Skip to content
This repository has been archived by the owner on Nov 1, 2022. It is now read-only.

Commit

Permalink
Merge pull request #656 from fluxcd/master
Browse files Browse the repository at this point in the history
Housekeeping merge release 1.4.3
  • Loading branch information
pjbgf authored Jul 27, 2022
2 parents 7a58a8b + cc24dbe commit 67503f1
Show file tree
Hide file tree
Showing 16 changed files with 166 additions and 342 deletions.
4 changes: 2 additions & 2 deletions .circleci/config.yml
Original file line number Diff line number Diff line change
Expand Up @@ -16,10 +16,10 @@ jobs:
build:
working_directory: /home/circleci/go/src/github.com/fluxcd/helm-operator
machine:
image: ubuntu-1604:201903-01
image: ubuntu-2004:2022.04.2
resource_class: large
environment:
GO_VERSION: 1.14.2
GO_VERSION: 1.16.15
# We don't need a GOPATH but CircleCI defines it, so we override it
GOPATH: /home/circleci/go
GOPROXY: https://proxy.golang.org
Expand Down
14 changes: 14 additions & 0 deletions CHANGELOG.md
Original file line number Diff line number Diff line change
@@ -1,3 +1,17 @@
## 1.4.3 (2022-07-27)

This release of Helm Operator has no internal changes; the Helm Operator has been rebuilt against a fresh base image and had its dependencies updated in order to mitigate upstream CVEs.

### Maintenance

- Release 1.4.3 [fluxcd/helm-operator#654][#654]

> **Helm Operator and Flux v1 are in maintenance:**
Please note, while we continue the Helm Operator support, there are some known issues in Helm Operator that cannot be addressed. Users are advised strongly to plan their infrastructure upgrades and [migrate to Flux v2 and Helm Controller](https://fluxcd.io/docs/migration/helm-operator-migration/) as soon as possible, as Helm Operator will soon [no longer be maintained](https://fluxcd.io/docs/migration/timetable/).

[#654]: https://github.com/fluxcd/helm-operator/pull/654

## 1.4.2 (2021-12-17)

This release of Helm Operator has no internal changes; the Helm Operator has been rebuilt against a fresh base image and a deployment manifest has been updated to match the updates to the operator in support of Kubernetes v1.22 and up, which no longer serves the `rbac.authorization.k8s.io/v1beta1` API.
Expand Down
7 changes: 4 additions & 3 deletions Makefile
Original file line number Diff line number Diff line change
Expand Up @@ -20,7 +20,8 @@ ifeq ($(ARCH),)
ARCH=amd64
endif
CURRENT_OS_ARCH=$(shell echo `go env GOOS`-`go env GOARCH`)
GOBIN?=$(shell echo `go env GOPATH`/bin)
# GOPATH may include multiple locations in colon separated format.
GOBIN?=$(shell echo $$GOPATH | cut -d ":" -f 1)/bin

MAIN_GO_MODULE:=$(shell go list -mod=readonly -m -f '{{ .Path }}')
LOCAL_GO_MODULES:=$(shell go list -mod=readonly -m -f '{{ .Path }}' all | grep $(MAIN_GO_MODULE))
Expand All @@ -32,7 +33,7 @@ IMAGE_TAG:=$(shell ./docker/image-tag)
VCS_REF:=$(shell git rev-parse HEAD)
BUILD_DATE:=$(shell date -u +'%Y-%m-%dT%H:%M:%SZ')

all: $(GOBIN)/bin/helm-operator build/.helm-operator.done
all: $(GOBIN)/helm-operator build/.helm-operator.done

clean:
go clean ./cmd/helm-operator
Expand Down Expand Up @@ -110,7 +111,7 @@ cache/%/helm-$(HELM3_VERSION): docker/helm3.version
tar -m -C ./cache -xzf cache/$*/helm-$(HELM3_VERSION).tar.gz $*/helm
mv cache/$*/helm $@

$(GOBIN)/bin/helm-operator: $(HELM_OPERATOR_DEPS)
$(GOBIN)/helm-operator: $(HELM_OPERATOR_DEPS)
go install ./cmd/helm-operator

pkg/install/generated_templates.gogen.go: pkg/install/templates/*
Expand Down
4 changes: 2 additions & 2 deletions chart/helm-operator/Chart.yaml
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
apiVersion: v1
appVersion: "1.4.2"
version: 1.4.2
appVersion: "1.4.3"
version: 1.4.3
kubeVersion: ">=1.16.0-0"
name: helm-operator
description: Flux Helm Operator is a CRD controller for declarative helming
Expand Down
2 changes: 1 addition & 1 deletion chart/helm-operator/values.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,7 @@ fullnameOverride: ""

image:
repository: docker.io/fluxcd/helm-operator
tag: 1.4.2
tag: 1.4.3
pullPolicy: IfNotPresent
pullSecret:

