From 73f9ff63d0cf65420eb18e7755907e94897979ec Mon Sep 17 00:00:00 2001 From: Renovate Bot Date: Sat, 22 Mar 2025 00:04:02 +0000 Subject: [PATCH] chore(deps): update helm release external-secrets to v0.15.0 --- helm/external-secrets/kustomization.yaml | 2 +- k8s/operators/external-secrets/bundle.yaml | 1205 ++++++++++++++++++-- 2 files changed, 1111 insertions(+), 96 deletions(-) diff --git a/helm/external-secrets/kustomization.yaml b/helm/external-secrets/kustomization.yaml index 1c0f70a..dfeeec3 100644 --- a/helm/external-secrets/kustomization.yaml +++ b/helm/external-secrets/kustomization.yaml @@ -7,5 +7,5 @@ helmCharts: enabled: false # default, bitwarden-sdk-server doesn't work with vaultwarden (https://github.com/external-secrets/bitwarden-sdk-server/issues/18) namespace: external-secrets releaseName: external-secrets - version: 0.14.2 + version: 0.15.0 repo: https://charts.external-secrets.io diff --git a/k8s/operators/external-secrets/bundle.yaml b/k8s/operators/external-secrets/bundle.yaml index 28408f9..d9039e5 100644 --- a/k8s/operators/external-secrets/bundle.yaml +++ b/k8s/operators/external-secrets/bundle.yaml @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.17.1 + controller-gen.kubebuilder.io/version: v0.17.2 labels: external-secrets.io/component: controller name: acraccesstokens.generators.external-secrets.io @@ -33,7 +33,7 @@ spec: schema: openAPIV3Schema: description: |- - ACRAccessToken returns a Azure Container Registry token + ACRAccessToken returns an Azure Container Registry token that can be used for pushing/pulling images. Note: by default it will return an ACR Refresh Token with full access (depending on the identity). @@ -230,7 +230,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.17.1 + controller-gen.kubebuilder.io/version: v0.17.2 labels: external-secrets.io/component: controller name: clusterexternalsecrets.external-secrets.io @@ -935,8 +935,9 @@ spec: x-kubernetes-map-type: atomic type: array namespaces: - description: Choose namespaces by name. This field is ORed with anything - that NamespaceSelectors ends up choosing. + description: |- + Choose namespaces by name. This field is ORed with anything that NamespaceSelectors ends up choosing. + Deprecated: Use NamespaceSelectors instead. items: maxLength: 63 minLength: 1 @@ -1008,7 +1009,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.17.1 + controller-gen.kubebuilder.io/version: v0.17.2 labels: external-secrets.io/component: controller name: clustergenerators.generators.external-secrets.io @@ -1553,6 +1554,39 @@ spec: Auth is the authentication configuration to authenticate against the Grafana instance. properties: + basic: + description: |- + Basic auth credentials used to authenticate against the Grafana instance. + Note: you need a token which has elevated permissions to create service accounts. + See here for the documentation on basic roles offered by Grafana: + https://grafana.com/docs/grafana/latest/administration/roles-and-permissions/access-control/rbac-fixed-basic-role-definitions/ + properties: + password: + description: A basic auth password used to authenticate + against the Grafana instance. + properties: + key: + description: The key where the token is found. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ + type: string + name: + description: The name of the Secret resource being + referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ + type: string + type: object + username: + description: A basic auth username used to authenticate + against the Grafana instance. + type: string + required: + - password + - username + type: object token: description: |- A service account token used to authenticate against the Grafana instance. @@ -1574,8 +1608,6 @@ spec: pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string type: object - required: - - token type: object serviceAccount: description: |- @@ -2418,7 +2450,7 @@ spec: type: object username: description: |- - Username is a LDAP user name used to authenticate using the LDAP Vault + Username is an LDAP username used to authenticate using the LDAP Vault authentication method type: string required: @@ -2466,10 +2498,10 @@ spec: passing username/password pair properties: path: - default: user + default: userpass description: |- Path where the UserPassword authentication backend is mounted - in Vault, e.g: "user" + in Vault, e.g: "userpass" type: string secretRef: description: |- @@ -2503,7 +2535,7 @@ spec: type: object username: description: |- - Username is a user name used to authenticate using the UserPass Vault + Username is a username used to authenticate using the UserPass Vault authentication method type: string required: @@ -2671,7 +2703,6 @@ spec: - v2 type: string required: - - auth - server type: object resultType: @@ -2839,7 +2870,560 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.17.1 + controller-gen.kubebuilder.io/version: v0.17.2 + labels: + external-secrets.io/component: controller + name: clusterpushsecrets.external-secrets.io +spec: + conversion: + strategy: Webhook + webhook: + clientConfig: + service: + name: external-secrets-webhook + namespace: external-secrets + path: /convert + conversionReviewVersions: + - v1 + group: external-secrets.io + names: + categories: + - external-secrets + kind: ClusterPushSecret + listKind: ClusterPushSecretList + plural: clusterpushsecrets + singular: clusterpushsecret + scope: Cluster + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: AGE + type: date + - jsonPath: .status.conditions[?