.Logger + Scheme *runtime.Scheme + RequeueAfter int64 } // Reconcile - main reconcile loop of the controller @@ -78,8 +80,8 @@ func (r *SopsSecretReconciler) Reconcile(req ctrl.Request) (ctrl.Result, error) // will not process instance error as we are already in error mode here r.Status().Update(context.Background(), instanceEncrypted) - // Error conditon, but don't fail controller as it will not help, the actual error is already logged - return reconcile.Result{}, nil + // Failed to decrypt, re-schedule reconciliation in 5 minutes + return reconcile.Result{Requeue: true, RequeueAfter: time.Duration(r.RequeueAfter) * time.Minute}, nil } // iterating over secret templates @@ -98,7 +100,7 @@ func (r *SopsSecretReconciler) Reconcile(req ctrl.Request) (ctrl.Result, error) "error", err, ) - return reconcile.Result{}, nil + return reconcile.Result{Requeue: true, RequeueAfter: time.Duration(r.RequeueAfter) * time.Minute}, nil } // Set SopsSecret instance as the owner and controller @@ -117,7 +119,7 @@ func (r *SopsSecretReconciler) Reconcile(req ctrl.Request) (ctrl.Result, error) "error", err, ) - return reconcile.Result{}, nil + return reconcile.Result{Requeue: true, RequeueAfter: time.Duration(r.RequeueAfter) * time.Minute}, nil } // Check if this Secret already exists diff --git a/docs/index.yaml b/docs/index.yaml index 6d171fc1..79c92d0c 100644 --- a/docs/index.yaml +++ b/docs/index.yaml @@ -1,9 +1,24 @@ apiVersion: v1 entries: sops-secrets-operator: + - apiVersion: v2 + appVersion: 0.1.9 + created: "2021-01-01T10:04:42.295833Z" + description: sops secrets operator + digest: 01347c27e37dfff999ebcee12aae6d0aafa092d7c3b221d566cdf0abe71f4d5a + maintainers: + - email: isindir@users.sf.net + name: isindir + name: sops-secrets-operator + sources: + - https://github.com/isindir/sops-secrets-operator.git + type: application + urls: + - https://isindir.github.io/sops-secrets-operator/sops-secrets-operator-0.6.4.tgz + version: 0.6.4 - apiVersion: v2 appVersion: 0.1.8 - created: "2020-11-23T15:26:57.653425Z" + created: "2021-01-01T10:04:42.294957Z" description: sops secrets operator digest: 6348b1b1b0e8d3df3926e437b2c0f4ad63268d26e2cb54cbecbb564102e6b19c maintainers: @@ -18,7 +33,7 @@ entries: version: 0.6.3 - apiVersion: v2 appVersion: 0.1.7 - created: "2020-11-23T15:26:57.65241Z" + created: "2021-01-01T10:04:42.293814Z" description: sops secrets operator digest: 710c1c9fa73a2ebf791fda4a608b5e29072d42c0b68c803c7bbeed54a582fd7f maintainers: @@ -33,7 +48,7 @@ entries: version: 0.6.2 - apiVersion: v2 appVersion: 0.1.7 - created: "2020-11-23T15:26:57.651088Z" + created: "2021-01-01T10:04:42.292669Z" description: sops secrets operator digest: f2a606c3837843241bb9d59adc02c38e1cca98753c602b9f758cc61d735ca7cd maintainers: @@ -48,7 +63,7 @@ entries: version: 0.6.1 - apiVersion: v2 appVersion: 0.1.6 - created: "2020-11-23T15:26:57.649968Z" + created: "2021-01-01T10:04:42.291626Z" description: sops secrets operator digest: a2bbf9b39ec5f5b82965037f8f245fb3122adbe31b1c7d336fa1f4cddb228b88 maintainers: @@ -63,7 +78,7 @@ entries: version: 0.6.0 - apiVersion: v1 appVersion: 0.1.8 - created: "2020-11-23T15:26:57.648924Z" + created: "2021-01-01T10:04:42.289383Z" description: sops secrets operator digest: b89986787f33bb6ed9fb0c658431be8646302e9c1a24537c26269c62249fa071 maintainers: @@ -77,7 +92,7 @@ entries: version: 0.5.3 - apiVersion: v1 appVersion: 0.1.7 - created: "2020-11-23T15:26:57.64712Z" + created: "2021-01-01T10:04:42.288005Z" description: sops secrets operator digest: 9467709cf6fbe8d9d779cedf15fe388af172b609f3ca452ef3d8894f39d999df maintainers: @@ -91,7 +106,7 @@ entries: version: 0.5.2 - apiVersion: v1 appVersion: 0.1.7 - created: "2020-11-23T15:26:57.645987Z" + created: "2021-01-01T10:04:42.2868Z" description: sops secrets operator digest: b54b5d8497564ddc04bd6d8b105eb0a3559e82ae1f6aab2f59ed3e426f119287 maintainers: @@ -105,7 +120,7 @@ entries: version: 0.5.1 - apiVersion: v1 appVersion: 0.1.6 - created: "2020-11-23T15:26:57.644768Z" + created: "2021-01-01T10:04:42.285628Z" description: sops secrets operator digest: 177f1ed214d6e72eda589a6ab155a417c1a4229bfda11e87f24af125a3542ad1 maintainers: @@ -119,7 +134,7 @@ entries: version: 0.5.0 - apiVersion: v2 appVersion: 0.1.5 - created: "2020-11-23T15:26:57.643127Z" + created: "2021-01-01T10:04:42.283392Z" description: sops secrets operator digest: 1535e130357afa883db0b3d30735c817d3b7d412fe5bdfd71534d0c08defa7d1 maintainers: @@ -134,7 +149,7 @@ entries: version: 0.4.8 - apiVersion: v2 appVersion: 0.1.5 - created: "2020-11-23T15:26:57.642095Z" + created: "2021-01-01T10:04:42.282273Z" description: sops secrets operator digest: 19b11dc2d1945f3c436a7d03763b4391d4a382fc13ea515d25422827d859d6d0 maintainers: @@ -149,7 +164,7 @@ entries: version: 0.4.7 - apiVersion: v2 appVersion: 0.1.5 - created: "2020-11-23T15:26:57.641179Z" + created: "2021-01-01T10:04:42.281212Z" description: sops secrets operator digest: c839e5d3374b948d27ad49643411f4891fdec44d179dea06423bb0d6e29d5e32 maintainers: @@ -164,7 +179,7 @@ entries: version: 0.4.6 - apiVersion: v2 appVersion: 0.1.4 - created: "2020-11-23T15:26:57.64008Z" + created: "2021-01-01T10:04:42.279944Z" description: sops secrets operator digest: c71f9f66be32f8b9d3c8d780b09b2455a40fd9755314004efd2bb8d379dafe3c maintainers: @@ -179,7 +194,7 @@ entries: version: 0.4.5 - apiVersion: v2 appVersion: 0.1.3 - created: "2020-11-23T15:26:57.638901Z" + created: "2021-01-01T10:04:42.279079Z" description: sops secrets operator digest: f3f2f89d4ef6018776df0a12a63dd2f9c9519b9d1ac03a9a405e31d0fd902ba0 maintainers: @@ -194,7 +209,7 @@ entries: version: 0.4.4 - apiVersion: v2 appVersion: 0.1.2 - created: "2020-11-23T15:26:57.638113Z" + created: "2021-01-01T10:04:42.278236Z" description: sops secrets operator digest: 1fd5eed318627f5ed0656f4e8ce4a25729568a1626ae313bcbe21050f5f26240 maintainers: @@ -209,7 +224,7 @@ entries: version: 0.4.3 - apiVersion: v2 appVersion: 0.1.2 - created: "2020-11-23T15:26:57.637266Z" + created: "2021-01-01T10:04:42.277068Z" description: sops secrets operator digest: 1f4f9869c75f0922e83ba5d530e101bd4252d5c1c31365800cc9d1425680cf18 maintainers: @@ -224,7 +239,7 @@ entries: version: 0.4.2 - apiVersion: v2 appVersion: 0.1.1 - created: "2020-11-23T15:26:57.636457Z" + created: "2021-01-01T10:04:42.276148Z" description: sops secrets operator digest: 6b054a4e9f261eea3cb84ee2e70b87b24780f1703e2c218ea5f69b7f82d1876f maintainers: @@ -239,7 +254,7 @@ entries: version: 0.4.1 - apiVersion: v2 appVersion: 0.1.0 - created: "2020-11-23T15:26:57.63546Z" + created: "2021-01-01T10:04:42.275303Z" description: sops secrets operator digest: 78b62ab37eac1b45f0a68a9752a3615c5d3f1c960bb4057e665923ce104931cf maintainers: @@ -254,7 +269,7 @@ entries: version: 0.4.0 - apiVersion: v1 appVersion: 0.1.5 - created: "2020-11-23T15:26:57.633746Z" + created: "2021-01-01T10:04:42.274386Z" description: sops secrets operator digest: 41baa3c580cb9d8951c18513a4f04c4dbbfad99de9c62f53de2450c0c7b76725 maintainers: @@ -268,7 +283,7 @@ entries: version: 0.3.7 - apiVersion: v1 appVersion: 0.1.5 - created: "2020-11-23T15:26:57.632611Z" + created: "2021-01-01T10:04:42.273251Z" description: sops secrets operator digest: 1103b1f7bf7af3f400c172227cd5a3659f3a03e5e8158b19ba0b25f7ed45208b maintainers: @@ -282,7 +297,7 @@ entries: version: 0.3.6 - apiVersion: v1 appVersion: 0.1.5 - created: "2020-11-23T15:26:57.631653Z" + created: "2021-01-01T10:04:42.272412Z" description: sops secrets operator digest: 15c72ba7fb09d0e980ec32fd94f56893c439c05c435281a9ab9c8bc94bd20063 maintainers: @@ -296,7 +311,7 @@ entries: version: 0.3.5 - apiVersion: v1 appVersion: 0.1.4 - created: "2020-11-23T15:26:57.630552Z" + created: "2021-01-01T10:04:42.271521Z" description: sops secrets operator digest: 025a6a6381b75286756ef55105ace6e911e5a5818b495ede6356cc8ec572aeac maintainers: @@ -310,7 +325,7 @@ entries: version: 0.3.4 - apiVersion: v1 appVersion: 0.1.3 - created: "2020-11-23T15:26:57.629265Z" + created: "2021-01-01T10:04:42.269651Z" description: sops secrets operator digest: f61b070b640169439cf4ab500047c1e356748a85871f7aeefde46d63d87d453a maintainers: @@ -324,7 +339,7 @@ entries: version: 0.3.3 - apiVersion: v1 appVersion: 0.1.2 - created: "2020-11-23T15:26:57.62588Z" + created: "2021-01-01T10:04:42.268405Z" description: sops secrets operator digest: 2b37dc4e545e8a9540f6b7693079b98bf161ec5a68899defcfc9420bdcbb33e3 maintainers: @@ -338,7 +353,7 @@ entries: version: 0.3.2 - apiVersion: v1 appVersion: 0.1.1 - created: "2020-11-23T15:26:57.624623Z" + created: "2021-01-01T10:04:42.266975Z" description: sops secrets operator digest: 2e2762b8f9d66aab0caacde225955fec8bfd5a4cc10dc6943a1de3809dda4091 maintainers: @@ -352,7 +367,7 @@ entries: version: 0.3.1 - apiVersion: v1 appVersion: 0.1.0 - created: "2020-11-23T15:26:57.623348Z" + created: "2021-01-01T10:04:42.265861Z" description: sops secrets operator digest: ce84f5b64402a582c7689cb842ba03fb10f968c38b57dc9e05f588493128019a maintainers: @@ -366,7 +381,7 @@ entries: version: 0.3.0 - apiVersion: v2 appVersion: 0.0.10 - created: "2020-11-23T15:26:57.621598Z" + created: "2021-01-01T10:04:42.264433Z" description: sops secrets operator digest: 5e4c8bc37ea2c819c55b288c0a5e76ff8c9c02be591bd53776606666af45581c maintainers: @@ -381,7 +396,7 @@ entries: version: 0.2.1 - apiVersion: v1 appVersion: 0.0.10 - created: "2020-11-23T15:26:57.62064Z" + created: "2021-01-01T10:04:42.263322Z" description: sops secrets operator digest: 50b8ebab19008dfc43de1eaee8b0f6287f7a55134585dc6ae88df2520d779f8f maintainers: @@ -393,4 +408,4 @@ entries: urls: - https://isindir.github.io/sops-secrets-operator/sops-secrets-operator-0.1.10.tgz version: 0.1.10 -generated: "2020-11-23T15:26:57.619333Z" +generated: "2021-01-01T10:04:42.26221Z" diff --git a/docs/sops-secrets-operator-0.6.4.tgz b/docs/sops-secrets-operator-0.6.4.tgz new file mode 100644 index 00000000..ea042ac4 Binary files /dev/null and b/docs/sops-secrets-operator-0.6.4.tgz differ diff --git a/main.go b/main.go index 134c5a3f..0fd196e8 100644 --- a/main.go +++ b/main.go @@ -2,6 +2,7 @@ package main import ( "flag" + "fmt" "os" "k8s.io/apimachinery/pkg/runtime" @@ -30,10 +31,12 @@ func init() { func main() { var metricsAddr string var enableLeaderElection bool + var requeueAfter int64 flag.StringVar(&metricsAddr, "metrics-addr", ":8080", "The address the metric endpoint binds to.") flag.BoolVar(&enableLeaderElection, "enable-leader-election", false, "Enable leader election for controller manager. "+ "Enabling this will ensure there is only one active controller manager.") + flag.Int64Var(&requeueAfter, "requeue-decrypt-after", 5, "Requeue failed decryption in minutes (min 1).") flag.Parse() ctrl.SetLogger(zap.New(zap.UseDevMode(true))) @@ -50,10 +53,21 @@ func main() { os.Exit(1) } + if requeueAfter < 1 { + requeueAfter = 1 + } + setupLog.Info( + fmt.Sprintf( + "SopsSecret reconciliation will be requeued after %d minutes after decryption failures", + requeueAfter, + ), + ) + if err = (&controllers.SopsSecretReconciler{ - Client: mgr.GetClient(), - Log: ctrl.Log.WithName("controllers").WithName("SopsSecret"), - Scheme: mgr.GetScheme(), + Client: mgr.GetClient(), + Log: ctrl.Log.WithName("controllers").WithName("SopsSecret"), + Scheme: mgr.GetScheme(), + RequeueAfter: requeueAfter, }).SetupWithManager(mgr); err != nil { setupLog.Error(err, "unable to create controller", "controller", "SopsSecret") os.Exit(1)