Release v4.2.2 · incident-io/theatre

Changelog

17097a4 Merge pull request #1 from incident-io/ben/no-drb
87666ef consoles: Make DirectoryRoleBinding optional
82d6c21 dockerfile: Split dependencies stage
9fc13e4 Merge pull request gocardless#309 from gocardless/rnaveiras-release-v4-2-2
8c9ac8a Version 4.2.2
d7c3035 Merge pull request gocardless#308 from gocardless/rnaveiras-metrics-missing
185dd63 Restore secretsinjector_webhook
8e3d28d Merge pull request gocardless#307 from gocardless/rnaveiras-removed-circleci
79ecabb Remove circleci configuration
d35bd70 Merge pull request gocardless#306 from gocardless/rnaveiras-fix-ldflags
94cb6db Bump a minor version 4.2.1
5ca8e5d Update Theatre go ldflags
2589933 Merge pull request gocardless#301 from gocardless/rnaveiras-release-v4.2.0
5824643 Version 4.2.0
57e2fd6 Merge pull request gocardless#300 from gocardless/prometheus-info
7960ff1 Add Prometheus build_info metrics
4867d21 Merge pull request gocardless#299 from gocardless/rnaveiras-golang-update
b54ba92 Update Makefile with new targets
877143e Update golang to 1.20.5
32ac073 Merge pull request gocardless#298 from gocardless/rnaveiras-fix-typo-goreleaser
d9fd27d Update goreleaser configuration
744412f Merge pull request gocardless#297 from gocardless/rnaveiras-github-actions-outputs-2
5c8134b github action step outputs
62d6d38 Merge pull request gocardless#296 from gocardless/rnaveiras-github-actions-update-outputs
7d39be8 github actions update job outputs
9931672 Merge pull request gocardless#295 from gocardless/rnaveiras-github-action-output
bc6e5bc Update release workflow
5d6e91d Merge pull request gocardless#294 from gocardless/cut-new-release-4-1-0
3215c81 v4.1.0
cad269a Merge pull request gocardless#293 from gocardless/rnaveiras-goreleaser-draft
78f529f goreleaser: Removed draft flag
7830958 Merge pull request gocardless#292 from gocardless/rnaveiras-trigger-worfklows
dc5b217 Clearly I'm missing something
91a4998 Merge pull request gocardless#291 from gocardless/rnaveiras-workflow-typos
dafdee4 Update workflow release
bab33f7 Merge pull request gocardless#290 from gocardless/rnaveiras-goreleaser
8d96a26 Update goreleaser
c75fad6 Merge pull request gocardless#286 from gocardless/dependabot/go_modules/github.com/sykesm/zap-logfmt-0.0.4
4ae8afc Bump github.com/sykesm/zap-logfmt from 0.0.3 to 0.0.4
b9c643f Merge pull request gocardless#289 from gocardless/rnaveiras-update-docs
b131553 Merge pull request gocardless#285 from gocardless/dependabot/go_modules/go.uber.org/zap-1.24.0
7fccb0e Merge pull request gocardless#283 from gocardless/dependabot/go_modules/github.com/google/uuid-1.3.0
9f52270 Bump github.com/google/uuid from 1.1.2 to 1.3.0
fde2e73 Merge pull request gocardless#288 from gocardless/rnaveiras-github-actions-removed-release
8d2c572 Update documentation after gocardless#276
3247aef github actions: Removed release step
4a2eb77 Merge pull request gocardless#282 from gocardless/dependabot/github_actions/actions/checkout-3.5.3
6f5c14a Bump go.uber.org/zap from 1.21.0 to 1.24.0
ae9ba0a Bump actions/checkout from 3.1.0 to 3.5.3
0ebfbf1 Merge pull request gocardless#276 from gocardless/rnaveiras-remove-pod-priority-webhook
0512d0b Merge pull request gocardless#281 from gocardless/rnaveiras-add-dependabot
b013d2a Add dependabot to this project
5ec35ac Removed Mutating Admission Webhook
c73cb1d Removed Mutating Admission Webhook
b2e8ab9 Merge pull request gocardless#280 from gocardless/rnaveiras-k8s-1.24-and-vault
ba76f66 Explicit vs implicit configuration
8ebec20 Update Kubernetes 1.24 and kind v0.19.0
126a75a Merge pull request gocardless#279 from gocardless/rnaveiras-update-vault
c13f432 Update Vault
930bc58 Merge pull request gocardless#273 from gocardless/dependabot/go_modules/golang.org/x/net-0.7.0
df7e176 Bump golang.org/x/net from 0.0.0-20220722155237-a158d28d115b to 0.7.0
29372ce Merge pull request gocardless#272 from gocardless/dependabot/go_modules/golang.org/x/text-0.3.8
ace6741 Bump golang.org/x/text from 0.3.7 to 0.3.8
4f0964c Merge pull request gocardless#278 from gocardless/rnaveiras-theatre-resources
f4443bc kustomize overaly: Override cpu allocation
977c525 Wait for theatre resources to be ready
fe64dae Merge pull request gocardless#277 from gocardless/rnaveiras-github-actions-update-triggers
d00a220 Update README
560e444 Update github action triggers
d54d6a6 Merge pull request gocardless#267 from gocardless/convert-gocardless-theatre-to-actions-20221028-092655
253588a actions/setup-go@4 enabled caching by default
270ef35 Webhook request and response
f8e4cf1 Update goversion to 1.19.3
422fb40 chore: polishing valet ci output for gha migration
a614312 Add workflow gocardless/theatre/build-integration
c94dd8f INC-975 rotate write deploy key (gocardless#271)
e5c193a Merge pull request gocardless#270 from gocardless/CI-1658-increase-circleci-timeout
122e62b CI-1658: Increase circleci unit test timeout
afaa7f7 Merge pull request gocardless#268 from gocardless/CI-1658
c1b5d84 CI-1658: Address review comments
5442a88 CI-1658: Bump theatre version
fcf3f0c CI-1658: Remove deprecated ioutil package
ae30df8 CI-1658: Remove deprecated async Ginkgo tests
c5da0a5 CI-1658: Upgrade controller-runtime to v0.13.1
e7e176d CI-1658: Upgrade controller-runtime to v0.12.3
fd948b3 CI-1658: Upgrade controller-runtime to v0.11.2
ae98f53 CI-1658: Implement go-staticcheck suggestions
2d51533 CI-1658: Upgrade controller-runtime to v0.10.3
d3facd2 CI-1658: Upgrade controller-runtime to v0.9.6
