feat(helm)!: Update external-secrets ( 0.14.4 → 1.1.0 ) #852
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Contributor
--- kubernetes/apps/cluster-system/external-secrets/external-secrets/app Kustomization: flux-system/external-secrets HelmRelease: cluster-system/external-secrets
+++ kubernetes/apps/cluster-system/external-secrets/external-secrets/app Kustomization: flux-system/external-secrets HelmRelease: cluster-system/external-secrets
@@ -13,13 +13,13 @@
spec:
chart: external-secrets
sourceRef:
kind: HelmRepository
name: external-secrets
namespace: flux-system
- version: 0.14.4
+ version: 1.1.0
install:
remediation:
retries: 3
interval: 30m
upgrade:
cleanupOnFail: true |
Contributor
--- HelmRelease: cluster-system/external-secrets ClusterRole: cluster-system/external-secrets-cert-controller
+++ HelmRelease: cluster-system/external-secrets ClusterRole: cluster-system/external-secrets-cert-controller
@@ -42,12 +42,20 @@
- endpoints
verbs:
- list
- get
- watch
- apiGroups:
+ - discovery.k8s.io
+ resources:
+ - endpointslices
+ verbs:
+ - list
+ - get
+ - watch
+- apiGroups:
- ''
resources:
- events
verbs:
- create
- patch
--- HelmRelease: cluster-system/external-secrets ClusterRole: cluster-system/external-secrets-controller
+++ HelmRelease: cluster-system/external-secrets ClusterRole: cluster-system/external-secrets-controller
@@ -13,12 +13,13 @@
resources:
- secretstores
- clustersecretstores
- externalsecrets
- clusterexternalsecrets
- pushsecrets
+ - clusterpushsecrets
verbs:
- get
- list
- watch
- apiGroups:
- external-secrets.io
@@ -35,12 +36,15 @@
- clusterexternalsecrets
- clusterexternalsecrets/status
- clusterexternalsecrets/finalizers
- pushsecrets
- pushsecrets/status
- pushsecrets/finalizers
+ - clusterpushsecrets
+ - clusterpushsecrets/status
+ - clusterpushsecrets/finalizers
verbs:
- get
- update
- patch
- apiGroups:
- generators.external-secrets.io
@@ -56,24 +60,27 @@
- delete
- deletecollection
- apiGroups:
- generators.external-secrets.io
resources:
- acraccesstokens
+ - cloudsmithaccesstokens
- clustergenerators
- ecrauthorizationtokens
- fakes
- gcraccesstokens
- githubaccesstokens
- quayaccesstokens
- passwords
+ - sshkeys
- stssessiontokens
- uuids
- vaultdynamicsecrets
- webhooks
- grafanas
+ - mfas
verbs:
- get
- list
- watch
- apiGroups:
- ''
@@ -81,12 +88,19 @@
- serviceaccounts
- namespaces
verbs:
- get
- list
- watch
+- apiGroups:
+ - ''
+ resources:
+ - namespaces
+ verbs:
+ - update
+ - patch
- apiGroups:
- ''
resources:
- configmaps
verbs:
- get
@@ -122,7 +136,15 @@
resources:
- externalsecrets
verbs:
- create
- update
- delete
+- apiGroups:
+ - external-secrets.io
+ resources:
+ - pushsecrets
+ verbs:
+ - create
+ - update
+ - delete
--- HelmRelease: cluster-system/external-secrets ClusterRole: cluster-system/external-secrets-view
+++ HelmRelease: cluster-system/external-secrets ClusterRole: cluster-system/external-secrets-view
@@ -15,30 +15,35 @@
- external-secrets.io
resources:
- externalsecrets
- secretstores
- clustersecretstores
- pushsecrets
+ - clusterpushsecrets
verbs:
- get
- watch
- list
- apiGroups:
- generators.external-secrets.io
resources:
- acraccesstokens
+ - cloudsmithaccesstokens
- clustergenerators
- ecrauthorizationtokens
- fakes
- gcraccesstokens
- githubaccesstokens
- quayaccesstokens
- passwords
+ - sshkeys
- vaultdynamicsecrets
- webhooks
- grafanas
- generatorstates
+ - mfas
+ - uuids
verbs:
- get
- watch
- list
--- HelmRelease: cluster-system/external-secrets ClusterRole: cluster-system/external-secrets-edit
+++ HelmRelease: cluster-system/external-secrets ClusterRole: cluster-system/external-secrets-edit
@@ -14,33 +14,38 @@
- external-secrets.io
resources:
- externalsecrets
- secretstores
- clustersecretstores
- pushsecrets
+ - clusterpushsecrets
verbs:
- create
- delete
- deletecollection
- patch
- update
- apiGroups:
- generators.external-secrets.io
resources:
- acraccesstokens
+ - cloudsmithaccesstokens
- clustergenerators
- ecrauthorizationtokens
- fakes
- gcraccesstokens
- githubaccesstokens
- quayaccesstokens
- passwords
+ - sshkeys
- vaultdynamicsecrets
- webhooks
- grafanas
- generatorstates
+ - mfas
+ - uuids
verbs:
- create
- delete
- deletecollection
- patch
- update
--- HelmRelease: cluster-system/external-secrets ClusterRole: cluster-system/external-secrets-servicebindings
+++ HelmRelease: cluster-system/external-secrets ClusterRole: cluster-system/external-secrets-servicebindings
@@ -10,11 +10,12 @@
app.kubernetes.io/managed-by: Helm
rules:
- apiGroups:
- external-secrets.io
resources:
- externalsecrets
+ - pushsecrets
verbs:
- get
- list
- watch
--- HelmRelease: cluster-system/external-secrets Service: cluster-system/external-secrets-webhook
+++ HelmRelease: cluster-system/external-secrets Service: cluster-system/external-secrets-webhook
@@ -10,13 +10,13 @@
