JankySolutions/infra
2
0
Fork 0
Code Issues Pull requests 10 Projects Releases Packages 12 Wiki Activity Actions

chore(deps): update helm release external-secrets to v0.13.0
All checks were successful
/ build-synapse (push) Successful in 14s
Details
/ roll out update (push) Has been skipped
Details
/ render-helm (push) Successful in 22s
Details
/ diff-and-deploy (push) Successful in 2m17s
Details

Browse source
This commit is contained in:
Renovate Bot 2025-01-28 22:03:10 +00:00
parent 568fa8b5f6
commit 356a31fa26
2 changed files with 227 additions and 64 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
helm/external-secrets/kustomization.yaml
View file

@ -7,5 +7,5 @@ helmCharts:
enabled: false # default, bitwarden-sdk-server doesn't work with vaultwarden (https://github.com/external-secrets/bitwarden-sdk-server/issues/18)
namespace: external-secrets
releaseName: external-secrets
version: 0.12.1
version: 0.13.0
repo: https://charts.external-secrets.io

289
k8s/operators/external-secrets/bundle.yaml
View file

@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.16.5
controller-gen.kubebuilder.io/version: v0.17.1
labels:
external-secrets.io/component: controller
name: acraccesstokens.generators.external-secrets.io
@ -230,7 +230,7 @@ apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.16.5
controller-gen.kubebuilder.io/version: v0.17.1
labels:
external-secrets.io/component: controller
name: clusterexternalsecrets.external-secrets.io
@ -403,6 +403,7 @@ spec:
- Fake
- GCRAccessToken
- GithubAccessToken
- QuayAccessToken
- Password
- STSSessionToken
- UUID
@ -598,6 +599,7 @@ spec:
- Fake
- GCRAccessToken
- GithubAccessToken
- QuayAccessToken
- Password
- STSSessionToken
- UUID
@ -1004,7 +1006,7 @@ apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.16.5
controller-gen.kubebuilder.io/version: v0.17.1
labels:
external-secrets.io/component: controller
name: clustergenerators.generators.external-secrets.io
@ -1578,6 +1580,50 @@ spec:
- length
- noUpper
type: object
quayAccessTokenSpec:
properties:
robotAccount:
description: Name of the robot account you are federating
with
type: string
serviceAccountRef:
description: Name of the service account you are federating
with
properties:
audiences:
description: |-
Audience specifies the `aud` claim for the service account token
If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity
then this audiences will be appended to the list
items:
type: string
type: array
name:
description: The name of the ServiceAccount resource being
referred to.
maxLength: 253
minLength: 1
pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
type: string
namespace:
description: |-
Namespace of the resource being referred to.
Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent.
maxLength: 63
minLength: 1
pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
type: string
required:
- name
type: object
url:
description: URL configures the Quay instance URL. Defaults
to quay.io.
type: string
required:
- robotAccount
- serviceAccountRef
type: object
stsSessionTokenSpec:
properties:
auth:
@ -1747,6 +1793,11 @@ spec:
type: object
vaultDynamicSecretSpec:
properties:
allowEmptyResponse:
default: false
description: Do not fail if no secrets are found. Useful for
requests where no data is expected.