55da422 CI-1658: Upgrade controller-runtime to v0.9.0
addf6be CI-1658: Upgrade controller-runtime to v0.8.3
367a420 CI-1658: bump go version to 1.17
ae26136 CI-1658: Upgrade controller-runtime to v0.7.0
dc945ad Merge pull request gocardless#269 from gocardless/PDFR-19964/auth-rule-field
fd9cc7f Increment version
f317521 Consoles: include console event ID in logs
0ab4780 Consoles: include authorisation rule name
039113f Merge pull request gocardless#266 from gocardless/CI-1438/add-console-exit-code
90ae22a Emit exit codes of console containers when terminating
c6396c4 Merge pull request gocardless#265 from gocardless/benwh/event-id-utc
5a9cba6 Console Event IDs: Use UTC timestamps
42854e9 Merge pull request gocardless#264 from gocardless/CI-1233/abort-consoles-with-multiple-pods
a7adac9 Bump version
dcf37eb Source code comments
2924d94 Abort consoles with more than one pod
db2a96f Emit console termination events (gocardless#262)
50f791d Fix the getting started instructions in the README (gocardless#261)
7b29ee9 PDFR-11433: Update CircleCI machine image (gocardless#259)
1be60ca Merge pull request gocardless#258 from gocardless/fix-metrics-high-port
1544913 Update metrics ports to use high ports
cbfb0ec Merge pull request gocardless#257 from gocardless/add-publish-metrics
2a9b697 add total postfix to counters
35fb75d add event publish metrics to consoles
144ad13 Merge pull request gocardless#256 from gocardless/tb/fix-metrics-port-names
33091c4 Fix metrics port names
cbcec87 Merge pull request gocardless#255 from gocardless/tb/sidecar-metrics-ports
a30c09e expose metrics for sidecar container
eebc78d CI-1059: small refactor to code to set min grace period (gocardless#254)
b310284 CI-1059: Add extra sidecar variables (gocardless#253)
ea73635 Merge pull request gocardless#252 from gocardless/CI-999/fix_nil_panic
20e65ab CI-999: Fix nil pointer panic
13e679d CI-999: Modify console template on creation to add tlog (gocardless#243)
641ed66 Include number of required authorisations in Pub/Sub console creation message (gocardless#251)
0e5a049 Bump version
d95e2ea Add console lifecycle event recording (gocardless#247)
8b41717 CI-1029: Bump the release version (gocardless#248)
67e46aa Merge pull request gocardless#244 from gocardless/CI-1029/add_attach_to_auth
857fb48 CI-1029: Add attach support to theatre-runner authorise
4dfa9a9 Release console event schemas
8ce4bef Add console observer webhook
55555c5 Add event lifecycle schemas
296dfc5 Merge pull request gocardless#241 from gocardless/rnaveiras/updates
335dc9a Updated README
16ab3c1 Updated go get deprecation
6b99fe9 Amend circleci nodejs job
96b9dbb Updated go vet execution
a23d2d0 Updated circleci
cdf6c0d Updated certmanager.io/v1
5d175bd Updated certmanager
cd56bac Updated kind version
5cecf44 Updated golang version 1.17.3
0e9a7f2 Revert "Apple silicon builds"
07d116b Apple silicon builds
6c4649c Merge pull request gocardless#238 from gocardless/theobarberbany-v3.2.0
5ad4ec3 Release theatre 3.2.0
0d87336 Merge pull request gocardless#237 from gocardless/snake-case-console-label-keys
16c6dac Replace slash and period with underscope for label names
944a9ed Release theatre v3.1.1
c1a4e9e Fix: Console authorisation rule list length mismatch
c68262d v3.1.0
5e8f2fe Merge pull request gocardless#234 from gocardless/benwh/secrets-timeouts
3ffe458 Add debug logging to theatre-secrets
7cdd17b Allow config of theatre-secrets debug and timeout
afe2135 Merge pull request gocardless#233 from gocardless/v3.0.2
e2d5bc4 v3.0.2
865a93c Bump codebase to v3
c7365ac Go mod v2 -> v3
ab5d955 v3.0.1
4f7b043 Merge pull request gocardless#232 from gocardless/dyson-improve-errored-console-output
a935e15 Dump pod logs on errored console creation
b63d856 Merge pull request gocardless#231 from gocardless/dyson-fix-console-detaching
ff361d5 Fix detaching from interactive consoles
bde9a4e Merge pull request gocardless#230 from gocardless/dyson-consoletemplate-preserve-metadata
92ed20f Preserve metadata in console template CRD
c02ce76 Merge pull request gocardless#229 from gocardless/benwh/bump-controller-gen
f0645e8 Regenerate manifests with new controller-gen
c5dad8e Bump controller-gen to v0.5.0
2a563ce Merge pull request gocardless#228 from gocardless/theobarberbany/update-version
a7d26ed Update Version
7e2d3ea Merge pull request gocardless#226 from gocardless/benwh/vault-files-bug
b8159db theatre-secrets: support old theatre-envconsul annotation
d272c98 %s/envconsul/secrets/g
08844bf Update tests for theatre-secrets/envconsul
daf489b Remove envconsul dependency from theatre-envconsul
5fba82d Merge pull request gocardless#225 from gocardless/vault-files
32c81b5 theatre-envconsul: acceptance test for vault-file support
4f9b21d theatre-envconsul: Log envconsul output upon failure
8e45f2c theatre-envconsul: Fix double error logging
e1820c8 theatre-envconsul: add support for writing files
44dc112 Merge pull request gocardless#224 from gocardless/handle-console-already-done
f32dcdd Handle attaching to stopped pod gracefully
a703997 Merge pull request gocardless#223 from gocardless/dyson-fix-envconsul-env-cmd
0a7f53c Fix splitting env vars in theatre-envconsul env
aee296c Merge pull request gocardless#222 from gocardless/dyson-update-theatre-envconsul-docs
579059a Update theatre-envconsul README
c68004f Merge pull request gocardless#220 from gocardless/envconsul-load-secrets-statically
c8c3d43 Fix info log in theatre-envconsul
64ce621 Remove the lease option from theatre-envconsul
