Merge pull request #335 from fluxcd/release-v0.12.0

Release v0.12.0

Author: stefanprodan

CHANGELOG.md

@@ -2,6 +2,22 @@
 
 All notable changes to this project are documented in this file.
 
+## 0.12.0
+
+**Release date:** 2021-04-29
+
+This prerelease comes with support for decrypting Kubernetes
+secrets generated with SOPS and
+[Kustomize `secretGenerator`](https://github.com/fluxcd/kustomize-controller/blob/v0.12.0/docs/spec/v1beta1/kustomization.md#kustomize-secretgenerator).
+
+Features:
+* SOPS: Decrypt Kubernetes secrets generated by kustomize
+  [#329](https://github.com/fluxcd/kustomize-controller/pull/329)
+
+Improvements:
+* Extract validation error from apply server dry run output
+  [#333](https://github.com/fluxcd/kustomize-controller/pull/333)
+
 ## 0.11.1
 
 **Release date:** 2021-04-22

Makefile

@@ -2,7 +2,7 @@
 IMG ?= fluxcd/kustomize-controller:latest
 # Produce CRDs that work back to Kubernetes 1.16
 CRD_OPTIONS ?= crd:crdVersions=v1
-SOURCE_VER ?= v0.12.0
+SOURCE_VER ?= v0.12.1
 
 # Get the currently used golang install path (in GOPATH/bin, unless GOBIN is set)
 ifeq (,$(shell go env GOBIN))

config/default/kustomization.yaml

@@ -2,8 +2,8 @@ apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
 namespace: kustomize-system
 resources:
-- https://github.com/fluxcd/source-controller/releases/download/v0.12.0/source-controller.crds.yaml
-- https://github.com/fluxcd/source-controller/releases/download/v0.12.0/source-controller.deployment.yaml
+- https://github.com/fluxcd/source-controller/releases/download/v0.12.1/source-controller.crds.yaml
+- https://github.com/fluxcd/source-controller/releases/download/v0.12.1/source-controller.deployment.yaml
 - ../crd
 - ../rbac
 - ../manager

config/manager/kustomization.yaml

@@ -5,4 +5,4 @@ resources:
 images:
   - name: fluxcd/kustomize-controller
     newName: fluxcd/kustomize-controller
-    newTag: v0.11.1
+    newTag: v0.12.0

docs/spec/README.md

@@ -72,21 +72,17 @@ The API design of the controller can be found at [kustomize.toolkit.fluxcd.io/v1
 
 ## Backward compatibility
 
-| Feature                                      | Kustomize Controller    | Flux               |
+| Feature                                      | Kustomize Controller    | Flux v1            |
 | -------------------------------------------- | ----------------------- | ------------------ |
 | Plain Kubernetes manifests sync              | :heavy_check_mark:      | :heavy_check_mark: |
 | Kustomize build sync                         | :heavy_check_mark:      | :heavy_check_mark: |
 | Garbage collection                           | :heavy_check_mark:      | :heavy_check_mark: |
 | Secrets decryption                           | :heavy_check_mark:      | :heavy_check_mark: |
-| Container image updates                      | :x:                     | :heavy_check_mark: |
 | Generate manifests with shell scripts        | :x:                     | :heavy_check_mark: |
 
 Syncing will not support the `.flux.yaml` mechanism as running shell scripts and binaries to
 generate manifests is not in the scope of Kustomize controller.
 
-Container registry scanning and automated image updates is not in the scope of Kustomize controller,
-could be implemented by a dedicated controller.
-
 ## Example
 
 After installing kustomize-controller and its companion source-controller, we
@@ -193,4 +189,3 @@ spec:
   validation: server
 ```
 
-

docs/spec/v1beta1/kustomization.md

@@ -964,22 +964,27 @@ spec:
 
 ### Kustomize secretGenerator
 
-`sops` encrypted data can be stored as a base64 encoded Secret, which enables use of kustomize secretGenerator as follows.
+SOPS encrypted data can be stored as a base64 encoded Secret,
+which enables the use of Kustomize `secretGenerator` as follows:
 
