Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Commit a21b808

Browse files
emmeowzingemmeowzing
authored
fix-e2e-test-clone: rename, fix e2e env cloning, decrypted PassSecret conversion (#135)
* fix-e2e-test-clone: rename, fix e2e env cloning, decrypted PassSecret conversion
1 parent f14e155 commit a21b808

22 files changed

Lines changed: 547 additions & 297 deletions

.github/settings.yml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -2,7 +2,7 @@ _extends: .github
22

33
repository:
44
name: pass-operator
5-
description: A kubernetes operator that syncs and decrypts secrets from pass git repositories
5+
description: A Kubernetes operator that syncs and decrypts secrets from pass store git repositories
66
homepage: https://github.com/premiscale/pass-operator
77

88
# A comma-separated list of topics to set on the repository

helm/README.md

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -1,5 +1,5 @@
11
# Operator and supporting Helm charts
22

3-
- [`operator`](https://github.com/premiscale/pass-operator/tree/master/helm/operator) is the chart for deploying the Pass store operator
4-
- [`operator-crds`](https://github.com/premiscale/pass-operator/tree/master/helm/operator-crds) is the chart for deploying the Pass store operator's custom resource definitions (CRDs)
5-
- [`operator-e2e`](https://github.com/premiscale/pass-operator/tree/master/helm/operator-e2e) is the a for e2e-testing the operator and its CRDs.
3+
- [`operator`](https://github.com/premiscale/pass-operator/tree/master/helm/operator) is the chart for deploying the pass store operator
4+
- [`operator-crds`](https://github.com/premiscale/pass-operator/tree/master/helm/operator-crds) is the chart for deploying the pass store operator's custom resource definitions (CRDs)
5+
- [`operator-e2e`](https://github.com/premiscale/pass-operator/tree/master/helm/operator-e2e) is a chart for e2e-testing the operator and its CRDs. Unless you're a developer, you won't need to use this Helm chart.

helm/operator-crds/_json/PassSecret.json

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -63,9 +63,9 @@
6363
"type": "object",
6464
"properties": {
6565
"encryptedData": {
66-
"description": "Data to be contained in the secret.\n",
66+
"description": "Data to be contained in the secret. Can be as few as zero key-value pairs, since the K8s API accepts Secrets with no data.\n",
6767
"type": "object",
68-
"minProperties": 1,
68+
"minProperties": 0,
6969
"additionalProperties": {
7070
"type": "string"
7171
}

helm/operator-crds/templates/PassSecret.yaml

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -59,9 +59,9 @@ spec:
5959
properties:
6060
encryptedData:
6161
description: |+
62-
Data to be contained in the secret.
62+
Data to be contained in the secret. Can be as few as zero key-value pairs, since the K8s API accepts Secrets with no data.
6363
type: object
64-
minProperties: 1
64+
minProperties: 0
6565
# I tried to get patternProperties to work (1/20/24), but my control plane insisted it was a forbidden field.
6666
# https://github.com/kubernetes/kubernetes/issues/59485#issuecomment-366600460
6767
# Using the work-around I've found in Bitnami's SealedSecrets CRD for now ~

helm/operator-e2e/README.md

Lines changed: 10 additions & 10 deletions
Original file line numberDiff line numberDiff line change
@@ -19,16 +19,16 @@ interface to installing this chart and others in a local e2e testing environment
1919

2020
### E2E Deployment
2121

22-
| Name | Description | Value |
23-
| ------------------------------------- | ------------------------------------------------------------------------------------------------------------------- | --------------- |
24-
| `deployment.pullSecrets` | A list of pull secret names. These names are automatically mapped to key: secretname in the imagePullSecrets field. | `[]` |
25-
| `deployment.image.name` | The name of the image.## @param deployment.image.name [string, default: pass-operator] The name of the image. | `pass-operator` |
26-
| `deployment.image.tag` | The tag of the image. The default is "ignore" to ensure users provide a tag. | `ignore` |
27-
| `deployment.image.pullPolicy` | The pull policy of the image. | `Always` |
28-
| `deployment.resources` | Set resources for the pod. | `{}` |
29-
| `deployment.livenessProbe` | Configure the liveness probe for the pod. The defaults are set to check that SSHd is listening on TCP port 22. | `{}` |
30-
| `deployment.podSecurityContext` | Configure the security context for the pod. | `{}` |
31-
| `deployment.containerSecurityContext` | Configure the security context for the container. | `{}` |
22+
| Name | Description | Value |
23+
| ------------------------------------- | ------------------------------------------------------------------------------------------------------------------- | ------------------- |
24+
| `deployment.pullSecrets` | A list of pull secret names. These names are automatically mapped to key: secretname in the imagePullSecrets field. | `[]` |
25+
| `deployment.image.name` | The name of the image.## @param deployment.image.name [string, default: pass-operator] The name of the image. | `pass-operator-e2e` |
26+
| `deployment.image.tag` | The tag of the image. The default is "ignore" to ensure users provide a tag. | `ignore` |
27+
| `deployment.image.pullPolicy` | The pull policy of the image. | `Always` |
28+
| `deployment.resources` | Set resources for the pod. | `{}` |
29+
| `deployment.livenessProbe` | Configure the liveness probe for the pod. The defaults are set to check that SSHd is listening on TCP port 22. | `{}` |
30+
| `deployment.podSecurityContext` | Configure the security context for the pod. | `{}` |
31+
| `deployment.containerSecurityContext` | Configure the security context for the container. | `{}` |
3232

3333
### Operator Configuration
3434

helm/operator-e2e/values.schema.json

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -34,7 +34,7 @@
3434
"name": {
3535
"type": "string",
3636
"description": "The name of the image.## @param deployment.image.name [string, default: pass-operator] The name of the image.",
37-
"default": "pass-operator"
37+
"default": "pass-operator-e2e"
3838
},
3939
"tag": {
4040
"type": "string",

helm/operator-e2e/values.yaml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -12,7 +12,7 @@ deployment:
1212
pullSecrets: []
1313