25bf152 Update ctx todos in vault manager acceptance test
709c411 Delete theatre-envconsul acceptance test
60835eb Merge pull request gocardless#221 from gocardless/tragiclifestories-patch-1
593be03 Add pods:watch to recommended console role rules
0f0df74 Look up path of the binary to execute before executing
1750791 Update acceptance test code
abd7883 Add lease option to theatre-envconsul exec
6329d99 Add env command to theatre-envconsul
dadee4a v2.3.2
91c04b4 Merge pull request gocardless#219 from gocardless/lawrence-console-bug
c39a9fd Correctly handle errors in console runner
bf64751 GetAttachablePod takes context.Context
bca04bd v2.3.1
c98e0ed Merge pull request gocardless#218 from gocardless/lawrence-handle-status
b7054de Console runner handles *metav1.Status
ca7e1c9 v2.3.0
8771710 Merge pull request gocardless#217 from gocardless/lawrence-multiple-console-template-errors
b807065 pkg/workloads/console/runner.MultipleConsoleTemplateError
e90cbb3 Merge pull request gocardless#216 from gocardless/lawrence-update-dependencies
dc8869e Update Kubernetes v0.18.6 -> v0.18.9
227ade5 v2.2.0
9a598b9 Merge pull request gocardless#215 from gocardless/lawrence-theatre-v2-go-mod
f52fa72 github.com/gocardless/theatre/v2
903fd45 Merge pull request gocardless#214 from gocardless/ffs-interactive
70b2dfa Update JSON tag to have correct field name
09fa7b0 Merge pull request gocardless#211 from gocardless/noninteractive
7ff4b29 Bump to 2.1.0
3548c31 Introduce noninteractive consoles
847513f Remove clientset (gocardless#212)
8e3ad8a Merge pull request gocardless#209 from gocardless/dyson-fix-console-link
a11eabb Fixup console doc links
469e2a3 Merge pull request gocardless#207 from gocardless/rnaveiras/new-release-v2.0.0
91e9332 Merge pull request gocardless#208 from gocardless/dyson-fix-ci-command-name
40ca388 Fix CI manifest command name
8b56c76 v2.0.0
4038f99 Merge pull request gocardless#206 from gocardless/v2-main
e04b28e Merge pull request gocardless#205 from gocardless/v2-update-readmes
5393c2d Merge pull request gocardless#204 from gocardless/rnaveiras/remove-pkg-integration
71ca0fd v2: Update READMEs
f415fd8 v2: Removed pkg/integration
fcddc83 Merge pull request gocardless#202 from gocardless/v2-fix-and-simplify-logging
f18cb7f v2: Updated zap logger settings
b70d6a8 Merge pull request gocardless#203 from gocardless/v2-update-project
5c3f3b7 v2: Update PROJECT
fd76789 v2: Improve logging
d94a488 Merge pull request gocardless#201 from gocardless/rnaveiras/update-dockerfile
69fe7a4 Updated dockerfile
27f2a7e Merge pull request gocardless#198 from gocardless/rnaveiras/priority-mutating-webhook
d4df181 Merge pull request gocardless#199 from gocardless/rnaveiras/updated-circleci
10942bb Merge pull request gocardless#200 from gocardless/rnaveiras/v2-istio-friendly
55909aa v2: kustomize updated port names
bf8873a Updated circleci - release workflow
44b074a v2: Updated priority-injector MutatingWebhook
2cc3649 Merge pull request gocardless#197 from gocardless/rnaveiras/v2-updated-kustomize
b9e9b0c Removed deprecated annotation
0d2e064 Merge pull request gocardless#196 from gocardless/rnaveiras/remove-pkg-apis
5ce69f6 Updated golang 1.14.5
0e5df78 Updated ginkgo command
3bf6307 v2: pkg/apis was moved to apis/
eed66f8 Merge pull request gocardless#192 from gocardless/v2-remove-info-error-case
0ed5204 Merge pull request gocardless#194 from gocardless/v2-add-priority-webhook
7c64ade Fixup workload integration tests
0f806ec Fixup priority webhook integration tests
e25f6c7 Add webhook definition to config yamls
666cf52 Convert the webhook to kubebuilder v2 format
34b6fb4 Move the priority webhook into v2 structure
44627b7 Merge pull request gocardless#195 from gocardless/v2-add-console-webhook-integration-tests
fe9397c Merge pull request gocardless#193 from gocardless/v2-add-consoles
c25f170 Add a sleep to ensure that we give jobs a chance to spawn
d3a3198 Fix integration tests for consoles webhooks
ef016b0 v2: console - remove unnecessary annotation
5182130 v2: console - Default to StatefulSet for now
305e976 Fixup: add workloads ctlr tests to Makefile
a9c03f6 v2: console - upgrade theatre-console cli
9e3f14f v2: console - add manager, runner, manifest, acceptance
1238046 v2: console - add controller
ff99dc9 v2: console - add workload crd tests to make and ci
693611b v2: console - add webhooks
e859c17 v2: console - add to make generation & manifests
1013b1d v2: console - add crds
e455cc6 Use the provided message instaid of the error string
19fe55a Merge pull request gocardless#191 from gocardless/v2-add-vault
d56a265 v2: Updated vault MutatingWebhookConfiguration
ec1f433 v2: Remove manager-metrics-address
24f2c35 v2 vault: Changed resources back to statefulset
49e94c2 Update versions for kind, kubebuilder, kustomize and kubectl
173ee4b Add acceptance tests to circleci
ea9cc61 Update cmd/acceptance to v2
f160172 Add vault to makefile
208c509 Upgrade config to v2
9d1201c Move config to v2 location
7218fc3 Migrate config/base to v2
d186e43 Migrate existing vault manager yaml
c1118a3 Update cmd/theatre-envconsul to v2
591cdea Update cmd/vault-manager to v2
bd9e86b Upgrade webhook to v2
bf3b3df Move webhook to v2 location
18a35bf Remove error recording from the Info handler
bf7273d Merge pull request gocardless#190 from gocardless/rnaverias/v2-update-kustomize-rbac
843cf56 v2 rbac: Updated kustomize
327ce49 Merge pull request gocardless#189 from gocardless/rnaveiras/update-getting-started-for-v2
