up: update k8s api to 1.25.x and golang to 1.19

.circleci/config.yml

@@ -19,22 +19,22 @@ jobs:
       image: ubuntu-2204:2022.04.1
     environment: &versions
       # https://github.com/kubernetes/kubernetes/releases
-      KUBECTL_VERSION: v1.24.2
+      KUBECTL_VERSION: v1.25.0
       # https://hub.docker.com/r/rancher/k3s/tags
       K3S_VERSION: v1.24.0-rc1-k3s1
       # https://github.com/rancher/k3d/releases
       #K3D_VERSION: v5.4.1
       K3D_VERSION: v4.4.8
       # https://github.com/helm/helm/releases
-      HELM_VERSION: v3.9.1
+      HELM_VERSION: v3.9.4
       # https://golang.org/dl/
-      GOLANG_VERSION: "1.18.4"
+      GOLANG_VERSION: "1.19"
       # https://github.com/kubernetes-sigs/kubebuilder/releases
-      KUBEBUILDER_VERSION: 3.5.0
+      KUBEBUILDER_VERSION: 3.6.0
       # https://github.com/mozilla/sops/releases
       SOPS_VERSION: v3.7.3
       # https://github.com/kubernetes-sigs/kustomize/releases
-      KUSTOMIZE_VERSION: v4.5.5
+      KUSTOMIZE_VERSION: v4.5.7
       # https://github.com/quintush/helm-unittest/releases
       HELM_UNITTEST_VERSION: 0.2.8
       # https://github.com/instrumenta/kubeval/releases
@@ -44,7 +44,7 @@ jobs:
       # https://github.com/git-chglog/git-chglog/releases
       GIT_CHGLOG_VERSION: 0.15.1
       # https://github.com/docker/buildx/releases
-      BUILDX_BINARY_VERSION: 0.8.2
+      BUILDX_BINARY_VERSION: 0.9.1
 
       DOCKER_BUILDKIT: 1
       BUILDX_PLATFORMS: linux/amd64,linux/arm64

.tool-versions

@@ -1,19 +1,19 @@
 # UPDATE_HERE
 # https://github.com/kubernetes-sigs/kubebuilder/releases
-kubebuilder 3.5.0
+kubebuilder 3.6.0
 # https://golang.org/dl/
-golang 1.18.4
+golang 1.19
 # https://github.com/mozilla/sops/releases
 sops 3.7.3
 # https://github.com/kubernetes-sigs/kustomize/releases
-kustomize 4.5.5
+kustomize 4.5.7
 # https://github.com/rancher/k3d/releases
 #k3d 5.4.1
 k3d 4.4.8
 # https://github.com/kubernetes/kubernetes/releases
-kubectl 1.24.4
+kubectl 1.25.0
 # https://github.com/helm/helm/releases
-helm 3.9.1
+helm 3.9.4
 # https://github.com/norwoodj/helm-docs/releases
 helm-docs 1.11.0
 # https://github.com/instrumenta/kubeval/releases

Dockerfile

@@ -2,7 +2,7 @@
 # Build the manager binary
 # https://www.debian.org/releases/
 # https://hub.docker.com/_/golang?tab=tags&page=1&ordering=last_updated
-FROM golang:1.18.4-bullseye as builder
+FROM golang:1.19.0-bullseye as builder
 
 WORKDIR /workspace
 # Copy the Go Modules manifests
@@ -22,7 +22,7 @@ RUN CGO_ENABLED=0 GO111MODULE=on go build -a -o manager main.go
 
 # https://wiki.ubuntu.com/Releases
 # https://hub.docker.com/_/ubuntu?tab=tags&page=1&ordering=last_updated
-FROM ubuntu:jammy-20220531
+FROM ubuntu:jammy-20220801
 
 RUN apt-get -y update \
       && apt-get -y upgrade \

Makefile

@@ -1,13 +1,13 @@
 # UPDATE_HERE
 GO := GOPROXY=https://proxy.golang.org go
-SOPS_SEC_OPERATOR_VERSION := 0.5.3
+SOPS_SEC_OPERATOR_VERSION := 0.6.0
 
 # https://github.com/kubernetes-sigs/controller-tools/releases
 CONTROLLER_GEN_VERSION := "v0.9.2"
 # https://github.com/kubernetes-sigs/controller-runtime/releases
 CONTROLLER_RUNTIME_VERSION := "v0.12.3"
 # https://github.com/kubernetes-sigs/kustomize/releases
-KUSTOMIZE_VERSION := "v4.5.5"
+KUSTOMIZE_VERSION := "v4.5.7"
 # use `setup-envtest list` to obtain the list of available versions
 # until fixed, can't use newer version, see:
 #   https://github.com/kubernetes-sigs/controller-runtime/issues/1571

