Initial fixes

Minimal refactor and fixes:

* Add dockerignore file to re-use already built images
* Add Image Pull Secrets to Deployment Template (https://github.com/keel-hq/keel/pull/758)
* Update Go Version to 1.21 (https://github.com/keel-hq/keel/pull/751)
* Added Github Workflow to use the Github repository as a Helm Chart Repository through Github Pages
* Create debug container to allow GO remote debugging
* Add integration with Azure Pipelines
* Add compose files to setup local development containers

.dockerignore

@@ -0,0 +1,21 @@
+**/.git
+envsettings.ps1
+envsettings.ps1.template
+helpers.ps1
+LICENSE
+compose.yml
+compose.tests.yml
+build.ps1
+azure-pipelines.yml
+.gitignore
+.drone.yml
+readme.md
+serviceaccount/*
+chart/*
+Dockerfile
+Dockerfile.debug
+Dockerfile.aarch64
+Dockerfile.armhf
+Dockerfile.debian
+Dockerfile.local
+Dockerfile.tests

.drone.yml

@@ -7,17 +7,17 @@ workspace:
 
 steps:
 - name: unit-test
-  image: golang:1.20.1
+  image: golang:1.21.3
   commands:
     - make test
 
 - name: build
-  image: golang:1.20.1
+  image: golang:1.21.3
   commands:
     - make install
 
 - name: build-ui
-  image: node:9.11.1-alpine
+  image: node:16.20.2-alpine
   commands:
     - cd ui
     - yarn

.github/workflows/releasecharts.yaml

@@ -0,0 +1,37 @@
+name: Release Charts
+on:
+  push:
+    tags:
+      - "chart-*"
+jobs:
+  release:
+    # depending on default permission settings for your org (contents being read-only or read-write for workloads), you will have to add permissions
+    # see: https://docs.github.com/en/actions/security-guides/automatic-token-authentication#modifying-the-permissions-for-the-github_token
+    permissions:
+      contents: write
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+      - name: Configure Git
+        run: |
+          git config user.name "$GITHUB_ACTOR"
+          git config user.email "$GITHUB_ACTOR@users.noreply.github.com"
+      - name: Install Helm
+        uses: azure/setup-helm@v4.2.0
+      - name: Extract tag version
+        id: get_version
+        run: echo "version=${GITHUB_REF##*/chart-}" >> $GITHUB_ENV
+      - name: Update Chart.yaml version
+        run: |
+          sed -i "s/^version:.*/version: ${GITHUB_ENV_VERSION}/" chart/keel/Chart.yaml
+        env:
+          GITHUB_ENV_VERSION: ${{ env.version }}
+      - name: Run chart-releaser
+        uses: helm/chart-releaser-action@v1.6.0
+        with:
+          charts_dir: chart
+        env:
+          CR_TOKEN: "${{ secrets.GITHUB_TOKEN }}"

.gitignore

@@ -8,4 +8,6 @@ hack/deployment-rbac.yaml
 hack/deployment-norbac-helm.yaml
 .vscode
 .idea/
-tests.out
+tests.out
+envsettings.ps1
+serviceaccount/*

Dockerfile

@@ -1,9 +1,9 @@
-FROM golang:1.20.5
+FROM golang:1.21.3
 COPY . /go/src/github.com/keel-hq/keel
 WORKDIR /go/src/github.com/keel-hq/keel
 RUN make install
 
-FROM node:9.11.1-alpine
+FROM node:16.20.2-alpine
 WORKDIR /app
 COPY ui /app
 RUN yarn

Dockerfile.debug

@@ -0,0 +1,29 @@
+FROM golang:1.21.3
+COPY . /go/src/github.com/keel-hq/keel
+WORKDIR /go/src/github.com/keel-hq/keel
+RUN make install-debug
+
+FROM node:16.20.2-alpine
+WORKDIR /app
+COPY ui /app
+RUN yarn
+RUN yarn run lint --no-fix
+RUN yarn run build
+
+FROM golang:1.21.3
+
+RUN apt-get update && \
+    apt-get install -y --no-install-recommends ca-certificates && \
+    rm -rf /var/lib/apt/lists/*
+
+VOLUME /data
+ENV XDG_DATA_HOME /data
+
+COPY --from=0 /go/bin/keel /bin/keel
+COPY --from=1 /app/dist /www
+COPY --from=0 /go/bin/dlv /
+#ENTRYPOINT ["/bin/keel"]
+ENTRYPOINT ["/dlv", "--listen=:40000", "--headless=true", "--api-version=2", "--accept-multiclient", "exec", "/bin/keel"]
+
+EXPOSE 9300
+EXPOSE 40000

Dockerfile.tests

@@ -0,0 +1,11 @@
+FROM golang:1.21.3
+
+# Install tparse and go-junit-report
+RUN go install github.com/mfridman/tparse@latest && \
+    go install github.com/jstemmer/go-junit-report@latest
+
+COPY . /go/src/github.com/keel-hq/keel
+
+WORKDIR /go/src/github.com/keel-hq/keel
+
+ENTRYPOINT ["tail", "-f", "/dev/null"]

Makefile

@@ -64,6 +64,11 @@ install:
 	# CGO_ENABLED=0 GOOS=linux go install -ldflags "$(LDFLAGS)" github.com/keel-hq/keel/cmd/keel	
 	GOOS=linux go install -ldflags "$(LDFLAGS)" github.com/keel-hq/keel/cmd/keel	
 
+install-debug:
+	@echo "++ Installing keel with debug flags"
+	go install github.com/go-delve/delve/cmd/dlv@latest
+	GOOS=linux go install -gcflags "all=-N -l" -ldflags "$(LDFLAGS)" github.com/keel-hq/keel/cmd/keel
+
 image:
 	docker build -t keelhq/keel:alpha -f Dockerfile .
 