c3e0910 Updated getting-started tooling for V2
edbf1d8 Merge pull request gocardless#188 from gocardless/v2-add-rbac
d4df924 v2: rbac - Updated LaeaderElectionID
7ea4887 v2: rbac - add go vet to makefile and ci
e07fda7 v2: rbac - add tests and build step to ci
b098b3b v2: rbac - add controller, manager, and tests
6f00611 v2: rbac - add code and manifest generation
6e0851c v2: rbac - add crds
c2d9b7a Merge pull request gocardless#187 from gocardless/v2-noop-build-tests-ci
5a1c7b5 v2: Disable make targets and ci jobs
9b10d71 Merge pull request gocardless#186 from gocardless/v2-delete-vendor
ac95a38 v2: Add empty go.mod
6b34b9f v2: Remove Gopkg.*
6677c64 v2: Delete vendor
6044393 Add sidecar container support to consoles (gocardless#183)
3ca1d55 Bump golang from 1.14.2 to 1.14.3
da87581 Merge pull request gocardless#180 from gocardless/dyson-workload-validiting-webhook-config-name
c2ea5ac Set workloads validating webhook config name
8b86ffb Merge pull request gocardless#179 from gocardless/benwh/console-auth-rbac
a081a46 v1.0.1
3552cd8 Fix ConsoleAuthorisation role permissions
c07bc2c Merge pull request gocardless#178 from gocardless/benwh/goreleaser-fixups
88fc1a6 Add unique IDs for each build
2b08d27 Use docker executor for release job
501f2be Add deploy key fingerprint to release job
69070c7 Fix console printer panic on early exit from console creation (gocardless#177)
7fc23a4 Merge pull request gocardless#174 from gocardless/benwh/update-docs
e8401b2 Fixup goreleaser version (gocardless#176)
5cfb797 Add runner helper to get a console (gocardless#175)
708f75f Merge pull request gocardless#168 from gocardless/go-releaser
e9eff24 Setup goreleaser
3942768 Update consoles documentation
1371ae7 Add authorisation constructs to console samples
de77ca8 Misc improvements to main README
4ec3f48 Merge pull request gocardless#173 from gocardless/jace/replace-uuid
4484a12 Use google/uuid instead of satori/go.uuid
5b3ec3c Merge pull request gocardless#171 from gocardless/dependabot/docker/ubuntu-bionic-20200403
857a7b3 Merge pull request gocardless#170 from gocardless/benwh/more-logging
c73ac90 Bump ubuntu from bionic-20200311 to bionic-20200403
30a6541 Clarify ConsoleStopped audit event
4dec51f Fix nil pointer dereference in console logging
29e7368 Add note about ns deletion in integration tests
b609c57 Add audit event for consoles expiring without auth
2857899 Move TTLBeforeRunning test to integration suite
9f833c4 Merge pull request gocardless#169 from gocardless/benwh/fix-ttl-field
855f228 Fix name of defaultTtlSecondsBeforeRunning field
9d39ee4 Merge pull request gocardless#167 from gocardless/benwh/console-auth-logging
cb90111 Add authorisation info to audit logs
ee4cd81 acceptance: Use selector for runner console
ba0df1a acceptance: Fix async assertion
512ae56 acceptance: Consistently delete console template
6ccd268 Merge pull request gocardless#162 from gocardless/dyson-add-pending-auth-ttl
e60915d Also use createOrUpdate for console status updates
bf76252 Use createOrUpdate for console object updates
5403f09 Add acceptance test for consoles failing to run
57113b7 Add pending approval TTL and improve GC
9acaf11 List console authorisers (gocardless#166)
e431a8b Add authorise command (gocardless#165)
221b17d Test console creation using runner command (gocardless#164)
125f174 Merge pull request gocardless#161 from gocardless/benwh/acceptance-debug
b95f1e1 Output Kind debug logs in CI acceptance tests
7f5b97c Add hooks to console phase changes in cli helpers (gocardless#160)
9f6a8f6 Merge pull request gocardless#159 from gocardless/dyson-reconcile-consoles-with-authorisation
8542729 Add console authorisation phases to reconcile
b2a4b79 Remove owner from console authorisation
3187847 Move commands from cmd to pkg/workloads/consoles/runner (gocardless#157)
d06ce98 Merge pull request gocardless#158 from gocardless/benwh/template-validation
13ea0a2 Merge pull request gocardless#130 from gocardless/dependabot/docker/ubuntu-bionic-20200311
cd9b22c Refactor GetAuthorisationRuleForCommand
9f5fc6b Add Console Template validating webhook
de42679 Move template validation logic to helper function
7ec6ec8 Merge pull request gocardless#142 from gocardless/dyson-fix-delete-console-job
818da30 Prevent console jobs recreating on delete
9e18bc5 Merge pull request gocardless#155 from gocardless/dyson-add-labels-rolebinding
6b150cb Merge pull request gocardless#156 from gocardless/update-go-1.14
3374c22 Upgrade to golang 1.14
9898b49 Add DirectoryRoleBinding labels to RoleBinding
b0c36eb Merge pull request gocardless#145 from gocardless/benwh/auths-rbac
4d647b8 Add reconciliation of authorisation RBAC objects
17aadc2 Randomize ginkgo suites
d58235b Merge pull request gocardless#153 from gocardless/benwh/auth-match-command-type
46f10f6 Fix console job name truncate length
d7a83cc Alter ConsoleAuthorisation command matching spec
8a56db9 Merge pull request gocardless#152 from gocardless/benwh/deletion-no-reconcile
2848624 recutil: Skip reconciliation if pending deletion
ed20a1f Add option to attach on console creation (gocardless#151)
e1da0b9 Merge pull request gocardless#150 from gocardless/consoles-list-command
7c8a378 vendor deps
d9a0419 Add consoles list command
70889af Merge pull request gocardless#149 from gocardless/consoles-attach-command
cea12d1 Move CreateInteractiveStreamOptions definition
2ad7800 Vendor deps
46e85f2 Add console attach command
5f80575 Merge pull request gocardless#147 from gocardless/inline-runner-creation
