From ae8f02d311171dce7b9959b0e26110d428eb361a Mon Sep 17 00:00:00 2001 From: isindir Date: Fri, 1 Jan 2021 10:19:47 +0000 Subject: [PATCH] feat: update cluster role to allow eventing; deprecate helm2 chart; add requeueAfter decryption error (#46) * feat: update cluster role to allow eventing * fix: deprecate helm2 chart * feat: add requeueAfter decryption error * pipe: improve helm tests * package helm --- .pre-commit-config.yaml | 2 +- Makefile | 9 +- chart/helm2/sops-secrets-operator/README.md | 4 + chart/helm3/sops-secrets-operator/Chart.yaml | 22 ++- chart/helm3/sops-secrets-operator/README.md | 3 +- .../templates/cluster_role.yaml | 6 + .../templates/operator.yaml | 1 + .../tests/operator_test.yaml | 167 +++++++++++++++++- chart/helm3/sops-secrets-operator/values.yaml | 4 +- controllers/sopssecret_controller.go | 14 +- docs/index.yaml | 71 +++++--- docs/sops-secrets-operator-0.6.4.tgz | Bin 0 -> 8911 bytes main.go | 20 ++- 13 files changed, 273 insertions(+), 50 deletions(-) create mode 100644 docs/sops-secrets-operator-0.6.4.tgz diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index d32a1a06..5fd5db34 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -1,6 +1,6 @@ repos: - repo: https://github.com/pre-commit/pre-commit-hooks - rev: v3.2.0 + rev: v3.4.0 hooks: - id: check-symlinks - id: check-merge-conflict diff --git a/Makefile b/Makefile index 52c045a7..95c7224f 100644 --- a/Makefile +++ b/Makefile @@ -1,6 +1,6 @@ SHELL := /bin/bash GO := GO15VENDOREXPERIMENT=1 GO111MODULE=on GOPROXY=https://proxy.golang.org go -SOPS_SEC_OPERATOR_VERSION := 0.1.8 +SOPS_SEC_OPERATOR_VERSION := 0.1.9 # https://github.com/kubernetes-sigs/controller-tools/releases CONTROLLER_TOOLS_VERSION := "v0.3.0" @@ -8,8 +8,9 @@ CONTROLLER_TOOLS_VERSION := "v0.3.0" # Use existing cluster instead of starting processes USE_EXISTING_CLUSTER ?= true # Image URL to use all building/pushing image targets -IMG ?= isindir/sops-secrets-operator:${SOPS_SEC_OPERATOR_VERSION} -IMG_LATEST = isindir/sops-secrets-operator:latest +IMG_NAME ?= isindir/sops-secrets-operator +IMG ?= ${IMG_NAME}:${SOPS_SEC_OPERATOR_VERSION} +IMG_LATEST ?= ${IMG_NAME}:latest # Produce CRDs that work back to Kubernetes 1.11 (no version conversion) CRD_OPTIONS ?= "crd:trivialVersions=true" @@ -32,14 +33,12 @@ package-helm: @{ \ ( cd docs; \ helm package ../chart/helm3/sops-secrets-operator ; \ - helm package ../chart/helm2/sops-secrets-operator ; \ helm repo index . --url https://isindir.github.io/sops-secrets-operator ) ; \ } ## test-helm: test helm charts test-helm: @{ \ - $(MAKE) -C chart/helm2/sops-secrets-operator all ; \ $(MAKE) -C chart/helm3/sops-secrets-operator all ; \ } diff --git a/chart/helm2/sops-secrets-operator/README.md b/chart/helm2/sops-secrets-operator/README.md index a42b85ff..a36f6393 100644 --- a/chart/helm2/sops-secrets-operator/README.md +++ b/chart/helm2/sops-secrets-operator/README.md @@ -1,3 +1,7 @@ +# !!! Depricated !!! + +Development of helm chart for helm v2 is stopped. + # sops-secrets-operator Installs [sops-secrets-operator](https://github.com/isindir/sops-secrets-operator.git) to provide encrypted secrets in Weaveworks GitOps Flux environment. diff --git a/chart/helm3/sops-secrets-operator/Chart.yaml b/chart/helm3/sops-secrets-operator/Chart.yaml index b78b9a25..4b95b8eb 100644 --- a/chart/helm3/sops-secrets-operator/Chart.yaml +++ b/chart/helm3/sops-secrets-operator/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v2 -version: 0.6.3 -appVersion: 0.1.8 +version: 0.6.4 +appVersion: 0.1.9 type: application description: sops secrets operator name: sops-secrets-operator @@ -9,3 +9,21 @@ sources: maintainers: - name: isindir email: isindir@users.sf.net +metadata: + annotations: + artifacthub.io/operator: "true" + artifacthub.io/links: + - name: "SOPS: Secrets OPerationS - Kubernetes Operator github project" + url: "https://github.com/isindir/sops-secrets-operator.git" + - name: "SOPS: Secrets OPerationS" + url: "https://github.com/mozilla/sops" + artifacthub.io/maintainers: + - name: isindir + email: isindir@users.sf.net + artifacthub.io/operatorCapabilities: "Full Lifecycle" + artifacthub.io/crds: + - kind: SopsSecret + version: isindir.github.com/v1alpha2 + name: sopssecret + displayName: SopsSecret + description: SopsSecret - encapsulates sops encrypted kubernetes secrets definitions diff --git a/chart/helm3/sops-secrets-operator/README.md b/chart/helm3/sops-secrets-operator/README.md index 77576c04..2c42a8e5 100644 --- a/chart/helm3/sops-secrets-operator/README.md +++ b/chart/helm3/sops-secrets-operator/README.md @@ -83,13 +83,14 @@ The following table lists the configurable parameters of the Sops-secrets-operat | ------------------------ | ----------------------- | -------------- | | `replicaCount` | Deployment replica count - should not be modified | `1` | | `image.repository` | Operator image | `"isindir/sops-secrets-operator"` | -| `image.tag` | Operator image tag | `"0.1.8"` | +| `image.tag` | Operator image tag | `"0.1.9"` | | `image.pullPolicy` | Operator image pull policy | `"Always"` | | `imagePullSecrets` | Secrets to pull image from private docker repository | `[]` | | `nameOverride` | Overrides auto-generated short resource name | `""` | | `fullnameOverride` | Overrides auto-generated long resource name | `""` | | `podAnnotations` | Annotations to be added to operator pod | `{}` | | `serviceAccount.annotations` | Annotations to be added to the service account | `{}` | +| `requeueAfter` | Requeue decryption errors for reconciliation after 5 minutes. | `5` | | `gpg.enabled` | If `true` gcp secret will be created from provided value and mounted as environment variable | `false` | | `gpg.secret1` | Name of the secret to create - will override default secret name if specified | `"gpg1"` | | `gpg.secret2` | Name of the secret to create - will override default secret name if specified | `"gpg2"` | diff --git a/chart/helm3/sops-secrets-operator/templates/cluster_role.yaml b/chart/helm3/sops-secrets-operator/templates/cluster_role.yaml index a9fca4d6..1fc4e781 100644 --- a/chart/helm3/sops-secrets-operator/templates/cluster_role.yaml +++ b/chart/helm3/sops-secrets-operator/templates/cluster_role.yaml @@ -13,6 +13,12 @@ rules: - secrets verbs: - '*' +- apiGroups: + - events.k8s.io + resources: + - events + verbs: + - '*' - apiGroups: - monitoring.coreos.com resources: diff --git a/chart/helm3/sops-secrets-operator/templates/operator.yaml b/chart/helm3/sops-secrets-operator/templates/operator.yaml index 1cecc5c9..df97fd79 100644 --- a/chart/helm3/sops-secrets-operator/templates/operator.yaml +++ b/chart/helm3/sops-secrets-operator/templates/operator.yaml @@ -68,6 +68,7 @@ spec: args: #- "--metrics-addr=127.0.0.1:8080" - "--enable-leader-election" + - "--requeue-decrypt-after={{ .Values.requeueAfter }}" env: - name: POD_NAME valueFrom: diff --git a/chart/helm3/sops-secrets-operator/tests/operator_test.yaml b/chart/helm3/sops-secrets-operator/tests/operator_test.yaml index 897cdf36..7417efed 100644 --- a/chart/helm3/sops-secrets-operator/tests/operator_test.yaml +++ b/chart/helm3/sops-secrets-operator/tests/operator_test.yaml @@ -30,8 +30,8 @@ tests: app.kubernetes.io/instance: sops app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: sops-secrets-operator - app.kubernetes.io/version: 0.1.8 - helm.sh/chart: sops-secrets-operator-0.6.3 + app.kubernetes.io/version: 0.1.9 + helm.sh/chart: sops-secrets-operator-0.6.4 # template metadata and spec selector - it: should correctly render template metadata and spec selector @@ -140,7 +140,7 @@ tests: asserts: - equal: path: spec.template.spec.containers[0].image - value: isindir/sops-secrets-operator:0.1.8 + value: isindir/sops-secrets-operator:0.1.9 - equal: path: spec.template.spec.containers[0].imagePullPolicy value: Always @@ -250,6 +250,57 @@ tests: name: GNUPGHOME value: /var/secrets/gpg + # Azure env vars + - it: should render Azure env vars if enabled, using existing secret + set: + azure: + enabled: true + tenantId: 'one-two-three' + clientId: 'three-two-one' + existingSecretName: 'existing-azure-secret' + asserts: + - equal: + path: spec.template.spec.containers[0].env[1] + value: + name: AZURE_TENANT_ID + valueFrom: + secretKeyRef: + name: existing-azure-secret + key: tenantId + - equal: + path: spec.template.spec.containers[0].env[2] + value: + name: AZURE_CLIENT_ID + valueFrom: + secretKeyRef: + name: existing-azure-secret + key: clientId + - equal: + path: spec.template.spec.containers[0].env[3] + value: + name: AZURE_CLIENT_SECRET + valueFrom: + secretKeyRef: + name: existing-azure-secret + key: clientSecret + + - it: should render Azure env vars if enabled, using generated secret + set: + azure: + enabled: true + tenantId: 'one-two-three' + clientId: 'three-two-one' + clientSecret: 'my-azure-secret' + asserts: + - equal: + path: spec.template.spec.containers[0].env[1] + value: + name: AZURE_TENANT_ID + valueFrom: + secretKeyRef: + name: sops-secrets-operator-azure-secret + key: tenantId + # custom env vars - it: if secretsAsEnvVars adds new env vars set: @@ -295,3 +346,113 @@ tests: fieldPath: metadata.name - name: AWS_SDK_LOAD_CONFIG value: "1" + + # controller container resources + - it: should not render container resources by default + asserts: + - isEmpty: + path: spec.template.spec.containers[0].resources + + - it: should render container resources if specified + set: + resources: + limits: + cpu: 100m + memory: 128Mi + requests: + cpu: 100m + memory: 128Mi + asserts: + - equal: + path: spec.template.spec.containers[0].resources + value: + limits: + cpu: 100m + memory: 128Mi + requests: + cpu: 100m + memory: 128Mi + + # pod volumes + - it: should not render pod volumes by default + asserts: + - isEmpty: + path: spec.template.spec.volumes + + # GCP volumes + - it: should render GCP volumes + set: + gcp: + enabled: true + asserts: + - equal: + path: spec.template.spec.volumes + value: + - name: sops-operator-gke-svc-account + secret: + secretName: sops-secrets-operator-gcp-secret + + - it: should render GCP volume with custom name + set: + gcp: + enabled: true + svcAccSecretCustomName: my-svc-account-gcp + asserts: + - equal: + path: spec.template.spec.volumes + value: + - name: sops-operator-gke-svc-account + secret: + secretName: my-svc-account-gcp + + # GPG volumes + - it: should render GPG volumes + set: + gpg: + enabled: true + asserts: + - equal: + path: spec.template.spec.volumes + value: + - name: sops-operator-gpg-keys1 + secret: + secretName: gpg1 + - name: sops-operator-gpg-keys2 + secret: + secretName: gpg2 + - name: sops-gpg + emptyDir: {} + + - it: should render GPG volumes with custom secret names + set: + gpg: + enabled: true + secret1: secret-gpg + secret2: secret-gpg + asserts: + - equal: + path: spec.template.spec.volumes + value: + - name: sops-operator-gpg-keys1 + secret: + secretName: secret-gpg + - name: sops-operator-gpg-keys2 + secret: + secretName: secret-gpg + - name: sops-gpg + emptyDir: {} + + # secretsAsFiles volumes + - it: should render custom secrets as files + set: + secretsAsFiles: + - name: foo + mountPath: "/etc/foo" + secretName: mysecret + asserts: + - equal: + path: spec.template.spec.volumes + value: + - name: foo + secret: + secretName: mysecret diff --git a/chart/helm3/sops-secrets-operator/values.yaml b/chart/helm3/sops-secrets-operator/values.yaml index 32e51b0b..28ad26ed 100644 --- a/chart/helm3/sops-secrets-operator/values.yaml +++ b/chart/helm3/sops-secrets-operator/values.yaml @@ -6,7 +6,7 @@ replicaCount: 1 # Deployment replica count - should not be modified image: repository: isindir/sops-secrets-operator # Operator image - tag: 0.1.8 # Operator image tag + tag: 0.1.9 # Operator image tag pullPolicy: Always # Operator image pull policy imagePullSecrets: [] # Secrets to pull image from private docker repository @@ -19,6 +19,8 @@ podAnnotations: {} # Annotations to be added to operator pod serviceAccount: annotations: {} # Annotations to be added to the service account +requeueAfter: 5 # Requeue decryption errors for reconciliation after 5 minutes. + gpg: enabled: false # If `true` GCP secret will be created from provided value and mounted as environment variable secret1: gpg1 # Name of the secret to create - will override default secret name if specified diff --git a/controllers/sopssecret_controller.go b/controllers/sopssecret_controller.go index 92a46e03..8cda5c7c 100644 --- a/controllers/sopssecret_controller.go +++ b/controllers/sopssecret_controller.go @@ -5,6 +5,7 @@ import ( "encoding/json" "fmt" "io/ioutil" + "time" "github.com/go-logr/logr" "github.com/sirupsen/logrus" @@ -32,8 +33,9 @@ import ( // SopsSecretReconciler reconciles a SopsSecret object type SopsSecretReconciler struct { client.Client - Log logr.Logger - Scheme *runtime.Scheme + Log logr.Logger + Scheme *runtime.Scheme + RequeueAfter int64 } // Reconcile - main reconcile loop of the controller @@ -78,8 +80,8 @@ func (r *SopsSecretReconciler) Reconcile(req ctrl.Request) (ctrl.Result, error) // will not process instance error as we are already in error mode here r.Status().Update(context.Background(), instanceEncrypted) - // Error conditon, but don't fail controller as it will not help, the actual error is already logged - return reconcile.Result{}, nil + // Failed to decrypt, re-schedule reconciliation in 5 minutes + return reconcile.Result{Requeue: true, RequeueAfter: time.Duration(r.RequeueAfter) * time.Minute}, nil } // iterating over secret templates @@ -98,7 +100,7 @@ func (r *SopsSecretReconciler) Reconcile(req ctrl.Request) (ctrl.Result, error) "error", err, ) - return reconcile.Result{}, nil + return reconcile.Result{Requeue: true, RequeueAfter: time.Duration(r.RequeueAfter) * time.Minute}, nil } // Set SopsSecret instance as the owner and controller @@ -117,7 +119,7 @@ func (r *SopsSecretReconciler) Reconcile(req ctrl.Request) (ctrl.Result, error) "error", err, ) - return reconcile.Result{}, nil + return reconcile.Result{Requeue: true, RequeueAfter: time.Duration(r.RequeueAfter) * time.Minute}, nil } // Check if this Secret already exists diff --git a/docs/index.yaml b/docs/index.yaml index 6d171fc1..79c92d0c 100644 --- a/docs/index.yaml +++ b/docs/index.yaml @@ -1,9 +1,24 @@ apiVersion: v1 entries: sops-secrets-operator: + - apiVersion: v2 + appVersion: 0.1.9 + created: "2021-01-01T10:04:42.295833Z" + description: sops secrets operator + digest: 01347c27e37dfff999ebcee12aae6d0aafa092d7c3b221d566cdf0abe71f4d5a + maintainers: + - email: isindir@users.sf.net + name: isindir + name: sops-secrets-operator + sources: + - https://github.com/isindir/sops-secrets-operator.git + type: application + urls: + - https://isindir.github.io/sops-secrets-operator/sops-secrets-operator-0.6.4.tgz + version: 0.6.4 - apiVersion: v2 appVersion: 