README.md

@@ -23,6 +23,7 @@ encrypted files stored in `git` repository.
 
 | Kubernetes | Sops | Chart | Operator |
 |---|---|---|---|
+| v1.25.x | v3.7.3 | 0.12.0 | 0.6.0 |
 | v1.24.x | v3.7.3 | 0.11.3 | 0.5.3 |
 | v1.23.x | v3.7.2 | 0.10.8 | 0.4.8 |
 | v1.22.x | v3.7.1 | 0.9.7 | 0.3.7 |

api/v1alpha1/groupversion_info.go

@@ -3,8 +3,8 @@
  * file, You can obtain one at https://mozilla.org/MPL/2.0/. */
 
 // Package v1alpha1 contains API Schema definitions for the isindir v1alpha1 API group
-//+kubebuilder:object:generate=true
-//+groupName=isindir.github.com
+// +kubebuilder:object:generate=true
+// +groupName=isindir.github.com
 package v1alpha1
 
 import (

api/v1alpha1/sopssecret_types.go

@@ -146,9 +146,9 @@ type SopsSecretStatus struct {
 //+kubebuilder:subresource:status
 
 // SopsSecret is the Schema for the sopssecrets API
-//+kubebuilder:resource:shortName=sops,scope=Namespaced
-//+kubebuilder:deprecatedversion
-//+kubebuilder:subresource:status
+// +kubebuilder:resource:shortName=sops,scope=Namespaced
+// +kubebuilder:deprecatedversion
+// +kubebuilder:subresource:status
 type SopsSecret struct {
 	metav1.TypeMeta   `json:",inline"`
 	metav1.ObjectMeta `json:"metadata,omitempty"`

api/v1alpha2/groupversion_info.go

@@ -3,8 +3,8 @@
  * file, You can obtain one at https://mozilla.org/MPL/2.0/. */
 
 // Package v1alpha2 contains API Schema definitions for the isindir v1alpha2 API group
-//+kubebuilder:object:generate=true
-//+groupName=isindir.github.com
+// +kubebuilder:object:generate=true
+// +groupName=isindir.github.com
 package v1alpha2
 
 import (

api/v1alpha2/sopssecret_types.go

@@ -188,10 +188,10 @@ type SopsSecretStatus struct {
 //+kubebuilder:subresource:status
 
 // SopsSecret is the Schema for the sopssecrets API
-//+kubebuilder:resource:shortName=sops,scope=Namespaced
-//+kubebuilder:deprecatedversion
-//+kubebuilder:subresource:status
-//+kubebuilder:printcolumn:name="Status",type=string,JSONPath=`.status.message`
+// +kubebuilder:resource:shortName=sops,scope=Namespaced
+// +kubebuilder:deprecatedversion
+// +kubebuilder:subresource:status
+// +kubebuilder:printcolumn:name="Status",type=string,JSONPath=`.status.message`
 type SopsSecret struct {
 	metav1.TypeMeta   `json:",inline"`
 	metav1.ObjectMeta `json:"metadata,omitempty"`

api/v1alpha3/groupversion_info.go

@@ -1,6 +1,6 @@
 // Package v1alpha3 contains API Schema definitions for the isindir v1alpha3 API group
-//+kubebuilder:object:generate=true
-//+groupName=isindir.github.com
+// +kubebuilder:object:generate=true
+// +groupName=isindir.github.com
 package v1alpha3
 
 import (

api/v1alpha3/sopssecret_types.go

@@ -204,10 +204,10 @@ type SopsSecretStatus struct {
 //+kubebuilder:subresource:status
 
 // SopsSecret is the Schema for the sopssecrets API
-//+kubebuilder:resource:shortName=sops,scope=Namespaced
-//+kubebuilder:subresource:status
-//+kubebuilder:storageversion
-//+kubebuilder:printcolumn:name="Status",type=string,JSONPath=`.status.message`
+// +kubebuilder:resource:shortName=sops,scope=Namespaced
+// +kubebuilder:subresource:status
+// +kubebuilder:storageversion
+// +kubebuilder:printcolumn:name="Status",type=string,JSONPath=`.status.message`
 type SopsSecret struct {
 	metav1.TypeMeta   `json:",inline"`
 	metav1.ObjectMeta `json:"metadata,omitempty"`

chart/helm3/sops-secrets-operator/Chart.yaml

@@ -1,7 +1,7 @@
 apiVersion: v2
 # UPDATE_HERE
-version: 0.11.3
-appVersion: 0.5.3
+version: 0.12.0
+appVersion: 0.6.0
 type: application
 description: Helm chart deploys sops-secrets-operator
 name: sops-secrets-operator

chart/helm3/sops-secrets-operator/Makefile

@@ -4,7 +4,7 @@ CHART_NAME?=$(shell cat Chart.yaml | awk 'BEGIN { FS=": " } $$0~/^name:/ { gsub(
 VERSION_TAG?=$(shell cat Chart.yaml | awk 'BEGIN { FS=": " } $$0~/^version/ { gsub(/['\'',]/, ""); print $$2; }')
 