a0dbba0 Merge pull request gocardless#148 from gocardless/provide-all-create-params
9118013 Pass all command arguments to create command
de073a9 Inline runner creation
d2c7cc8 Merge pull request gocardless#146 from gocardless/refactor-consoles-create-command
065a9d8 Refactor to separate the functionality from flags
327b341 Merge pull request gocardless#144 from gocardless/fix-build-all
3b9a2a0 Fix build-all step
ab534c7 Merge pull request gocardless#139 from gocardless/benwh/reconcile-auths
ad0419a Create authorisation object for consoles
1d8701f Don't require update to authorisers in webhook
35323f6 Make webhook struct fields non-public
b35d7e9 Merge pull request gocardless#138 from gocardless/benwh/console-integration-cleanup
b5525e3 Clean up console integration test
f1365ad Merge pull request gocardless#137 from gocardless/dyson-console-authorisation-admission
b540a1d Add validating console authorisation webhook
93cfd26 Bump ubuntu from bionic-20191202 to bionic-20200311
6022350 Merge pull request gocardless#136 from gocardless/benwh/faster-builds
2290606 Reorder Dockerfile for quicker builds
99f74a5 Merge pull request gocardless#132 from gocardless/lawrence-runner-cli
bd8e494 Add namespace and context flags to the cli entrypoint
f5cd2b6 Add theatre-consoles and initial create command
04c9f0d Merge pull request gocardless#135 from gocardless/benwh/kind-0-7-0
1244de4 acceptance: Support kind v0.7.0
e9d7e68 Merge pull request gocardless#133 from gocardless/dyson-add-authorisation-console-crds
0468d30 Add authorisation support to console CRDs
f2f92ec Merge pull request gocardless#126 from gocardless/dyson-increment-priority-mutate
039efb5 Increament priority webhook mutate metric
ee931db Merge pull request gocardless#125 from gocardless/lawrence-priority-injector
4bc9d28 Update kubebuilder
a7bbf6d theatre-priority-injector:
4d123db Merge pull request gocardless#122 from gocardless/revert-120-lawrence-use-envconsul-patch
5a54f75 Revert "Patch envconsul to timeout when Vault doesn't work"
ba7aff0 Merge pull request gocardless#121 from gocardless/benwh/envconsul-once
fe14e68 envconsul: Use non-daemon mode
36e28bc Merge pull request gocardless#120 from gocardless/lawrence-use-envconsul-patch
7b6a683 Patch envconsul to timeout when Vault doesn't work
25f98fc Merge pull request gocardless#119 from gocardless/dedupe-dockerfile
ea3db67 Remove duplicate COPY in Dockerfile
fecf65c Merge pull request gocardless#118 from gocardless/lawrence-use-fork
004e598 envconsul fork for duplicate secret env
78ec697 Merge pull request gocardless#116 from gocardless/dependabot/docker/golang-1.13.5
f60bd76 Merge pull request gocardless#117 from gocardless/dependabot/docker/ubuntu-bionic-20191202
fe475f9 Bump ubuntu from bionic-20191029 to bionic-20191202
103ee5c Bump golang from 1.13.4 to 1.13.5
28cb36b Merge pull request gocardless#114 from gocardless/lawrence-initialise-metrics
335eab1 Initialise envconsul webhook metrics
85def2f Merge pull request gocardless#113 from gocardless/jace/fix-makefile
482edc8 Fix Makefile to statically compile binaries
6efe976 Merge pull request gocardless#112 from gocardless/lawrence-test-non-root
4c3a5c9 Verify non-root user can access secrets
8001965 Merge pull request gocardless#111 from gocardless/lawrence-apply-fsgroup
5408b5f Apply a default fsGroup in envconsul webhook
2dfd12f Don't use base 8 for permissions
f06c441 Merge pull request gocardless#110 from gocardless/lawrence-0444-projected-token
8742ba8 Projected token is readable by all
a2b44dc Merge pull request gocardless#109 from gocardless/dyson-set-vault-metrics-address
ab54801 Add listen address for vault metrics
a513f2d Merge pull request gocardless#108 from gocardless/dyson-enable-envconsul-webhook-metrics
bd0bd41 Enable metrics in vault manager envconsul webhook
81bff83 Merge pull request gocardless#106 from gocardless/dyson-use-request-for-logging
f3cc82b Use request namespace and name if it exists
d6845c8 Merge pull request gocardless#107 from gocardless/lawrence-prometheus-metrics-for-envconsul
07ff99e Add metrics to envconsul webhook
680d127 vendor: promauto
a9bfc68 Merge pull request gocardless#105 from gocardless/jace/fix-path-namespace
a1429ec Use namespace from admission request instead of pod
aed7c67 Merge pull request gocardless#104 from gocardless/jace/multi-cluster
681aa2f Use vault path prefix to support multi-cluster secrets
3905625 Merge pull request gocardless#103 from gocardless/jace/no-secrets-exec
ec1c655 Pull in envconsul fork in Docker image
bfd26c6 Remove check for presence of secrets
3697b9b Merge pull request gocardless#101 from gocardless/lawrence-base64-decode
f23c390 README.md
d8f308c pkg/workloads/console/README.md
0aaeb88 Merge pull request gocardless#102 from gocardless/lawrence-faster-tests
a95d2a6 Merge pull request gocardless#100 from gocardless/lawrence-vault-readme
a088a8b theatre-envconsul base64-exec
65dff9e Don't build everything in build
d1ed55a Merge pull request gocardless#93 from gocardless/lawrence-use-ephemeral-service-account-tokens
54e1624 Add namespace selector for staging overlay
2392ce9 Revert "Hardcode vault-manager theatre image tag"
babfc14 Ephemeral service account tokens for Vault
554fb5f Merge pull request gocardless#92 from gocardless/dependabot/docker/ubuntu-bionic-20191029
d321525 README.md
541642e README.md
f82e583 Merge pull request gocardless#97 from gocardless/jace/webhook-namespace-selector
c3f9fa2 Merge pull request gocardless#95 from gocardless/lawrence-small-fixes