azure-pipelines.yml

@@ -0,0 +1,71 @@
+trigger:
+  branches:
+    include:
+      - '*'
+  tags:
+    include:
+      - '*'
+pr:
+  branches:
+    exclude:
+      - '*'
+resources:
+- repo: self
+variables:
+  tag: '$(Build.BuildId)'
+  vmImage: 'ubuntu-latest'
+stages:
+- stage: Build
+  displayName: Build
+  jobs:
+  - job: Build
+    timeoutInMinutes: 120
+    displayName: Build
+    pool:
+      vmImage: $(vmImageName)
+      name: Test-Rafael
+    steps:
+    - pwsh: .\build.ps1
+      name: build_images
+      displayName: 'Build images'
+      env:
+        REGISTRY_USER: $(REGISTRY_USER)
+        REGISTRY_PWD: $(REGISTRY_PWD)
+        REGISTRY_PATH: $(REGISTRY_PATH)
+        IMAGE_VERSION: $(Build.SourceBranchName)
+    - pwsh: .\build.ps1 -RunTests
+      name: run_tests
+      displayName: 'Run tests'
+      env:
+        REGISTRY_USER: $(REGISTRY_USER)
+        REGISTRY_PWD: $(REGISTRY_PWD)
+        REGISTRY_PATH: $(REGISTRY_PATH)
+        IMAGE_VERSION: $(Build.SourceBranchName)
+        TESTDIR: '$(System.DefaultWorkingDirectory)/Tests'
+    - task: PublishTestResults@2
+      name: publish_tests_results
+      displayName: 'Publish Test Results'
+      condition: and(not(canceled()), not(contains(variables['Build.SourceVersionMessage'], '[notest]')))
+      inputs:
+        testResultsFormat: 'JUnit' # 'JUnit' | 'NUnit' | 'VSTest' | 'XUnit' | 'CTest'. Alias: testRunner. Required. Test result format. Default: JUnit.
+        testResultsFiles: '**/*.xml' # string. Required. Test results files. Default: **/TEST-*.xml.
+        searchFolder: '$(System.DefaultWorkingDirectory)/Tests' # string. Search folder. Default: $(System.DefaultWorkingDirectory).
+        # mergeTestResults: true
+        failTaskOnFailedTests: true
+        failTaskOnFailureToPublishResults: true
+        failTaskOnMissingResultsFile: true
+        testRunTitle: Pester
+        # Advanced
+        #buildPlatform: # string. Alias: platform. Build Platform.
+        #buildConfiguration: # string. Alias: configuration. Build Configuration.
+        publishRunAttachments: true
+    - pwsh: .\build.ps1 -Push
+      name: push_containers
+      displayName: 'Push images'
+      # Only push if this is a tag, and the tests passed
+      condition: or(and(succeeded(), startsWith(variables['Build.SourceBranch'], 'refs/tags/')), contains(variables['Build.SourceVersionMessage'], '[push]'))
+      env:
+        REGISTRY_USER: $(REGISTRY_USER)
+        REGISTRY_PWD: $(REGISTRY_PWD)
+        REGISTRY_PATH: $(REGISTRY_PATH)
+        IMAGE_VERSION: $(Build.SourceBranchName)

build.ps1

@@ -0,0 +1,114 @@
+#!/usr/bin/powershell -Command
+
+##################################################
+# Main build script, this is used both for local
+# development and in continuous integration
+# to build and push the images
+##################################################
+
+param (
+    [switch]$Push = $false,
+    [switch]$RunTests = $false,
+    [switch]$StartContainers = $false,
+    [switch]$StartDebugContainers = $false
+)
+
+$global:ErrorActionPreference = 'Stop'
+
+. .\helpers.ps1
+
+$TESTDIR = $Env:TESTDIR;
+if ([string]::IsNullOrWhiteSpace($TESTDIR)) {
+    $TESTDIR = Get-Location;
+}
+
+# If there is a local environment envsettings
+# file, load it. In pipelines, these are all comming
+# from environment variables.
+if (Test-Path "envsettings.ps1") {
+  .\envsettings.ps1;
+}
+
+# Ensure we are in LINUX containers
+if (-not(Test-Path $Env:ProgramFiles\Docker\Docker\DockerCli.exe)) {
+  Get-Command docker
+  Write-Warning "Docker cli not found at $Env:ProgramFiles\Docker\Docker\DockerCli.exe"
+}
+else {
+  Write-Warning "Switching to Linux Engine"
+  & $Env:ProgramFiles\Docker\Docker\DockerCli.exe -SwitchLinuxEngine
+}
+
+$Env:SERVICEACCOUNT = Join-Path (split-path -parent $MyInvocation.MyCommand.Definition) "serviceaccount"
+
+# Define the array of environment variable names to check
+$envVarsToCheck = @(
+    "IMAGE_VERSION",
+    "REGISTRY_PATH"
+)
+
+foreach ($envVarName in $envVarsToCheck) {
+    $envVarValue = [System.Environment]::GetEnvironmentVariable($envVarName)
+    if ([string]::IsNullOrWhiteSpace($envVarValue)) {
+        throw "Environment variable '$envVarName' is empty or not set. Rename envsettings.ps1.template to envsettings.ps1 and complete the environment variables or set them for the current environment."
+    }
+}
+
+$version = $ENV:IMAGE_VERSION;
+$containerregistry = $ENV:REGISTRY_PATH;
+
+Write-Host "Environment IMAGE_VERSION: $($version)"
+Write-Host "Environment REGISTRY_PATH: $($containerregistry)"
+
+if (-not $containerregistry.EndsWith('/')) {
+    # Add a slash to the end of $containerregistry
+    $containerregistry = "$containerregistry/"
+}
+
+# Image names
+$Env:IMG_KEEL = "$($containerregistry)keel:$($version)";
+$Env:IMG_KEEL_DEBUG = "$($containerregistry)keel-debug:$($version)";
+$Env:IMG_KEEL_TESTS = "$($containerregistry)keel-tests:$($version)";
+
+docker compose build
+ThrowIfError
+
+if ($StartContainers) {
+    docker compose up
+    ThrowIfError
+}
+
+if ($StartDebugContainers) {
+    docker compose -f compose.debug.yml up
+    ThrowIfError
+}
+
+if ($RunTests -eq $true) {
+    Write-Host "Running tests..."
+    docker compose -f compose.tests.yml up -d --build
+    ThrowIfError
+    $testResultsFile = "/go/src/github.com/keel-hq/keel/test_results.json"
+    $localResultsPath = Join-Path $TESTDIR "test_results.xml"
+    $containerName = "keel_tests"
+    docker exec $containerName sh -c "make test"
+    # This one is to export the results
+    docker exec $containerName sh -c "go test -v `$(go list ./... | grep -v /tests) -cover 2>&1 | go-junit-report > $testResultsFile"
+    docker cp "$($containerName):$($testResultsFile)" $localResultsPath
+    Write-Host "Test results copied to $localResultsPath"
+    docker compose -f compose.tests.yml down
+}
+
+if ($Push) {
+    if ($Env:REGISTRY_USER -and $Env:REGISTRY_PWD) {
+        Write-Output "Container registry credentials through environment provided."
+
+        # Identify the registry
+        $registryHost = $ENV:REGISTRY_SERVER;
+        Write-Output "Remote registry host: $($registryHost)";
+        docker login "$($registryHost)" -u="$($Env:REGISTRY_USER)" -p="$($Env:REGISTRY_PWD)"
+        ThrowIfError
+    }
+
+    docker push "$($Env:IMG_KEEL)"
+}
+

