Update the deployment templates to comply with the slack bot changes (#766 )

The latest slack bot changes introduce two environment variables (bot token and app token). Take that changes into account for deployment manifests. Co-authored-by: Benjamin Moermans <b.moermans@aegaeon-it.com>
Decrease initialDelaySeconds of (liveness|readiness) Probe (#801 )
2025-04-09 09:09:37 +02:00 · 2025-03-07 11:20:23 +01:00 · 2025-02-18 18:22:22 +01:00 · 2025-02-07 19:31:33 +04:00 · 2025-02-07 09:22:39 -06:00 · 2025-01-07 08:37:50 +01:00
8 changed files with 48 additions and 29 deletions
--- a/chart/keel/Chart.yaml
+++ b/chart/keel/Chart.yaml
@ -1,17 +1,17 @@
 apiVersion: v1
 name: keel
-description: Open source, tool for automating Kubernetes deployment updates. This is a custom fork of the original Keel project.
+description: Open source tool for automating Kubernetes deployment updates.
+# The chart version number here is just a template. The actual version number is
+# replaced during the chart build, see .github/workflows/releasechart.yaml
+# The way to trigger a chart release is using a tag "chart-{CHART_VERSION}"
 version: 1.0.5
-appVersion: 0.19.1
+appVersion: 0.20.0
 keywords:
 - kubernetes deployment
 - helm release
 - continuous deployment
-home: https://clem59170.github.io/keel
+home: https://github.com/keel-hq/keel
 sources:
 - https://github.com/keel-hq/keel
- https://github.com/clem59170/keel
-maintainers:
- name: clem59170
 engine: gotpl
 icon: https://raw.githubusercontent.com/keel-hq/keel/master/static/keel-logo.png
--- a/chart/keel/README.md
+++ b/chart/keel/README.md
@ -96,7 +96,8 @@ The following table lists has the main configurable parameters (polling, trigger
 | `webhook.endpoint`                          | Remote webhook endpoint                |                                                           |
 | `slack.enabled`                             | Enable/disable Slack Notification      | `false`                                                   |
 | `slack.botName`                             | Name of the Slack bot                  |                                                           |
-| `slack.token`                               | Slack token                            |                                                           |
+| `slack.botToken`                            | Slack bot token                        |                                                           |
+| `slack.appToken`                            | Slack application level token          |                                                           |
 | `slack.channel`                             | Slack channel                          |                                                           |
 | `slack.approvalsChannel`                    | Slack channel for approvals            |                                                           |
 | `teams.enabled`                             | Enable/disable MS Teams Notification   | `false`                                                   |
@ -144,7 +145,7 @@ The following table lists has the main configurable parameters (polling, trigger
 | `dockerRegistry.key`                        | Docker registry secret key             |                                                           |
 | `secret.name`                               | Secret name                            |                                                           |
 | `secret.create`                             | Create secret                          | `true`                                                    |
-| `persistence.enabled`                       | Enable/disable audit log persistence   | `true`                                                    |
+| `persistence.enabled`                       | Enable/disable audit log persistence   | `false`                                                    |
 | `persistence.storageClass`                  | Storage Class for the Persistent Volume| `-`                                                       |
 | `persistence.size`                          | Persistent Volume size                 | `1Gi`                                                     |
 | `imagePullSecrets`                          | Image pull secrets                     | `[]`                                                      |
--- a/chart/keel/templates/deployment.yaml
+++ b/chart/keel/templates/deployment.yaml
@ -28,6 +28,10 @@ spec:
 {{- with .Values.imagePullSecrets }}
      imagePullSecrets:
 {{- toYaml . | nindent 8 }}
+{{- end }}
+{{- with .Values.podSecurityContext }}
+      securityContext:
+{{- toYaml . | nindent 8 }}
 {{- end }}
      containers:
 {{- if .Values.extraContainers }}
@ -38,6 +42,10 @@ spec:
          image: "{{ .Values.image.repository }}:{{ default .Chart.AppVersion .Values.image.tag }}"
          imagePullPolicy: {{ .Values.image.pullPolicy }}
          command: ["/bin/keel"]
+{{- with .Values.containerSecurityContext }}
+          securityContext:
+{{- toYaml . | nindent 12 }}
+{{- end }}
          volumeMounts:
 {{- if .Values.persistence.enabled }}
            - name: storage-logs
@ -190,13 +198,13 @@ spec:
            httpGet:
              path: /healthz
              port: 9300
-            initialDelaySeconds: 30
+            initialDelaySeconds: 5
            timeoutSeconds: 10
          readinessProbe:
            httpGet:
              path: /healthz
              port: 9300
-            initialDelaySeconds: 30
+            initialDelaySeconds: 5
            timeoutSeconds: 10
          resources:
 {{ toYaml .Values.resources | indent 12 }}
--- a/chart/keel/templates/secret.yaml
+++ b/chart/keel/templates/secret.yaml
@ -15,7 +15,8 @@ data:
  AWS_SECRET_ACCESS_KEY:  {{ .Values.ecr.secretAccessKey | b64enc }}
 {{- end }}
 {{- if .Values.slack.enabled }}
-  SLACK_TOKEN: {{ .Values.slack.token | b64enc }}
+  SLACK_BOT_TOKEN: {{ .Values.slack.botToken | b64enc }}
+  SLACK_APP_TOKEN: {{ .Values.slack.appToken | b64enc }}
 {{- end }}
 {{- if .Values.googleApplicationCredentials }}
  google-application-credentials.json: {{ .Values.googleApplicationCredentials }}
--- a/chart/keel/values.yaml
+++ b/chart/keel/values.yaml
@ -72,7 +72,8 @@ webhook:
 slack:
  enabled: false
  botName: ""
-  token: ""
+  appToken: ""
+  botToken: ""
  channel: ""
  approvalsChannel: ""

@ -250,3 +251,9 @@ persistence:
  enabled: false
  storageClass: "-"
  size: 1Gi
+
+# -- Pod security context (runAsUser, etc.)