Expand Down
2 changes: 1 addition & 1 deletion deploy/deployment.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -78,7 +78,7 @@ spec:
# There are no ":latest" images for helm-operator. Find the most recent
# release or image version at https://hub.docker.com/r/fluxcd/helm-operator/tags
# and replace the tag here.
image: docker.io/fluxcd/helm-operator:1.4.2
image: docker.io/fluxcd/helm-operator:1.4.3
imagePullPolicy: IfNotPresent
ports:
- name: http
Expand Down
2 changes: 1 addition & 1 deletion docker/Dockerfile.helm-operator
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
FROM alpine:3.13
FROM alpine:3.15

WORKDIR /home/flux

Expand Down
8 changes: 4 additions & 4 deletions docker/helm3.version
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
HELM3_VERSION=3.6.3
HELM3_CHECKSUM_amd64=07c100849925623dc1913209cd1a30f0a9b80a5b4d6ff2153c609d11b043e262
HELM3_CHECKSUM_arm=6918e573a70c309fbf6385a0a0d18d090c10b44d318724f1f73e47ede4809635
HELM3_CHECKSUM_arm64=6fe647628bc27e7ae77d015da4d5e1c63024f673062ac7bc11453ccc55657713
HELM3_VERSION=3.9.2
HELM3_CHECKSUM_amd64=3f5be38068a1829670440ccf00b3b6656fd90d0d9cfd4367539f3b13e4c20531
HELM3_CHECKSUM_arm=fb9f0c1c9475c66c2b3579b908c181d519761bbfae963ffac860bc683a2253de
HELM3_CHECKSUM_arm64=e4e2f9aad786042d903534e3131bc5300d245c24bbadf64fc46cca1728051dbc
8 changes: 4 additions & 4 deletions docker/kubectl.version
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
KUBECTL_VERSION=v1.15.7
KUBECTL_CHECKSUM_amd64=d815361bdb3a9e8032b8c5c1e0da81d7dd7645cdb0fef6699cab6b379bee59a522a02d361f353f261734bbcd698250135763368b43225f28c7a240bc0e244ef2
KUBECTL_CHECKSUM_arm=6911ad6f772ec7a702399eb2830c11cead2dec9dd39f10fc544a0c1f13b704cb7d17e41964761dcebcf04c0badf46af4111ebfc399aeef65e117081d4d86713b
KUBECTL_CHECKSUM_arm64=82c82040a21d450f487db5e9afc6b4acf7711c6f1a2ac55386f16320f276f4d9c6f0eb0cb5abfcd84b7eb3bef29b4fedaabd34406ebe51ffadd7a2e623d94170
KUBECTL_VERSION=v1.21.14
KUBECTL_CHECKSUM_amd64=52a98cc64abeea4187391cbf0ad5bdd69b6920c2b29b8f9afad194441e642fb8f252e14a91c095ef1e85a23e5bb587916bd319566b6e8d1e03be5505400f44b4
KUBECTL_CHECKSUM_arm=fb204c3494bb7acf59ea0dc2b6f94c5a7d2b7e6d69c05b7a7e77b3fc438e574e9ac5f8720a4ae8f2f660822262aa8c4723bfe269c49ed641031f8259210e5b48
KUBECTL_CHECKSUM_arm64=ed613592035b45c4f4571eed2b739c837def4287aacc7c37665e596484aa6dbd299224ef12ec329cfa8a655e20b6bee6f6fc3204bc79b92d832171073ddde191
74 changes: 46 additions & 28 deletions go.mod
Original file line number Diff line number Diff line change
@@ -1,10 +1,9 @@
module github.com/fluxcd/helm-operator

go 1.14
go 1.16

require (
github.com/bitly/go-simplejson v0.5.0 // indirect
github.com/bmizerany/assert v0.0.0-20160611221934-b7ed37b82869 // indirect
github.com/Shopify/logrus-bugsnag v0.0.0-20171204204709-577dee27f20d // indirect
github.com/bshuster-repo/logrus-logstash-hook v1.0.2 // indirect
github.com/bugsnag/panicwrap v1.2.0 // indirect
github.com/docker/go-metrics v0.0.1 // indirect
Expand All @@ -15,30 +14,31 @@ require (
github.com/garyburd/redigo v1.6.0 // indirect
github.com/go-kit/kit v0.10.0
github.com/gofrs/uuid v3.2.0+incompatible // indirect
github.com/golang/protobuf v1.5.0
github.com/google/go-cmp v0.5.5
github.com/golang/protobuf v1.5.2
github.com/google/go-cmp v0.5.6
github.com/gorilla/mux v1.7.3
github.com/helm/helm-2to3 v0.8.2
github.com/kardianos/osext v0.0.0-20190222173326-2bc1f35cddc0 // indirect
github.com/mattn/go-colorable v0.1.6 // indirect
github.com/ncabatoff/go-seq v0.0.0-20180805175032-b08ef85ed833
github.com/pkg/errors v0.9.1
github.com/prometheus/client_golang v1.7.1
github.com/prometheus/client_golang v1.11.1
github.com/shurcooL/vfsgen v0.0.0-20181202132449-6a9ea43bcacd
github.com/spf13/pflag v1.0.5
github.com/stretchr/testify v1.7.0
github.com/yvasiyarov/go-metrics v0.0.0-20150112132944-c25f46c4b940 // indirect
github.com/yvasiyarov/newrelic_platform_go v0.0.0-20160601141957-9c099fbc30e9 // indirect
google.golang.org/grpc v1.27.1
google.golang.org/grpc v1.43.0
helm.sh/helm/v3 v3.6.3
k8s.io/api v0.21.7
k8s.io/apiextensions-apiserver v0.21.7
k8s.io/apimachinery v0.21.7
k8s.io/cli-runtime v0.21.7
k8s.io/api v0.22.5
k8s.io/apiextensions-apiserver v0.21.14
k8s.io/apimachinery v0.22.5
k8s.io/cli-runtime v0.21.14
k8s.io/client-go v11.0.0+incompatible
k8s.io/helm v2.17.0+incompatible
k8s.io/klog v1.0.0
k8s.io/kubectl v0.21.7
k8s.io/utils v0.0.0-20210521133846-da695404a2bc
k8s.io/kubectl v0.21.14
k8s.io/utils v0.0.0-20211116205334-6203023598ed
sigs.k8s.io/yaml v1.2.0
)