(@.type=="Ready")].reason + name: Status + type: string + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + properties: + namespaceSelectors: + description: A list of labels to select by to find the Namespaces + to create the ExternalSecrets in. The selectors are ORed. + items: + description: |- + A label selector is a label query over a set of resources. The result of matchLabels and + matchExpressions are ANDed. An empty label selector matches all objects. A null + label selector matches no objects. + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. + The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector applies + to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + type: array + pushSecretMetadata: + description: The metadata of the external secrets to be created + properties: + annotations: + additionalProperties: + type: string + type: object + labels: + additionalProperties: + type: string + type: object + type: object + pushSecretName: + description: |- + The name of the push secrets to be created. + Defaults to the name of the ClusterPushSecret + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ + type: string + pushSecretSpec: + description: PushSecretSpec defines what to do with the secrets. + properties: + data: + description: Secret Data that should be pushed to providers + items: + properties: + conversionStrategy: + default: None + description: Used to define a conversion Strategy for the + secret keys + enum: + - None + - ReverseUnicode + type: string + match: + description: Match a given Secret Key to be pushed to the + provider. + properties: + remoteRef: + description: Remote Refs to push to providers. + properties: + property: + description: Name of the property in the resulting + secret + type: string + remoteKey: + description: Name of the resulting provider secret. + type: string + required: + - remoteKey + type: object + secretKey: + description: Secret Key to be pushed + type: string + required: + - remoteRef + type: object + metadata: + description: |- + Metadata is metadata attached to the secret. + The structure of metadata is provider specific, please look it up in the provider documentation. + x-kubernetes-preserve-unknown-fields: true + required: + - match + type: object + type: array + deletionPolicy: + default: None + description: Deletion Policy to handle Secrets in the provider. + enum: + - Delete + - None + type: string + refreshInterval: + default: 1h + description: The Interval to which External Secrets will try to + push a secret definition + type: string + secretStoreRefs: + items: + properties: + kind: + default: SecretStore + description: Kind of the SecretStore resource (SecretStore + or ClusterSecretStore) + enum: + - SecretStore + - ClusterSecretStore + type: string + labelSelector: + description: Optionally, sync to secret stores with label + selector + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + name: + description: Optionally, sync to the SecretStore of the + given name + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ + type: string + type: object + type: array + selector: + description: The Secret Selector (k8s source) for the Push Secret + maxProperties: 1 + minProperties: 1 + properties: + generatorRef: + description: Point to a generator to create a Secret. + properties: + apiVersion: + default: generators.external-secrets.io/v1alpha1 + description: Specify the apiVersion of the generator resource + type: string + kind: + description: Specify the Kind of the generator resource + enum: + - ACRAccessToken + - ClusterGenerator + - ECRAuthorizationToken + - Fake + - GCRAccessToken + - GithubAccessToken + - QuayAccessToken + - Password + - STSSessionToken + - UUID + - VaultDynamicSecret + - Webhook + - Grafana + type: string + name: + description: Specify the name of the generator resource + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ + type: string + required: + - kind + - name + type: object + secret: + description: Select a Secret to Push. + properties: + name: + description: |- + Name of the Secret. + The Secret must exist in the same namespace as the PushSecret manifest. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ + type: string + selector: + description: Selector chooses secrets using a labelSelector. + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + type: object + type: object + template: + description: Template defines a blueprint for the created Secret + resource. + properties: + data: + additionalProperties: + type: string + type: object + engineVersion: + default: v2 + description: |- + EngineVersion specifies the template engine version + that should be used to compile/execute the + template specified in .data and .templateFrom[]. + enum: + - v1 + - v2 + type: string + mergePolicy: + default: Replace + enum: + - Replace + - Merge + type: string + metadata: + description: ExternalSecretTemplateMetadata defines metadata + fields for the Secret blueprint. + properties: + annotations: + additionalProperties: + type: string + type: object + labels: + additionalProperties: + type: string + type: object + type: object + templateFrom: + items: + properties: + configMap: + properties: + items: + description: A list of keys in the ConfigMap/Secret + to use as templates for Secret data + items: + properties: + key: + description: A key in the ConfigMap/Secret + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ + type: string + templateAs: + default: Values + enum: + - Values + - KeysAndValues + type: string + required: + - key + type: object + type: array + name: + description: The name of the ConfigMap/Secret resource + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ + type: string + required: + - items + - name + type: object + literal: + type: string + secret: + properties: + items: + description: A list of keys in the ConfigMap/Secret + to use as templates for Secret data + items: + properties: + key: + description: A key in the ConfigMap/Secret + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ + type: string + templateAs: + default: Values + enum: + - Values + - KeysAndValues + type: string + required: + - key + type: object + type: array + name: + description: The name of the ConfigMap/Secret resource + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ + type: string + required: + - items + - name + type: object + target: + default: Data + enum: + - Data + - Annotations + - Labels + type: string + type: object + type: array + type: + type: string + type: object + updatePolicy: + default: Replace + description: UpdatePolicy to handle Secrets in the provider. + enum: + - Replace + - IfNotExists + type: string + required: + - secretStoreRefs + - selector + type: object + refreshTime: + description: The time in which the controller should reconcile its + objects and recheck namespaces for labels. + type: string + required: + - pushSecretSpec + type: object + status: + properties: + conditions: + items: + description: PushSecretStatusCondition indicates the status of the + PushSecret. + properties: + lastTransitionTime: + format: date-time + type: string + message: + type: string + reason: + type: string + status: + type: string + type: + description: PushSecretConditionType indicates the condition + of the PushSecret. + type: string + required: + - status + - type + type: object + type: array + failedNamespaces: + description: Failed namespaces are the namespaces that failed to apply + an PushSecret + items: + description: ClusterPushSecretNamespaceFailure represents a failed + namespace deployment and it's reason. + properties: + namespace: + description: Namespace is the namespace that failed when trying + to apply an PushSecret + type: string + reason: + description: Reason is why the PushSecret failed to apply to + the namespace + type: string + required: + - namespace + type: object + type: array + provisionedNamespaces: + description: ProvisionedNamespaces are the namespaces where the ClusterPushSecret + has secrets + items: + type: string + type: array + pushSecretName: + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.17.2 labels: external-secrets.io/component: controller name: clustersecretstores.external-secrets.io @@ -6027,6 +6611,83 @@ spec: - serverUrl - username type: object + cloudrusm: + description: CloudruSM configures this store to sync secrets using + the Cloud.ru Secret Manager provider + properties: + auth: + description: CSMAuth contains a secretRef for credentials. + properties: + secretRef: + description: CSMAuthSecretRef holds secret references + for Cloud.ru credentials. + properties: + accessKeyIDSecretRef: + description: The AccessKeyID is used for authentication + properties: + key: + description: |- + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ + type: string + name: + description: The name of the Secret resource being + referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ + type: string + namespace: + description: |- + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + accessKeySecretSecretRef: + description: The AccessKeySecret is used for authentication + properties: + key: + description: |- + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ + type: string + name: + description: The name of the Secret resource being + referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ + type: string + namespace: + description: |- + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + required: + - accessKeyIDSecretRef + - accessKeySecretSecretRef + type: object + type: object + projectID: + description: ProjectID is the project, which the secrets are + stored in. + type: string + required: + - auth + type: object conjur: description: Conjur configures this store to sync secrets using conjur provider @@ -6600,6 +7261,83 @@ spec: description: ProjectID project where secret is located type: string type: object + github: + description: Github configures this store to push Github Action + secrets