5ff211f Clean-ups missed from gocardless#94
4282f35 Use namespace selectors in webhook
dcb7675 pkg/vault/README.md
d2d3a1e Merge pull request gocardless#98 from gocardless/lawrence-filter-acceptance
dffeab9 Merge pull request gocardless#99 from gocardless/jace/kustomize-image-tag
e5396f8 Hardcode vault-manager theatre image tag
5f99142 acceptance --target
5363f91 Merge pull request gocardless#96 from gocardless/jace/single-manager
a22810d Set webhook FailurePolicy to fail
70aa8a1 Reduce vault-manager to single replica
88b4c43 Merge pull request gocardless#94 from gocardless/lawrence-acceptance-runners
e9d04a9 Acceptance test runners, with optional prepare steps
c73c45e Remove TODOs
be3b546 Bump ubuntu from bionic-20190807 to bionic-20191029
8cb2e29 Merge pull request gocardless#90 from gocardless/jace-single-replica-acceptance
788778d Reduce replicas of vault-manager for acceptance
1aca135 Merge pull request gocardless#83 from gocardless/command-arg
9b4befc Accept command as args in theatre-envconsul
8d6eb0f Merge pull request gocardless#86 from gocardless/jace/vault-manager-replicas
6b81d9c Merge pull request gocardless#89 from gocardless/dyjace-exit-no-secrets
b61a614 Increase vault-manager replicas
e311aa3 Exit theatre-envconsul if no secret is found
59be6c8 Merge pull request gocardless#88 from gocardless/dyson-namespace-google-secret
91bf4e6 Namespace google application secret
e1aeaf3 Merge pull request gocardless#87 from gocardless/dyson-fix-acceptance-tests
db9efad Use large resource_class in CI for acceptance
ec5522b Add google credential secret to acceptance tests
1f2e0c2 Merge pull request gocardless#79 from gocardless/webhook-config
c52ca92 Config for vault manager
678f60c Merge pull request gocardless#73 from gocardless/envconsul-wh
0f1eed7 Merge pull request gocardless#85 from gocardless/fix-theatreenvconsul-path
39d7962 Use working directory for theatre-envconsul install path
980bc6c Merge pull request gocardless#84 from gocardless/dyson-update-production-image-tag
2365922 Update production image tag
6bafede Add tests for vault envconsul webhook
f6c48e3 Envconsul webhook
ad96ae9 Merge pull request gocardless#82 from gocardless/jace/vault-retry
b2070a6 Disable vault retries in envconsul
b9efee3 Merge pull request gocardless#81 from gocardless/lawrence-test-envconsul
680fe26 Acceptance tests for theatre-envconsul
da35952 Merge pull request gocardless#72 from gocardless/dyson-add-envconsul
58cf666 theatre-envconsul, install & exec
2beda5f vendor: github.com/hashicorp/vault
df80689 Merge pull request gocardless#80 from gocardless/jace/install-kustomize
ddaca6f Update README for installing kustomize 3.4.0
b271d53 Merge pull request gocardless#78 from gocardless/upgrade-kustomize
423ff58 Upgrade kustomize to v3.4.0
6df26a8 Merge pull request gocardless#77 from gocardless/rnaveiras/prefix-secret-name
54a05ce Prefix secretName correctly
73b841b Merge pull request gocardless#76 from gocardless/rnaveiras/remove-secret-generator
96ffc07 Removed kustomize secret generator
8aea721 Merge pull request gocardless#75 from gocardless/lawrence-optional-metrics
557d3bc Opt-out from metric flags
8c1bbe5 Merge pull request gocardless#74 from gocardless/bump-go
8d4cf1f Update kind from 0.1.0 to 0.6.0
62516fe Bump go from 1.13.1 to 1.13.4
3a095f7 Merge pull request gocardless#71 from gocardless/lawrence-fix-controller-race
08419f9 DirectoryRoleBinding: fix "resource name may not be empty"
d0c103c Annotate errors to help debugging
3266703 Merge pull request gocardless#70 from gocardless/reconcile-errors-total
69cb696 theatre_reconcile_errors_total
f70d5db Merge pull request gocardless#68 from gocardless/dependabot/docker/golang-1.13.1
f80e7c0 Bump golang from 1.12 to 1.13.1
665bee4 Merge pull request gocardless#67 from gocardless/docker-tag
206e4e1 Use tagged image for Dockerfile
0f7600f Merge pull request gocardless#66 from gocardless/lawrence-fix-google-api-change
33daf27 Fix Google per-page to be within supported range
d6d19a2 Merge pull request gocardless#63 from gocardless/craig/bump-go-docker-builder
c852acb Use Go 1.12 to build theatre for Docker image
8080219 Merge pull request gocardless#61 from gocardless/lawrence-boost-workloads
a190963 Boost workloads memory limit
bf20db7 Merge pull request gocardless#60 from gocardless/benwh/acceptance-fixes
01c5dad Dump logs on acceptance failure
26f59bc Speed up acceptance test execution
5f49106 Add flag to show progress in acceptance tests
50f5c98 Merge pull request gocardless#57 from gocardless/craig/wait-for-rolebinding
1aa119b Remove excessive newlines from runner_test
bb0ba4a WaitUntilReady waits for RoleBinding
283c5ec Merge pull request gocardless#58 from gocardless/craig/fix-log-permissions
9b91fa4 Fix typo in pods/log permission
97988cb Merge pull request gocardless#56 from gocardless/rnaveiras/console-additional-printer-columns
fb5cc64 Regenerated client
e2c524c Updated vendor k8s, controller-{runtime,tools}
c913469 Add additional printer colums to consoles
2bada9f Merge pull request gocardless#55 from gocardless/rnaveiras/log-audit
7b71296 Add audit log when console phase changes
8a58056 Consoles are eligible for GC after CompletionTime
495f7f5 Add ConsoleStatus CompletionTime
ebc7c9d Watch Job events and reconcile for an owner
0be2b56 Merge pull request gocardless#53 from gocardless/craig/console-helpers
567ef2d Merge pull request gocardless#54 from gocardless/benwh/restart-policy
7dcde73 Update dependency instructions to be Darwin only.
