[chart 0.4.1] add node selectors tolerations and affinities

.github/linters/.gitleaks.toml

@@ -0,0 +1,6 @@
+[allowlist]
+description = "global allow list"
+paths = [
+  '''*/yaml/Object_example/*.yaml''',
+  '''*/conformance/tests.py'''
+]

.github/workflows/e2e-testing.yaml

@@ -3,15 +3,16 @@ name: E2E Testing
 on: [push, pull_request]
 
 jobs:
-  lint-test:
+  e2e-tests:
     runs-on: ubuntu-latest
     strategy:
       matrix:
         kind-node-images:
+          - kindest/node:v1.29.2@sha256:51a1434a5397193442f0be2a297b488b6c919ce8a3931be0ce822606ea5ca245
+          - kindest/node:v1.28.7@sha256:9bc6c451a289cf96ad0bbaf33d416901de6fd632415b076ab05f5fa7e4f65c58
           - kindest/node:v1.27.3@sha256:3966ac761ae0136263ffdb6cfd4db23ef8a83cba8a463690e98317add2c9ba72
           - kindest/node:v1.26.6@sha256:6e2d8b28a5b601defe327b98bd1c2d1930b49e5d8c512e1895099e4504007adb
           - kindest/node:v1.25.11@sha256:227fa11ce74ea76a0474eeefb84cb75d8dad1b08638371ecf0e86259b35be0c8
-          - kindest/node:v1.24.15@sha256:7db4f8bea3e14b82d12e044e25e34bd53754b7f2b0e9d56df21774e6f66a70ab
 
     steps:
       - name: Checkout
@@ -57,7 +58,7 @@ jobs:
         run: kind load docker-image cluster-secret:${{ github.sha }} --name=chart-testing
 
       - name: Run helm install
-        run: helm install cluster-secret ./charts/cluster-secret -n cluster-secret --create-namespace --set clustersecret.clustersecret.image.repository=cluster-secret,clustersecret.clustersecret.image.tag=${{ github.sha }}
+        run: helm install cluster-secret ./charts/cluster-secret -n cluster-secret --create-namespace --set image.repository=cluster-secret,image.tag=${{ github.sha }}
 
       - run: pip3 install -r conformance/requirements.txt
         name: Install python requirements

.github/workflows/super-linter.yml

@@ -0,0 +1,36 @@
+---
+name: Lint
+
+on:  # yamllint disable-line rule:truthy
+  push: null
+  pull_request: null
+
+jobs:
+  build:
+    name: Lint
+    runs-on: ubuntu-latest
+
+    permissions:
+      contents: read
+      packages: read
+      # To report GitHub Actions status checks
+      statuses: write
+
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+        with:
+          # super-linter needs the full git history to get the
+          # list of files that changed across commits
+          fetch-depth: 0
+
+      - name: Super-linter
+        uses: super-linter/[email protected]  # x-release-please-version
+        env:
+          # To report GitHub Actions status checks
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          VALIDATE_PYTHON: true
+          LINTER_RULES_PATH: `.github/workflows/linters`
+
+
+

charts/cluster-secret/Chart.yaml

@@ -3,7 +3,7 @@ name: cluster-secret
 description: ClusterSecret Operator
 kubeVersion: '>= 1.16.0-0'
 type: application
-version: 0.4.0
+version: 0.4.1
 icon: https://clustersecret.io/assets/csninjasmall.png
 sources:
 - https://github.com/zakkg3/ClusterSecret

charts/cluster-secret/templates/deployment.yaml

@@ -25,16 +25,19 @@ spec:
     spec:
       securityContext:
         runAsUser: 100 # 100 is set by the container and can NOT be changed here - this would result in a getpwuid() error
+      {{- with .Values.imagePullSecrets }}
+      imagePullSecrets:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
       containers:
       - env:
         - name: KUBERNETES_CLUSTER_DOMAIN
           value: {{ .Values.kubernetesClusterDomain }}
         - name: CLUSTER_SECRET_VERSION
           value: {{ .Chart.AppVersion | quote }}
         - name: REPLACE_EXISTING
-          value: {{ .Values.clustersecret.clustersecret.replace_existing | default "false" | quote }}
-        image: {{ .Values.clustersecret.clustersecret.image.repository }}:{{ .Values.clustersecret.clustersecret.image.tag
-          | default .Chart.AppVersion }}
+          value: {{ .Values.replace_existing | default "false" | quote }}
+        image: {{ .Values.image.repository }}:{{ .Values.image.tag  | default .Chart.AppVersion }}
         name: clustersecret
         securityContext:
           runAsUser: 100 # 100 is set by the container and can NOT be changed here - this would result in a getpwuid() error
@@ -45,3 +48,15 @@ spec:
           periodSeconds: 120
         resources: {}
       serviceAccountName: {{ include "cluster-secret.fullname" . }}-account
+      {{- with .Values.nodeSelector }}
+      nodeSelector:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      {{- with .Values.affinity }}
+      affinity:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      {{- with .Values.tolerations }}
+      tolerations:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}

charts/cluster-secret/templates/role-cluster-rbac.yaml

@@ -22,6 +22,7 @@ rules:
   - list
   - get
   - patch
+  - watch
 - apiGroups:
   - events.k8s.io
   resources:

charts/cluster-secret/values.yaml

@@ -1,11 +1,17 @@
-clustersecret:
-  clustersecret:
-    image:
-      repository: quay.io/clustersecret/clustersecret
-      tag: 0.0.10
-      # use tag-alt for ARM and other alternative builds - read the readme for more information
-      # If Clustersecret is about to create a secret and then it founds it exists:
-      # Default is to ignore it. (to not loose any unintentional data)
-      # It can also reeplace it. Just uncommenting next line.
-      # replace_existing: 'true'
+imagePullSecrets: []
+image:
+  repository: quay.io/clustersecret/clustersecret
+  tag: 0.0.10
+  # use tag-alt for ARM and other alternative builds - read the readme for more information
+  # If Clustersecret is about to create a secret and then it founds it exists:
+  # Default is to ignore it. (to not loose any unintentional data)
+  # It can also reeplace it. Just uncommenting next line.
+  # replace_existing: 'true'
 kubernetesClusterDomain: cluster.local
+
+
+nodeSelector: {}
+
+tolerations: []
+
+affinity: {}