chart/deploy/index.yaml

@@ -1,25 +0,0 @@
-apiVersion: v1
-entries:
-  keel-custom:
-  - apiVersion: v1
-    appVersion: 0.19.1
-    created: "2024-04-16T11:29:16.081946513+02:00"
-    description: Open source, tool for automating Kubernetes deployment updates. This
-      is a custom fork of the original Keel project.
-    digest: 993ae9d81b0dc854ee5666ad3d58c0647f730419b7b80c794c86cdb4a0e03460
-    home: https://clem59170.github.io/keel
-    icon: https://raw.githubusercontent.com/keel-hq/keel/master/static/keel-logo.png
-    keywords:
-    - kubernetes deployment
-    - helm release
-    - continuous deployment
-    maintainers:
-    - name: clem59170
-    name: keel-custom
-    sources:
-    - https://github.com/keel-hq/keel
-    - https://github.com/clem59170/keel
-    urls:
-    - https://clem59170.github.io/keel/chart/deploy/keel-custom-1.0.4.tgz
-    version: 1.0.4
-generated: "2024-04-16T11:29:16.079721369+02:00"

chart/keel/Chart.yaml

@@ -1,7 +1,7 @@
 apiVersion: v1
-name: keel-custom
+name: keel-chart
 description: Open source, tool for automating Kubernetes deployment updates. This is a custom fork of the original Keel project.
-version: 1.0.4
+version: 1.0.5
 appVersion: 0.19.1
 keywords:
 - kubernetes deployment

chart/keel/README.md

@@ -147,6 +147,7 @@ The following table lists has the main configurable parameters (polling, trigger
 | `persistence.enabled`                       | Enable/disable audit log persistence   | `true`                                                    |
 | `persistence.storageClass`                  | Storage Class for the Persistent Volume| `-`                                                       |
 | `persistence.size`                          | Persistent Volume size                 | `1Gi`                                                     |
+| `imagePullSecrets`                          | Image pull secrets                     | `[]`                                                      |
 
 Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`.
 

chart/keel/templates/deployment.yaml

@@ -25,6 +25,10 @@ spec:
 {{- end }}
     spec:
       serviceAccountName: {{ template "serviceAccount.name" . }}
+{{- with .Values.imagePullSecrets }}
+      imagePullSecrets:
+{{- toYaml . | nindent 8 }}
+{{- end }}
       containers:
 {{- if .Values.extraContainers }}
 {{ toYaml .Values.extraContainers | indent 8 }}

chart/keel/values.yaml

@@ -7,6 +7,9 @@ image:
   tag: null
   pullPolicy: Always
 
+# Image pull secrets
+imagePullSecrets: []
+
 # Enable insecure registries
 insecureRegistry: false
 

cmd/keel/main.go

@@ -8,8 +8,9 @@ import (
 
 	"context"
 
+	kingpin "github.com/alecthomas/kingpin/v2"
 	"github.com/prometheus/client_golang/prometheus"
-	kingpin "gopkg.in/alecthomas/kingpin.v2"
+
 	kube "k8s.io/client-go/kubernetes"
 	"k8s.io/client-go/rest"
 

compose.debug.yml

@@ -0,0 +1,22 @@
+services:
+  keel-debug:
+    image: ${IMG_KEEL_DEBUG}
+    security_opt:
+      - apparmor=unconfined
+    cap_add:
+      - SYS_PTRACE
+    container_name: keel-debug
+    build:
+      context: .
+      dockerfile: Dockerfile.debug
+    environment:
+      -  KUBERNETES_SERVICE_HOST=${KUBERNETES_SERVICE_HOST}
+      -  KUBERNETES_SERVICE_PORT=${KUBERNETES_SERVICE_PORT}
+      -  BASIC_AUTH_USER=admin
+      -  BASIC_AUTH_PASSWORD=admin
+    volumes:
+      - ${SERVICEACCOUNT}:/var/run/secrets/kubernetes.io/serviceaccount
+    ports:
+      - '9301:9300'
+      - '8000:8000'
+      - '40000:40000'

compose.tests.yml

@@ -0,0 +1,7 @@
+services:
+  keel_tests:
+    image: ${IMG_KEEL_TESTS}
+    container_name: keel_tests
+    build:
+      context: .
+      dockerfile: Dockerfile.tests