type: boolean
controller:
description: |-
Used to select the correct ESO controller (think: ingress.ingressClassName)
@ -2702,6 +2753,7 @@ spec:
- Fake
- GCRAccessToken
- GithubAccessToken
- QuayAccessToken
- Password
- STSSessionToken
- UUID
@ -2722,7 +2774,7 @@ apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.16.5
controller-gen.kubebuilder.io/version: v0.17.1
labels:
external-secrets.io/component: controller
name: clustersecretstores.external-secrets.io
@ -8859,7 +8911,7 @@ apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.16.5
controller-gen.kubebuilder.io/version: v0.17.1
labels:
external-secrets.io/component: controller
name: ecrauthorizationtokens.generators.external-secrets.io
@ -9068,7 +9120,7 @@ apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.16.5
controller-gen.kubebuilder.io/version: v0.17.1
labels:
external-secrets.io/component: controller
name: externalsecrets.external-secrets.io
@ -9531,6 +9583,7 @@ spec:
- Fake
- GCRAccessToken
- GithubAccessToken
- QuayAccessToken
- Password
- STSSessionToken
- UUID
@ -9725,6 +9778,7 @@ spec:
- Fake
- GCRAccessToken
- GithubAccessToken
- QuayAccessToken
- Password
- STSSessionToken
- UUID
@ -10011,7 +10065,7 @@ apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.16.5
controller-gen.kubebuilder.io/version: v0.17.1
labels:
external-secrets.io/component: controller
name: fakes.generators.external-secrets.io
@ -10087,7 +10141,7 @@ apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.16.5
controller-gen.kubebuilder.io/version: v0.17.1
labels:
external-secrets.io/component: controller
name: gcraccesstokens.generators.external-secrets.io
@ -10233,7 +10287,7 @@ apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.16.5
controller-gen.kubebuilder.io/version: v0.17.1
labels:
external-secrets.io/component: controller
name: githubaccesstokens.generators.external-secrets.io
@ -10358,7 +10412,7 @@ apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.16.5
controller-gen.kubebuilder.io/version: v0.17.1
labels:
external-secrets.io/component: controller
name: passwords.generators.external-secrets.io
@ -10456,7 +10510,7 @@ apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.16.5
controller-gen.kubebuilder.io/version: v0.17.1
labels:
external-secrets.io/component: controller
name: pushsecrets.external-secrets.io
@ -10652,6 +10706,7 @@ spec:
- Fake
- GCRAccessToken
- GithubAccessToken
- QuayAccessToken
- Password
- STSSessionToken
- UUID
@ -10909,7 +10964,107 @@ apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.16.5
controller-gen.kubebuilder.io/version: v0.17.1
labels:
external-secrets.io/component: controller
name: quayaccesstokens.generators.external-secrets.io
spec:
conversion:
strategy: Webhook
webhook:
clientConfig:
service:
name: external-secrets-webhook
namespace: external-secrets
path: /convert
conversionReviewVersions:
- v1
group: generators.external-secrets.io
names:
categories:
- external-secrets
- external-secrets-generators
kind: QuayAccessToken
listKind: QuayAccessTokenList
plural: quayaccesstokens
singular: quayaccesstoken
scope: Namespaced
versions:
- name: v1alpha1
schema:
openAPIV3Schema:
description: QuayAccessToken generates Quay oauth token for pulling/pushing
images
properties:
apiVersion:
description: |-
APIVersion defines the versioned schema of this representation of an object.
Servers should convert recognized schemas to the latest internal value, and
may reject unrecognized values.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
type: string
kind:
description: |-
Kind is a string value representing the REST resource this object represents.
Servers may infer this from the endpoint the client submits requests to.
Cannot be updated.
In CamelCase.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
type: string
metadata:
type: object
spec:
properties:
robotAccount:
description: Name of the robot account you are federating with
type: string
serviceAccountRef:
description: Name of the service account you are federating with
properties:
audiences:
description: |-
Audience specifies the `aud` claim for the service account token
If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity
then this audiences will be appended to the list
items:
type: string
type: array
name:
description: The name of the ServiceAccount resource being referred
to.
maxLength: 253
minLength: 1
pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
type: string
namespace:
description: |-
Namespace of the resource being referred to.
Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent.
maxLength: 63
minLength: 1
pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
type: string
required:
- name
type: object
url:
description: URL configures the Quay instance URL. Defaults to quay.io.
type: string
required:
- robotAccount
- serviceAccountRef
type: object
type: object
served: true
storage: true
subresources:
status: {}
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.17.1
labels:
external-secrets.io/component: controller
name: secretstores.external-secrets.io
@ -17046,7 +17201,7 @@ apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.16.5
controller-gen.kubebuilder.io/version: v0.17.1
labels:
external-secrets.io/component: controller
name: stssessiontokens.generators.external-secrets.io
@ -17271,7 +17426,7 @@ apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.16.5
controller-gen.kubebuilder.io/version: v0.17.1
labels:
external-secrets.io/component: controller
name: uuids.generators.external-secrets.io
@ -17332,7 +17487,7 @@ apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.16.5
controller-gen.kubebuilder.io/version: v0.17.1
labels:
external-secrets.io/component: controller
name: vaultdynamicsecrets.generators.external-secrets.io
@ -17381,6 +17536,11 @@ spec:
type: object
spec:
properties:
allowEmptyResponse:
default: false
description: Do not fail if no secrets are found. Useful for requests
where no data is expected.
type: boolean
controller:
description: |-
Used to select the correct ESO controller (think: ingress.ingressClassName)
@ -18224,7 +18384,7 @@ apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.16.5
controller-gen.kubebuilder.io/version: v0.17.1
labels:
external-secrets.io/component: controller
name: webhooks.generators.external-secrets.io
@ -18395,8 +18555,8 @@ metadata:
app.kubernetes.io/instance: external-secrets
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: external-secrets
app.kubernetes.io/version: v0.12.1
helm.sh/chart: external-secrets-0.12.1
app.kubernetes.io/version: v0.13.0
helm.sh/chart: external-secrets-0.13.0
name: external-secrets
namespace: external-secrets
---
@ -18407,8 +18567,8 @@ metadata:
app.kubernetes.io/instance: external-secrets
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: external-secrets-cert-controller
app.kubernetes.io/version: v0.12.1
helm.sh/chart: external-secrets-0.12.1
app.kubernetes.io/version: v0.13.0
helm.sh/chart: external-secrets-0.13.0
name: external-secrets-cert-controller
namespace: external-secrets
---
@ -18419,8 +18579,8 @@ metadata:
app.kubernetes.io/instance: external-secrets
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: external-secrets-webhook
app.kubernetes.io/version: v0.12.1
helm.sh/chart: external-secrets-0.12.1
app.kubernetes.io/version: v0.13.0
helm.sh/chart: external-secrets-0.13.0
name: external-secrets-webhook
namespace: external-secrets
---
@ -18431,8 +18591,8 @@ metadata:
app.kubernetes.io/instance: external-secrets
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: external-secrets
app.kubernetes.io/version: v0.12.1
helm.sh/chart: external-secrets-0.12.1
app.kubernetes.io/version: v0.13.0
helm.sh/chart: external-secrets-0.13.0
name: external-secrets-leaderelection
namespace: external-secrets
rules:
@ -18469,8 +18629,8 @@ metadata:
app.kubernetes.io/instance: external-secrets
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: external-secrets-cert-controller
app.kubernetes.io/version: v0.12.1
helm.sh/chart: external-secrets-0.12.1
app.kubernetes.io/version: v0.13.0
helm.sh/chart: external-secrets-0.13.0
name: external-secrets-cert-controller
rules:
- apiGroups:
@ -18543,8 +18703,8 @@ metadata:
app.kubernetes.io/instance: external-secrets
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: external-secrets
app.kubernetes.io/version: v0.12.1
helm.sh/chart: external-secrets-0.12.1
app.kubernetes.io/version: v0.13.0
helm.sh/chart: external-secrets-0.13.0
name: external-secrets-controller
rules:
- apiGroups:
@ -18590,6 +18750,7 @@ rules:
- fakes
- gcraccesstokens
- githubaccesstokens
- quayaccesstokens
- passwords
- stssessiontokens
- uuids
@ -18657,8 +18818,8 @@ metadata:
app.kubernetes.io/instance: external-secrets
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: external-secrets
app.kubernetes.io/version: v0.12.1
helm.sh/chart: external-secrets-0.12.1
app.kubernetes.io/version: v0.13.0
helm.sh/chart: external-secrets-0.13.0
rbac.authorization.k8s.io/aggregate-to-admin: "true"
rbac.authorization.k8s.io/aggregate-to-edit: "true"
name: external-secrets-edit
@ -18685,6 +18846,7 @@ rules:
- fakes
- gcraccesstokens
- githubaccesstokens
- quayaccesstokens
- passwords
- vaultdynamicsecrets
- webhooks
@ -18702,8 +18864,8 @@ metadata:
app.kubernetes.io/instance: external-secrets
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: external-secrets
app.kubernetes.io/version: v0.12.1
helm.sh/chart: external-secrets-0.12.1
app.kubernetes.io/version: v0.13.0
helm.sh/chart: external-secrets-0.13.0
servicebinding.io/controller: "true"
name: external-secrets-servicebindings
rules:
@ -18723,8 +18885,8 @@ metadata:
app.kubernetes.io/instance: external-secrets
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: external-secrets
app.kubernetes.io/version: v0.12.1
helm.sh/chart: external-secrets-0.12.1
app.kubernetes.io/version: v0.13.0
helm.sh/chart: external-secrets-0.13.0
rbac.authorization.k8s.io/aggregate-to-admin: "true"
rbac.authorization.k8s.io/aggregate-to-edit: "true"
rbac.authorization.k8s.io/aggregate-to-view: "true"
@ -18750,6 +18912,7 @@ rules:
- fakes
- gcraccesstokens
- githubaccesstokens
- quayaccesstokens
- passwords
- vaultdynamicsecrets
- webhooks
@ -18765,8 +18928,8 @@ metadata:
app.kubernetes.io/instance: external-secrets
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: external-secrets
app.kubernetes.io/version: v0.12.1
helm.sh/chart: external-secrets-0.12.1
app.kubernetes.io/version: v0.13.0
helm.sh/chart: external-secrets-0.13.0
name: external-secrets-leaderelection
namespace: external-secrets
roleRef:
@ -18785,8 +18948,8 @@ metadata:
app.kubernetes.io/instance: external-secrets
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: external-secrets-cert-controller
app.kubernetes.io/version: v0.12.1
helm.sh/chart: external-secrets-0.12.1
app.kubernetes.io/version: v0.13.0
helm.sh/chart: external-secrets-0.13.0
name: external-secrets-cert-controller
roleRef:
apiGroup: rbac.authorization.k8s.io
@ -18804,8 +18967,8 @@ metadata:
app.kubernetes.io/instance: external-secrets
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: external-secrets
app.kubernetes.io/version: v0.12.1
helm.sh/chart: external-secrets-0.12.1
app.kubernetes.io/version: v0.13.0
helm.sh/chart: external-secrets-0.13.0
name: external-secrets-controller
roleRef:
apiGroup: rbac.authorization.k8s.io
@ -18823,9 +18986,9 @@ metadata:
app.kubernetes.io/instance: external-secrets
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: external-secrets-webhook
app.kubernetes.io/version: v0.12.1
app.kubernetes.io/version: v0.13.0
external-secrets.io/component: webhook
helm.sh/chart: external-secrets-0.12.1
helm.sh/chart: external-secrets-0.13.0
name: external-secrets-webhook
namespace: external-secrets
---
@ -18836,9 +18999,9 @@ metadata:
app.kubernetes.io/instance: external-secrets
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: external-secrets-webhook
app.kubernetes.io/version: v0.12.1
app.kubernetes.io/version: v0.13.0
external-secrets.io/component: webhook
helm.sh/chart: external-secrets-0.12.1
helm.sh/chart: external-secrets-0.13.0
name: external-secrets-webhook
namespace: external-secrets
spec:
@ -18859,8 +19022,8 @@ metadata:
app.kubernetes.io/instance: external-secrets