+podSecurityContext: {}
+
+# -- Container security context (allowPrivilegeEscalation, etc.)
+containerSecurityContext: {}
--- a/deployment/deployment-template.yaml
+++ b/deployment/deployment-template.yaml
@ -185,8 +185,10 @@ spec:
            # Enable MS Teams webhook endpoint
            - name: TEAMS_WEBHOOK_URL
              value: "{{ .teams_webhook_url }}"
-            - name: SLACK_TOKEN
-              value: "{{ .slack_token }}"
+            - name: SLACK_APP_TOKEN
+              value: "{{ .slack_app_token }}"
+            - name: SLACK_BOT_TOKEN
+              value: "{{ .slack_bot_token }}"
            - name: SLACK_CHANNELS
              value: "{{ .slack_channel | default "general" }}"
            - name: SLACK_APPROVALS_CHANNEL
--- a/go.mod
+++ b/go.mod
@ -53,7 +53,7 @@ require (
 	github.com/stretchr/testify v1.9.0
 	github.com/tbruyelle/hipchat-go v0.0.0-20170717082847-35aebc99209a
 	github.com/urfave/negroni v1.0.0
-	golang.org/x/crypto v0.29.0 // indirect
+	golang.org/x/crypto v0.31.0 // indirect
 	golang.org/x/net v0.31.0
 	google.golang.org/api v0.209.0
 	google.golang.org/grpc v1.68.0
@ -203,10 +203,10 @@ require (
 	go.opentelemetry.io/otel/sdk v1.32.0 // indirect
 	go.opentelemetry.io/otel/sdk/metric v1.32.0 // indirect
 	go.opentelemetry.io/otel/trace v1.32.0 // indirect
-	golang.org/x/sync v0.9.0 // indirect
-	golang.org/x/sys v0.27.0 // indirect
-	golang.org/x/term v0.26.0 // indirect
-	golang.org/x/text v0.20.0 // indirect
+	golang.org/x/sync v0.10.0 // indirect
+	golang.org/x/sys v0.28.0 // indirect
+	golang.org/x/term v0.27.0 // indirect
+	golang.org/x/text v0.21.0 // indirect
 	golang.org/x/time v0.8.0 // indirect
 	google.golang.org/genproto v0.0.0-20241118233622-e639e219e697 // indirect
 	google.golang.org/genproto/googleapis/api v0.0.0-20241118233622-e639e219e697 // indirect
--- a/go.sum
+++ b/go.sum
@ -522,8 +522,8 @@ golang.org/x/crypto v0.0.0-20190325154230-a5d413f7728c/go.mod h1:djNgcEr1/C05ACk
 golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
 golang.org/x/crypto v0.0.0-20191205180655-e7c4368fe9dd/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
 golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
-golang.org/x/crypto v0.29.0 h1:L5SG1JTTXupVV3n6sUqMTeWbjAyfPwoda2DLX8J8FrQ=
-golang.org/x/crypto v0.29.0/go.mod h1:+F4F4N5hv6v38hfeYwTdx20oUvLLc+QfrE9Ax9HtgRg=
+golang.org/x/crypto v0.31.0 h1:ihbySMvVjLAeSH1IbfcRTkD/iNscyz8rGzjF/E5hV6U=
+golang.org/x/crypto v0.31.0/go.mod h1:kDsLvtWBEx7MV9tJOj9bnXsPbxwJQ6csT/x4KIN4Ssk=
 golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
 golang.org/x/lint v0.0.0-20181026193005-c67002cb31c3/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE=
 golang.org/x/lint v0.0.0-20190227174305-5b3e6a55c961/go.mod h1:wehouNa3lNwaWXcvxsM5YxQ5yQlVC4a0KAMCusXpPoU=
@ -555,8 +555,8 @@ golang.org/x/sync v0.0.0-20181221193216-37e7f081c4d4/go.mod h1:RxMgew5VJxzue5/jJ
 golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20190911185100-cd5d95a43a6e/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
-golang.org/x/sync v0.9.0 h1:fEo0HyrW1GIgZdpbhCRO0PkJajUS5H9IFUztCgEo2jQ=
