From 356a31fa26f5f77d24de5f3ce1727b396558c64b Mon Sep 17 00:00:00 2001 From: Renovate Bot Date: Tue, 28 Jan 2025 22:03:10 +0000 Subject: [PATCH] chore(deps): update helm release external-secrets to v0.13.0 --- helm/external-secrets/kustomization.yaml | 2 +- k8s/operators/external-secrets/bundle.yaml | 289 ++++++++++++++++----- 2 files changed, 227 insertions(+), 64 deletions(-) diff --git a/helm/external-secrets/kustomization.yaml b/helm/external-secrets/kustomization.yaml index e60ec27..5bd9bb8 100644 --- a/helm/external-secrets/kustomization.yaml +++ b/helm/external-secrets/kustomization.yaml @@ -7,5 +7,5 @@ helmCharts: enabled: false # default, bitwarden-sdk-server doesn't work with vaultwarden (https://github.com/external-secrets/bitwarden-sdk-server/issues/18) namespace: external-secrets releaseName: external-secrets - version: 0.12.1 + version: 0.13.0 repo: https://charts.external-secrets.io diff --git a/k8s/operators/external-secrets/bundle.yaml b/k8s/operators/external-secrets/bundle.yaml index 121d4dd..e1fdbb4 100644 --- a/k8s/operators/external-secrets/bundle.yaml +++ b/k8s/operators/external-secrets/bundle.yaml @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 + controller-gen.kubebuilder.io/version: v0.17.1 labels: external-secrets.io/component: controller name: acraccesstokens.generators.external-secrets.io @@ -230,7 +230,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 + controller-gen.kubebuilder.io/version: v0.17.1 labels: external-secrets.io/component: controller name: clusterexternalsecrets.external-secrets.io @@ -403,6 +403,7 @@ spec: - Fake - GCRAccessToken - GithubAccessToken + - QuayAccessToken - Password - STSSessionToken - UUID @@ -598,6 +599,7 @@ spec: - Fake - GCRAccessToken - GithubAccessToken + - QuayAccessToken - Password - STSSessionToken - UUID @@ -1004,7 +1006,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 + controller-gen.kubebuilder.io/version: v0.17.1 labels: external-secrets.io/component: controller name: clustergenerators.generators.external-secrets.io @@ -1578,6 +1580,50 @@ spec: - length - noUpper type: object + quayAccessTokenSpec: + properties: + robotAccount: + description: Name of the robot account you are federating + with + type: string + serviceAccountRef: + description: Name of the service account you are federating + with + properties: + audiences: + description: |- + Audience specifies the `aud` claim for the service account token + If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity + then this audiences will be appended to the list + items: + type: string + type: array + name: + description: The name of the ServiceAccount resource being + referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ + type: string + namespace: + description: |- + Namespace of the resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - name + type: object + url: + description: URL configures the Quay instance URL. Defaults + to quay.io. + type: string + required: + - robotAccount + - serviceAccountRef + type: object stsSessionTokenSpec: properties: auth: @@ -1747,6 +1793,11 @@ spec: type: object vaultDynamicSecretSpec: properties: + allowEmptyResponse: + default: false + description: Do not fail if no secrets are found. Useful for + requests where no data is expected. + type: boolean controller: description: |- Used to select the correct ESO controller (think: ingress.ingressClassName) @@ -2702,6 +2753,7 @@ spec: - Fake - GCRAccessToken - GithubAccessToken + - QuayAccessToken - Password - STSSessionToken - UUID @@ -2722,7 +2774,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 + controller-gen.kubebuilder.io/version: v0.17.1 labels: external-secrets.io/component: controller name: clustersecretstores.external-secrets.io @@ -8859,7 +8911,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 + controller-gen.kubebuilder.io/version: v0.17.1 labels: external-secrets.io/component: controller name: ecrauthorizationtokens.generators.external-secrets.io @@ -9068,7 +9120,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 + controller-gen.kubebuilder.io/version: v0.17.1 labels: external-secrets.io/component: controller name: externalsecrets.external-secrets.io @@ -9531,6 +9583,7 @@ spec: - Fake - GCRAccessToken - GithubAccessToken + - QuayAccessToken - Password - STSSessionToken - UUID @@ -9725,6 +9778,7 @@ spec: - Fake - GCRAccessToken - GithubAccessToken + - QuayAccessToken - Password - STSSessionToken - UUID @@ -10011,7 +10065,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 + controller-gen.kubebuilder.io/version: v0.17.1 labels: external-secrets.io/component: controller name: fakes.generators.external-secrets.io @@ -10087,7 +10141,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 + controller-gen.kubebuilder.io/version: v0.17.1 labels: external-secrets.io/component: controller name: gcraccesstokens.generators.external-secrets.io @@ -10233,7 +10287,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 + controller-gen.kubebuilder.io/version: v0.17.1 labels: external-secrets.io/component: controller name: githubaccesstokens.generators.external-secrets.io @@ -10358,7 +10412,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 + controller-gen.kubebuilder.io/version: v0.17.1 labels: external-secrets.io/component: controller name: passwords.generators.external-secrets.io @@ -10456,7 +10510,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 + controller-gen.kubebuilder.io/version: v0.17.1 labels: external-secrets.io/component: controller name: pushsecrets.external-secrets.io @@ -10652,6 +10706,7 @@ spec: - Fake - GCRAccessToken - GithubAccessToken + - QuayAccessToken - Password - STSSessionToken - UUID @@ -10909,7 +10964,107 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 + controller-gen.kubebuilder.io/version: v0.17.1 + labels: + external-secrets.io/component: controller + name: quayaccesstokens.generators.external-secrets.io +spec: + conversion: + strategy: Webhook + webhook: + clientConfig: + service: + name: external-secrets-webhook + namespace: external-secrets + path: /convert + conversionReviewVersions: + - v1 + group: generators.external-secrets.io + names: + categories: + - external-secrets + - external-secrets-generators + kind: QuayAccessToken + listKind: QuayAccessTokenList + plural: quayaccesstokens + singular: quayaccesstoken + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + description: QuayAccessToken generates Quay oauth token for pulling/pushing + images + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + properties: + robotAccount: + description: Name of the robot account you are federating with + type: string + serviceAccountRef: + description: Name of the service account you are federating with + properties: + audiences: + description: |- + Audience specifies the `aud` claim for the service account token + If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity + then this audiences will be appended to the list + items: + type: string + type: array + name: + description: The name of the ServiceAccount resource being referred + to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ + type: string + namespace: + description: |- + Namespace of the resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - name + type: object + url: + description: URL configures the Quay instance URL. Defaults to quay.io. + type: string + required: + - robotAccount + - serviceAccountRef + type: object + type: object + served: true + storage: true + subresources: + status: {} +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.17.1 labels: external-secrets.io/component: controller name: secretstores.external-secrets.io @@ -17046,7 +17201,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 + controller-gen.kubebuilder.io/version: v0.17.1 labels: external-secrets.io/component: controller name: stssessiontokens.generators.external-secrets.io @@ -17271,7 +17426,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 + controller-gen.kubebuilder.io/version: v0.17.1 labels: external-secrets.io/component: controller name: uuids.generators.external-secrets.io @@ -17332,7 +17487,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 + controller-gen.kubebuilder.io/version: v0.17.1 labels: external-secrets.io/component: controller name: vaultdynamicsecrets.generators.external-secrets.io @@ -17381,6 +17536,11 @@ spec: type: object spec: properties: + allowEmptyResponse: + default: false + description: Do not fail if no secrets are found. Useful for requests + where no data is expected. + type: boolean controller: description: |- Used to select the correct ESO controller (think: ingress.ingressClassName) @@ -18224,7 +18384,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 + controller-gen.kubebuilder.io/version: v0.17.1 labels: external-secrets.io/component: controller name: webhooks.generators.external-secrets.io @@ -18395,8 +18555,8 @@ metadata: app.kubernetes.io/instance: external-secrets app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: external-secrets - app.kubernetes.io/version: v0.12.1 - helm.sh/chart: external-secrets-0.12.1 + app.kubernetes.io/version: v0.13.0 + helm.sh/chart: external-secrets-0.13.0 name: external-secrets namespace: external-secrets --- @@ -18407,8 +18567,8 @@ metadata: app.kubernetes.io/instance: external-secrets app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: external-secrets-cert-controller - app.kubernetes.io/version: v0.12.1 - helm.sh/chart: external-secrets-0.12.1 + app.kubernetes.io/version: v0.13.0 + helm.sh/chart: external-secrets-0.13.0 name: external-secrets-cert-controller namespace: external-secrets --- @@ -18419,8 +18579,8 @@ metadata: app.kubernetes.io/instance: external-secrets app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: external-secrets-webhook - app.kubernetes.io/version: v0.12.1 - helm.sh/chart: external-secrets-0.12.1 + app.kubernetes.io/version: v0.13.0 + helm.sh/chart: external-secrets-0.13.0 name: external-secrets-webhook namespace: external-secrets --- @@ -18431,8 +18591,8 @@ metadata: app.kubernetes.io/instance: external-secrets app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: external-secrets - app.kubernetes.io/version: v0.12.1 - helm.sh/chart: external-secrets-0.12.1 + app.kubernetes.io/version: v0.13.0 + helm.sh/chart: external-secrets-0.13.0 name: external-secrets-leaderelection namespace: external-secrets rules: @@ -18469,8 +18629,8 @@ metadata: app.kubernetes.io/instance: external-secrets app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: external-secrets-cert-controller - app.kubernetes.io/version: v0.12.1 - helm.sh/chart: external-secrets-0.12.1 + app.kubernetes.io/version: v0.13.0 + helm.sh/chart: external-secrets-0.13.0 name: external-secrets-cert-controller rules: - apiGroups: @@ -18543,8 +18703,8 @@ metadata: app.kubernetes.io/instance: external-secrets app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: external-secrets - app.kubernetes.io/version: v0.12.1 - helm.sh/chart: external-secrets-0.12.1 + app.kubernetes.io/version: v0.13.0 + helm.sh/chart: external-secrets-0.13.0 name: external-secrets-controller rules: - apiGroups: @@ -18590,6 +18750,7 @@ rules: - fakes - gcraccesstokens - githubaccesstokens + - quayaccesstokens - passwords - stssessiontokens - uuids @@ -18657,8 +18818,8 @@ metadata: app.kubernetes.io/instance: external-secrets app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: external-secrets - app.kubernetes.io/version: v0.12.1 - helm.sh/chart: external-secrets-0.12.1 + app.kubernetes.io/version: v0.13.0 + helm.sh/chart: external-secrets-0.13.0 rbac.authorization.k8s.io/aggregate-to-admin: "true" rbac.authorization.k8s.io/aggregate-to-edit: "true" name: external-secrets-edit @@ -18685,6 +18846,7 @@ rules: - fakes - gcraccesstokens - githubaccesstokens + - quayaccesstokens - passwords - vaultdynamicsecrets - webhooks @@ -18702,8 +18864,8 @@ metadata: app.kubernetes.io/instance: external-secrets app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: external-secrets - app.kubernetes.io/version: v0.12.1 - helm.sh/chart: external-secrets-0.12.1 + app.kubernetes.io/version: v0.13.0 + helm.sh/chart: external-secrets-0.13.0 servicebinding.io/controller: "true" name: external-secrets-servicebindings rules: @@ -18723,8 +18885,8 @@ metadata: app.kubernetes.io/instance: external-secrets app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: external-secrets - app.kubernetes.io/version: v0.12.1 - helm.sh/chart: external-secrets-0.12.1 + app.kubernetes.io/version: v0.13.0 + helm.sh/chart: external-secrets-0.13.0 rbac.authorization.k8s.io/aggregate-to-admin: "true" rbac.authorization.k8s.io/aggregate-to-edit: "true" rbac.authorization.k8s.io/aggregate-to-view: "true" @@ -18750,6 +18912,7 @@ rules: - fakes - gcraccesstokens - githubaccesstokens + - quayaccesstokens - passwords - vaultdynamicsecrets - webhooks @@ -18765,8 +18928,8 @@ metadata: app.kubernetes.io/instance: external-secrets app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: external-secrets - app.kubernetes.io/version: v0.12.1 - helm.sh/chart: external-secrets-0.12.1 + app.kubernetes.io/version: v0.13.0 + helm.sh/chart: external-secrets-0.13.0 name: external-secrets-leaderelection namespace: external-secrets roleRef: @@ -18785,8 +18948,8 @@ metadata: app.kubernetes.io/instance: external-secrets app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: external-secrets-cert-controller - app.kubernetes.io/version: v0.12.1 - helm.sh/chart: external-secrets-0.12.1 + app.kubernetes.io/version: v0.13.0 + helm.sh/chart: external-secrets-0.13.0 name: external-secrets-cert-controller roleRef: apiGroup: rbac.authorization.k8s.io @@ -18804,8 +18967,8 @@ metadata: app.kubernetes.io/instance: external-secrets app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: external-secrets - app.kubernetes.io/version: v0.12.1 - helm.sh/chart: external-secrets-0.12.1 + app.kubernetes.io/version: v0.13.0 + helm.sh/chart: external-secrets-0.13.0 name: external-secrets-controller roleRef: apiGroup: rbac.authorization.k8s.io @@ -18823,9 +18986,9 @@ metadata: app.kubernetes.io/instance: external-secrets app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: external-secrets-webhook - app.kubernetes.io/version: v0.12.1 + app.kubernetes.io/version: v0.13.0 external-secrets.io/component: webhook - helm.sh/chart: external-secrets-0.12.1 + helm.sh/chart: external-secrets-0.13.0 name: external-secrets-webhook namespace: external-secrets --- @@ -18836,9 +18999,9 @@ metadata: app.kubernetes.io/instance: external-secrets app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: external-secrets-webhook - app.kubernetes.io/version: v0.12.1 + app.kubernetes.io/version: v0.13.0 external-secrets.io/component: webhook - helm.sh/chart: external-secrets-0.12.1 + helm.sh/chart: external-secrets-0.13.0 name: external-secrets-webhook namespace: external-secrets spec: @@ -18859,8 +19022,8 @@ metadata: app.kubernetes.io/instance: external-secrets app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: external-secrets - app.kubernetes.io/version: v0.12.1 - helm.sh/chart: external-secrets-0.12.1 + app.kubernetes.io/version: v0.13.0 + helm.sh/chart: external-secrets-0.13.0 name: external-secrets namespace: external-secrets spec: @@ -18876,8 +19039,8 @@ spec: app.kubernetes.io/instance: external-secrets app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: external-secrets - app.kubernetes.io/version: v0.12.1 - helm.sh/chart: external-secrets-0.12.1 + app.kubernetes.io/version: v0.13.0 + helm.sh/chart: external-secrets-0.13.0 spec: automountServiceAccountToken: true containers: @@ -18886,7 +19049,7 @@ spec: - --metrics-addr=:8080 - --loglevel=info - --zap-time-encoding=epoch - image: oci.external-secrets.io/external-secrets/external-secrets:v0.12.1 + image: oci.external-secrets.io/external-secrets/external-secrets:v0.13.0 imagePullPolicy: IfNotPresent name: external-secrets ports: @@ -18914,8 +19077,8 @@ metadata: app.kubernetes.io/instance: external-secrets app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: external-secrets-cert-controller - app.kubernetes.io/version: v0.12.1 - helm.sh/chart: external-secrets-0.12.1 + app.kubernetes.io/version: v0.13.0 + helm.sh/chart: external-secrets-0.13.0 name: external-secrets-cert-controller namespace: external-secrets spec: @@ -18931,8 +19094,8 @@ spec: app.kubernetes.io/instance: external-secrets app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: external-secrets-cert-controller - app.kubernetes.io/version: v0.12.1 - helm.sh/chart: external-secrets-0.12.1 + app.kubernetes.io/version: v0.13.0 + helm.sh/chart: external-secrets-0.13.0 spec: automountServiceAccountToken: true containers: @@ -18948,7 +19111,7 @@ spec: - --loglevel=info - --zap-time-encoding=epoch - --enable-partial-cache=true - image: oci.external-secrets.io/external-secrets/external-secrets:v0.12.1 + image: oci.external-secrets.io/external-secrets/external-secrets:v0.13.0 imagePullPolicy: IfNotPresent name: cert-controller ports: @@ -18981,8 +19144,8 @@ metadata: app.kubernetes.io/instance: external-secrets app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: external-secrets-webhook - app.kubernetes.io/version: v0.12.1 - helm.sh/chart: external-secrets-0.12.1 + app.kubernetes.io/version: v0.13.0 + helm.sh/chart: external-secrets-0.13.0 name: external-secrets-webhook namespace: external-secrets spec: @@ -18998,8 +19161,8 @@ spec: app.kubernetes.io/instance: external-secrets app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: external-secrets-webhook - app.kubernetes.io/version: v0.12.1 - helm.sh/chart: external-secrets-0.12.1 + app.kubernetes.io/version: v0.13.0 + helm.sh/chart: external-secrets-0.13.0 spec: automountServiceAccountToken: true containers: @@ -19013,7 +19176,7 @@ spec: - --healthz-addr=:8081 - --loglevel=info - --zap-time-encoding=epoch - image: oci.external-secrets.io/external-secrets/external-secrets:v0.12.1 + image: oci.external-secrets.io/external-secrets/external-secrets:v0.13.0 imagePullPolicy: IfNotPresent name: webhook ports: @@ -19057,9 +19220,9 @@ metadata: app.kubernetes.io/instance: external-secrets app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: external-secrets-webhook - app.kubernetes.io/version: v0.12.1 + app.kubernetes.io/version: v0.13.0 external-secrets.io/component: webhook - helm.sh/chart: external-secrets-0.12.1 + helm.sh/chart: external-secrets-0.13.0 name: externalsecret-validate webhooks: - admissionReviewVersions: @@ -19094,9 +19257,9 @@ metadata: app.kubernetes.io/instance: external-secrets app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: external-secrets-webhook - app.kubernetes.io/version: v0.12.1 + app.kubernetes.io/version: v0.13.0 external-secrets.io/component: webhook - helm.sh/chart: external-secrets-0.12.1 + helm.sh/chart: external-secrets-0.13.0 name: secretstore-validate webhooks: - admissionReviewVersions: