up: Golang, base image and helm version; added few helm tests (#90)

.circleci/config.yml

@@ -7,10 +7,11 @@ jobs:
   release:
     working_directory: /home/circleci/gogo/src/github.com/isindir/sops-secrets-operator
     machine:
+      # https://circleci.com/docs/2.0/configuration-reference/#available-machine-images
       image: ubuntu-2004:202107-02
     environment:
       # https://golang.org/dl/
-      GOLANG_VERSION: "1.17.1"
+      GOLANG_VERSION: "1.17.2"
       # https://github.com/kubernetes-sigs/kubebuilder/releases
       KUBEBUILDER_VERSION: 3.1.0
       # https://github.com/kubernetes-sigs/kustomize/releases
@@ -20,7 +21,7 @@ jobs:
       # https://github.com/git-chglog/git-chglog/releases
       GIT_CHGLOG_VERSION: 0.14.2
       # https://github.com/docker/buildx/releases
-      BUILDX_BINARY_VERSION: 0.6.1
+      BUILDX_BINARY_VERSION: 0.6.3
 
       DOCKER_BUILDKIT: 1
       BUILDX_PLATFORMS: linux/amd64,linux/arm64
@@ -96,16 +97,17 @@ jobs:
   build:
     working_directory: /home/circleci/gogo/src/github.com/isindir/sops-secrets-operator
     machine:
+      # https://circleci.com/docs/2.0/configuration-reference/#available-machine-images
       image: ubuntu-2004:202107-02
     environment:
       # https://github.com/kubernetes/kubernetes/releases
       KUBECTL_VERSION: v1.21.4
       # https://github.com/rancher/k3d/releases
       K3D_VERSION: v4.4.7
       # https://github.com/helm/helm/releases
-      HELM_VERSION: v3.6.3
+      HELM_VERSION: v3.7.1
       # https://golang.org/dl/
-      GOLANG_VERSION: "1.17.1"
+      GOLANG_VERSION: "1.17.2"
       # https://github.com/kubernetes-sigs/kubebuilder/releases
       KUBEBUILDER_VERSION: 3.1.0
       # https://github.com/mozilla/sops/releases
@@ -117,7 +119,7 @@ jobs:
       # https://github.com/instrumenta/kubeval/releases
       KUBEVAL_VERSION: 0.16.1
       # https://github.com/docker/buildx/releases
-      BUILDX_BINARY_VERSION: 0.6.1
+      BUILDX_BINARY_VERSION: 0.6.3
 
       DOCKER_BUILDKIT: 1
       BUILDX_PLATFORMS: linux/amd64,linux/arm64

.tool-versions

@@ -1,7 +1,7 @@
 # https://github.com/kubernetes-sigs/kubebuilder/releases
 kubebuilder 3.1.0
 # https://golang.org/dl/
-golang 1.17.1
+golang 1.17.2
 # https://github.com/mozilla/sops/releases
 sops 3.7.1
 # https://github.com/kubernetes-sigs/kustomize/releases
@@ -11,7 +11,7 @@ k3d 4.4.7
 # https://github.com/kubernetes/kubernetes/releases
 kubectl 1.21.4
 # https://github.com/helm/helm/releases
-helm 3.6.3
+helm 3.7.1
 # https://github.com/instrumenta/kubeval/releases
 kubeval v0.16.1
 # https://github.com/git-chglog/git-chglog/releases

Dockerfile

@@ -1,7 +1,7 @@
 # Build the manager binary
 # https://www.debian.org/releases/
 # https://hub.docker.com/_/golang?tab=tags&page=1&ordering=last_updated
-FROM golang:1.17.1-bullseye as builder
+FROM golang:1.17.2-bullseye as builder
 
 WORKDIR /workspace
 # Copy the Go Modules manifests
@@ -21,7 +21,7 @@ RUN CGO_ENABLED=0 GO111MODULE=on go build -a -o manager main.go
 
 # https://wiki.ubuntu.com/Releases
 # https://hub.docker.com/_/ubuntu?tab=tags&page=1&ordering=last_updated
-FROM ubuntu:focal-20210921
+FROM ubuntu:focal-20211006
 
 RUN apt-get -y update \
       && apt-get -y upgrade \

Makefile

@@ -1,5 +1,5 @@
 GO := GOPROXY=https://proxy.golang.org go
-SOPS_SEC_OPERATOR_VERSION := 0.3.5
+SOPS_SEC_OPERATOR_VERSION := 0.3.6
 
 # https://github.com/kubernetes-sigs/controller-tools/releases
 CONTROLLER_GEN_VERSION := "v0.6.2"

chart/helm3/sops-secrets-operator/Chart.yaml

@@ -1,6 +1,6 @@
 apiVersion: v2
-version: 0.9.5
-appVersion: 0.3.5
+version: 0.9.6
+appVersion: 0.3.6
 type: application
 description: Helm chart deploys sops-secrets-operator
 name: sops-secrets-operator