 ```console
-$ echo "day=Tuesday" | sops -e /dev/stdin > day.txt.encrypted
+$ echo "my-secret-token" | sops -e /dev/stdin > token.encrypted
 $ cat <<EOF > kustomization.yaml
 apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
 
 secretGenerator:
- - name: day-secret
+ - name: token
    files:
-   - ./day.txt.encrypted
+   - token=token.encrypted
 EOF
 ```
 
-Commit and push `day.txt.encrypted` and `kustomization.yaml` to Git.
+Commit and push `token.encrypted` and `kustomization.yaml` to Git.
+
+The kustomize-controller scans the values of Kubernetes Secrets, and when it 
+detects that the values are SOPS encrypted, it decrypts them before applying 
+them on the cluster.
 
 ## Status
 

go.mod

@@ -9,13 +9,13 @@ require (
 	github.com/Microsoft/go-winio v0.4.16 // indirect
 	github.com/cyphar/filepath-securejoin v0.2.2
 	github.com/drone/envsubst v1.0.3-0.20200804185402-58bc65f69603
-	github.com/fluxcd/kustomize-controller/api v0.11.1
+	github.com/fluxcd/kustomize-controller/api v0.12.0
 	github.com/fluxcd/pkg/apis/kustomize v0.0.1
 	github.com/fluxcd/pkg/apis/meta v0.9.0
 	github.com/fluxcd/pkg/runtime v0.11.0
 	github.com/fluxcd/pkg/testserver v0.0.2
 	github.com/fluxcd/pkg/untar v0.0.5
-	github.com/fluxcd/source-controller/api v0.12.0
+	github.com/fluxcd/source-controller/api v0.12.1
 	github.com/go-logr/logr v0.3.0
 	github.com/hashicorp/go-retryablehttp v0.6.8
 	github.com/howeyc/gopass v0.0.0-20170109162249-bf9dde6d0d2c

go.sum

@@ -204,8 +204,8 @@ github.com/fluxcd/pkg/testserver v0.0.2 h1:SoaMtO9cE5p/wl2zkGudzflnEHd9mk68CGjZO
 github.com/fluxcd/pkg/testserver v0.0.2/go.mod h1:pgUZTh9aQ44FSTQo+5NFlh7YMbUfdz1B80DalW7k96Y=
 github.com/fluxcd/pkg/untar v0.0.5 h1:UGI3Ch1UIEIaqQvMicmImL1s9npQa64DJ/ozqHKB7gk=
 github.com/fluxcd/pkg/untar v0.0.5/go.mod h1:O6V9+rtl8c1mHBafgqFlJN6zkF1HS5SSYn7RpQJ/nfw=
-github.com/fluxcd/source-controller/api v0.12.0 h1:ATzWCIXE96Q1iOHElzM0V4xCVEn95QLKpOSmVLiY/lo=
-github.com/fluxcd/source-controller/api v0.12.0/go.mod h1:+EPyhxC7Y+hUnq7EwAkkLtfbwCxJxF5yfmiyzDk43KY=
+github.com/fluxcd/source-controller/api v0.12.1 h1:ubO3gwGaxnXwayJeDHpdsh96NXwOLpFcbLjZo/pqWCg=
+github.com/fluxcd/source-controller/api v0.12.1/go.mod h1:+EPyhxC7Y+hUnq7EwAkkLtfbwCxJxF5yfmiyzDk43KY=
 github.com/form3tech-oss/jwt-go v3.2.2+incompatible h1:TcekIExNqud5crz4xD2pavyTgWiPvpYe4Xau31I0PRk=
 github.com/form3tech-oss/jwt-go v3.2.2+incompatible/go.mod h1:pbq4aXjuKjdthFRnoDwaVPLA+WlJuPGy+QneDUgJi2k=
 github.com/fsnotify/fsnotify v1.4.7/go.mod h1:jwhsz4b93w/PPRr/qN1Yymfu8t87LnFCMoQvtojpjFo=