1414
image:
15-
## @param deployment.image.name [string, default: pass-operator] The name of the image.## @param deployment.image.name [string, default: pass-operator] The name of the image.
15+
## @param deployment.image.name [string, default: pass-operator-e2e] The name of the image.## @param deployment.image.name [string, default: pass-operator] The name of the image.
1616
name: pass-operator-e2e
1717
## @param deployment.image.tag [string, default: ignore] The tag of the image. The default is "ignore" to ensure users provide a tag.
1818
tag: ignore

helm/operator/Chart.yaml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,5 +1,5 @@
11
apiVersion: v2
22
name: pass-operator
3-
description: A kubernetes operator that syncs and decrypts secrets from password store (https://www.passwordstore.org/) git repositories.
3+
description: A Kubernetes operator that syncs and decrypts secrets from password store (https://www.passwordstore.org/) git repositories.
44
type: application
55
version: 1.0.0

helm/operator/README.md

Lines changed: 13 additions & 12 deletions
Original file line numberDiff line numberDiff line change
@@ -162,24 +162,24 @@ helm upgrade --install password-store-operator helm/operator/ --namespace passwo
162162
163163
### Operator Deployment
164164
165-
| Name | Description | Value |
166-
| -------------------------------------------- | -------------------------------------------------------------------------------------------------------------------------------------- | --------------- |
167-
| `deployment.pullSecrets` | A list of pull secret names. These names are automatically mapped to key: secretname in the imagePullSecrets field. | `[]` |
168-
| `deployment.image.name` | The name of the image. | `pass-operator` |
169-
| `deployment.image.tag` | The tag of the image. The default is "ignore" to ensure users provide a tag. | `ignore` |
170-
| `deployment.image.pullPolicy` | The pull policy of the image. | `Always` |
171-
| `deployment.resources` | Set resources for the pod. | `{}` |
172-
| `deployment.livenessProbe` | Configure the liveness probe for the pod. The defaults are set to check the /healthz endpoint on port 8080, which is provided by Kopf. | `{}` |
173-
| `deployment.podSecurityContext` | Configure the security context for the pod. | `{}` |
174-
| `deployment.podSecurityContext.runAsNonRoot` | If true, the pod is required to run as a non-root user. | `true` |
175-
| `deployment.containerSecurityContext` | Configure the security context for the container. | `{}` |
165+
| Name | Description | Value |
166+
| -------------------------------------------- | -------------------------------------------------------------------------------------------------------------------------------------- | -------------------------- |
167+
| `deployment.pullSecrets` | A list of pull secret names. These names are automatically mapped to key: secretname in the imagePullSecrets field. | `[]` |
168+
| `deployment.image.name` | The name of the image. | `premiscale/pass-operator` |
169+
| `deployment.image.tag` | The tag of the image. The default is "ignore" to ensure users provide a tag. | `ignore` |
170+
| `deployment.image.pullPolicy` | The pull policy of the image. | `Always` |
171+
| `deployment.resources` | Set resources for the pod. | `{}` |
172+
| `deployment.livenessProbe` | Configure the liveness probe for the pod. The defaults are set to check the /healthz endpoint on port 8080, which is provided by Kopf. | `{}` |
173+
| `deployment.podSecurityContext` | Configure the security context for the pod. | `{}` |
174+
| `deployment.podSecurityContext.runAsNonRoot` | If true, the pod is required to run as a non-root user. | `true` |
175+
| `deployment.containerSecurityContext` | Configure the security context for the container. | `{}` |
176176
177177
### Operator Configuration
178178
179179
| Name | Description | Value |
180180
| ---------------------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ----------------- |
181181
| `operator.interval` | The interval in seconds to check for changes in the secrets in the pass store. | `60` |
182-
| `operator.initial_delay` | The initial delay in seconds before the first check for changes in the secrets in the pass store. | `3` |
182+
| `operator.initial_delay` | The initial delay in seconds before the first check for changes in the secrets in the pass store. | `60` |
183183
| `operator.priority` | The priority of the operator. The higher the number, the higher the priority. Only useful if multiple operators are running. | `100` |
184184
| `operator.pass.binary` | The path to the pass binary. | `""` |
185185
| `operator.pass.storeSubPath` | A subpath within `~/.password-store`. | `""` |
@@ -192,6 +192,7 @@ helm upgrade --install password-store-operator helm/operator/ --namespace passwo
192192
| `operator.gpg.key_id` | The key ID of the (private) GPG key. | `""` |
193193
| `operator.gpg.value` | The armored string of the private GPG key b64enc'd. | `""` |
194194
| `operator.gpg.passphrase` | The passphrase for the GPG key, if there is one. | `""` |
195+
| `operator.gpg.threads` | Number of threads to spawn for decryption. This can help significantly speed up decryption on secrets with many fields. | `4` |
195196
| `operator.git.branch` | The branch of the Git repository to clone and pull from. | `main` |
196197
| `operator.git.url` | The (SSH) URL of the Git repository. HTTPS is not supported at this time. | `""` |
197198

helm/operator/templates/deployment.yaml

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -116,6 +116,8 @@ spec:
116116
value: {{ .key_id }}
117117
{{- end }}
118118
{{- end }}
119+
- name: PASS_DECRYPT_THREADS
120+
value: {{ .Values.operator.gpg.threads | quote }}
119121
- name: PASS_GIT_URL
120122
value: {{ .Values.operator.git.url | quote }}
121123
- name: PASS_GIT_BRANCH

0 commit comments

Comments
 (0)