app.kubernetes.io/managed-by: Helm
external-secrets.io/component: webhook
spec:
type: ClusterIP
ports:
- port: 443
- targetPort: 10250
+ targetPort: webhook
protocol: TCP
name: webhook
selector:
app.kubernetes.io/name: external-secrets-webhook
app.kubernetes.io/instance: external-secrets
--- HelmRelease: cluster-system/external-secrets Deployment: cluster-system/external-secrets-cert-controller
+++ HelmRelease: cluster-system/external-secrets Deployment: cluster-system/external-secrets-cert-controller
@@ -34,13 +34,13 @@
- ALL
readOnlyRootFilesystem: true
runAsNonRoot: true
runAsUser: 1000
seccompProfile:
type: RuntimeDefault
- image: ghcr.io/external-secrets/external-secrets:v0.14.4
+ image: ghcr.io/external-secrets/external-secrets:v1.1.0
imagePullPolicy: IfNotPresent
args:
- certcontroller
- --crd-requeue-interval=5m
- --service-name=external-secrets-webhook
- --service-namespace=cluster-system
--- HelmRelease: cluster-system/external-secrets Deployment: cluster-system/external-secrets
+++ HelmRelease: cluster-system/external-secrets Deployment: cluster-system/external-secrets
@@ -34,13 +34,13 @@
- ALL
readOnlyRootFilesystem: true
runAsNonRoot: true
runAsUser: 1000
seccompProfile:
type: RuntimeDefault
- image: ghcr.io/external-secrets/external-secrets:v0.14.4
+ image: ghcr.io/external-secrets/external-secrets:v1.1.0
imagePullPolicy: IfNotPresent
args:
- --concurrent=1
- --metrics-addr=:8080
- --loglevel=info
- --zap-time-encoding=epoch
--- HelmRelease: cluster-system/external-secrets Deployment: cluster-system/external-secrets-webhook
+++ HelmRelease: cluster-system/external-secrets Deployment: cluster-system/external-secrets-webhook
@@ -34,13 +34,13 @@
- ALL
readOnlyRootFilesystem: true
runAsNonRoot: true
runAsUser: 1000
seccompProfile:
type: RuntimeDefault
- image: ghcr.io/external-secrets/external-secrets:v0.14.4
+ image: ghcr.io/external-secrets/external-secrets:v1.1.0
imagePullPolicy: IfNotPresent
args:
- webhook
- --port=10250
- --dns-name=external-secrets-webhook.cluster-system.svc
- --cert-dir=/tmp/certs
--- HelmRelease: cluster-system/external-secrets ValidatingWebhookConfiguration: cluster-system/secretstore-validate
+++ HelmRelease: cluster-system/external-secrets ValidatingWebhookConfiguration: cluster-system/secretstore-validate
@@ -11,48 +11,48 @@
webhooks:
- name: validate.secretstore.external-secrets.io
rules:
- apiGroups:
- external-secrets.io
apiVersions:
- - v1beta1
+ - v1
operations:
- CREATE
- UPDATE
- DELETE
resources:
- secretstores
scope: Namespaced
clientConfig:
service:
namespace: cluster-system
name: external-secrets-webhook
- path: /validate-external-secrets-io-v1beta1-secretstore
+ path: /validate-external-secrets-io-v1-secretstore
admissionReviewVersions:
- v1
- v1beta1
sideEffects: None
timeoutSeconds: 5
- name: validate.clustersecretstore.external-secrets.io
rules:
- apiGroups:
- external-secrets.io
apiVersions:
- - v1beta1
+ - v1
operations:
- CREATE
- UPDATE
- DELETE
resources:
- clustersecretstores
scope: Cluster
clientConfig:
service:
namespace: cluster-system
name: external-secrets-webhook
- path: /validate-external-secrets-io-v1beta1-clustersecretstore
+ path: /validate-external-secrets-io-v1-clustersecretstore
admissionReviewVersions:
- v1
- v1beta1
sideEffects: None
timeoutSeconds: 5
--- HelmRelease: cluster-system/external-secrets ValidatingWebhookConfiguration: cluster-system/externalsecret-validate
+++ HelmRelease: cluster-system/external-secrets ValidatingWebhookConfiguration: cluster-system/externalsecret-validate
@@ -11,25 +11,25 @@
webhooks:
- name: validate.externalsecret.external-secrets.io
rules:
- apiGroups:
- external-secrets.io
apiVersions:
- - v1beta1
+ - v1
operations:
- CREATE
- UPDATE
- DELETE
resources:
- externalsecrets
scope: Namespaced
clientConfig:
service:
namespace: cluster-system
name: external-secrets-webhook
- path: /validate-external-secrets-io-v1beta1-externalsecret
+ path: /validate-external-secrets-io-v1-externalsecret
admissionReviewVersions:
- v1
- v1beta1
sideEffects: None
timeoutSeconds: 5
failurePolicy: Fail |
flowbie-bot
bot
force-pushed
the
renovate/external-secrets-1.x
branch
from
a756d58 to
7378b6b
Compare
flowbie-bot
bot
changed the title
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This PR contains the following updates:
0.14.4->1.1.0Release Notes
external-secrets/external-secrets (external-secrets)
v1.1.0Compare Source
Image:
ghcr.io/external-secrets/external-secrets:v1.1.0Image:
ghcr.io/external-secrets/external-secrets:v1.1.0-ubiImage:
ghcr.io/external-secrets/external-secrets:v1.1.0-ubi-boringsslWhat's Changed
!NOTE!: During last community meeting we discussed that we are retiring our scarf account. With that, we will be changing back to ghcr.io/external-secrets/external-secrets instead of oci.external-secrets.io/external-secrets/external-secrets.