compose.yml

@@ -0,0 +1,16 @@
+services:
+  keel:
+    image: ${IMG_KEEL}
+    container_name: keel
+    build:
+      context: .
+      dockerfile: Dockerfile
+    environment:
+      -  KUBERNETES_SERVICE_HOST=${KUBERNETES_SERVICE_HOST}
+      -  KUBERNETES_SERVICE_PORT=${KUBERNETES_SERVICE_PORT}
+      -  BASIC_AUTH_USER=admin
+      -  BASIC_AUTH_PASSWORD=admin
+    volumes:
+      - ${SERVICEACCOUNT}:/var/run/secrets/kubernetes.io/serviceaccount
+    ports:
+      - '9300:9300'

envsettings.ps1.template

@@ -0,0 +1,7 @@
+$ENV:REGISTRY_PATH = "myregistry.azurecr.io/core/"
+$ENV:IMAGE_VERSION = "1.0.32";
+$ENV:REGISTRY_SERVER = ""
+$ENV:REGISTRY_USER = ""
+$ENV:REGISTRY_PWD = ""
+$ENV:KUBERNETES_SERVICE_HOST = "xxxx.hcp.region.azmk8s.io"
+$ENV:KUBERNETES_SERVICE_PORT = "443"

go.mod

@@ -1,154 +1,160 @@
 module github.com/keel-hq/keel
 
-go 1.19
+go 1.21
 
 replace (
-	k8s.io/api => k8s.io/api v0.26.3
-	k8s.io/apiextensions-apiserver => k8s.io/apiextensions-apiserver v0.26.3
-	k8s.io/apimachinery => k8s.io/apimachinery v0.26.3
-	k8s.io/apiserver => k8s.io/apiserver v0.26.3
-	k8s.io/cli-runtime => k8s.io/cli-runtime v0.26.3
-	k8s.io/client-go => k8s.io/client-go v0.26.3
-	k8s.io/cloud-provider => k8s.io/cloud-provider v0.26.3
-	k8s.io/cluster-bootstrap => k8s.io/cluster-bootstrap v0.26.3
-	k8s.io/code-generator => k8s.io/code-generator v0.26.3
-	k8s.io/component-base => k8s.io/component-base v0.26.3
-	k8s.io/cri-api => k8s.io/cri-api v0.26.3
-	k8s.io/csi-translation-lib => k8s.io/csi-translation-lib v0.26.3
-	k8s.io/kube-aggregator => k8s.io/kube-aggregator v0.26.3
-	k8s.io/kube-controller-manager => k8s.io/kube-controller-manager v0.26.3
-	k8s.io/kube-proxy => k8s.io/kube-proxy v0.26.3
-	k8s.io/kube-scheduler => k8s.io/kube-scheduler v0.26.3
-	k8s.io/kubectl => k8s.io/kubectl v0.26.3
-	k8s.io/kubelet => k8s.io/kubelet v0.26.3
-	k8s.io/legacy-cloud-providers => k8s.io/legacy-cloud-providers v0.26.3
-	k8s.io/metrics => k8s.io/metrics v0.26.3
-	k8s.io/sample-apiserver => k8s.io/sample-apiserver v0.26.3
+	k8s.io/api => k8s.io/api v0.28.3
+	k8s.io/apiextensions-apiserver => k8s.io/apiextensions-apiserver v0.28.3
+	k8s.io/apimachinery => k8s.io/apimachinery v0.28.3
+	k8s.io/apiserver => k8s.io/apiserver v0.28.3
+	k8s.io/cli-runtime => k8s.io/cli-runtime v0.28.3
+	k8s.io/client-go => k8s.io/client-go v0.28.3
+	k8s.io/cloud-provider => k8s.io/cloud-provider v0.28.3
+	k8s.io/cluster-bootstrap => k8s.io/cluster-bootstrap v0.28.3
+	k8s.io/code-generator => k8s.io/code-generator v0.28.3
+	k8s.io/component-base => k8s.io/component-base v0.28.3
+	k8s.io/cri-api => k8s.io/cri-api v0.28.3
+	k8s.io/csi-translation-lib => k8s.io/csi-translation-lib v0.28.3
+	k8s.io/kube-aggregator => k8s.io/kube-aggregator v0.28.3
+	k8s.io/kube-controller-manager => k8s.io/kube-controller-manager v0.28.3
+	k8s.io/kube-proxy => k8s.io/kube-proxy v0.28.3
+	k8s.io/kube-scheduler => k8s.io/kube-scheduler v0.28.3
+	k8s.io/kubectl => k8s.io/kubectl v0.28.3
+	k8s.io/kubelet => k8s.io/kubelet v0.28.3
+	k8s.io/legacy-cloud-providers => k8s.io/legacy-cloud-providers v0.28.3
+	k8s.io/metrics => k8s.io/metrics v0.28.3
+	k8s.io/sample-apiserver => k8s.io/sample-apiserver v0.28.3
 )
 
-replace helm.sh/helm/v3 => helm.sh/helm/v3 v3.11.2
+replace helm.sh/helm/v3 => helm.sh/helm/v3 v3.13.1
 
-replace k8s.io/kubernetes => k8s.io/kubernetes v1.26.3
+replace k8s.io/kubernetes => k8s.io/kubernetes v1.28.3
 