using Github API provider + properties: + appID: + description: appID specifies the Github APP that will be used + to authenticate the client + format: int64 + type: integer + auth: + description: auth configures how secret-manager authenticates + with a Github instance. + properties: + privateKey: + description: |- + A reference to a specific 'key' within a Secret resource. + In some instances, `key` is a required field. + properties: + key: + description: |- + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ + type: string + name: + description: The name of the Secret resource being + referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ + type: string + namespace: + description: |- + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + required: + - privateKey + type: object + environment: + description: environment will be used to fetch secrets from + a particular environment within a github repository + type: string + installationID: + description: installationID specifies the Github APP installation + that will be used to authenticate the client + format: int64 + type: integer + organization: + description: organization will be used to fetch secrets from + the Github organization + type: string + repository: + description: repository will be used to fetch secrets from + the Github repository within an organization + type: string + uploadURL: + description: Upload URL for enterprise instances. Default + to URL. + type: string + url: + default: https://github.com/ + description: URL configures the Github instance URL. Defaults + to https://github.com/. + type: string + required: + - appID + - auth + - installationID + - organization + type: object gitlab: description: GitLab configures this store to sync secrets using GitLab Variables provider @@ -6807,18 +7545,36 @@ spec: type: object hostAPI: default: https://app.infisical.com/api + description: HostAPI specifies the base URL of the Infisical + API. If not provided, it defaults to "https://app.infisical.com/api". type: string secretsScope: + description: SecretsScope defines the scope of the secrets + within the workspace properties: environmentSlug: + description: EnvironmentSlug is the required slug identifier + for the environment. type: string + expandSecretReferences: + default: true + description: ExpandSecretReferences indicates whether + secret references should be expanded. Defaults to true + if not provided. + type: boolean projectSlug: + description: ProjectSlug is the required slug identifier + for the project. type: string recursive: default: false + description: Recursive indicates whether the secrets should + be fetched recursively. Defaults to false if not provided. type: boolean secretsPath: default: / + description: SecretsPath specifies the path to the secrets + within the workspace. Defaults to "/" if not provided. type: string required: - environmentSlug @@ -8400,7 +9156,7 @@ spec: type: object username: description: |- - Username is a LDAP user name used to authenticate using the LDAP Vault + Username is an LDAP username used to authenticate using the LDAP Vault authentication method type: string required: @@ -8448,10 +9204,10 @@ spec: username/password pair properties: path: - default: user + default: userpass description: |- Path where the UserPassword authentication backend is mounted - in Vault, e.g: "user" + in Vault, e.g: "userpass" type: string secretRef: description: |- @@ -8485,7 +9241,7 @@ spec: type: object username: description: |- - Username is a user name used to authenticate using the UserPass Vault + Username is a username used to authenticate using the UserPass Vault authentication method type: string required: @@ -8653,7 +9409,6 @@ spec: - v2 type: string required: - - auth - server type: object webhook: @@ -8978,7 +9733,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.17.1 + controller-gen.kubebuilder.io/version: v0.17.2 labels: external-secrets.io/component: controller name: ecrauthorizationtokens.generators.external-secrets.io @@ -9187,7 +9942,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.17.1 + controller-gen.kubebuilder.io/version: v0.17.2 labels: external-secrets.io/component: controller name: externalsecrets.external-secrets.io @@ -10140,7 +10895,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.17.1 + controller-gen.kubebuilder.io/version: v0.17.2 labels: external-secrets.io/component: controller name: fakes.generators.external-secrets.io @@ -10216,7 +10971,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.17.1 + controller-gen.kubebuilder.io/version: v0.17.2 labels: external-secrets.io/component: controller name: gcraccesstokens.generators.external-secrets.io @@ -10362,7 +11117,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.17.1 + controller-gen.kubebuilder.io/version: v0.17.2 labels: external-secrets.io/component: controller name: generatorstates.generators.external-secrets.io @@ -10476,7 +11231,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.17.1 + controller-gen.kubebuilder.io/version: v0.17.2 labels: external-secrets.io/component: controller name: githubaccesstokens.generators.external-secrets.io @@ -10601,7 +11356,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.17.1 + controller-gen.kubebuilder.io/version: v0.17.2 labels: external-secrets.io/component: controller name: grafanas.generators.external-secrets.io @@ -10656,6 +11411,39 @@ spec: Auth is the authentication configuration to authenticate against the Grafana instance. properties: + basic: + description: |- + Basic auth credentials used to authenticate against the Grafana instance. + Note: you need a token which has elevated permissions to create service accounts. + See here for the documentation on basic roles offered by Grafana: + https://grafana.com/docs/grafana/latest/administration/roles-and-permissions/access-control/rbac-fixed-basic-role-definitions/ + properties: + password: + description: A basic auth password used to authenticate against + the Grafana instance. + properties: + key: + description: The key where the token is found. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ + type: string + name: + description: The name of the Secret resource being referred + to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ + type: string + type: object + username: + description: A basic auth username used to authenticate against + the Grafana instance. + type: string + required: + - password + - username + type: object token: description: |- A service account token used to authenticate against the Grafana instance. @@ -10677,8 +11465,6 @@ spec: pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string type: object - required: - - token type: object serviceAccount: description: |- @@ -10717,7 +11503,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.17.1 + controller-gen.kubebuilder.io/version: v0.17.2 labels: external-secrets.io/component: controller name: passwords.generators.external-secrets.io @@ -10815,7 +11601,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.17.1 + controller-gen.kubebuilder.io/version: v0.17.2 labels: external-secrets.io/component: controller name: pushsecrets.external-secrets.io @@ -11043,8 +11829,52 @@ spec: minLength: 1 pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string - required: - - name + selector: + description: Selector chooses secrets using a labelSelector. + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic type: object type: object template: @@ -11273,7 +12103,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.17.1 + controller-gen.kubebuilder.io/version: v0.17.2 labels: external-secrets.io/component: controller name: quayaccesstokens.generators.external-secrets.io @@ -11373,7 +12203,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.17.1 + controller-gen.kubebuilder.io/version: v0.17.2 labels: external-secrets.io/component: controller name: secretstores.external-secrets.io @@ -14561,6 +15391,83 @@ spec: - serverUrl - username type: object + cloudrusm: + description: CloudruSM configures this store to sync secrets using + the Cloud.ru Secret Manager provider + properties: + auth: + description: CSMAuth contains a secretRef for credentials. + properties: + secretRef: + description: CSMAuthSecretRef holds secret references + for Cloud.ru credentials. + properties: + accessKeyIDSecretRef: + description: The AccessKeyID is used for authentication + properties: + key: + description: |- + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ + type: string + name: + description: The name of the Secret resource being + referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ + type: string + namespace: + description: |- + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + accessKeySecretSecretRef: + description: The AccessKeySecret is used for authentication + properties: + key: + description: |- + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ + type: string + name: + description: The name of the Secret resource being + referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ + type: string + namespace: + description: |- + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + required: + - accessKeyIDSecretRef + - accessKeySecretSecretRef + type: object + type: object + projectID: + description: ProjectID is the project, which the secrets are + stored in. + type: string + required: + - auth + type: object conjur: description: Conjur configures this store to sync secrets using conjur provider @@ -15134,6 +16041,83 @@ spec: description: ProjectID project where secret is located type: string type: object + github: + description: Github configures this store to push Github Action + secrets using Github API provider + properties: + appID: + description: appID specifies the Github APP that will be used + to authenticate the client + format: int64 + type: integer + auth: + description: auth configures how secret-manager authenticates + with a Github instance. + properties: + privateKey: + description: |- + A reference to a specific 'key' within a Secret resource. + In some instances, `key` is a required field. + properties: + key: + description: |- + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ + type: string + name: + description: The name of the Secret resource being + referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ + type: string + namespace: + description: |- + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + required: + - privateKey + type: object + environment: + description: environment will be used to fetch secrets from + a particular environment within a github repository + type: string + installationID: + description: installationID specifies the Github APP installation + that will be used to authenticate the client + format: int64 + type: integer + organization: + description: organization will be used to fetch secrets from + the Github organization + type: string + repository: + description: repository will be used to fetch secrets from + the Github repository within an organization + type: string + uploadURL: + description: Upload URL for enterprise instances. Default + to URL. + type: string + url: + default: https://github.com/ + description: URL configures the Github instance URL. Defaults + to https://github.com/. + type: string + required: + - appID + - auth + - installationID + - organization + type: object gitlab: description: GitLab configures this store to sync secrets using GitLab Variables provider @@ -15341,18 +16325,36 @@ spec: type: object hostAPI: default: https://app.infisical.com/api + description: HostAPI specifies the base URL of the Infisical + API. If not provided, it defaults to "https://app.infisical.com/api". type: string secretsScope: + description: SecretsScope defines the scope of the secrets + within the workspace properties: environmentSlug: + description: EnvironmentSlug is the required slug identifier + for the environment. type: string + expandSecretReferences: + default: true + description: ExpandSecretReferences indicates whether + secret references should be expanded. Defaults to true + if not provided. + type: boolean projectSlug: + description: ProjectSlug is the required slug identifier + for the project. type: string recursive: default: false + description: Recursive indicates whether the secrets should + be fetched recursively. Defaults to false if not provided. type: boolean secretsPath: default: / + description: SecretsPath specifies the path to the secrets + within the workspace. Defaults to "/" if not provided. type: string required: - environmentSlug @@ -16934,7 +17936,7 @@ spec: type: object username: description: |- - Username is a LDAP user name used to authenticate using the LDAP Vault + Username is an LDAP username used to authenticate using the LDAP Vault authentication method type: string required: @@ -16982,10 +17984,10 @@ spec: username/password pair properties: path: - default: user + default: userpass description: |- Path where the UserPassword authentication backend is mounted - in Vault, e.g: "user" + in Vault, e.g: "userpass" type: string secretRef: description: |- @@ -17019,7 +18021,7 @@ spec: type: object username: description: |- - Username is a user name used to authenticate using the UserPass Vault + Username is a username used to authenticate using the UserPass Vault authentication method type: string required: @@ -17187,7 +18189,6 @@ spec: - v2 type: string required: - - auth - server type: object webhook: @@ -17512,7 +18513,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.17.1 + controller-gen.kubebuilder.io/version: v0.17.2 labels: external-secrets.io/component: controller name: stssessiontokens.generators.external-secrets.io @@ -17737,7 +18738,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.17.1 + controller-gen.kubebuilder.io/version: v0.17.2 labels: external-secrets.io/component: controller name: uuids.generators.external-secrets.io @@ -17798,7 +18799,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.17.1 + controller-gen.kubebuilder.io/version: v0.17.2 labels: external-secrets.io/component: controller name: vaultdynamicsecrets.generators.external-secrets.io @@ -18404,7 +19405,7 @@ spec: type: object username: description: |- - Username is a LDAP user name used to authenticate using the LDAP Vault + Username is an LDAP username used to authenticate using the LDAP Vault authentication method type: string required: @@ -18452,10 +19453,10 @@ spec: username/password pair properties: path: - default: user + default: userpass description: |- Path where the UserPassword authentication backend is mounted - in Vault, e.g: "user" + in Vault, e.g: "userpass" type: string secretRef: description: |- @@ -18489,7 +19490,7 @@ spec: type: object username: description: |- - Username is a user name used to authenticate using the UserPass Vault + Username is a username used to authenticate using the UserPass Vault authentication method type: string required: @@ -18657,7 +19658,6 @@ spec: - v2 type: string required: - - auth - server type: object resultType: @@ -18697,7 +19697,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.17.1 + controller-gen.kubebuilder.io/version: v0.17.2 labels: external-secrets.io/component: controller name: webhooks.generators.external-secrets.io @@ -18868,8 +19868,8 @@ metadata: app.kubernetes.io/instance: external-secrets app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: external-secrets - app.kubernetes.io/version: v0.14.2 - helm.sh/chart: external-secrets-0.14.2 + app.kubernetes.io/version: v0.15.0 + helm.sh/chart: external-secrets-0.15.0 name: external-secrets namespace: external-secrets --- @@ -18880,8 +19880,8 @@ metadata: app.kubernetes.io/instance: external-secrets app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: external-secrets-cert-controller - app.kubernetes.io/version: v0.14.2 - helm.sh/chart: external-secrets-0.14.2 + app.kubernetes.io/version: v0.15.0 + helm.sh/chart: external-secrets-0.15.0 name: external-secrets-cert-controller namespace: external-secrets --- @@ -18892,8 +19892,8 @@ metadata: app.kubernetes.io/instance: external-secrets app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: external-secrets-webhook - app.kubernetes.io/version: v0.14.2 - helm.sh/chart: external-secrets-0.14.2 + app.kubernetes.io/version: v0.15.0 + helm.sh/chart: external-secrets-0.15.0 name: external-secrets-webhook namespace: external-secrets --- @@ -18904,8 +19904,8 @@ metadata: app.kubernetes.io/instance: external-secrets app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: external-secrets - app.kubernetes.io/version: v0.14.2 - helm.sh/chart: external-secrets-0.14.2 + app.kubernetes.io/version: v0.15.0 + helm.sh/chart: external-secrets-0.15.0 name: external-secrets-leaderelection namespace: external-secrets rules: @@ -18942,8 +19942,8 @@ metadata: app.kubernetes.io/instance: external-secrets app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: external-secrets-cert-controller - app.kubernetes.io/version: v0.14.2 - helm.sh/chart: external-secrets-0.14.2 + app.kubernetes.io/version: v0.15.0 + helm.sh/chart: external-secrets-0.15.0 name: external-secrets-cert-controller rules: - apiGroups: @@ -19016,8 +20016,8 @@ metadata: app.kubernetes.io/instance: external-secrets app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: external-secrets - app.kubernetes.io/version: v0.14.2 - helm.sh/chart: external-secrets-0.14.2 + app.kubernetes.io/version: v0.15.0 + helm.sh/chart: external-secrets-0.15.0 name: external-secrets-controller rules: - apiGroups: @@ -19028,6 +20028,7 @@ rules: - externalsecrets - clusterexternalsecrets - pushsecrets + - clusterpushsecrets verbs: - get - list @@ -19050,6 +20051,9 @@ rules: - pushsecrets - pushsecrets/status - pushsecrets/finalizers + - clusterpushsecrets + - clusterpushsecrets/status + - clusterpushsecrets/finalizers verbs: - get - update @@ -19137,6 +20141,14 @@ rules: - create - update - delete +- apiGroups: + - external-secrets.io + resources: + - pushsecrets + verbs: + - create + - update + - delete --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole @@ -19145,8 +20157,8 @@ metadata: app.kubernetes.io/instance: external-secrets app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: external-secrets - app.kubernetes.io/version: v0.14.2 - helm.sh/chart: external-secrets-0.14.2 + app.kubernetes.io/version: v0.15.0 + helm.sh/chart: external-secrets-0.15.0 rbac.authorization.k8s.io/aggregate-to-admin: "true" rbac.authorization.k8s.io/aggregate-to-edit: "true" name: external-secrets-edit @@ -19158,6 +20170,7 @@ rules: - secretstores - clustersecretstores - pushsecrets + - clusterpushsecrets verbs: - create - delete @@ -19193,8 +20206,8 @@ metadata: app.kubernetes.io/instance: external-secrets app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: external-secrets - app.kubernetes.io/version: v0.14.2 - helm.sh/chart: external-secrets-0.14.2 + app.kubernetes.io/version: v0.15.0 + helm.sh/chart: external-secrets-0.15.0 servicebinding.io/controller: "true" name: external-secrets-servicebindings rules: @@ -19202,6 +20215,7 @@ rules: - external-secrets.io resources: - externalsecrets + - pushsecrets verbs: - get - list @@ -19214,8 +20228,8 @@ metadata: app.kubernetes.io/instance: external-secrets app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: external-secrets - app.kubernetes.io/version: v0.14.2 - helm.sh/chart: external-secrets-0.14.2 + app.kubernetes.io/version: v0.15.0 + helm.sh/chart: external-secrets-0.15.0 rbac.authorization.k8s.io/aggregate-to-admin: "true" rbac.authorization.k8s.io/aggregate-to-edit: "true" rbac.authorization.k8s.io/aggregate-to-view: "true" @@ -19228,6 +20242,7 @@ rules: - secretstores - clustersecretstores - pushsecrets + - clusterpushsecrets verbs: - get - watch @@ -19259,8 +20274,8 @@ metadata: app.kubernetes.io/instance: external-secrets app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: external-secrets - app.kubernetes.io/version: v0.14.2 - helm.sh/chart: external-secrets-0.14.2 + app.kubernetes.io/version: v0.15.0 + helm.sh/chart: external-secrets-0.15.0 name: external-secrets-leaderelection namespace: external-secrets roleRef: @@ -19279,8 +20294,8 @@ metadata: app.kubernetes.io/instance: external-secrets app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: external-secrets-cert-controller - app.kubernetes.io/version: v0.14.2 - helm.sh/chart: external-secrets-0.14.2 + app.kubernetes.io/version: v0.15.0 + helm.sh/chart: external-secrets-0.15.0 name: external-secrets-cert-controller roleRef: apiGroup: rbac.authorization.k8s.io @@ -19298,8 +20313,8 @@ metadata: app.kubernetes.io/instance: external-secrets