139bae0 Always set a console pod's RestartPolicy to Never
250592d Some helpers for finding console objects
22d369d Add instructions to make kustomize executable
f48e68e Merge pull request gocardless#52 from gocardless/benwh/fix-negative-requeue
4c028cb Fix negative RequeueAfter value
1b95e09 Merge pull request gocardless#51 from gocardless/craig/create-console-with-reason
2721949 Console create factory options include reason
459db59 Merge pull request gocardless#50 from gocardless/lawrence-rbac-manager-in-acceptance
8fa3cf8 Merge pull request gocardless#49 from gocardless/rnaveiras/rbac-role-for-pod-resources
67bea3d Create Role with the console Pod as resourceNames
8efcf25 Flag to enable rbac GoogleGroup provider
2776a4b Merge pull request gocardless#48 from gocardless/rnaveiras/rolebindings
2dc1569 Replace RoleBinding for DirectoryRoleBinding
8578f82 Merge pull request gocardless#47 from gocardless/craig/waituntilready-returns-console
76cf54a WaitUntilReady returns up-to-date console
bd28361 Merge pull request gocardless#44 from gocardless/rnaveiras/console-labels
297d7fb GetAttachablePod uses ConsoleStatus
18ba667 Consoles inheritance labels from console templates
0b8c22b Enforce jobName and attach labels to job and pods
58c59be Merge pull request gocardless#45 from gocardless/benwh/events
dd01ab2 Add RecorderAwareCaller
b07fbe7 Clean up console events
a2a3fef Merge pull request gocardless#41 from gocardless/craig/update-example-consoletemplate-labels
4fb6a28 Update example ConsoleTemplate metadata
4ef3618 Merge pull request gocardless#42 from gocardless/lawrence-pause-before-accepting
c61df56 Pause for 10s before running acceptance
ce1a8a1 Merge pull request gocardless#38 from gocardless/lawrence-raul-reconcile-helper
c6d5f17 Merge pull request gocardless#39 from gocardless/craig/little-bits
f34cdc5 Don't delete test namespaces
b6aae1e Use ResolveAndReconcile in console controller
0466ec9 pkg/reconcile -> pkg/recutil
af4c1e8 Remove small redundant things
83b4614 Integration test servers listen on localhost
ce9e017 reconcile.ResolveAndReconcile
29d7be8 Support short help flag
4dbe7f2 More idiomatic ginkgo recursive invocation
5058589 Merge pull request gocardless#37 from gocardless/craig/use-ginkgo-runner
437cd60 Use ginkgo test runner in CI
f52627a Merge pull request gocardless#36 from gocardless/benwh/job-backoff
e3371c5 Set backoffLimit in job spec
3cd6618 Merge pull request gocardless#35 from gocardless/benwh/command-handling
7b57c2e Fix command handling
42a9087 runner: Set console command in spec
2cca85c Merge pull request gocardless#34 from gocardless/hmac/getpod
94e7676 Add GetAttachablePod method to Runner
70ee757 vendor: k8s.io/client-go/kubernetes/fake
934fa5b Merge pull request gocardless#33 from gocardless/benwh/add-command
11b1a86 Populate console job with command and set container properties
7fecee8 Merge pull request gocardless#32 from gocardless/benwh/console-runner
d67e999 Merge pull request gocardless#31 from gocardless/hmac/gc
b7260ea GC consoles after 24 hours
ccb5ec8 Add a console Runner package
529acdb Merge pull request gocardless#29 from gocardless/hmac/timeouts
fa1fd7c Clamp timeout to [1, template.MaxTimeoutSeconds]
a79334c Merge pull request gocardless#30 from gocardless/hmac/template-owns-console
35914b6 Clean up clientset for acceptance test
f100d01 Test console template deletion
7ab9829 Make the template own its consoles
a3004fd Merge pull request gocardless#26 from gocardless/hmac/acceptance
8c435b7 Set kubeconfig in acceptance binary
9c1af2a Add acceptance script for consoles
e436ab3 Merge pull request gocardless#20 from gocardless/hmac/label-on-job
4accfa4 Add the user as a label on the job created by a console
7b61cd0 Merge pull request gocardless#28 from gocardless/hmac/status
8b3250a Add PodName and Phase to Console.Status
5451fce Merge pull request gocardless#27 from gocardless/hmac/active-deadline-seconds
ead8bbc Use Job's ActiveDeadlineSeconds to model console expiration
f83485d Merge pull request gocardless#25 from gocardless/hmac/console-template-client
c0244d4 Generate client for ConsoleTemplates
b07a791 Merge pull request gocardless#23 from gocardless/hmac/create-or-update2
a8578da Namespace CreateOrUpdate outcome logging
68f504c Make Reconciler private
efc76e2 Drop Reconcile prefix from events
a584b66 var -> const
8adf8eb reconcile.Operation -> reconcile.Outcome
0fae907 Remove Recreate operation from reconcile.CreateOrUpdate
52f86a9 Clarify comment around Job metadata
1c35b7c Fix bug preventing consoles from being expired
73cc3a3 ConsoleReconciler -> Reconciler
d098d52 Improve naming of createOrUpdate wrapper
bebe9ee DRY up calls to CreateOrUpdate
7fa8015 Use CreateOrUpdate for Jobs
4e746f0 Standardise logging values
81f87e0 Temporarily disable event recording
bd7b0d6 Use reconcile.CreateOrUpdate instead of findOrCreate
317b617 Alias the controller-runtime reconcile package
21e168f Add reconcile package
eed19b7 Test that controller reference is set correctly
e396baf Remove unnecessary function arguments
b3411cc Extract core reconciliation code into a separate component
fbe5938 Merge pull request gocardless#22 from gocardless/benwh/expire-console
69b796f Improve console reconcile control flow
bad7238 Implement expiration of console jobs