 require (
-	cloud.google.com/go/pubsub v1.37.0
+	cloud.google.com/go/pubsub v1.33.0
 	github.com/Masterminds/semver v1.5.0
-	github.com/aws/aws-sdk-go v1.44.240
+	github.com/aws/aws-sdk-go v1.46.6
+	github.com/containerd/containerd v1.7.11 // indirect
 	github.com/daneharrigan/hipchat v0.0.0-20170512185232-835dc879394a
 	github.com/dgrijalva/jwt-go v3.2.0+incompatible
-	github.com/docker/distribution v2.8.1+incompatible
-	github.com/google/uuid v1.6.0
+	github.com/docker/distribution v2.8.3+incompatible
+	github.com/docker/docker v24.0.7+incompatible // indirect
+	github.com/google/uuid v1.4.0
 	github.com/gorilla/mux v1.8.0
 	github.com/jinzhu/gorm v1.9.16
 	github.com/jmoiron/sqlx v1.3.5 // indirect
 	github.com/opencontainers/go-digest v1.0.0
-	github.com/opencontainers/image-spec v1.1.0-rc2
-	github.com/prometheus/client_golang v1.14.0
+	github.com/opencontainers/image-spec v1.1.0-rc5
+	github.com/prometheus/client_golang v1.17.0
 	github.com/rusenask/cron v1.1.0
 	github.com/rusenask/docker-registry-client v0.0.0-20200210164146-049272422097
 	github.com/ryanuber/go-glob v1.0.0
-	github.com/sirupsen/logrus v1.9.0
-	github.com/slack-go/slack v0.12.2
+	github.com/sirupsen/logrus v1.9.3
+	github.com/slack-go/slack v0.12.3
 	github.com/stretchr/testify v1.8.4
 	github.com/tbruyelle/hipchat-go v0.0.0-20170717082847-35aebc99209a
 	github.com/urfave/negroni v1.0.0
-	golang.org/x/net v0.22.0
-	google.golang.org/api v0.170.0
-	google.golang.org/grpc v1.62.1
-	gopkg.in/alecthomas/kingpin.v2 v2.2.6
-	helm.sh/helm/v3 v3.11.2
-	k8s.io/api v0.26.3
-	k8s.io/apimachinery v0.26.3
-	k8s.io/cli-runtime v0.26.3
-	k8s.io/client-go v0.26.3
-	sigs.k8s.io/yaml v1.3.0
+	golang.org/x/crypto v0.17.0 // indirect
+	golang.org/x/net v0.17.0
+	google.golang.org/api v0.148.0
+	google.golang.org/grpc v1.59.0
+	helm.sh/helm/v3 v3.13.1
+	k8s.io/api v0.28.3
+	k8s.io/apimachinery v0.28.3
+	k8s.io/cli-runtime v0.28.3
+	k8s.io/client-go v0.28.3
+	sigs.k8s.io/yaml v1.4.0
 )
 
 require (
-	cloud.google.com/go/storage v1.40.0
-	golang.org/x/oauth2 v0.18.0
+	cloud.google.com/go/storage v1.30.1
+	github.com/alecthomas/kingpin/v2 v2.3.2
+	golang.org/x/oauth2 v0.13.0
 )
 
