Skip to content

Commit

Permalink
Merge branch 'master' into missing-label
Browse files Browse the repository at this point in the history
  • Loading branch information
@dirien
dirien authored Apr 19, 2024
2 parents 591defc + 4a92c65 commit a112f2c
Show file tree
Hide file tree
Showing 26 changed files with 349 additions and 249 deletions.
13 changes: 8 additions & 5 deletions .github/workflows/chart-lint-and-test.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,6 +3,8 @@ on:
pull_request:
paths:
- deploy/helm/**
- "!deploy/helm/pulumi-operator/README.md"
- "!deploy/helm/pulumi-operator/README.md.gotmpl"

permissions: read-all

Expand All @@ -26,14 +28,15 @@ jobs:
python-version: 3.7

- name: Run Trivy vulnerability scanner in IaC mode
uses: aquasecurity/trivy-action@e5f43133f6e8736992c9f3c1b3296e24b37e17f2 # 0.10.0
uses: aquasecurity/trivy-action@2b6a709cf9c4025c5438138008beaddbb02086f0 # 0.14.0
with:
scan-type: 'config'
hide-progress: false
format: 'sarif'
scan-ref: 'deploy/helm/pulumi-operator'
output: 'trivy-results.sarif'
exit-code: '1'
limit-severities-for-sarif: true
exit-code: '0'
ignore-unfixed: true
severity: 'CRITICAL,HIGH'

Expand All @@ -44,7 +47,7 @@ jobs:

- name: Setup Chart Linting
id: lint
uses: helm/chart-testing-action@e8788873172cb653a90ca2e819d79d65a66d4e76 # v2.4.0
uses: helm/chart-testing-action@e6669bcd63d7cb57cb4380c33043eebe5d111992 # v2.6.1

- name: List changed charts
id: list-changed
Expand All @@ -53,8 +56,8 @@ jobs:
changed=$(ct --config ./.github/configs/ct-lint.yaml list-changed)
charts=$(echo "$changed" | tr '\n' ' ' | xargs)
if [[ -n "$changed" ]]; then
echo "::set-output name=changed::true"
echo "::set-output name=changed_charts::$charts"
echo "changed=true" >> "$GITHUB_OUTPUT"
echo "changed_charts=$charts" >> "$GITHUB_OUTPUT"
fi
- name: Run Artifact Hub lint
Expand Down
5 changes: 4 additions & 1 deletion .github/workflows/chart-publish.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6,6 +6,9 @@ on:
- master
paths:
- "deploy/helm/**"
- "!deploy/helm/pulumi-operator/README.md"
- "!deploy/helm/pulumi-operator/README.md.gotmpl"

env:
HELM_DOCS_VERSION: "1.11.0"

Expand Down Expand Up @@ -64,7 +67,7 @@ jobs:
env:
CR_TOKEN: "${{ secrets.GITHUB_TOKEN }}"

- uses: sigstore/cosign-installer@204a51a57a74d190b284a0ce69b44bc37201f343 # v3.0.3
- uses: sigstore/cosign-installer@1fc5bd396d372bee37d608f955b336615edf79c8 # v3.2.0
- name: Push chart to GHCR
env:
COSIGN_EXPERIMENTAL: 1
Expand Down
2 changes: 1 addition & 1 deletion .github/workflows/run-acceptance-tests.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -16,7 +16,7 @@ jobs:
steps:
- name: Create URL to the run output
id: vars
run: echo ::set-output name=run-url::https://github.com/$GITHUB_REPOSITORY/actions/runs/$GITHUB_RUN_ID
run: echo run-url=https://github.com/$GITHUB_REPOSITORY/actions/runs/$GITHUB_RUN_ID >> "$GITHUB_OUTPUT"
- name: Update with Result
uses: peter-evans/create-or-update-comment@v1
with:
Expand Down
2 changes: 1 addition & 1 deletion .github/workflows/weekly-pulumi-update.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -41,7 +41,7 @@ jobs:
make dep-tidy
git update-index -q --refresh
if ! git diff-files --quiet; then
echo ::set-output name=changes::1
echo changes=1 >> "$GITHUB_OUTPUT"
fi
- name: Build codegen + Schema + SDKs
if: steps.gomod.outputs.changes != 0
Expand Down
8 changes: 7 additions & 1 deletion CHANGELOG.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,11 +3,17 @@ CHANGELOG

## HEAD (unreleased)

## 1.15.0 (2024-04-12)
- Clean up stale workspace directories and don't treat them as a crude lock. [#552](https://github.com/pulumi/pulumi-kubernetes-operator/pull/552)
- Fixed `nodeSelector`, `affinity`, and `tolerations` Helm chart values that were previously effectively ignored.
[#548](https://github.com/pulumi/pulumi-kubernetes-operator/pull/548)
- Update pulumi/pulumi to v3.92.0 [#559](https://github.com/pulumi/pulumi-kubernetes-operator/pull/559)

