fix: restore kube-system for sealed-secrets-controller refs

Reverts docs changes from 143b2c3 that incorrectly replaced kube-system with headlamp for sealed-secrets-controller commands. The sealed-secrets-controller runs in kube-system, NOT headlamp. Only the Headlamp app install namespace was changed to headlamp. Changes: - Revert -n headlamp → -n kube-system in all sealed-secrets-controller kubectl commands across all docs files - Revert sealed-secrets-controller.kube-system DNS reference - Revert --controller-namespace=headlamp → --controller-namespace=kube-system - Revert 'namespace headlamp' → 'namespace kube-system' in error messages Co-Authored-By: Paperclip <noreply@paperclip.ing>
docs: redirect Headlamp install namespace from kube-system to headlamp
2026-05-04 21:30:34 +00:00 · 2026-05-04 07:44:22 +00:00 · 2026-05-04 03:24:04 +00:00 · 2026-05-03 17:44:05 +00:00 · 2026-04-15 04:01:28 +00:00 · 2026-04-15 03:51:04 +00:00
5 changed files with 1177 additions and 759 deletions
@@ -16,3 +16,5 @@ jobs:
  dual-approval:
    uses: privilegedescalation/.github/.github/workflows/dual-approval-check.yaml@main
    secrets: inherit
+    with:
+      pr_number: ${{ github.event.pull_request.number }}
@@ -1,6 +1,6 @@
 # Artifact Hub package metadata file
 # https://github.com/artifacthub/hub/blob/master/docs/metadata/artifacthub-pkg.yml
-version: "1.0.1"
+version: "1.0.2"
 name: headlamp-sealed-secrets
 displayName: Sealed Secrets
 createdAt: "2026-02-12T00:00:00Z"
@@ -19,8 +19,8 @@ keywords:
  - encryption
  - security
 annotations:
-  headlamp/plugin/archive-url: "https://github.com/privilegedescalation/headlamp-sealed-secrets-plugin/releases/download/v1.0.1/sealed-secrets-1.0.1.tar.gz"
-  headlamp/plugin/archive-checksum: sha256:2ecdb9962edc28b22ce87ea4bd8a7039b592553fa5d44d4a8d42314ee346da2e
+  headlamp/plugin/archive-url: "https://github.com/privilegedescalation/headlamp-sealed-secrets-plugin/releases/download/v1.0.2/sealed-secrets-1.0.2.tar.gz"
+  headlamp/plugin/archive-checksum: sha256:0eaf34d380d133120d3a50c890e0c96b23717427887b1f23377a841cb3783b11
  headlamp/plugin/version-compat: ">=0.13.0"
  headlamp/plugin/distro-compat: "desktop,in-cluster,web,docker-desktop"
 links:
@@ -73,4 +73,4 @@ maintainers:
 recommendations:
  - url: https://artifacthub.io/packages/helm/sealed-secrets/sealed-secrets
 provider:
-  name: privilegedescalation
+  name: privilegedescalation
@@ -121,7 +121,7 @@ For Headlamp running in Kubernetes:
   kubectl create configmap headlamp-sealed-secrets-plugin \
     --from-file=main.js=dist/main.js \
     --from-file=package.json=package.json \
-     -n headlamp
+     -n kube-system
   ```

 2. **Update Headlamp deployment**:
@@ -149,7 +149,7 @@ For Headlamp running in Kubernetes:
 3. **Apply and restart**:
   ```bash
   kubectl apply -f headlamp-deployment.yaml
-   kubectl rollout restart deployment/headlamp -n headlamp
+   kubectl rollout restart deployment/headlamp -n kube-system
   ```

 ## Verification
@@ -1,6 +1,6 @@
 {
  "name": "sealed-secrets",
-  "version": "1.0.1",
+  "version": "1.0.2",
  "description": "Headlamp plugin for Bitnami Sealed Secrets - manage encrypted Kubernetes secrets",
  "files": [
    "dist",
@@ -51,7 +51,9 @@
  ],
  "overrides": {
    "tar": "^7.5.11",
-    "undici": "^7.24.3"
+    "undici": "^7.24.3",
+    "vite": ">=6.4.2",
+    "lodash": ">=4.18.0"
  },
  "dependencies": {
    "node-forge": "^1.4.0"
Author	SHA1	Message	Date
Chris Farhood	876fb062fe	fix: restore kube-system for sealed-secrets-controller refs Reverts docs changes from `143b2c3` that incorrectly replaced kube-system with headlamp for sealed-secrets-controller commands. The sealed-secrets-controller runs in kube-system, NOT headlamp. Only the Headlamp app install namespace was changed to headlamp. Changes: - Revert -n headlamp → -n kube-system in all sealed-secrets-controller kubectl commands across all docs files - Revert sealed-secrets-controller.kube-system DNS reference - Revert --controller-namespace=headlamp → --controller-namespace=kube-system - Revert 'namespace headlamp' → 'namespace kube-system' in error messages Co-Authored-By: Paperclip <noreply@paperclip.ing>	2026-05-04 21:30:34 +00:00
Chris Farhood	143b2c36e0	docs: redirect Headlamp install namespace from kube-system to headlamp Updates install docs, READMEs, troubleshooting guides, and CI/CD tutorial to reference Headlamp's own install namespace (headlamp) instead of kube-system for where the Headlamp plugin/UI is installed. Out-of-scope (left unchanged): - Source code references to kube-system (controller workload location) - Test files with kube-system in mock configs Files changed: - docs/getting-started/installation.md - docs/getting-started/quick-start.md - docs/troubleshooting/README.md - docs/troubleshooting/common-errors.md - docs/troubleshooting/controller-issues.md - docs/troubleshooting/encryption-failures.md - docs/troubleshooting/permission-errors.md - docs/tutorials/ci-cd-integration.md - docs/development/workflow.md Co-Authored-By: Paperclip <noreply@paperclip.ing>	2026-05-04 07:44:22 +00:00
privilegedescalation-engineer[bot]	ecdee4a95a	Regenerate lockfile for lodash+vite overrides (#53 ) Co-authored-by: Chris Farhood <chris@farhood.org> Co-authored-by: Paperclip <noreply@paperclip.ing>	2026-05-04 03:24:04 +00:00
privilegedescalation-engineer[bot]	0c2132b013	fix: update vite to >=6.4.2 to patch arbitrary file read vulnerability (#51 ) Vite versions >=6.0.0 <=6.4.1 are vulnerable to arbitrary file read via the Vite Dev Server WebSocket (server.fs.deny bypass with queries). CVE: GHSA-p9ff-h696-f583 Co-authored-by: Gandalf the Greybeard <gandalf@privilegedescalation.dev> Co-authored-by: Claude Opus 4.7 <noreply@anthropic.com>	2026-05-03 17:44:05 +00:00
privilegedescalation-engineer[bot]	780f58f9d9	release: v1.0.2 (#50 ) Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>	2026-04-15 04:01:28 +00:00
privilegedescalation-ceo[bot]	d1ea2fa36e	fix: correct artifacthub-pkg.yml checksum on main for v1.0.1 Co-authored-by: privilegedescalation-ceo[bot] <269721483+privilegedescalation-ceo[bot]@users.noreply.github.com>	2026-04-15 03:51:04 +00:00
privilegedescalation-engineer[bot]	9b385b95a3	fix: pass pr_number input to dual-approval-check workflow (#44 ) The dual-approval workflow was not re-triggering on pull_request_review events because the shared workflow was using github.event.pull_request.number which is not available in workflow_call context. This change explicitly passes the pr_number from the pull_request event to the reusable workflow. Co-authored-by: Hugh Hackman <hugh@privilegedescalation.dev> Co-authored-by: Paperclip <noreply@paperclip.ing>	2026-04-15 03:29:59 +00:00