For now, the old domain will live for a couple months to give people to change back. With this release , the values in the helm chart that define where the image is switched back to ghcr.
The helm-chart itself is served from under github-pages so that does not move.
General
Dependencies
0d00a56to2475ef7by @dependabot[bot] in #5562982f6f0to4c5fdabby @dependabot[bot] in #5566d3f0cf7tod3f0cf7by @dependabot[bot] in #5595dec374etodcd8128by @dependabot[bot] in #55942475ef7tof2964c7by @dependabot[bot] in #5597New Contributors
Full Changelog: external-secrets/external-secrets@v1.0.0...v1.1.0
v1.0.0Compare Source
Image:
ghcr.io/external-secrets/external-secrets:v1.0.0Image:
ghcr.io/external-secrets/external-secrets:v1.0.0-ubiImage:
ghcr.io/external-secrets/external-secrets:v1.0.0-ubi-boringsslWhat's Changed
General
Dependencies
4bcff63to4b7ce07in /hack/api-docs by @dependabot[bot] in #5507aee43c3toaee43c3by @dependabot[bot] in #5516c529327to982f6f0by @dependabot[bot] in #5510New Contributors
Full Changelog: external-secrets/external-secrets@v0.20.4...v1.0.0
v0.20.4Compare Source
Image:
ghcr.io/external-secrets/external-secrets:v0.20.4Image:
ghcr.io/external-secrets/external-secrets:v0.20.4-ubiImage:
ghcr.io/external-secrets/external-secrets:v0.20.4-ubi-boringsslWhat's Changed
General
apiandcmdpackage by @Lumexralph in #5413Dependencies
534c2c0to2f698e1by @dependabot[bot] in #54524bcff63to4b7ce07by @dependabot[bot] in #545106083b7to5dc01dbby @dependabot[bot] in #5482New Contributors
Full Changelog: external-secrets/external-secrets@v0.20.3...v0.20.4
v0.20.3Compare Source
Image:
ghcr.io/external-secrets/external-secrets:v0.20.3Image:
ghcr.io/external-secrets/external-secrets:v0.20.3-ubiImage:
ghcr.io/external-secrets/external-secrets:v0.20.3-ubi-boringsslWhat's Changed
General
pkgby @Lumexralph in #5412Dependencies
6ad9415toc423747in /e2e by @dependabot[bot] in #5423b6ed3fdtob6ed3fdby @dependabot[bot] in #5419New Contributors
Full Changelog: external-secrets/external-secrets@v0.20.2...v0.20.3
v0.20.2Compare Source
Image:
ghcr.io/external-secrets/external-secrets:v0.20.2Image:
ghcr.io/external-secrets/external-secrets:v0.20.2-ubiImage:
ghcr.io/external-secrets/external-secrets:v0.20.2-ubi-boringsslWhat's Changed
General
enableby @Skarlso in #5369(pkg/providers)by @Lumexralph in #5362Dependencies
New Contributors
Full Changelog: external-secrets/external-secrets@v0.20.0...v0.20.2
v0.20.1Compare Source
Image:
ghcr.io/external-secrets/external-secrets:v0.20.1Image:
ghcr.io/external-secrets/external-secrets:v0.20.1-ubiImage:
ghcr.io/external-secrets/external-secrets:v0.20.1-ubi-boringsslWhat's Changed
General
ADOPTERS.mdto include SAP by @jakobmoellerdev in #5165helm-values-schema-jsonschema plugin management logic by @jakobmoellerdev in #5212Configuration
📅 Schedule: Branch creation - "every weekend" (UTC), Automerge - At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
This PR has been generated by Renovate Bot.