Several changes

 * Support for rollout when a secret is updated
 * Upgrades vals backend libs
 * Upgrades common golang libs and kubebuilder tools

Author: digiserg

Dockerfile

@@ -1,4 +1,4 @@
-FROM --platform=${BUILDPLATFORM:-linux/amd64} golang:1.22 as builder
+FROM --platform=${BUILDPLATFORM:-linux/amd64} golang:1.23 as builder
 
 ARG TARGETPLATFORM
 ARG BUILDPLATFORM

Makefile

@@ -133,7 +133,7 @@ ENVTEST ?= $(LOCALBIN)/setup-envtest
 
 ## Tool Versions
 KUSTOMIZE_VERSION ?= v3.8.7
-CONTROLLER_TOOLS_VERSION ?= v0.10.0
+CONTROLLER_TOOLS_VERSION ?= v0.16.5
 
 KUSTOMIZE_INSTALL_SCRIPT ?= "https://raw.githubusercontent.com/kubernetes-sigs/kustomize/master/hack/install_kustomize.sh"
 .PHONY: kustomize

README.md

@@ -93,7 +93,7 @@ metadata:
     owner: digitalis.io
 spec:
   name: my-secret # Optional, default is the resource name
-  ttl: 3600       # Optional, default is 0. The secret will be checked at every "reconcile period". See below.
+  ttl: 3600       # Optional, default is 5 minutes. The secret will be checked at every "reconcile period". See below.
   type: Opaque    # Default type, others supported
   data:
     username:
@@ -121,6 +121,9 @@ spec:
       {{- if .url }}
       url: {{ .url | lower }}
       {{ end }}
+  rollout: # optional: run a `rollout` to make the pods use new secret
+    - kind: Deployment
+      name: myapp
 ```
 
 The example above will create a secret named `my-secret` and get the values from the different sources. The secret will be kept in sync against the backed secrets store.

apis/digitalis.io/v1/valssecret_types.go

@@ -70,6 +70,15 @@ type ValsSecretSpec struct {
 	Type      string                `json:"type,omitempty"`
 	Databases []Database            `json:"databases,omitempty"`
 	Template  map[string]string     `json:"template,omitempty"`
+	Rollout   []RolloutTarget       `json:"rollout,omitempty"`
+}
+
+// RolloutTarget sets up what deployment or sts to restart
+type RolloutTarget struct {
+	// Kind is either Deployment, Pod or StatefulSet
+	Kind string `json:"kind"`
+	// Name is the object name
+	Name string `json:"name"`
 }
 
 // ValsSecretStatus defines the observed state of ValsSecret

apis/digitalis.io/v1/zz_generated.deepcopy.go

@@ -16,10 +16,10 @@ kubeVersion: ">= 1.19.0-0"
 type: application
 
 # Chart version
-version: 0.7.10
+version: 0.7.11
 
 # Latest container tag
-appVersion: v0.7.10
+appVersion: v0.7.11-beta1
 
 maintainers:
 - email: info@digitalis.io

apis/digitalis.io/v1beta1/zz_generated.deepcopy.go

@@ -3,10 +3,9 @@ apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
   annotations:
-    controller-gen.kubebuilder.io/version: v0.10.0
+    controller-gen.kubebuilder.io/version: v0.16.5
     "helm.sh/hook": crd-install
     "helm.sh/hook-delete-policy": "before-hook-creation"
-  creationTimestamp: null
   name: dbsecrets.digitalis.io
 spec:
   group: digitalis.io
@@ -23,14 +22,19 @@ spec:
         description: DbSecret is the Schema for the dbsecrets API
         properties:
           apiVersion:
-            description: 'APIVersion defines the versioned schema of this representation
-              of an object. Servers should convert recognized schemas to the latest
-              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+            description: |-
+              APIVersion defines the versioned schema of this representation of an object.
+              Servers should convert recognized schemas to the latest internal value, and
+              may reject unrecognized values.
+              More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
             type: string
           kind:
-            description: 'Kind is a string value representing the REST resource this
-              object represents. Servers may infer this from the endpoint the client
-              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+            description: |-
+              Kind is a string value representing the REST resource this object represents.
+              Servers may infer this from the endpoint the client submits requests to.
+              Cannot be updated.
+              In CamelCase.
+              More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
             type: string
           metadata:
             type: object

charts/vals-operator/Chart.yaml

@@ -1,13 +1,11 @@
-
 ---
 apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
   annotations:
-    controller-gen.kubebuilder.io/version: v0.4.1
+    controller-gen.kubebuilder.io/version: v0.16.5
     "helm.sh/hook": crd-install
     "helm.sh/hook-delete-policy": "before-hook-creation"
-  creationTimestamp: null
   name: valssecrets.digitalis.io
 spec:
   group: digitalis.io
@@ -24,14 +22,19 @@ spec:
         description: ValsSecret is the Schema for the valssecrets API
         properties:
           apiVersion:
-            description: 'APIVersion defines the versioned schema of this representation
-              of an object. Servers should convert recognized schemas to the latest
-              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+            description: |-
+              APIVersion defines the versioned schema of this representation of an object.
+              Servers should convert recognized schemas to the latest internal value, and
+              may reject unrecognized values.
+              More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
             type: string
           kind:
-            description: 'Kind is a string value representing the REST resource this
-              object represents. Servers may infer this from the endpoint the client
-              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+            description: |-
+              Kind is a string value representing the REST resource this object represents.
+              Servers may infer this from the endpoint the client submits requests to.
+              Cannot be updated.
+              In CamelCase.
+              More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
             type: string
           metadata:
             type: object
@@ -40,13 +43,15 @@ spec:
             properties:
               data:
                 additionalProperties:
+                  description: DataSource defines a secret
                   properties:
                     encoding:
                       description: Encoding type for the secret. Only base64 supported.
                         Optional
                       type: string
                     ref:
-                      description: Ref value to the secret in the format ref+backend://path
+                      description: |-
+                        Ref value to the secret in the format ref+backend://path
                         https://github.com/helmfile/vals
                       type: string
                   required:
@@ -55,6 +60,7 @@ spec:
                 type: object
               databases:
                 items:
+                  description: Database defines a DB connection
                   properties:
                     driver:
                       description: Defines the database type
@@ -106,10 +112,25 @@ spec:
                 type: array
               name:
                 type: string
+              rollout:
+                items:
+                  description: RolloutTarget sets up what deployment or sts to restart
+                  properties:
+                    kind:
+                      description: Kind is either Deployment, Pod or StatefulSet
+                      type: string
+                    name:
+                      description: Name is the object name
+                      type: string
+                  required:
+                  - kind
+                  - name
+                  type: object
+                type: array
               template:
-                type: object
                 additionalProperties:
                   type: string
+                type: object
               ttl:
                 format: int64
                 type: integer
@@ -126,9 +147,3 @@ spec:
     storage: true
     subresources:
       status: {}
-status:
-  acceptedNames:
-    kind: ""
-    plural: ""
-  conditions: []
-  storedVersions: []

charts/vals-operator/crds/dbsecrets.yaml

@@ -3,8 +3,7 @@ apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
   annotations:
-    controller-gen.kubebuilder.io/version: v0.10.0
-  creationTimestamp: null
+    controller-gen.kubebuilder.io/version: v0.16.5
   name: dbsecrets.digitalis.io
 spec:
   group: digitalis.io
@@ -21,14 +20,19 @@ spec:
         description: DbSecret is the Schema for the dbsecrets API
         properties:
           apiVersion:
-            description: 'APIVersion defines the versioned schema of this representation
-              of an object. Servers should convert recognized schemas to the latest
-              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+            description: |-
+              APIVersion defines the versioned schema of this representation of an object.
+              Servers should convert recognized schemas to the latest internal value, and
+              may reject unrecognized values.
+              More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
             type: string
           kind:
-            description: 'Kind is a string value representing the REST resource this
-              object represents. Servers may infer this from the endpoint the client
-              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+            description: |-
+              Kind is a string value representing the REST resource this object represents.
+              Servers may infer this from the endpoint the client submits requests to.
+              Cannot be updated.
+              In CamelCase.
+              More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
             type: string
           metadata:
             type: object

charts/vals-operator/crds/valssecrets.yaml

@@ -3,8 +3,7 @@ apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
   annotations:
-    controller-gen.kubebuilder.io/version: v0.10.0
-  creationTimestamp: null
+    controller-gen.kubebuilder.io/version: v0.16.5
   name: valssecrets.digitalis.io
 spec:
   group: digitalis.io
@@ -21,14 +20,19 @@ spec:
         description: ValsSecret is the Schema for the valssecrets API
         properties:
           apiVersion:
-            description: 'APIVersion defines the versioned schema of this representation
-              of an object. Servers should convert recognized schemas to the latest
-              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+            description: |-
+              APIVersion defines the versioned schema of this representation of an object.
+              Servers should convert recognized schemas to the latest internal value, and
+              may reject unrecognized values.
+              More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
             type: string
           kind:
-            description: 'Kind is a string value representing the REST resource this
-              object represents. Servers may infer this from the endpoint the client
-              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+            description: |-
+              Kind is a string value representing the REST resource this object represents.
+              Servers may infer this from the endpoint the client submits requests to.
+              Cannot be updated.
+              In CamelCase.
+              More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
             type: string
           metadata:
             type: object
@@ -44,7 +48,8 @@ spec:
                         Optional
                       type: string
                     ref:
-                      description: Ref value to the secret in the format ref+backend://path
+                      description: |-
+                        Ref value to the secret in the format ref+backend://path
                         https://github.com/helmfile/vals
                       type: string
                   required:
@@ -105,6 +110,21 @@ spec:
                 type: array
               name:
                 type: string
+              rollout:
+                items:
+                  description: RolloutTarget sets up what deployment or sts to restart
+                  properties:
+                    kind:
+                      description: Kind is either Deployment, Pod or StatefulSet
+                      type: string
+                    name:
+                      description: Name is the object name
+                      type: string
+                  required:
+                  - kind
+                  - name
+                  type: object
+                type: array
               template:
                 additionalProperties:
                   type: string