app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: external-secrets - app.kubernetes.io/version: v0.14.2 - helm.sh/chart: external-secrets-0.14.2 + app.kubernetes.io/version: v0.15.0 + helm.sh/chart: external-secrets-0.15.0 name: external-secrets-controller roleRef: apiGroup: rbac.authorization.k8s.io @@ -19317,9 +20332,9 @@ metadata: app.kubernetes.io/instance: external-secrets app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: external-secrets-webhook - app.kubernetes.io/version: v0.14.2 + app.kubernetes.io/version: v0.15.0 external-secrets.io/component: webhook - helm.sh/chart: external-secrets-0.14.2 + helm.sh/chart: external-secrets-0.15.0 name: external-secrets-webhook namespace: external-secrets --- @@ -19330,9 +20345,9 @@ metadata: app.kubernetes.io/instance: external-secrets app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: external-secrets-webhook - app.kubernetes.io/version: v0.14.2 + app.kubernetes.io/version: v0.15.0 external-secrets.io/component: webhook - helm.sh/chart: external-secrets-0.14.2 + helm.sh/chart: external-secrets-0.15.0 name: external-secrets-webhook namespace: external-secrets spec: @@ -19353,8 +20368,8 @@ metadata: app.kubernetes.io/instance: external-secrets app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: external-secrets - app.kubernetes.io/version: v0.14.2 - helm.sh/chart: external-secrets-0.14.2 + app.kubernetes.io/version: v0.15.0 + helm.sh/chart: external-secrets-0.15.0 name: external-secrets namespace: external-secrets spec: @@ -19370,8 +20385,8 @@ spec: app.kubernetes.io/instance: external-secrets app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: external-secrets - app.kubernetes.io/version: v0.14.2 - helm.sh/chart: external-secrets-0.14.2 + app.kubernetes.io/version: v0.15.0 + helm.sh/chart: external-secrets-0.15.0 spec: automountServiceAccountToken: true containers: @@ -19380,7 +20395,7 @@ spec: - --metrics-addr=:8080 - --loglevel=info - --zap-time-encoding=epoch - image: oci.external-secrets.io/external-secrets/external-secrets:v0.14.2 + image: oci.external-secrets.io/external-secrets/external-secrets:v0.15.0 imagePullPolicy: IfNotPresent name: external-secrets ports: @@ -19408,8 +20423,8 @@ metadata: app.kubernetes.io/instance: external-secrets app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: external-secrets-cert-controller - app.kubernetes.io/version: v0.14.2 - helm.sh/chart: external-secrets-0.14.2 + app.kubernetes.io/version: v0.15.0 + helm.sh/chart: external-secrets-0.15.0 name: external-secrets-cert-controller namespace: external-secrets spec: @@ -19425,8 +20440,8 @@ spec: app.kubernetes.io/instance: external-secrets app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: external-secrets-cert-controller - app.kubernetes.io/version: v0.14.2 - helm.sh/chart: external-secrets-0.14.2 + app.kubernetes.io/version: v0.15.0 + helm.sh/chart: external-secrets-0.15.0 spec: automountServiceAccountToken: true containers: @@ -19442,7 +20457,7 @@ spec: - --loglevel=info - --zap-time-encoding=epoch - --enable-partial-cache=true - image: oci.external-secrets.io/external-secrets/external-secrets:v0.14.2 + image: oci.external-secrets.io/external-secrets/external-secrets:v0.15.0 imagePullPolicy: IfNotPresent name: cert-controller ports: @@ -19475,8 +20490,8 @@ metadata: app.kubernetes.io/instance: external-secrets app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: external-secrets-webhook - app.kubernetes.io/version: v0.14.2 - helm.sh/chart: external-secrets-0.14.2 + app.kubernetes.io/version: v0.15.0 + helm.sh/chart: external-secrets-0.15.0 name: external-secrets-webhook namespace: external-secrets spec: @@ -19492,8 +20507,8 @@ spec: app.kubernetes.io/instance: external-secrets app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: external-secrets-webhook - app.kubernetes.io/version: v0.14.2 - helm.sh/chart: external-secrets-0.14.2 + app.kubernetes.io/version: v0.15.0 + helm.sh/chart: external-secrets-0.15.0 spec: automountServiceAccountToken: true containers: @@ -19507,7 +20522,7 @@ spec: - --healthz-addr=:8081 - --loglevel=info - --zap-time-encoding=epoch - image: oci.external-secrets.io/external-secrets/external-secrets:v0.14.2 + image: oci.external-secrets.io/external-secrets/external-secrets:v0.15.0 imagePullPolicy: IfNotPresent name: webhook ports: @@ -19551,9 +20566,9 @@ metadata: app.kubernetes.io/instance: external-secrets app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: external-secrets-webhook - app.kubernetes.io/version: v0.14.2 + app.kubernetes.io/version: v0.15.0 external-secrets.io/component: webhook - helm.sh/chart: external-secrets-0.14.2 + helm.sh/chart: external-secrets-0.15.0 name: externalsecret-validate webhooks: - admissionReviewVersions: @@ -19588,9 +20603,9 @@ metadata: app.kubernetes.io/instance: external-secrets app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: external-secrets-webhook - app.kubernetes.io/version: v0.14.2 + app.kubernetes.io/version: v0.15.0 external-secrets.io/component: webhook - helm.sh/chart: external-secrets-0.14.2 + helm.sh/chart: external-secrets-0.15.0 name: secretstore-validate webhooks: - admissionReviewVersions: