Merge pull request #8 from rustrial/feature/k8s-v1.31

Feature/k8s v1.31

Author: alex-berger

.devcontainer/Dockerfile

@@ -0,0 +1,3 @@
+FROM nexxiot-registry-oci.jfrog.io/golang:1.23.2-alpine3.20
+
+RUN apk --no-cache add git bash make

.devcontainer/devcontainer.json

@@ -0,0 +1,20 @@
+{
+  "build": {
+    "dockerfile": "./Dockerfile"
+  },
+  "mounts": [
+    "source=${localEnv:HOME}/.aws,target=/root/.aws,type=bind,consistency=cached",
+    "source=${localEnv:HOME}/.gitconfig,target=/root/.gitconfig,type=bind,consistency=cached"
+  ],
+  "customizations": {
+    "vscode": {
+      "extensions": [
+        "GitLab.gitlab-workflow",
+        "golang.go",
+        "ms-vscode.makefile-tools",
+        "ms-azuretools.vscode-docker",
+        "mhutchie.git-graph"
+      ]
+    }
+  }
+}

.github/workflows/build.yaml

@@ -24,7 +24,7 @@ jobs:
       - name: Setup Go
         uses: actions/setup-go@v3
         with:
-          go-version: 1.22.x
+          go-version: 1.23.x
       - name: Setup Kubernetes
         uses: helm/[email protected]
         with:

.github/workflows/publish.yml

@@ -105,7 +105,7 @@ jobs:
       - name: Setup Go
         uses: actions/setup-go@v3
         with:
-          go-version: 1.22.x
+          go-version: 1.23.x
       - name: Build seals CLI
         run: make cli
       - name: Extract TAG_NAME from GITHUB_REF

Dockerfile

@@ -1,5 +1,5 @@
 # Build the manager binary
-FROM golang:1.22 as builder
+FROM golang:1.23.2 as builder
 ARG TARGETOS
 ARG TARGETARCH
 

Makefile

@@ -152,8 +152,8 @@ CONTROLLER_GEN ?= $(LOCALBIN)/controller-gen
 ENVTEST ?= $(LOCALBIN)/setup-envtest
 
 ## Tool Versions
-KUSTOMIZE_VERSION ?= v5.3.0
-CONTROLLER_TOOLS_VERSION ?= v0.15.0
+KUSTOMIZE_VERSION ?= v5.5.0
+CONTROLLER_TOOLS_VERSION ?= v0.16.5
 
 .PHONY: kustomize
 kustomize: $(KUSTOMIZE) ## Download kustomize locally if necessary. If wrong version is installed, it will be removed before downloading.

charts/k8s-gitops-secrets-controller/crds/secrets.rustrial.org_keyencryptionkeypolicies.yaml

@@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
   annotations:
-    controller-gen.kubebuilder.io/version: v0.12.0
+    controller-gen.kubebuilder.io/version: v0.16.5
   name: keyencryptionkeypolicies.secrets.rustrial.org
 spec:
   group: secrets.rustrial.org
@@ -21,33 +21,44 @@ spec:
           API
         properties:
           apiVersion:
-            description: 'APIVersion defines the versioned schema of this representation
-              of an object. Servers should convert recognized schemas to the latest
-              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+            description: |-
+              APIVersion defines the versioned schema of this representation of an object.
+              Servers should convert recognized schemas to the latest internal value, and
+              may reject unrecognized values.
+              More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
             type: string
           kind:
-            description: 'Kind is a string value representing the REST resource this
-              object represents. Servers may infer this from the endpoint the client
-              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+            description: |-
+              Kind is a string value representing the REST resource this object represents.
+              Servers may infer this from the endpoint the client submits requests to.
+              Cannot be updated.
+              In CamelCase.
+              More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
             type: string
           metadata:
             type: object
           spec:
             description: KeyEncryptionKeyPolicySpec defines the desired state of KeyEncryptionKeyPolicy
             properties:
               keyEncryptionKeyId:
-                description: "KeyEncryptionKeyId is the provider specific unique ID
-                  of the Key Encryption Key (KEK) use to encrypt/decrypt the Data
-                  Encryption Key (DEK). \n This ID must uniquely identify the KEK
-                  and provider and is used in authorization rules to decide which
-                  namespaces can access which KEKs."
+                description: |-
+                  KeyEncryptionKeyId is the provider specific unique ID of
+                  the Key Encryption Key (KEK) use to encrypt/decrypt the
+                  Data Encryption Key (DEK).
+
+                  This ID must uniquely identify the KEK and provider and
+                  is used in authorization rules to decide which namespaces
+                  can access which KEKs.
                 type: string
               namespaces:
-                description: White-list of namespaces, which are entitled to use this
-                  KEK to decrypt DataEncrpytionKeys.
+                description: |-
+                  White-list of namespaces, which are entitled to use this KEK
+                  to decrypt DataEncrpytionKeys.
                 items:
                   type: string
                 type: array
+            required:
+            - keyEncryptionKeyId
             type: object
           status:
             description: KeyEncryptionKeyPolicyStatus defines the observed state of