 require (
-	cloud.google.com/go v0.112.1 // indirect
-	cloud.google.com/go/compute v1.24.0 // indirect
+	cloud.google.com/go v0.110.8 // indirect
+	cloud.google.com/go/compute v1.23.0 // indirect
 	cloud.google.com/go/compute/metadata v0.2.3 // indirect
-	cloud.google.com/go/iam v1.1.7 // indirect
+	cloud.google.com/go/iam v1.1.2 // indirect
+	github.com/AdaLogics/go-fuzz-headers v0.0.0-20230811130428-ced1acdcaa24 // indirect
 	github.com/Azure/go-ansiterm v0.0.0-20210617225240-d185dfc1b5a1 // indirect
-	github.com/BurntSushi/toml v1.2.1 // indirect
+	github.com/BurntSushi/toml v1.3.2 // indirect
 	github.com/MakeNowJust/heredoc v1.0.0 // indirect
 	github.com/Masterminds/goutils v1.1.1 // indirect
-	github.com/Masterminds/semver/v3 v3.2.0 // indirect
+	github.com/Masterminds/semver/v3 v3.2.1 // indirect
 	github.com/Masterminds/sprig/v3 v3.2.3 // indirect
-	github.com/Masterminds/squirrel v1.5.3 // indirect
-	github.com/alecthomas/template v0.0.0-20190718012654-fb15b899a751 // indirect
-	github.com/alecthomas/units v0.0.0-20190924025748-f65c72e2690d // indirect
+	github.com/Masterminds/squirrel v1.5.4 // indirect
+	github.com/Microsoft/hcsshim v0.11.4 // indirect
+	github.com/alecthomas/units v0.0.0-20211218093645-b94a6e3cc137 // indirect
 	github.com/asaskevich/govalidator v0.0.0-20200428143746-21a406dcc535 // indirect
 	github.com/beorn7/perks v1.0.1 // indirect
 	github.com/cespare/xxhash/v2 v2.2.0 // indirect
 	github.com/chai2010/gettext-go v1.0.2 // indirect
-	github.com/containerd/containerd v1.6.15 // indirect
-	github.com/cyphar/filepath-securejoin v0.2.3 // indirect
+	github.com/containerd/log v0.1.0 // indirect
+	github.com/cyphar/filepath-securejoin v0.2.4 // indirect
 	github.com/davecgh/go-spew v1.1.1 // indirect
-	github.com/docker/cli v20.10.21+incompatible // indirect
-	github.com/docker/docker v20.10.21+incompatible // indirect
+	github.com/distribution/reference v0.5.0 // indirect
+	github.com/docker/cli v24.0.6+incompatible // indirect
 	github.com/docker/docker-credential-helpers v0.7.0 // indirect
 	github.com/docker/go-connections v0.4.0 // indirect
 	github.com/docker/go-metrics v0.0.1 // indirect
-	github.com/docker/go-units v0.4.0 // indirect
+	github.com/docker/go-units v0.5.0 // indirect
 	github.com/docker/libtrust v0.0.0-20160708172513-aabc10ec26b7 // indirect
-	github.com/emicklei/go-restful/v3 v3.9.0 // indirect
+	github.com/emicklei/go-restful/v3 v3.10.1 // indirect
 	github.com/evanphx/json-patch v5.6.0+incompatible // indirect
 	github.com/exponent-io/jsonpath v0.0.0-20151013193312-d6023ce2651d // indirect
 	github.com/fatih/color v1.13.0 // indirect
-	github.com/felixge/httpsnoop v1.0.4 // indirect
-	github.com/go-errors/errors v1.0.1 // indirect
-	github.com/go-gorp/gorp/v3 v3.0.5 // indirect
-	github.com/go-logr/logr v1.4.1 // indirect
+	github.com/felixge/httpsnoop v1.0.3 // indirect
+	github.com/go-errors/errors v1.4.2 // indirect
+	github.com/go-gorp/gorp/v3 v3.1.0 // indirect
+	github.com/go-logr/logr v1.2.4 // indirect
 	github.com/go-logr/stdr v1.2.2 // indirect
-	github.com/go-openapi/jsonpointer v0.19.5 // indirect
-	github.com/go-openapi/jsonreference v0.20.0 // indirect
-	github.com/go-openapi/swag v0.19.14 // indirect
+	github.com/go-openapi/jsonpointer v0.19.6 // indirect
+	github.com/go-openapi/jsonreference v0.20.2 // indirect
+	github.com/go-openapi/swag v0.22.3 // indirect
 	github.com/gobwas/glob v0.2.3 // indirect
 	github.com/gogo/protobuf v1.3.2 // indirect
 	github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect
-	github.com/golang/protobuf v1.5.4 // indirect
+	github.com/golang/protobuf v1.5.3 // indirect
 	github.com/google/btree v1.0.1 // indirect
-	github.com/google/gnostic v0.5.7-v3refs // indirect
+	github.com/google/gnostic-models v0.6.8 // indirect
 	github.com/google/go-cmp v0.6.0 // indirect
 	github.com/google/go-querystring v1.1.0 // indirect
 	github.com/google/gofuzz v1.2.0 // indirect
 	github.com/google/s2a-go v0.1.7 // indirect
 	github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510 // indirect
-	github.com/googleapis/enterprise-certificate-proxy v0.3.2 // indirect
-	github.com/googleapis/gax-go/v2 v2.12.3 // indirect
+	github.com/googleapis/enterprise-certificate-proxy v0.3.1 // indirect
+	github.com/googleapis/gax-go/v2 v2.12.0 // indirect
 	github.com/gorilla/websocket v1.4.2 // indirect
 	github.com/gosuri/uitable v0.0.4 // indirect
 	github.com/gregjones/httpcache v0.0.0-20180305231024-9cad4c3443a7 // indirect
+	github.com/hashicorp/errwrap v1.1.0 // indirect
+	github.com/hashicorp/go-multierror v1.1.1 // indirect
 	github.com/huandu/xstrings v1.4.0 // indirect
 	github.com/imdario/mergo v0.3.13 // indirect
-	github.com/inconshreveable/mousetrap v1.0.1 // indirect
+	github.com/inconshreveable/mousetrap v1.1.0 // indirect
 	github.com/jinzhu/inflection v1.0.0 // indirect
 	github.com/jmespath/go-jmespath v0.4.0 // indirect
 	github.com/josharian/intern v1.0.0 // indirect
 	github.com/json-iterator/go v1.1.12 // indirect
-	github.com/klauspost/compress v1.11.13 // indirect
+	github.com/klauspost/compress v1.16.0 // indirect
 	github.com/lann/builder v0.0.0-20180802200727-47ae307949d0 // indirect
 	github.com/lann/ps v0.0.0-20150810152359-62de8c46ede0 // indirect
-	github.com/lib/pq v1.10.7 // indirect
+	github.com/lib/pq v1.10.9 // indirect
 	github.com/liggitt/tabwriter v0.0.0-20181228230101-89fcab3d43de // indirect
-	github.com/mailru/easyjson v0.7.6 // indirect
+	github.com/mailru/easyjson v0.7.7 // indirect