-golang.org/x/sync v0.9.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk=
+golang.org/x/sync v0.10.0 h1:3NQrjDixjgGwUOCaF8w2+VYHv0Ve/vGYSbdkTa98gmQ=
+golang.org/x/sync v0.10.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk=
 golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20180905080454-ebe1bf3edb33/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20181116152217-5ac8a444bdc5/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
@ -569,14 +569,14 @@ golang.org/x/sys v0.0.0-20210616094352-59db8d763f22/go.mod h1:oPkhp1MJrh7nUepCBc
 golang.org/x/sys v0.0.0-20220715151400-c0bba94af5f8/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20220811171246-fbc7d0a398ab/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.27.0 h1:wBqf8DvsY9Y/2P8gAfPDEYNuS30J4lPHJxXSb/nJZ+s=
-golang.org/x/sys v0.27.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
-golang.org/x/term v0.26.0 h1:WEQa6V3Gja/BhNxg540hBip/kkaYtRg3cxg4oXSw4AU=
-golang.org/x/term v0.26.0/go.mod h1:Si5m1o57C5nBNQo5z1iq+XDijt21BDBDp2bK0QI8e3E=
+golang.org/x/sys v0.28.0 h1:Fksou7UEQUWlKvIdsqzJmUmCX3cZuD2+P3XyyzwMhlA=
+golang.org/x/sys v0.28.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
+golang.org/x/term v0.27.0 h1:WP60Sv1nlK1T6SupCHbXzSaN0b9wUmsPoRS9b61A23Q=
+golang.org/x/term v0.27.0/go.mod h1:iMsnZpn0cago0GOrHO2+Y7u7JPn5AylBrcoWkElMTSM=
 golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
 golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
-golang.org/x/text v0.20.0 h1:gK/Kv2otX8gz+wn7Rmb3vT96ZwuoxnQlY+HlJVj7Qug=
-golang.org/x/text v0.20.0/go.mod h1:D4IsuqiFMhST5bX19pQ9ikHC2GsaKyk/oF+pn3ducp4=
+golang.org/x/text v0.21.0 h1:zyQAAkrwaneQ066sspRyJaG9VNi/YJ1NfzcGB3hZ/qo=
+golang.org/x/text v0.21.0/go.mod h1:4IBbMaMmOPCJ8SecivzSH54+73PCFmPWxNTLm+vZkEQ=
 golang.org/x/time v0.8.0 h1:9i3RxcPv3PZnitoVGMPDKZSq1xW1gK1Xy3ArNOGZfEg=
 golang.org/x/time v0.8.0/go.mod h1:3BpzKBy/shNhVucY/MWOyx10tF3SFh9QdLuxbVysPQM=
 golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
Author	SHA1	Message	Date
benjamin3322	d6eb2583af	Update the deployment templates to comply with the slack bot changes (#766 ) The latest slack bot changes introduce two environment variables (bot token and app token). Take that changes into account for deployment manifests. Co-authored-by: Benjamin Moermans <b.moermans@aegaeon-it.com>	2025-04-09 09:09:37 +02:00
Matthias Baur	3989c0d2e7	Decrease initialDelaySeconds of (liveness\|readiness) Probe (#801 )	2025-03-07 11:20:23 +01:00
Matthias Baur	8f3bad6bc6	Allow securityContext to be confiured (#795 )	2025-02-18 18:22:22 +01:00
Karolis Rusenas	65260ae66f	Merge pull request #793 from zhaque44/fix-lib-cve-xcrypto resolve: CVE-2024-45337	2025-02-07 19:31:33 +04:00
zhaque44	d6e2295443	fix CVE-2024-45337 Signed-off-by: zhaque44 <haque.zubair@gmail.com>	2025-02-07 09:22:39 -06:00
Afonso Garcia	3c8cb78603	Change README to reflect real default value of persistence.enabled (#791 )	2025-01-07 08:37:50 +01:00
David	9a26fc5687	Update appVersion in chart to v0.20.0 (#788 )	2024-12-22 20:45:55 +01:00