89d84c8 Merge pull request gocardless#19 from gocardless/hmac/rolebindings
d1c64da Create pods/exec role and rolebindings
c9b9496 Merge pull request gocardless#18 from gocardless/benwh/add-controller-tools
6cb9c63 Use vendored controller-gen to build manifests
b79bb7f vendor: sigs.k8s.io/controller-tools/cmd/controller-gen
f222e5c Make controller-gen required
809f850 Merge pull request gocardless#16 from gocardless/benwh/console-api-validation-2
590f27c Add validation for timeout fields
e95dff9 Merge pull request gocardless#15 from gocardless/benwh/console-api-validation
265e3d2 Cleanup of console types
959d935 Merge pull request gocardless#14 from gocardless/hmac/pod-create
0e7a33b Explain why we disable the ServiceAccount plugin
8e864b3 Allow consoles controller to create validating webhooks
27cb748 Clean up logging
3a46bf8 Clean up tests
9cb59dd Create job instead of pod in console controller
1fd623e Add example console(template) manifests
119dae6 Give workloads manager permission to manage Jobs
b55e8d1 Ensure that the consoletemplate is registered with the cluster
8a500af Ensure ExpiryTime is omitted in validation
3643b94 Add CI job to check generated CRDs
df62cc7 Rename Kubernetes imports to proper convention
d9a3ecd Make generated manifests pretty
0c23a1e Generate CRDs with controller-gen
c94f276 Add ConsoleTemplate object and additional fields
7a7fb49 Disable the Service Account admission plugin in integration
5662697 Create pod when reconciling consoles
b135c00 Merge pull request gocardless#12 from gocardless/lawrence-update-kind-documentation
2f9a2ea Merge pull request gocardless#13 from gocardless/hmac/creds
50fc4bc Fetch google application credentials from existing secret
79182a3 Add destroy flag to acceptance cmd
89af536 Acceptance flow for development
79d59bd Merge pull request gocardless#11 from gocardless/lawrence-add-stable-production-env
0ebc5c2 Add stable production deployment
f22156b Merge pull request gocardless#10 from gocardless/lawrence-transfer-ownership
34f8cc0 Update docker container URLs
1fa7741 Update CircleCI config for GoCardless
177cd73 README: This is about the team now
2b2c542 Add MIT license
07da6cd lawrencejones/theatre -> gocardless/theatre
1f3da3f lawrjone.xyz -> gocardless.com
a2308c7 Make function signatures consistent
90616ae Merge pull request gocardless#9 from lawrencejones/lawrence-rbac-creator
12df1ac pkg/workloads/console/integration
eeb1feb Skeleton workloads controller and webhooks
c83aa2b make codegen: add workloads:v1alpha1
fa86188 pkg/apis/workloads: Console (no codegen)
054ed26 vendor: controller-runtime
5e8c881 Fix package names in suite_test.go
df8c044 Clean-up rbac-manager
6269ffe Merge pull request #8 from lawrencejones/lawrence-split-managers-by-api-group
f97ac33 Split managers by API Group
9ff65b5 Separate functionality by api group
92ae371 Merge pull request #7 from lawrencejones/lawrence-remove-sudo-role-binding
f926c09 Remove unnecessary PROJECT file
b0072d9 Remove SudoRoleBinding
fbf6d90 Merge pull request #6 from lawrencejones/lawrence-dont-use-default-service-account
aee59d7 Don't use default service account
52ba338 Update README
e4ae5f7 Update README
b45696b Ignore bin/ in docker builds
fb5593c Merge pull request #4 from lawrencejones/lawrence-drb-use-spec
ba5ddd7 unit -> unit-integration in CircleCI
81097d6 Use Spec on DirectoryRoleBinding
cf2677c Merge pull request #3 from lawrencejones/lawrence-paginate-google-groups
87af681 Paginate Google groups
0b2b23f Merge pull request #2 from lawrencejones/lawrence-cache-directory-lookups
06dd3f5 Cache directory lookups, periodically refresh
333a466 We got tests bro
b8b7f48 Personal next step todo list
8792df2 pkg/controllers/directoryrolebinding/integration
de20430 vendor
5d5f9aa Namespace integration test actions
2bcd5b2 Integration tests for DirectoryRoleBinding
33c5b4f Start of an acceptance testing environment
ac938a8 vendor
989bc77 vendor
333b6bf apt-get install ca-certificates
f883339 Updated to use kustomize
b0bfb9a make test
7ce21a9 Remove dead code
04e640d Add DirectoryRoleBinding example to README
7608d8e DirectoryRoleBinding now more idiomatic
ee8d8f5 Expand the readme
d962c94 Create checklist for features and implementation
5c70465 SudoRoleBinding is not yet fully possible: see comment
9c05ab6 Use manager more directly
dcce834 Create client for SudoRoleBinding
fc38afd Use constant, not string literal
799e2bb Unnecessary import
ac377e4 Fully qualify controller name
98d5082 Integrate kubernetes recorder with kitlog
f3fcb27 Log to kubernetes events
b30ab59 Add labels to manager
cc06bb9 No need for an additional rbac directory
f5e5c80 Update docker image reference
08b8902 Dockerfile
d1bd8b4 Update auto-generated client
c5a5078 vendor
31c102c circleci.yml
89553f7 Test for unregistered API groups
9ab39ac vendor
d0ea97a vendor
61bcb3e vendor
d70541e Hand-rolled signals
ef4db4e Use Reconcile approach
eeb672c operators -> theatre
ba317d2 rbac-directory -> operators, gocardless.io -> lawrjone.xyz
5fabb34 Working manager
a341365 vendor
2964b74 Resolve members from google groups
8b6a82a vendor
8f4d41a Workloop now processing
ac73174 vendor
f9e624d Clean-up
6e9b4f9 rbac.gocardless.io -> rbac
aec78c0 Some stuff
b8e92a4 initial commit

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

v4.2.2

Changelog