add sealed secrets (#352)

* add sealed secrets

* add sealed secrets

* bump

* for local testing

* add pods to app-proxy role

* .

* ready for production

Signed-off-by: Daniel Soifer <daniel.soifer@codefresh.io>

* add sealed-secrets to manifests

* bump app-proxy 1.1302.0

Co-authored-by: Eti Zaguri <eti.zaguri@codefresh.io>
Co-authored-by: Daniel Soifer <daniel.soifer@codefresh.io>

Author: 3 people

Makefile

@@ -1,4 +1,4 @@
-VERSION=v0.0.376
+VERSION=v0.0.377
 
 OUT_DIR=dist
 YEAR?=$(shell date +"%Y")

docs/releases/release_notes.md

@@ -23,7 +23,7 @@ cf version
 
 ```bash
 # download and extract the binary
-curl -L --output - https://github.com/codefresh-io/cli-v2/releases/download/v0.0.376/cf-linux-amd64.tar.gz | tar zx
+curl -L --output - https://github.com/codefresh-io/cli-v2/releases/download/v0.0.377/cf-linux-amd64.tar.gz | tar zx
 
 # move the binary to your $PATH
 mv ./cf-linux-amd64 /usr/local/bin/cf
@@ -36,7 +36,7 @@ cf version
 
 ```bash
 # download and extract the binary
-curl -L --output - https://github.com/codefresh-io/cli-v2/releases/download/v0.0.376/cf-darwin-amd64.tar.gz | tar zx
+curl -L --output - https://github.com/codefresh-io/cli-v2/releases/download/v0.0.377/cf-darwin-amd64.tar.gz | tar zx
 
 # move the binary to your $PATH
 mv ./cf-darwin-amd64 /usr/local/bin/cf

manifests/app-proxy/app-proxy.role.yaml

@@ -10,11 +10,21 @@ rules:
     resources:
       - secrets
       - configmap
+      - pods
     verbs:
       - get
       - create
       - delete
+      - deletecollection
       - update
       - patch
       - list
       - watch
+  - apiGroups:
+      - ""
+    resources:
+      - services
+    verbs:
+      - get
+      - list
+

manifests/app-proxy/kustomization.yaml

@@ -3,7 +3,7 @@ kind: Kustomization
 images:
   - name: quay.io/codefresh/cap-app-proxy
     newName: quay.io/codefresh/cap-app-proxy
-    newTag: 1.1300.0
+    newTag: 1.1302.0
 resources:
   - app-proxy.deploy.yaml
   - app-proxy.svc.yaml

manifests/default-resources/sealed-secrets/kustomization.yaml

@@ -0,0 +1,4 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+bases:
+  - ../../sealed-secrets

manifests/runtime.yaml

@@ -5,7 +5,7 @@ metadata:
   namespace: "{{ namespace }}"
 spec:
   defVersion: 1.0.1
-  version: 0.0.376
+  version: 0.0.377
   bootstrapSpecifier: github.com/codefresh-io/cli-v2/manifests/argo-cd
   components:
     - name: events
@@ -21,3 +21,6 @@ spec:
     - name: app-proxy
       type: kustomize
       url: github.com/codefresh-io/cli-v2/manifests/app-proxy
+    - name: sealed-secrets
+      type: kustomize
+      url: github.com/codefresh-io/cli-v2/manifests/sealed-secrets

manifests/sealed-secrets/kustomization.yaml

@@ -0,0 +1,16 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+  - https://github.com/bitnami-labs/sealed-secrets/releases/download/v0.17.5/controller.yaml
+
+patches:
+  - target:
+      group: apps
+      version: v1
+      kind: Deployment
+      name: sealed-secrets-controller
+    patch: |-
+      - op: add
+        path: /spec/template/spec/containers/0/args/-
+        value: --key-renew-period=720h
+