## 1.14.0 (2023-11-08)
- Changed indentation in deploy/helm/pulumi-operator/templates/deployment.yaml for volumes and volumeMounts.
- Use a separate PULUMI_HOME for each stack. [#490](https://github.com/pulumi/pulumi-kubernetes-operator/pull/490)
- Use Go v1.21 for builds. [#504](https://github.com/pulumi/pulumi-kubernetes-operator/pull/504)
- Update pulumi/pulumi to v3.92.0 [#517](https://github.com/pulumi/pulumi-kubernetes-operator/pull/517)
- Update pulumi/pulumi to v3.109.0 [#517](https://github.com/pulumi/pulumi-kubernetes-operator/pull/517)

## 1.13.0 (2023-08-04)
- Use digest field for Flux source artifact if present [#459](https://github.com/pulumi/pulumi-kubernetes-operator/pull/459)
Expand Down
2 changes: 1 addition & 1 deletion Dockerfile
View file
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
FROM pulumi/pulumi:3.92.0
FROM pulumi/pulumi:3.109.0

RUN apt-get install tini
ENTRYPOINT ["tini", "--", "/usr/local/bin/pulumi-kubernetes-operator"]
Expand Down
70 changes: 35 additions & 35 deletions deploy/deploy-operator-cs/MyStack.cs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -7,8 +7,8 @@

class MyStack : Stack
{
public const string DefaultCRDVersion = "v1.14.0";
public const string DefaultOperatorVersion = "v1.14.0";
public const string DefaultCRDVersion = "v1.15.0";
public const string DefaultOperatorVersion = "v1.15.0";

public MyStack()
{
Expand Down Expand Up @@ -36,15 +36,15 @@ public MyStack()
var operatorRole = new Kubernetes.Rbac.V1.Role($"operator-role-{ns}", new RoleArgs
{
Metadata = new ObjectMetaArgs{Namespace = ns},
Rules =
Rules =
{
new PolicyRuleArgs
{
ApiGroups =
ApiGroups =
{
"",
},
Resources =
Resources =
{
"pods",
"services",
Expand All @@ -55,7 +55,7 @@ public MyStack()
"configmaps",
"secrets",
},
Verbs =
Verbs =
{
"create",
"delete",
Expand All @@ -68,18 +68,18 @@ public MyStack()
},
new PolicyRuleArgs
{
ApiGroups =
ApiGroups =
{
"apps",
},
Resources =
Resources =
{
"deployments",
"daemonsets",
"replicasets",
"statefulsets",
},
Verbs =
Verbs =
{
"create",
"delete",
Expand All @@ -92,81 +92,81 @@ public MyStack()
},
new PolicyRuleArgs
{
ApiGroups =
ApiGroups =
{
"monitoring.coreos.com",
},
Resources =
Resources =
{
"servicemonitors",
},
Verbs =
Verbs =
{
"create",
"get",
},
},
new PolicyRuleArgs
{
ApiGroups =
ApiGroups =
{
"apps",
},
ResourceNames =
ResourceNames =
{
"pulumi-kubernetes-operator",
},
Resources =
Resources =
{
"deployments/finalizers",
},
Verbs =
Verbs =
{
"update",
},
},
new PolicyRuleArgs
{
ApiGroups =
ApiGroups =
{
"",
},
Resources =
Resources =
{
"pods",
},
Verbs =
Verbs =
{
"get",
},
},
new PolicyRuleArgs
{
ApiGroups =
ApiGroups =
{
"apps",
},
Resources =
Resources =
{
"replicasets",
"deployments",
},
Verbs =
Verbs =
{
"get",
},
},
new PolicyRuleArgs
{
ApiGroups =
ApiGroups =
{
"pulumi.com",
},
Resources =
Resources =
{
"*",
},
Verbs =
Verbs =
{
"create",
"delete",
Expand All @@ -179,15 +179,15 @@ public MyStack()
},
new PolicyRuleArgs
{
ApiGroups =
ApiGroups =
{
"coordination.k8s.io",
},
Resources =
Resources =
{
"leases",
},
Verbs =
Verbs =
{
"create",
"get",
Expand All @@ -201,7 +201,7 @@ public MyStack()
var operatorRoleBinding = new Kubernetes.Rbac.V1.RoleBinding($"operator-role-binding-{ns}", new RoleBindingArgs
{
Metadata = new ObjectMetaArgs{Namespace = ns},
Subjects =
Subjects =
{
new SubjectArgs
{
Expand All @@ -224,7 +224,7 @@ public MyStack()
Replicas = 1,
Selector = new LabelSelectorArgs
{
MatchLabels =
MatchLabels =
{
{ "name", "pulumi-kubernetes-operator" },
},
Expand All @@ -233,31 +233,31 @@ public MyStack()
{
Metadata = new ObjectMetaArgs
{
Labels =
Labels =
{
{ "name", "pulumi-kubernetes-operator" },
},
},
Spec = new PodSpecArgs
{
ServiceAccountName = operatorServiceAccount.Metadata.Apply(md => md.Name),
Containers =
Containers =
{
new ContainerArgs
{
Name = "pulumi-kubernetes-operator",
Image = $"pulumi/pulumi-kubernetes-operator:{operatorVersion}",
Command =
Command =
{
"pulumi-kubernetes-operator",
},
Args =
Args =
{
"--zap-level=error",
"--zap-time-encoding=iso8601",
},
ImagePullPolicy = "Always",
Env =
Env =
{
new EnvVarArgs
{
Expand Down
Loading

0 comments on commit a112f2c

Please sign in to comment.