chart/helm3/sops-secrets-operator/README.md

@@ -131,8 +131,11 @@ The following table lists the configurable parameters of the Sops-secrets-operat
 | healthProbes.readiness | object | `{"initialDelaySeconds":5,"periodSeconds":10}` | Readiness probe configuration |
 | image.pullPolicy | string | `"Always"` | Operator image pull policy |
 | image.repository | string | `"isindir/sops-secrets-operator"` | Operator image name |
-| image.tag | string | `"0.3.5"` | Operator image tag |
+| image.tag | string | `"0.3.6"` | Operator image tag |
 | imagePullSecrets | list | `[]` | Secrets to pull image from private docker repository |
+| initImage.pullPolicy | string | `"Always"` | Init container image pull policy |
+| initImage.repository | string | `"ubuntu"` | Init container image name |
+| initImage.tag | string | `"focal-20211006"` | Init container image tag |
 | kubeconfig | object | `{"enabled":false,"path":null}` | Paths to a kubeconfig. Only required if out-of-cluster. |
 | logging | object | `{"encoder":"json","level":"info","stacktraceLevel":"error"}` | Logging configuration section suggested values Development Mode (encoder=consoleEncoder,logLevel=Debug,stackTraceLevel=Warn). Production Mode (encoder=jsonEncoder,logLevel=Info,stackTraceLevel=Error) (default) |
 | logging.encoder | string | `"json"` | Zap log encoding (one of 'json' or 'console') |

chart/helm3/sops-secrets-operator/templates/operator.yaml

@@ -28,8 +28,9 @@ spec:
       {{- if .Values.gpg.enabled }}
       initContainers:
         - name: init-myservice
-          image: debian:buster
-          imagePullPolicy: Always
+          # https://hub.docker.com/_/ubuntu?tab=tags&page=1&ordering=last_updated
+          image: "{{ .Values.initImage.repository }}:{{ .Values.initImage.tag }}"
+          imagePullPolicy: {{ .Values.initImage.pullPolicy }}
           command: ['/bin/sh', '-c', 'cp -Lr /var/secrets/gpg-secrets/* /var/secrets/gpg/']
           volumeMounts:
           - mountPath: /var/secrets/gpg

chart/helm3/sops-secrets-operator/tests/operator_test.yaml

@@ -30,8 +30,20 @@ tests:
             app.kubernetes.io/instance: sops
             app.kubernetes.io/managed-by: Helm
             app.kubernetes.io/name: sops-secrets-operator
-            app.kubernetes.io/version: 0.3.5
-            helm.sh/chart: sops-secrets-operator-0.9.5
+            app.kubernetes.io/version: 0.3.6
+            helm.sh/chart: sops-secrets-operator-0.9.6
+
+  # custom name
+  - it: should correctly render custome name
+    release:
+      name: sops
+      namespace: sops
+    set:
+      nameOverride: secrets-6789-123456789-123456789-123456789-123456789-123456789-123456789-
+    asserts:
+      - equal:
+          path: metadata.name
+          value: sops-secrets-6789-123456789-123456789-123456789-123456789-12345
 
   # template metadata and spec selector
   - it: should correctly render template metadata and spec selector
@@ -104,7 +116,7 @@ tests:
           path: spec.template.spec.imagePullSecrets[1].name
           value: your-harbor
 
-  # service account name (TODO: full coverage of include sops-secrets-operator.fullname)
+  # service account name
   - it: should correctly render deployment metadata
     release:
       name: sops
@@ -114,6 +126,18 @@ tests:
           path: spec.template.spec.serviceAccountName
           value: sops-sops-secrets-operator
 
+  # service account name when overriden
+  - it: should correctly render deployment metadata
+    release:
+      name: sops
+      namespace: sops
+    set:
+      nameOverride: secrets-6789-123456789-123456789-123456789-123456789-123456789-123456789-
+    asserts:
+      - equal:
+          path: spec.template.spec.serviceAccountName
+          value: sops-secrets-6789-123456789-123456789-123456789-123456789-12345
+
   # GPG init container
   - it: should not create GPG init container by default
     asserts:
@@ -140,7 +164,7 @@ tests:
     asserts:
       - equal:
           path: spec.template.spec.containers[0].image
-          value: isindir/sops-secrets-operator:0.3.5
+          value: isindir/sops-secrets-operator:0.3.6
       - equal:
           path: spec.template.spec.containers[0].imagePullPolicy
           value: Always
@@ -159,6 +183,35 @@ tests:
           path: spec.template.spec.containers[0].image
           value: myharbor.example.net/sops:0.42.0
 
+  # init container image and pull policy
+  - it: should set default initcontainer image
+    set:
+      gpg:
+        enabled: true
+    asserts:
+      - equal:
+          path: spec.template.spec.initContainers[0].image
+          value: ubuntu:focal-20211006
+      - equal:
+          path: spec.template.spec.initContainers[0].imagePullPolicy
+          value: Always
+
+  - it: should render nondefault initcontainer image pull policy and image name
+    set:
+      initImage:
+        repository: myharbor.example.net/debian
+        tag: 0.42.42
+        pullPolicy: ifNotPresent
+      gpg:
+        enabled: true
+    asserts:
+      - equal:
+          path: spec.template.spec.initContainers[0].imagePullPolicy
+          value: ifNotPresent
+      - equal:
+          path: spec.template.spec.initContainers[0].image
+          value: myharbor.example.net/debian:0.42.42
+
   # container volume mounts
   - it: should render empty set of volume mounts by default
     asserts:

chart/helm3/sops-secrets-operator/values.yaml

@@ -12,10 +12,19 @@ image:
   # -- Operator image name
   repository: isindir/sops-secrets-operator
   # -- Operator image tag
-  tag: 0.3.5
+  tag: 0.3.6
   # -- Operator image pull policy
   pullPolicy: Always
 
+initImage:
+  # -- Init container image name
+  repository: ubuntu
+  # -- Init container image tag
+  tag: focal-20211006
+  # -- Init container image pull policy
+  pullPolicy: Always
+
+
 # -- Secrets to pull image from private docker repository
 imagePullSecrets: []
 # -- Overrides auto-generated short resource name