0.1.8 - created: "2020-11-23T15:26:57.653425Z" + created: "2021-01-01T10:04:42.294957Z" description: sops secrets operator digest: 6348b1b1b0e8d3df3926e437b2c0f4ad63268d26e2cb54cbecbb564102e6b19c maintainers: @@ -18,7 +33,7 @@ entries: version: 0.6.3 - apiVersion: v2 appVersion: 0.1.7 - created: "2020-11-23T15:26:57.65241Z" + created: "2021-01-01T10:04:42.293814Z" description: sops secrets operator digest: 710c1c9fa73a2ebf791fda4a608b5e29072d42c0b68c803c7bbeed54a582fd7f maintainers: @@ -33,7 +48,7 @@ entries: version: 0.6.2 - apiVersion: v2 appVersion: 0.1.7 - created: "2020-11-23T15:26:57.651088Z" + created: "2021-01-01T10:04:42.292669Z" description: sops secrets operator digest: f2a606c3837843241bb9d59adc02c38e1cca98753c602b9f758cc61d735ca7cd maintainers: @@ -48,7 +63,7 @@ entries: version: 0.6.1 - apiVersion: v2 appVersion: 0.1.6 - created: "2020-11-23T15:26:57.649968Z" + created: "2021-01-01T10:04:42.291626Z" description: sops secrets operator digest: a2bbf9b39ec5f5b82965037f8f245fb3122adbe31b1c7d336fa1f4cddb228b88 maintainers: @@ -63,7 +78,7 @@ entries: version: 0.6.0 - apiVersion: v1 appVersion: 0.1.8 - created: "2020-11-23T15:26:57.648924Z" + created: "2021-01-01T10:04:42.289383Z" description: sops secrets operator digest: b89986787f33bb6ed9fb0c658431be8646302e9c1a24537c26269c62249fa071 maintainers: @@ -77,7 +92,7 @@ entries: version: 0.5.3 - apiVersion: v1 appVersion: 0.1.7 - created: "2020-11-23T15:26:57.64712Z" + created: "2021-01-01T10:04:42.288005Z" description: sops secrets operator digest: 9467709cf6fbe8d9d779cedf15fe388af172b609f3ca452ef3d8894f39d999df maintainers: @@ -91,7 +106,7 @@ entries: version: 0.5.2 - apiVersion: v1 appVersion: 0.1.7 - created: "2020-11-23T15:26:57.645987Z" + created: "2021-01-01T10:04:42.2868Z" description: sops secrets operator digest: b54b5d8497564ddc04bd6d8b105eb0a3559e82ae1f6aab2f59ed3e426f119287 maintainers: @@ -105,7 +120,7 @@ entries: version: 0.5.1 - apiVersion: v1 appVersion: 0.1.6 - created: "2020-11-23T15:26:57.644768Z" + created: "2021-01-01T10:04:42.285628Z" description: sops secrets operator digest: 177f1ed214d6e72eda589a6ab155a417c1a4229bfda11e87f24af125a3542ad1 maintainers: @@ -119,7 +134,7 @@ entries: version: 0.5.0 - apiVersion: v2 appVersion: 0.1.5 - created: "2020-11-23T15:26:57.643127Z" + created: "2021-01-01T10:04:42.283392Z" description: sops secrets operator digest: 1535e130357afa883db0b3d30735c817d3b7d412fe5bdfd71534d0c08defa7d1 maintainers: @@ -134,7 +149,7 @@ entries: version: 0.4.8 - apiVersion: v2 appVersion: 0.1.5 - created: "2020-11-23T15:26:57.642095Z" + created: "2021-01-01T10:04:42.282273Z" description: sops secrets operator digest: 19b11dc2d1945f3c436a7d03763b4391d4a382fc13ea515d25422827d859d6d0 maintainers: @@ -149,7 +164,7 @@ entries: version: 0.4.7 - apiVersion: v2 appVersion: 0.1.5 - created: "2020-11-23T15:26:57.641179Z" + created: "2021-01-01T10:04:42.281212Z" description: sops secrets operator digest: c839e5d3374b948d27ad49643411f4891fdec44d179dea06423bb0d6e29d5e32 maintainers: @@ -164,7 +179,7 @@ entries: version: 0.4.6 - apiVersion: v2 appVersion: 0.1.4 - created: "2020-11-23T15:26:57.64008Z" + created: "2021-01-01T10:04:42.279944Z" description: sops secrets operator digest: c71f9f66be32f8b9d3c8d780b09b2455a40fd9755314004efd2bb8d379dafe3c maintainers: @@ -179,7 +194,7 @@ entries: version: 0.4.5 - apiVersion: v2 appVersion: 0.1.3 - created: "2020-11-23T15:26:57.638901Z" + created: "2021-01-01T10:04:42.279079Z" description: sops secrets operator digest: f3f2f89d4ef6018776df0a12a63dd2f9c9519b9d1ac03a9a405e31d0fd902ba0 maintainers: @@ -194,7 +209,7 @@ entries: version: 0.4.4 - apiVersion: v2 appVersion: 0.1.2 - created: "2020-11-23T15:26:57.638113Z" + created: "2021-01-01T10:04:42.278236Z" description: sops secrets operator digest: 1fd5eed318627f5ed0656f4e8ce4a25729568a1626ae313bcbe21050f5f26240 maintainers: @@ -209,7 +224,7 @@ entries: version: 0.4.3 - apiVersion: v2 appVersion: 0.1.2 - created: "2020-11-23T15:26:57.637266Z" + created: "2021-01-01T10:04:42.277068Z" description: sops secrets operator digest: 1f4f9869c75f0922e83ba5d530e101bd4252d5c1c31365800cc9d1425680cf18 maintainers: @@ -224,7 +239,7 @@ entries: version: 0.4.2 - apiVersion: v2 appVersion: 0.1.1 - created: "2020-11-23T15:26:57.636457Z" + created: "2021-01-01T10:04:42.276148Z" description: sops secrets operator digest: 6b054a4e9f261eea3cb84ee2e70b87b24780f1703e2c218ea5f69b7f82d1876f maintainers: @@ -239,7 +254,7 @@ entries: version: 0.4.1 - apiVersion: v2 appVersion: 0.1.0 - created: "2020-11-23T15:26:57.63546Z" + created: "2021-01-01T10:04:42.275303Z" description: sops secrets operator digest: 78b62ab37eac1b45f0a68a9752a3615c5d3f1c960bb4057e665923ce104931cf maintainers: @@ -254,7 +269,7 @@ entries: version: 0.4.0 - apiVersion: v1 appVersion: 0.1.5 - created: "2020-11-23T15:26:57.633746Z" + created: "2021-01-01T10:04:42.274386Z" description: sops secrets operator digest: 41baa3c580cb9d8951c18513a4f04c4dbbfad99de9c62f53de2450c0c7b76725 maintainers: @@ -268,7 +283,7 @@ entries: version: 0.3.7 - apiVersion: v1 appVersion: 0.1.5 - created: "2020-11-23T15:26:57.632611Z" + created: "2021-01-01T10:04:42.273251Z" description: sops secrets operator digest: 1103b1f7bf7af3f400c172227cd5a3659f3a03e5e8158b19ba0b25f7ed45208b maintainers: @@ -282,7 +297,7 @@ entries: version: 0.3.6 - apiVersion: v1 appVersion: 0.1.5 - created: "2020-11-23T15:26:57.631653Z" + created: "2021-01-01T10:04:42.272412Z" description: sops secrets operator digest: 15c72ba7fb09d0e980ec32fd94f56893c439c05c435281a9ab9c8bc94bd20063 maintainers: @@ -296,7 +311,7 @@ entries: version: 0.3.5 - apiVersion: v1 appVersion: 0.1.4 - created: "2020-11-23T15:26:57.630552Z" + created: "2021-01-01T10:04:42.271521Z" description: sops secrets operator digest: 025a6a6381b75286756ef55105ace6e911e5a5818b495ede6356cc8ec572aeac maintainers: @@ -310,7 +325,7 @@ entries: version: 0.3.4 - apiVersion: v1 appVersion: 0.1.3 - created: "2020-11-23T15:26:57.629265Z" + created: "2021-01-01T10:04:42.269651Z" description: sops secrets operator digest: f61b070b640169439cf4ab500047c1e356748a85871f7aeefde46d63d87d453a maintainers: @@ -324,7 +339,7 @@ entries: version: 0.3.3 - apiVersion: v1 appVersion: 0.1.2 - created: "2020-11-23T15:26:57.62588Z" + created: "2021-01-01T10:04:42.268405Z" description: sops secrets operator digest: 2b37dc4e545e8a9540f6b7693079b98bf161ec5a68899defcfc9420bdcbb33e3 maintainers: @@ -338,7 +353,7 @@ entries: version: 0.3.2 - apiVersion: v1 appVersion: 0.1.1 - created: "2020-11-23T15:26:57.624623Z" + created: "2021-01-01T10:04:42.266975Z" description: sops secrets operator digest: 2e2762b8f9d66aab0caacde225955fec8bfd5a4cc10dc6943a1de3809dda4091 maintainers: @@ -352,7 +367,7 @@ entries: version: 0.3.1 - apiVersion: v1 appVersion: 0.1.0 - created: "2020-11-23T15:26:57.623348Z" + created: "2021-01-01T10:04:42.265861Z" description: sops secrets operator digest: ce84f5b64402a582c7689cb842ba03fb10f968c38b57dc9e05f588493128019a maintainers: @@ -366,7 +381,7 @@ entries: version: 0.3.0 - apiVersion: v2 appVersion: 0.0.10 - created: "2020-11-23T15:26:57.621598Z" + created: "2021-01-01T10:04:42.264433Z" description: sops secrets operator digest: 5e4c8bc37ea2c819c55b288c0a5e76ff8c9c02be591bd53776606666af45581c maintainers: @@ -381,7 +396,7 @@ entries: version: 0.2.1 - apiVersion: v1 appVersion: 0.0.10 - created: "2020-11-23T15:26:57.62064Z" + created: "2021-01-01T10:04:42.263322Z" description: sops secrets operator digest: 50b8ebab19008dfc43de1eaee8b0f6287f7a55134585dc6ae88df2520d779f8f maintainers: @@ -393,4 +408,4 @@ entries: urls: - https://isindir.github.io/sops-secrets-operator/sops-secrets-operator-0.1.10.tgz version: 0.1.10 -generated: "2020-11-23T15:26:57.619333Z" +generated: "2021-01-01T10:04:42.26221Z" diff --git a/docs/sops-secrets-operator-0.6.4.tgz b/docs/sops-secrets-operator-0.6.4.tgz new file mode 100644 index 0000000000000000000000000000000000000000..ea042ac4cec3ed692258f6418b76a57d5e15f409 GIT binary patch literal 8911 zcmV;=A~4+_iwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc zVQyr3R8em|NM&qo0PKBhciXnMU_bL$?2*r1PJBX2vXi)@yL#97+HUGeVtd7IyUt{~ zY>0#;)FiE>`A930q^Fv~hz{bXYVFTFM;56et$05Ul`!vH03CjBW zGsHx&KuP@FJv@WKVDR$!bM^mVFsT1O*x7yl-Ee1jcjv|K@a69IcZ1=J7lZBZU~nIe zuX=JW5c_U$=eFvd`-?m%BfntA2~9^Z-}X?J6+Z{TF!-Ndgn7tFCe$k_EnuVtth9Iu zBB?+m#f*+5JOaW=8WHxta*i1f_#{ZN@BmVj;NqjFf3*ss$7#+&tU%6$$oQz= zpAs?4$3aMwzJbthts6{<@Wdj+BS2XelMqS#y?NQSm%(%IThso}@U-jy9K|{2_hkT9 z=>P8a^FdwzcXxIl_5UHB4LHCPl*a-z&tXDYyFLcq2At0b2f_itzxLj~@h6leNC+Ik zgv3}DIKW|y7=}4w1dU_NK~NZD$Pni^0+I>}3z{#&4g^}#Qv?S zdjJAWjqPiGmLENUERW+;8k2A_g1z_}EqF^&SqL&!%HVdI$MKm)VFd4glXc8bNhMWY zSDi4LK*q=%2@DYpuP}2urHtmu95Y5DJc3?NHEw=$K)Im)6sHmy97$?1NknZ;mHG81 zc^uyeNKDgd4TiS?=$d;OjrP)%3T0sV2>$pY0XeUX0H7$sk^H-$eMTeCy3NMfSe z03_?d3rI+sYx$gJQ;8W)r9?*~n4p+r+0CN~Tnd)sOL(<^YQ{ylCUGp03>j9mGt8uO zB9T^F1}Kdnk=Wu05C@#j38SeJcdI!b7=XhOOtY!dier>upcB(=)taEDA@Fs})bJ1@ zqt~XOWEzkO@C=7qVQd52s)6nMZ@`;|Sv%p5X@nt0V;pN1xIzJlb23%LkSNZ>y)e{j zvY&H7lVjyFY;JxPf;g?&HYAg$VHTKPTuS?=x&91XBb}N#V-;`Pqn+Cxgnlv>6v<=8p1@(Ff)xUAdCr4#ZmMO1Wu9s zONp3%t-Avx1!q_X$`rH^rNHn6Gn|H4>a@jAew?9sDaX=ma~w}#P7t7!Dg+XYQV!#V z#e}3&K!&s_;E#k0l1?=Sl35;--E0wx4ao{g)fyoRb;`No&<32DKC59QWH`d9ASmWA z!wk!AvlC(Z#StulhULT9FKcTcIJub;d#9=5c&qtJGu~P4=@456&a!D^e!P)>6#|3J2 zu!sZ0D57b+CZ(I~2CeUZZBD4Z`NRmx*BWt2kvD%qT)I9{j$ zKS^+^eMmtIGipbOqNdUWK_SM{5-Mwtr1u-rl!t`o8gw|LQf%cwCUrzkcmwS!qnJ}5 zsWhP+a|mZB4fX#_aLFl<|%AxJGHE zCr-6I)x8x8xe1M9dMyP_LXSx*i=gOtX&S@~C$fPQhnRE37SB}w8BVC`y_7u`FJR1& zqK$HtHcM7)1_o$C1Rtrt0m3XF!Ei80%g77>9x~ z%YEffaP!jI_=)i+tm_$SX$kYy>-|%&S_Ni7l{g3QRamuLIgDm%kf6LQBnjXIp6*F-oB$#9{wm8I!xyl$vub(SK|_j zA|jDRal1t=m4ENovx~EX*B5V2_6{!gPmX^)QkGL$tr7Hwy~j10ul%&H{}i+H{_)BA z;aMO)iaWHiYW-LKU0wg#9lm_|xc>7H&no_3%y67x#siVvdMR)P|F?H{cB=f}9t?IL z`Tro#AAj_>U`~<|a4eK_C>9z1K~5D=IKv~@>VNs-$x`0o$4t3HGra<2=iSPg2|QEI zmrfK(G4$FO5oOID_+?q;a0Pn9NzE66U$oEaE>OW|IVz|4v$@sA{?HK7m6|m$7iyvn(|~gd>VL16JR)&&Y%WjoK@oynt5||&Z`|x ziM+vfO+wo>zLGv>r1NBd{6lqS^uzi*cJM6dqM-!uG|_bB0@uph z8zU%Z@L~eJ|KR?A@Lmm?Zucfq*Y$Tr8XY!ERWkcglEsSEMs9Q|wLG>qyH%ZDXXjkn z>%Yx5AAD8|>?p+0`)3b&7roo)8ch7NaT4%ZUy)*+x`t+|auWlRav`T{3Q|=%9EH-v+$*+C+hG+Oj}la)%4hhH zQ&E7Gv~7iwpcGAU7vJ(aR|MbcavJMkavIK+;G~L!V1r0RZmB=(Gb`ZaZ{f!byfc;Y>dLf^eZQ%G~?hf6`Dik9on|WeF+zq8tzs4KMk`x&i>c%|F-M; zKX~zC_^AI6@znI+33OY3O5XybJ#4R3m�Zd4*!(wpw}p#e->>*`)(V6aLPt2v>L! z{LUqxKKtGhLf5+U=-~bPJ*(`0A+2{f3$on)4|leA>hu4>_U_~Q?}I$9QAb(E%ej1c z1mjQR!(})$=R0B&B3>Cp+(RU~K^qS?Qsy;5BAmT3H~`$M>Atz~hT;H>!LDmCt)8!N z8g!0HNRkTrFOJr0#uMnhqEamvNB5z^4&QUgX9V~-+O2j@b&rn*tZJ3<=?k5X_Rq@$$c?1z2 z6O@j|YDQ82eA+myGBnlJ@y*^BHXVq5L<@z<Kl;xL%>0jXmAKnyl z-<-`-wf*@ph}Ldv+YyV3$c0PzU+x;aN>UMlo?{BttDrnE24B968lMH4!j~_-Wzy29 zQ=WUP;$UQ)vetP-o9Nqj)nNB3)GqmHkPceZtU8Zbi@%gkW4xM?SJ>zC&_~6(!Hw{0 zQ~#B6_wS+l=Vj;l6lLt!ds4P=qxXT2Q5C^|{wg${{cg`+j46-4?uXZ@Il zC|2fGM{u|%8nJ0bxHo+0`F?^0BO&)u6tN$M+q=Oa7zD%7_k-^Ty$bxE?`v`LV~irq zeC6{Hnl_4=Q<1(o1L>>i{U0h0RC#Q&W*KlgA5|!0DSUczaB;l%_OSBN#Bcw|XfmpO z039}G7Q$M;X}(y0Nb#>ybX`R+k$iP>^6Jgu#op=Zo1^``^P`jFi~Vv|dhldD zC-A9?LRyVb^Qhhm+3Ki!N{?E_v4lm9RkN1wxFOCk@7w6&xSBFR!hRDUg zhJ=2uu(UHK#$ySR`)`g8zb%qBzGO9$`cT|AM)b@^4VBLled!ow%z45t`RN*I?x(i_ z?