Expand All @@ -47,7 +47,8 @@ replace github.com/fluxcd/helm-operator/pkg/install => ./pkg/install

// Transitive requirement from Helm: https://github.com/helm/helm/blob/v3.5.2/go.mod#L52-L53
replace (
github.com/docker/distribution => github.com/docker/distribution v2.7.0-rc.0+incompatible
// Mitigating CVE-2017-11468 and GHSA-qq97-vm5h-rrhg
github.com/docker/distribution => github.com/docker/distribution v2.8.1+incompatible

github.com/docker/docker => github.com/moby/moby v17.12.0-ce-rc1.0.20200618181300-9dc6525e6118+incompatible
)
Expand All @@ -58,12 +59,6 @@ replace (
github.com/fluxcd/flux/pkg/install => github.com/fluxcd/flux/pkg/install v0.0.0-20200206191601-8b676b003ab0
)

// Force upgrade because of a transitive downgrade.
// github.com/fluxcd/helm-operator
// +-> github.com/fluxcd/[email protected]
// +-> k8s.io/[email protected]+incompatible
replace k8s.io/client-go => k8s.io/client-go v0.21.7

// Force upgrade because of a transitive downgrade.
// github.com/fluxcd/flux
// +-> github.com/fluxcd/[email protected]
Expand All @@ -74,18 +69,41 @@ replace (
k8s.io/helm => k8s.io/helm v2.17.0+incompatible
)

// Pin specific runc following example of source-controller upstream:
// https://github.com/fluxcd/source-controller/blob/59dc602b2d0a5b0d4625a4a848303fa2d2117e84/go.mod#L62-L77
// github.com/fluxcd/helm-operator
// +-> helm.sh/helm/[email protected]
// +-> github.com/opencontainers/[email protected]
replace github.com/opencontainers/runc => github.com/opencontainers/runc v1.0.2
// Mitigating:
// CVE-2019-16884, CVE-2019-19921, CVE-2022-24769,
// CVE-2022-29162, CVE-2021-30465 and CVE-2016-9962.
replace github.com/opencontainers/runc => github.com/opencontainers/runc v1.1.2

// Mitigating: GHSA-5j5w-g665-5m35
replace github.com/containerd/containerd => github.com/containerd/containerd v1.4.12
// Mitigating: GHSA-crp2-qrr5-8pq7
replace github.com/containerd/containerd => github.com/containerd/containerd v1.4.13

// Mitigating: GHSA-77vh-xpmg-72qh
replace github.com/opencontainers/image-spec => github.com/opencontainers/image-spec v1.0.2

// Mitigating: CVE-2021-41092
replace github.com/docker/cli => github.com/docker/cli v20.10.9+incompatible

// Mitigating: CVE-2022-21235
replace github.com/Masterminds/vcs => github.com/Masterminds/vcs v1.13.3

replace github.com/prometheus/client_golang => github.com/prometheus/client_golang v1.7.1

// Pin kubernetes dependencies to 1.21.*
replace (
k8s.io/api => k8s.io/api v0.21.14
k8s.io/apiextensions-apiserver => k8s.io/apiextensions-apiserver v0.21.14
k8s.io/apimachinery => k8s.io/apimachinery v0.21.14
k8s.io/cli-runtime => k8s.io/cli-runtime v0.21.14
k8s.io/client-go => k8s.io/client-go v0.21.14
k8s.io/code-generator => k8s.io/code-generator v0.21.14
k8s.io/kubectl => k8s.io/kubectl v0.21.14
)

// Mitigating: CVE-2021-38561
replace golang.org/x/text => golang.org/x/text v0.3.7

// Mitigating: CVE-2022-29526
replace golang.org/x/sys => golang.org/x/sys v0.0.0-20220412211240-33da011f77ad

// Mitigating: CVE-2022-27191
replace golang.org/x/crypto => golang.org/x/crypto v0.0.0-20220314234659-1baeb1ce4c0b
Loading

0 comments on commit 67503f1

Please sign in to comment.