 	github.com/mattn/go-colorable v0.1.13 // indirect
 	github.com/mattn/go-isatty v0.0.19 // indirect
 	github.com/mattn/go-runewidth v0.0.14 // indirect
 	github.com/mattn/go-sqlite3 v1.14.15 // indirect
 	github.com/matttproud/golang_protobuf_extensions v1.0.4 // indirect
 	github.com/mitchellh/copystructure v1.2.0 // indirect
-	github.com/mitchellh/go-wordwrap v1.0.0 // indirect
+	github.com/mitchellh/go-wordwrap v1.0.1 // indirect
 	github.com/mitchellh/reflectwalk v1.0.2 // indirect
 	github.com/moby/locker v1.0.1 // indirect
 	github.com/moby/spdystream v0.2.0 // indirect
-	github.com/moby/term v0.0.0-20221205130635-1aeaba878587 // indirect
+	github.com/moby/term v0.5.0 // indirect
 	github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect
 	github.com/modern-go/reflect2 v1.0.2 // indirect
 	github.com/monochromegane/go-gitignore v0.0.0-20200626010858-205db1a8cc00 // indirect
@@ -157,51 +163,51 @@ require (
 	github.com/peterbourgon/diskv v2.0.1+incompatible // indirect
 	github.com/pkg/errors v0.9.1 // indirect
 	github.com/pmezard/go-difflib v1.0.0 // indirect
-	github.com/prometheus/client_model v0.3.0 // indirect
-	github.com/prometheus/common v0.37.0 // indirect
-	github.com/prometheus/procfs v0.8.0 // indirect
+	github.com/prometheus/client_model v0.4.1-0.20230718164431-9a2bf3000d16 // indirect
+	github.com/prometheus/common v0.44.0 // indirect
+	github.com/prometheus/procfs v0.11.1 // indirect
 	github.com/rivo/uniseg v0.4.4 // indirect
-	github.com/rubenv/sql-migrate v1.3.1 // indirect
+	github.com/rubenv/sql-migrate v1.5.2 // indirect
 	github.com/russross/blackfriday/v2 v2.1.0 // indirect
 	github.com/shopspring/decimal v1.3.1 // indirect
 	github.com/spf13/cast v1.5.0 // indirect
-	github.com/spf13/cobra v1.6.1 // indirect
+	github.com/spf13/cobra v1.7.0 // indirect
 	github.com/spf13/pflag v1.0.5 // indirect
-	github.com/xeipuuv/gojsonpointer v0.0.0-20180127040702-4e3ac2762d5f // indirect
+	github.com/xeipuuv/gojsonpointer v0.0.0-20190905194746-02993c407bfb // indirect
 	github.com/xeipuuv/gojsonreference v0.0.0-20180127040603-bd5ef7bd5415 // indirect
 	github.com/xeipuuv/gojsonschema v1.2.0 // indirect
-	github.com/xlab/treeprint v1.1.0 // indirect
+	github.com/xhit/go-str2duration/v2 v2.1.0 // indirect
+	github.com/xlab/treeprint v1.2.0 // indirect
 	go.opencensus.io v0.24.0 // indirect
-	go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.49.0 // indirect
-	go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.49.0 // indirect
-	go.opentelemetry.io/otel v1.24.0 // indirect
-	go.opentelemetry.io/otel/metric v1.24.0 // indirect
-	go.opentelemetry.io/otel/trace v1.24.0 // indirect
-	go.starlark.net v0.0.0-20200306205701-8dd3e2ee1dd5 // indirect
-	golang.org/x/crypto v0.21.0 // indirect
-	golang.org/x/sync v0.6.0 // indirect
-	golang.org/x/sys v0.19.0 // indirect
-	golang.org/x/term v0.19.0 // indirect
+	go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.45.0 // indirect
+	go.opentelemetry.io/otel v1.19.0 // indirect
+	go.opentelemetry.io/otel/metric v1.19.0 // indirect
+	go.opentelemetry.io/otel/trace v1.19.0 // indirect
+	go.starlark.net v0.0.0-20230525235612-a134d8f9ddca // indirect
+	golang.org/x/sync v0.4.0 // indirect
+	golang.org/x/sys v0.15.0 // indirect
+	golang.org/x/term v0.15.0 // indirect
 	golang.org/x/text v0.14.0 // indirect
-	golang.org/x/time v0.5.0 // indirect
-	google.golang.org/appengine v1.6.8 // indirect
-	google.golang.org/genproto v0.0.0-20240213162025-012b6fc9bca9 // indirect
-	google.golang.org/genproto/googleapis/api v0.0.0-20240314234333-6e1732d8331c // indirect
-	google.golang.org/genproto/googleapis/rpc v0.0.0-20240311132316-a219d84964c2 // indirect
-	google.golang.org/protobuf v1.33.0 // indirect
+	golang.org/x/time v0.3.0 // indirect
+	golang.org/x/xerrors v0.0.0-20220907171357-04be3eba64a2 // indirect
+	google.golang.org/appengine v1.6.7 // indirect
+	google.golang.org/genproto v0.0.0-20231002182017-d307bd883b97 // indirect
+	google.golang.org/genproto/googleapis/api v0.0.0-20231002182017-d307bd883b97 // indirect
+	google.golang.org/genproto/googleapis/rpc v0.0.0-20231012201019-e917dd12ba7a // indirect
+	google.golang.org/protobuf v1.31.0 // indirect
 	gopkg.in/inf.v0 v0.9.1 // indirect
 	gopkg.in/yaml.v2 v2.4.0 // indirect
 	gopkg.in/yaml.v3 v3.0.1 // indirect
-	k8s.io/apiextensions-apiserver v0.26.0 // indirect
-	k8s.io/apiserver v0.26.3 // indirect
-	k8s.io/component-base v0.26.3 // indirect
-	k8s.io/klog/v2 v2.80.1 // indirect
-	k8s.io/kube-openapi v0.0.0-20221012153701-172d655c2280 // indirect
-	k8s.io/kubectl v0.26.0 // indirect
-	k8s.io/utils v0.0.0-20221107191617-1a15be271d1d // indirect
-	oras.land/oras-go v1.2.2 // indirect
-	sigs.k8s.io/json v0.0.0-20220713155537-f223a00ba0e2 // indirect
-	sigs.k8s.io/kustomize/api v0.12.1 // indirect
-	sigs.k8s.io/kustomize/kyaml v0.13.9 // indirect
+	k8s.io/apiextensions-apiserver v0.28.3 // indirect
+	k8s.io/apiserver v0.28.3 // indirect
+	k8s.io/component-base v0.28.3 // indirect
+	k8s.io/klog/v2 v2.100.1 // indirect
+	k8s.io/kube-openapi v0.0.0-20230717233707-2695361300d9 // indirect
+	k8s.io/kubectl v0.28.3 // indirect
+	k8s.io/utils v0.0.0-20230406110748-d93618cff8a2 // indirect
+	oras.land/oras-go v1.2.4 // indirect
+	sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd // indirect
+	sigs.k8s.io/kustomize/api v0.13.5-0.20230601165947-6ce0bf390ce3 // indirect
+	sigs.k8s.io/kustomize/kyaml v0.14.3-0.20230601165947-6ce0bf390ce3 // indirect
 	sigs.k8s.io/structured-merge-diff/v4 v4.2.3 // indirect
 )