 # UPDATE_HERE
-K8S_VERSION := "1.24.3"
+K8S_VERSION := "1.25.0"
 
 SHELL=/bin/bash
 

chart/helm3/sops-secrets-operator/README.md

@@ -132,11 +132,11 @@ The following table lists the configurable parameters of the Sops-secrets-operat
 | healthProbes.readiness | object | `{"initialDelaySeconds":5,"periodSeconds":10}` | Readiness probe configuration |
 | image.pullPolicy | string | `"Always"` | Operator image pull policy |
 | image.repository | string | `"isindir/sops-secrets-operator"` | Operator image name |
-| image.tag | string | `"0.5.3"` | Operator image tag |
+| image.tag | string | `"0.6.0"` | Operator image tag |
 | imagePullSecrets | list | `[]` | Secrets to pull image from private docker repository |
 | initImage.pullPolicy | string | `"Always"` | Init container image pull policy |
 | initImage.repository | string | `"ubuntu"` | Init container image name |
-| initImage.tag | string | `"jammy-20220531"` | Init container image tag |
+| initImage.tag | string | `"jammy-20220801"` | Init container image tag |
 | kubeconfig | object | `{"enabled":false,"path":null}` | Paths to a kubeconfig. Only required if out-of-cluster. |
 | logging | object | `{"encoder":"json","level":"info","stacktraceLevel":"error"}` | Logging configuration section suggested values Development Mode (encoder=consoleEncoder,logLevel=Debug,stackTraceLevel=Warn). Production Mode (encoder=jsonEncoder,logLevel=Info,stackTraceLevel=Error) (default) |
 | logging.encoder | string | `"json"` | Zap log encoding (one of 'json' or 'console') |

chart/helm3/sops-secrets-operator/tests/operator_test.yaml

@@ -31,8 +31,8 @@ tests:
             app.kubernetes.io/instance: sops
             app.kubernetes.io/managed-by: Helm
             app.kubernetes.io/name: sops-secrets-operator
-            app.kubernetes.io/version: 0.5.3
-            helm.sh/chart: sops-secrets-operator-0.11.3
+            app.kubernetes.io/version: 0.6.0
+            helm.sh/chart: sops-secrets-operator-0.12.0
 
   # custom name
   - it: should correctly render custome name
@@ -171,7 +171,7 @@ tests:
       # UPDATE_HERE
       - equal:
           path: spec.template.spec.containers[0].image
-          value: isindir/sops-secrets-operator:0.5.3
+          value: isindir/sops-secrets-operator:0.6.0
       - equal:
           path: spec.template.spec.containers[0].imagePullPolicy
           value: Always
@@ -199,7 +199,7 @@ tests:
       - equal:
           path: spec.template.spec.initContainers[0].image
           # UPDATE_HERE
-          value: ubuntu:jammy-20220531
+          value: ubuntu:jammy-20220801
       - equal:
           path: spec.template.spec.initContainers[0].imagePullPolicy
           value: Always

chart/helm3/sops-secrets-operator/values.yaml

@@ -13,7 +13,7 @@ image:
   # -- Operator image name
   repository: isindir/sops-secrets-operator
   # -- Operator image tag
-  tag: 0.5.3
+  tag: 0.6.0
   # -- Operator image pull policy
   pullPolicy: Always
 
@@ -22,7 +22,7 @@ initImage:
   # -- Init container image name
   repository: ubuntu
   # -- Init container image tag
-  tag: jammy-20220531
+  tag: jammy-20220801
   # -- Init container image pull policy
   pullPolicy: Always
 

controllers/sopssecret_controller.go

@@ -471,7 +471,8 @@ func decryptSopsSecretInstance(
 // The format string can be `json`, `yaml`, `dotenv` or `binary`.
 // If the format string is empty, binary format is assumed.
 // NOTE: this function is taken from sops code and adjusted
-//       to ignore mac, as CR will always be mutated in k8s
+//
+//	to ignore mac, as CR will always be mutated in k8s
 func customDecryptData(data []byte, format string) (cleartext []byte, err error) {
 	// Initialize a Sops JSON store
 	var store sops.Store