^F$^w`IZCc+u9iwR&t%_1vb&DJVy)*RFVp4K9cVK~t;kfCZQN6vWwFXx z&b60oR!d6l+-6g1S`LBg$2s5WaH|flDCLsQJ@>h)t}5nMo~%)GQm?j}?8V8?a^cV( z5WOq8EA2RkR?AZEN!Hu7_N`aP|NhUa{U5XDcwvU9TWtfaivM}OJE+Hhz8pTr|2)WZ zgZR&4XQ&oAQ{B6$n1$*(dVuOX8C|;=-5b;2bOY*dXqi^&zrbARfBlfAsa{;Vp%qxA z|1Wmy=YO_$hmYrfALMCO@KYMK?D_U?s&jr#YuX-a;?eaVf zG3UjuaeafudcoJzVoqZAQpP!7jOoW>W2V?5yUNEn6mhZ3Rb9OGVRMSbru#di5#Q9| z)dDeLH&%}E9J4=%32E2=KoXQpQ_Ao?w6RM6Uk+Y2@_!CqJnH{LJR5L|guqN^meDMS z>lsdAoRc^r=@c>)UZE-GMFLQsXBlOJ1E1kIhG|U4I=q6U(`UeNj0Blu$dH&h?@=0g z8<66uPK5R(V|YS7;z)Z8|Kn)@CuzI@nyQ)-CCD&SDT)FwI5@jF6O>_Z1I%gTU-r)+ zB8+>%l!(6iSEKI*<4>%w{XF9HYN`!JLOQ!V0!pRPjE1_z-M)XdDJx z-d6D8!v}9GK;zKc3g#s7-l8ikoBf8Spk4pp9qt{xJq(iQUfNg{|Ml|uPF?>8kNJNe z=Go{-zU>{QT%b7S@V>RcZ%=NMll!SkbgOfr0#4OVB#w%NaU_LbF`DCR%C0!PBH|?D z@MD~Rbn{3Bp0}|9=WqV=;N5?E-sRVUw^R{5`*E1+hIgV6T&&w-Ayjz(hD`B|T-B;SV|CL|}cS(#fJT42IkPR4+aLwH{>jQa_a9q)62#xd5Qye*p& zPl`U`JWsIFfU2OG?1Qi0p1~E?Dfdd*D`C{~32A++O-lDQU;YByKH6p zCG5XDDCwn$9G294wSVfB*hpota%)y=I(sFk?NC|YBqg;u+y zL|EDk2Q5_QIVLujXSykL;$`UxqnKe7EowDDYtsQo>ddRw(3$sKan^_$`oywL7t>jUumKVCAq>2e=aeX zT6L(CS!cO0xqP8a@(V`?Y80v_Kenk>n;C;iY7#@c0;w}zE2*T+dI!iAih7=7t}|F` zp;alGb2jg>Q0>T{=QOs<}?usYzXDMyt^I4BI6TlL?lqB)<~2L%@(G z8BJ9RTf{jHiOLyX&{HdjgrQO6>aD>`cWl3!ruE!SRtw4us|2IEW-%Dc*BN3c!2&aG zbJCr)-u6%;A!eAcA~TtxvFCk;Qws`e&u2I&FT!bj(Qxbw?=$!v4|INNd{J;N-D3@x zs;!$|i~*nFa(Jns)gyx?#M-qLpW(8%)S2j2U;0aDj!R4bG*#4YulJ2O;$ z9j{&i-~{+f0Jph7LxO()n*r*kpi>y#;35r$qs6YCGH)rc=7ky+Sk>bj64IJCYDg%5 zd@)eEcVAXOY`IpW0@w`|m7wl)zlMbT!T@$6JS5!mevN6E-Shn#vRRex*=gE@eaNQo z^=1jh+i5l(_8N_Cf3?Q8i^kl`D?YD#_eO(0ol!$yrw6@`cCB38_DT*dNh`19sNhf; zoDBjhOSbwTy{LKPu8KPSs!6;g5bf)bNTtkHfOyB{5-rHsAWR8J`$i;!C(dPOK%%F2 zfLs#WcwUA^OCYvTtPz;&%F4=HA-WoJFa3BDn$FwnD>N8;5sD;&i&s6MQ+4nwT@Fzh zW~#ARYc#vYjSiItinz$iu-bAPLdBB10a%4`SSyi!ZKP?9w~`QRne;VWsKTUV%~$oBJKZ%WWwjqoGJaWOyR6~FGb#ODH!FXIPd5Ilp!SmF z{MA9%3C&RQQ%%n=KUbNoM^07OM)j(3f9*W|CElLBbO)nwR{Gn{y3nQXb1bAO{6R_R z`)9?Uzg+@i(_CLcLE%zOHOxfgGJqc`vzLlI^Sr%SV3w*4q8Oqn6n~&lglAj?EgG}u{*5Af9$;2dH%Tn^AL}c)M^p{f$Qo^B{F3Tx~I9R>_b&9|SwWzys|(5}KZq1apCs zYy@c@$DVtX(8^*MIYV)!kLtaegC3WV zeZ5elK9O{q$B4O=JOCb2iE@#PO5Jjok89^Gbl**M`5eV0Ql!@(X@=9i)1zN@&cYc^ zkPUdLTnt?HLHgoq2}TtzOtaGy*gHKkFft}hjv%;_e4r3UCknmN+NMOuB+u4K#?5e` z-^t0kZe7ht2$yqzhIw&KmAiZ+$H5e+$_^H&1w}bHZ z@Epf|PNqI$;fx3zik#s-%80KJPnGrsNwiV0d(*+RCd~R#vf4>^DX{wfS6$6av$6uZ7lEU1VBwbB-*LGG5YHF1yG-$>!;HyO{&%H*9os}kXCCDffL?5DiMJ@cCFE?HEronK&F(Der_-z<>8Gzw?@`LX(fBoK(5|KTKazBcnOZ#nU-jF4 zBdG1Yoa;V_;C8re6{PL-_%=e-KJ6${^0l;9PXEs`99AYC5$1%+d9y%5ZTr;LLG;rl z9eT;&+#W|;+GP_8U<>Pcs$J{0o01k%xjot7NFyw$F3jtwOxeosP{}LS|`}B%{@QR}$51S&`IbBX6dFS+h^|%$N_; zE1jlP_C*J(3wl4j>2~5O&8rPsr9JLFpA8I_NbMS3R-aen($eZ8yG4U44w*FvdH`Pu zPs{5@>M>YO;e@0|$}+%kEkoXhl3%xYE6uWAxn09BtAZ6HM8_Pn`K@iUSt(!c*XT0f zyDP*RXK+{A>%ClOOsc&qcM$aXjqUQCS?t%#`OasZ=+y~6mh_}d9RgKvO6sC8#F@a+ zaeZ08rxWGb6?^qFq^ULy>IQdDL&ecA7908UTW|cBr|bMT7iI463;FX73BZ@{|LqKR z8vB2P=ev*RKOf}rec$6b5mJ+yq44S?HTQ(;fB8_!3GaET%*gWqHUMQrUos^|b`OQC zpdQ9>D3r>m{g85#M`;h@9J4aZs}F>~u5ConNhKwDS+Lv-su#EU%x&2j;&w~EV#-ty zn6%oe3r_Ftn!G~U+-_Uzo#|P;0EW{Dv$pDaSi+>%93MPs-&RL8y_(W5tar?qo;*a`OZ)}NJ8&)-H)L7Gf zMTDIlBny9r*w`6F?3V@2nftA!YsXaFp?5c8d@G3egWoz_fO@y?)XK1{6_-RxlInr> zYCYk}`N_e_2qsd#LTQVnw9!eC4`_L6p{IXJ53Gf3%{xSHw$q zjG6_BJIF+tgQ{CqmxzNyQ-z#9lv*5_TiKiYMZW}D!GG!D!IA58-?8cPs*)xW=AxU9 z5j~}8mCNqALrGNqw%|{F1Sv5t4;4xqt4&{EqR4|3>r@~`X@RD4*71B>1-P0XI~T5y z$uSkDIwtNb@M;;s8clx%$>=1|$k3!F4}*zd`50sa@p# zeh^aMdvn7Zb+vXc(f#4DmUPv!#NSiv+qa@X=lx0dht*AJvfZU?W*e@dZrp4dIjUAY z^jNBtcD*N*7RWePGWGgcg#8Jn?0u%lNxp}u+ z?h;@&{d^{Rx<(b2H=WCD##;?xM3;%m2b zyI*W-)IDP@>ld%y9Uh(^9lz@EgAMlnlwn*6?k%V?g4(y@mcHYY^PdjiU98g(N~xG( zcH`Fmw%%r2(_MsIiNUH%0IyoO=sxKxVSpR3{eiIUk|l;A||8w|IO zx4}-1-t3lA{WLF(bl)E@alxD`L03{rXOgvJL(9J03d*U{t=S9p;8}K0qV<<1c1w4P zSb`OTSt;>A%QbhQRpXM^^{F(?ro$UFv3*tmZU1D2_SUjUB5rOpg1^q5%#Gy2MRk4F6sUgd dgBOp_