helpers.ps1

@@ -0,0 +1,72 @@
+function OutputLog {
+    param (
+        [string]$containerName
+    )
+
+    $logs = Invoke-Command -Script {
+        $ErrorActionPreference = "silentlycontinue"
+        docker logs $containerName --tail 250 2>&1
+    } -ErrorAction SilentlyContinue
+    Write-Host "---------------- LOGSTART"
+    Write-Host ($logs -join "`r`n")
+    Write-Host "---------------- LOGEND"
+}
+
+function WaitForLog {
+    param (
+        [string]$containerName,
+        [string]$logContains,
+        [switch]$extendedTimeout
+    )
+
+    $timeoutSeconds = 20;
+
+    if ($extendedTimeout) {
+        $timeoutSeconds = 60;
+    }
+
+    $timeout = New-TimeSpan -Seconds $timeoutSeconds
+    $sw = [System.Diagnostics.Stopwatch]::StartNew()
+
+    while ($sw.Elapsed -le $timeout) {
+        Start-Sleep -Seconds 1
+        $logs = Invoke-Command -Script {
+            $ErrorActionPreference = "silentlycontinue"
+            docker logs $containerName --tail 350 2>&1
+        } -ErrorAction SilentlyContinue
+        if ($logs -match $logContains) {
+            return;
+        }
+    }
+    Write-Host "---------------- LOGSTART"
+    Write-Host ($logs -join "`r`n")
+    Write-Host "---------------- LOGEND"
+    Write-Error "Timeout reached without detecting '$($logContains)' in logs after $($sw.Elapsed.TotalSeconds)s"
+}
+
+function ThrowIfError() {
+    if ($LASTEXITCODE -ne 0) {
+        Write-Error "Last exit code was NOT 0.";
+    }
+}
+
+function HoldBuild() {
+    # This method should create a file, and hold in a loop with a sleep
+    # until the file is deleted
+    # $Env:BUILD_TEMP this is the directory where the file should be crated
+    # Define the full path for the file
+    $filePath = Join-Path -Path $Env:BUILD_TEMP -ChildPath "holdbuild.txt"
+
+    # Create the file
+    New-Item -ItemType File -Path $filePath -Force
+
+    Write-Host "Created file: $filePath"
+
+    # Hold in a loop until the file is deleted
+    while (Test-Path $filePath) {
+        Start-Sleep -Seconds 10
+        Write-Host "Build held until file is deleted: $filePath "
+    }
+
+    Write-Host "File deleted: $filePath"
+}

internal/k8s/translator.go

@@ -12,7 +12,7 @@ type Translator struct {
 	KeelSelector string
 }
 
-func (t *Translator) OnAdd(obj interface{}) {
+func (t *Translator) OnAdd(obj interface{}, isInInitialList bool) {
 	gr, err := NewGenericResource(obj)
 	if err != nil {
 		t.Errorf("OnAdd failed to add resource %T: %#v", obj, obj)

internal/k8s/watcher.go

@@ -71,7 +71,8 @@ type buffer struct {
 }
 
 type addEvent struct {
-	obj interface{}
+	obj             interface{}
+	isInInitialList bool
 }
 
 type updateEvent struct {
@@ -102,7 +103,7 @@ func (b *buffer) loop(stop <-chan struct{}) {
 		case ev := <-b.ev:
 			switch ev := ev.(type) {
 			case *addEvent:
-				b.rh.OnAdd(ev.obj)
+				b.rh.OnAdd(ev.obj, ev.isInInitialList)
 			case *updateEvent:
 				b.rh.OnUpdate(ev.oldObj, ev.newObj)
 			case *deleteEvent:
@@ -116,8 +117,8 @@ func (b *buffer) loop(stop <-chan struct{}) {
 	}
 }
 
-func (b *buffer) OnAdd(obj interface{}) {
-	b.send(&addEvent{obj})
+func (b *buffer) OnAdd(obj interface{}, isInInitialList bool) {
+	b.send(&addEvent{obj, isInInitialList})
 }
 
 func (b *buffer) OnUpdate(oldObj, newObj interface{}) {

readme.md

@@ -6,7 +6,7 @@
   <a href="https://goreportcard.com/report/github.com/keel-hq/keel">
     <img src="https://goreportcard.com/badge/github.com/keel-hq/keel" alt="Go Report">
   </a>
-  
+
   <a href="https://img.shields.io/docker/pulls/keelhq/keel.svg">
     <img src="https://img.shields.io/docker/pulls/keelhq/keel.svg" alt="Docker Pulls">
   </a>
@@ -59,7 +59,7 @@ Prerequisites:
 You need to add this Chart repo to Helm:
 
 ```bash
-helm repo add keel https://charts.keel.sh 
+helm repo add keel https://keel-hq.github.io/keel/ 
 helm repo update
 ```
 
@@ -81,6 +81,44 @@ To install for Helm v3, set helmProvider.version="v3" (default is "v2"):
 helm install keel keel/keel --set helmProvider.version="v3" 
 ```
 
+To install using terraform:
+
+```terraform
+resource "helm_release" "keel" {
+  provider   = helm.helm
+  name       = "keel"
+  namespace  = "keel"
+  repository = "https://keel-hq.github.io/keel"
+  chart      = "keel-chart"
+  version    = "v1.0.4"
+
+  set {
+    name  = "basicauth.enabled"
+    value = "true"
+  }
+
+  set {
+    name  = "basicauth.user"
+    value = "admin"
+  }
+
+  set {
+    name  = "basicauth.password"
+    value = "admin"
+  }
+
+  set {
+    name  = "image.repository"
+    value = "keelhq/keel"
+  }
+
+  set {
+    name  = "image.tag"
+    value = "0.19.1"
+  }
+}
+```
+
 That's it, see [Configuration](https://github.com/keel-hq/keel#configuration) section now.
 
 ### Quick Start
@@ -180,3 +218,33 @@ Once prerequisites are ready:
 ```bash
 make e2e
 ```
+
+### Debugging keel inside the container against your remote cluster (Windows)
+
+The repository contains a debug version of keel container ready for remote debugging.
+
+You can start the debug container with powershell (docker desktop needed):
+
+```powershell
+.\build.ps1 -StartDebugContainers
+```
+
+To connect to your cluster, copy the authentication details from within the keel pod in your cluster from:
+
+```
+/var/run/secrets/kubernetes.io/serviceaccount
+```
+
+to the serviceaccount folder at the root of the repository and make sure you set the environment variable for the K8S management API endpoint:
+
+```powershell
+# This can be configured in envesttings.ps1 to be picked up automatically by the build script
+$ENV:KUBERNETES_SERVICE_HOST = "mycluster-o5ff3caf.hcp.myregion.azmk8s.io"
+$ENV:KUBERNETES_SERVICE_PORT = "443"
+```
+
+And make sure your API server is accesible from your client (VPN, IP whitelisting or whatever you use to secure your cluster management API).
+
+Once started, simply use the debug option in a Go debugger, such as Jetbrains GoLand:
+
+[Debugging a Go application inside a Docker container | The GoLand Blog](https://blog.jetbrains.com/go/2020/05/06/debugging-a-go-application-inside-a-docker-container/)