feat: ability to watch only operator namespace

.github/workflows/ci.yaml

@@ -17,7 +17,7 @@ jobs:
     env:
       # UPDATE_HERE
       # https://hub.docker.com/r/rancher/k3s/tags
-      K3S_VERSION: v1.30.0-k3s1
+      K3S_VERSION: v1.30.2-k3s2
       # https://github.com/helm-unittest/helm-unittest/releases
       HELM_UNITTEST_VERSION: 0.5.1
 

.tool-versions

@@ -1,14 +1,14 @@
 # UPDATE_HERE
 # https://github.com/kubernetes-sigs/kubebuilder/releases
-kubebuilder 3.15.0
+kubebuilder 4.1.0
 # https://golang.org/dl/
-golang 1.22.4
+golang 1.22.5
 # https://github.com/mozilla/sops/releases
 sops 3.9.0
 # https://github.com/kubernetes-sigs/kustomize/releases
 kustomize 5.4.2
 # https://github.com/rancher/k3d/releases
-k3d 5.6.3
+k3d 5.7.1
 # https://github.com/kubernetes/kubernetes/releases
 kubectl 1.30.2
 # https://github.com/helm/helm/releases

Makefile

@@ -1,12 +1,12 @@
 # UPDATE_HERE
 # !!!!!!! NOTE: GOEXPERIMENT=nocoverageredesign is temp until 1.23.x
 GO := GOEXPERIMENT=nocoverageredesign GOPROXY=https://proxy.golang.org go
-SOPS_SEC_OPERATOR_VERSION := 0.13.1
+SOPS_SEC_OPERATOR_VERSION := 0.13.2
 
 # https://github.com/kubernetes-sigs/controller-tools/releases
 CONTROLLER_GEN_VERSION := "v0.15.0"
 # https://github.com/kubernetes-sigs/controller-runtime/releases
-CONTROLLER_RUNTIME_VERSION := "v0.18.2"
+CONTROLLER_RUNTIME_VERSION := "v0.18.4"
 # https://github.com/kubernetes-sigs/kustomize/releases
 KUSTOMIZE_VERSION := "v5.4.2"
 # use `setup-envtest list` to obtain the list of available versions

PROJECT

@@ -1,6 +1,6 @@
 domain: github.com
 layout:
-- go.kubebuilder.io/v3
+- go.kubebuilder.io/v4
 projectName: sops-secrets-operator
 repo: github.com/isindir/sops-secrets-operator
 # UPDATE_HERE

README.md

@@ -23,7 +23,7 @@ encrypted files stored in `git` repository.
 
 | Kubernetes | Sops | Chart | Operator |
 |---|---|---|---|
-| v1.30.x | v3.9.0 | 0.19.1 | 0.13.1 |
+| v1.30.x | v3.9.0 | 0.19.2 | 0.13.2 |
 | v1.29.x | v3.8.1 | 0.18.6 | 0.12.6 |
 | v1.28.x | v3.8.1 | 0.17.4 | 0.11.4 |
 | v1.27.x | v3.7.3 | 0.15.5 | 0.9.5 |

chart/helm3/sops-secrets-operator/Chart.yaml

@@ -1,7 +1,7 @@
 apiVersion: v2
 # UPDATE_HERE
-version: 0.19.1
-appVersion: 0.13.1
+version: 0.19.2
+appVersion: 0.13.2
 type: application
 description: Helm chart deploys sops-secrets-operator
 name: sops-secrets-operator

chart/helm3/sops-secrets-operator/README.md

@@ -134,7 +134,7 @@ The following table lists the configurable parameters of the Sops-secrets-operat
 | healthProbes.readiness | object | `{"initialDelaySeconds":5,"periodSeconds":10}` | Readiness probe configuration |
 | image.pullPolicy | string | `"Always"` | Operator image pull policy |
 | image.repository | string | `"isindir/sops-secrets-operator"` | Operator image name |
-| image.tag | string | `"0.13.1"` | Operator image tag |
+| image.tag | string | `"0.13.2"` | Operator image tag |
 | imagePullSecrets | list | `[]` | Secrets to pull image from private docker repository |
 | initImage.pullPolicy | string | `"Always"` | Init container image pull policy |
 | initImage.repository | string | `"ubuntu"` | Init container image name |
@@ -148,7 +148,7 @@ The following table lists the configurable parameters of the Sops-secrets-operat
 | logging.timeEncoding | string | `"iso8601"` | Zap time encoding (one of 'epoch', 'millis', 'nano', 'iso8601', 'rfc3339' or 'rfc3339nano'). Defaults to 'epoch'. |
 | metrics.enabled | bool | `false` | Enable prometheus metrics |
 | nameOverride | string | `""` | Overrides auto-generated short resource name |
-| namespaced | bool | `false` |  |
+| namespaced | bool | `false` | If set - operator will watch SopsSecret resources only in operator namespace |
 | nodeSelector | object | `{}` | Node selector to use for pod configuration |
 | podAnnotations | object | `{}` | Annotations to be added to operator pod (can be used with kiam or kube2iam) |
 | rbac.enabled | bool | `true` | Create and use RBAC resources |

chart/helm3/sops-secrets-operator/templates/operator.yaml

@@ -92,12 +92,12 @@ spec:
           - "-zap-log-level={{ .Values.logging.level }}"
           - "-zap-stacktrace-level={{ .Values.logging.stacktraceLevel }}"
           - "-zap-time-encoding={{ .Values.logging.timeEncoding }}"
-          {{- if .Values.kubeconfig.enabled }}
-          - "-kubeconfig={{ .Values.kubeconfig.path | quote }}"
-          {{- end }}
           {{- if .Values.namespaced }}
           - "-watch-namespace={{ .Release.Namespace }}"
           {{- end -}}
+          {{- if .Values.kubeconfig.enabled }}
+          - "-kubeconfig={{ .Values.kubeconfig.path | quote }}"
+          {{- end }}
           livenessProbe:
             httpGet:
               path: /healthz

chart/helm3/sops-secrets-operator/tests/operator_test.yaml

@@ -30,8 +30,8 @@ tests:
         app.kubernetes.io/instance: sops
         app.kubernetes.io/managed-by: Helm
         app.kubernetes.io/name: sops-secrets-operator
-        app.kubernetes.io/version: 0.13.1
-        helm.sh/chart: sops-secrets-operator-0.19.1
+        app.kubernetes.io/version: 0.13.2
+        helm.sh/chart: sops-secrets-operator-0.19.2
 
 # custom name
 - it: should correctly render custome name
@@ -169,7 +169,7 @@ tests:
   # UPDATE_HERE
   - equal:
       path: spec.template.spec.containers[0].image
-      value: isindir/sops-secrets-operator:0.13.1
+      value: isindir/sops-secrets-operator:0.13.2
   - equal:
       path: spec.template.spec.containers[0].imagePullPolicy
       value: Always

chart/helm3/sops-secrets-operator/values.yaml

@@ -8,14 +8,15 @@
 # -- Deployment replica count - should not be modified
 replicaCount: 1
 
+# -- If set - operator will watch SopsSecret resources only in operator namespace
 namespaced: false
 
 # UPDATE_HERE
 image:
   # -- Operator image name
   repository: isindir/sops-secrets-operator
   # -- Operator image tag
-  tag: 0.13.1
+  tag: 0.13.2
   # -- Operator image pull policy
   pullPolicy: Always