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: external-secrets
app.kubernetes.io/version: v0.12.1
helm.sh/chart: external-secrets-0.12.1
app.kubernetes.io/version: v0.13.0
helm.sh/chart: external-secrets-0.13.0
name: external-secrets
namespace: external-secrets
spec:
@ -18876,8 +19039,8 @@ spec:
app.kubernetes.io/instance: external-secrets
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: external-secrets
app.kubernetes.io/version: v0.12.1
helm.sh/chart: external-secrets-0.12.1
app.kubernetes.io/version: v0.13.0
helm.sh/chart: external-secrets-0.13.0
spec:
automountServiceAccountToken: true
containers:
@ -18886,7 +19049,7 @@ spec:
- --metrics-addr=:8080
- --loglevel=info
- --zap-time-encoding=epoch
image: oci.external-secrets.io/external-secrets/external-secrets:v0.12.1
image: oci.external-secrets.io/external-secrets/external-secrets:v0.13.0
imagePullPolicy: IfNotPresent
name: external-secrets
ports:
@ -18914,8 +19077,8 @@ metadata:
app.kubernetes.io/instance: external-secrets
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: external-secrets-cert-controller
app.kubernetes.io/version: v0.12.1
helm.sh/chart: external-secrets-0.12.1
app.kubernetes.io/version: v0.13.0
helm.sh/chart: external-secrets-0.13.0
name: external-secrets-cert-controller
namespace: external-secrets
spec:
@ -18931,8 +19094,8 @@ spec:
app.kubernetes.io/instance: external-secrets
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: external-secrets-cert-controller
app.kubernetes.io/version: v0.12.1
helm.sh/chart: external-secrets-0.12.1
app.kubernetes.io/version: v0.13.0
helm.sh/chart: external-secrets-0.13.0
spec:
automountServiceAccountToken: true
containers:
@ -18948,7 +19111,7 @@ spec:
- --loglevel=info
- --zap-time-encoding=epoch
- --enable-partial-cache=true
image: oci.external-secrets.io/external-secrets/external-secrets:v0.12.1
image: oci.external-secrets.io/external-secrets/external-secrets:v0.13.0
imagePullPolicy: IfNotPresent
name: cert-controller
ports:
@ -18981,8 +19144,8 @@ metadata:
app.kubernetes.io/instance: external-secrets
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: external-secrets-webhook
app.kubernetes.io/version: v0.12.1
helm.sh/chart: external-secrets-0.12.1
app.kubernetes.io/version: v0.13.0
helm.sh/chart: external-secrets-0.13.0
name: external-secrets-webhook
namespace: external-secrets
spec:
@ -18998,8 +19161,8 @@ spec:
app.kubernetes.io/instance: external-secrets
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: external-secrets-webhook
app.kubernetes.io/version: v0.12.1
helm.sh/chart: external-secrets-0.12.1
app.kubernetes.io/version: v0.13.0
helm.sh/chart: external-secrets-0.13.0
spec:
automountServiceAccountToken: true
containers:
@ -19013,7 +19176,7 @@ spec:
- --healthz-addr=:8081
- --loglevel=info
- --zap-time-encoding=epoch
image: oci.external-secrets.io/external-secrets/external-secrets:v0.12.1
image: oci.external-secrets.io/external-secrets/external-secrets:v0.13.0
imagePullPolicy: IfNotPresent
name: webhook
ports:
@ -19057,9 +19220,9 @@ metadata:
app.kubernetes.io/instance: external-secrets
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: external-secrets-webhook
app.kubernetes.io/version: v0.12.1
app.kubernetes.io/version: v0.13.0
external-secrets.io/component: webhook
helm.sh/chart: external-secrets-0.12.1
helm.sh/chart: external-secrets-0.13.0
name: externalsecret-validate
webhooks:
- admissionReviewVersions:
@ -19094,9 +19257,9 @@ metadata:
app.kubernetes.io/instance: external-secrets
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: external-secrets-webhook
app.kubernetes.io/version: v0.12.1
app.kubernetes.io/version: v0.13.0
external-secrets.io/component: webhook
helm.sh/chart: external-secrets-0.12.1
helm.sh/chart: external-secrets-0.13.0
name: secretstore-validate
webhooks:
- admissionReviewVersions: