From b13cfc50b9d272d33a1acc12b9e83e71e0fff6ee Mon Sep 17 00:00:00 2001 From: Renovate Bot Date: Tue, 4 Feb 2025 18:02:34 +0000 Subject: [PATCH] chore(deps): update helm release external-secrets to v0.14.0 --- helm/external-secrets/kustomization.yaml | 2 +- k8s/operators/external-secrets/bundle.yaml | 423 ++++++++++++++++++--- 2 files changed, 375 insertions(+), 50 deletions(-) diff --git a/helm/external-secrets/kustomization.yaml b/helm/external-secrets/kustomization.yaml index 5bd9bb8..5ac9a01 100644 --- a/helm/external-secrets/kustomization.yaml +++ b/helm/external-secrets/kustomization.yaml @@ -7,5 +7,5 @@ helmCharts: enabled: false # default, bitwarden-sdk-server doesn't work with vaultwarden (https://github.com/external-secrets/bitwarden-sdk-server/issues/18) namespace: external-secrets releaseName: external-secrets - version: 0.13.0 + version: 0.14.0 repo: https://charts.external-secrets.io diff --git a/k8s/operators/external-secrets/bundle.yaml b/k8s/operators/external-secrets/bundle.yaml index e1fdbb4..9662b95 100644 --- a/k8s/operators/external-secrets/bundle.yaml +++ b/k8s/operators/external-secrets/bundle.yaml @@ -409,6 +409,7 @@ spec: - UUID - VaultDynamicSecret - Webhook + - Grafana type: string name: description: Specify the name of the generator resource @@ -605,6 +606,7 @@ spec: - UUID - VaultDynamicSecret - Webhook + - Grafana type: string name: description: Specify the name of the generator resource @@ -1542,6 +1544,66 @@ spec: - auth - installID type: object + grafanaSpec: + description: GrafanaSpec controls the behavior of the grafana + generator. + properties: + auth: + description: |- + Auth is the authentication configuration to authenticate + against the Grafana instance. + properties: + token: + description: |- + A service account token used to authenticate against the Grafana instance. + Note: you need a token which has elevated permissions to create service accounts. + See here for the documentation on basic roles offered by Grafana: + https://grafana.com/docs/grafana/latest/administration/roles-and-permissions/access-control/rbac-fixed-basic-role-definitions/ + properties: + key: + description: The key where the token is found. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ + type: string + name: + description: The name of the Secret resource being + referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ + type: string + type: object + required: + - token + type: object + serviceAccount: + description: |- + ServiceAccount is the configuration for the service account that + is supposed to be generated by the generator. + properties: + name: + description: Name is the name of the service account that + will be created by ESO. + type: string + role: + description: |- + Role is the role of the service account. + See here for the documentation on basic roles offered by Grafana: + https://grafana.com/docs/grafana/latest/administration/roles-and-permissions/access-control/rbac-fixed-basic-role-definitions/ + type: string + required: + - name + - role + type: object + url: + description: URL is the URL of the Grafana instance. + type: string + required: + - auth + - serviceAccount + - url + type: object passwordSpec: description: PasswordSpec controls the behavior of the password generator. @@ -2753,12 +2815,12 @@ spec: - Fake - GCRAccessToken - GithubAccessToken - - QuayAccessToken - - Password + - QuayAccessToken'Password - STSSessionToken - UUID - VaultDynamicSecret - Webhook + - Grafana type: string required: - generator @@ -5771,6 +5833,8 @@ spec: properties: apiUrl: type: string + apiVersion: + type: string clientTimeOutSeconds: description: Timeout specifies a time limit for requests made by this Client. The timeout includes connection @@ -9148,6 +9212,9 @@ spec: scope: Namespaced versions: - additionalPrinterColumns: + - jsonPath: .spec.secretStoreRef.kind + name: Store + type: string - jsonPath: .spec.secretStoreRef.name name: Store type: string @@ -9461,6 +9528,9 @@ spec: subresources: status: {} - additionalPrinterColumns: + - jsonPath: .spec.secretStoreRef.kind + name: StoreType + type: string - jsonPath: .spec.secretStoreRef.name name: Store type: string @@ -9589,6 +9659,7 @@ spec: - UUID - VaultDynamicSecret - Webhook + - Grafana type: string name: description: Specify the name of the generator resource @@ -9784,6 +9855,7 @@ spec: - UUID - VaultDynamicSecret - Webhook + - Grafana type: string name: description: Specify the name of the generator resource @@ -10285,6 +10357,120 @@ spec: --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.17.1 + labels: + external-secrets.io/component: controller + name: generatorstates.generators.external-secrets.io +spec: + conversion: + strategy: Webhook + webhook: + clientConfig: + service: + name: external-secrets-webhook + namespace: external-secrets + path: /convert + conversionReviewVersions: + - v1 + group: generators.external-secrets.io + names: + categories: + - external-secrets + - external-secrets-generators + kind: GeneratorState + listKind: GeneratorStateList + plural: generatorstates + shortNames: + - gs + singular: generatorstate + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .spec.garbageCollectionDeadline + name: GC Deadline + type: string + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + properties: + garbageCollectionDeadline: + description: |- + GarbageCollectionDeadline is the time after which the generator state + will be deleted. + It is set by the controller which creates the generator state and + can be set configured by the user. + If the garbage collection deadline is not set the generator state will not be deleted. + format: date-time + type: string + resource: + description: |- + Resource is the generator manifest that produced the state. + It is a snapshot of the generator manifest at the time the state was produced. + This manifest will be used to delete the resource. Any configuration that is referenced + in the manifest should be available at the time of garbage collection. If that is not the case deletion will + be blocked by a finalizer. + x-kubernetes-preserve-unknown-fields: true + state: + description: State is the state that was produced by the generator + implementation. + x-kubernetes-preserve-unknown-fields: true + required: + - resource + - state + type: object + status: + properties: + conditions: + items: + properties: + lastTransitionTime: + format: date-time + type: string + message: + type: string + reason: + type: string + status: + type: string + type: + type: string + required: + - status + - type + type: object + type: array + type: object + type: object + served: true + storage: true + subresources: {} +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition metadata: annotations: controller-gen.kubebuilder.io/version: v0.17.1 @@ -10410,6 +10596,122 @@ spec: --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.17.1 + labels: + external-secrets.io/component: controller + name: grafanas.generators.external-secrets.io +spec: + conversion: + strategy: Webhook + webhook: + clientConfig: + service: + name: external-secrets-webhook + namespace: external-secrets + path: /convert + conversionReviewVersions: + - v1 + group: generators.external-secrets.io + names: + categories: + - external-secrets + - external-secrets-generators + kind: Grafana + listKind: GrafanaList + plural: grafanas + singular: grafana + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: GrafanaSpec controls the behavior of the grafana generator. + properties: + auth: + description: |- + Auth is the authentication configuration to authenticate + against the Grafana instance. + properties: + token: + description: |- + A service account token used to authenticate against the Grafana instance. + Note: you need a token which has elevated permissions to create service accounts. + See here for the documentation on basic roles offered by Grafana: + https://grafana.com/docs/grafana/latest/administration/roles-and-permissions/access-control/rbac-fixed-basic-role-definitions/ + properties: + key: + description: The key where the token is found. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ + type: string + name: + description: The name of the Secret resource being referred + to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ + type: string + type: object + required: + - token + type: object + serviceAccount: + description: |- + ServiceAccount is the configuration for the service account that + is supposed to be generated by the generator. + properties: + name: + description: Name is the name of the service account that will + be created by ESO. + type: string + role: + description: |- + Role is the role of the service account. + See here for the documentation on basic roles offered by Grafana: + https://grafana.com/docs/grafana/latest/administration/roles-and-permissions/access-control/rbac-fixed-basic-role-definitions/ + type: string + required: + - name + - role + type: object + url: + description: URL is the URL of the Grafana instance. + type: string + required: + - auth + - serviceAccount + - url + type: object + type: object + served: true + storage: true + subresources: + status: {} +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition metadata: annotations: controller-gen.kubebuilder.io/version: v0.17.1 @@ -10532,6 +10834,8 @@ spec: kind: PushSecret listKind: PushSecretList plural: pushsecrets + shortNames: + - ps singular: pushsecret scope: Namespaced versions: @@ -10712,6 +11016,7 @@ spec: - UUID - VaultDynamicSecret - Webhook + - Grafana type: string name: description: Specify the name of the generator resource @@ -14061,6 +14366,8 @@ spec: properties: apiUrl: type: string + apiVersion: + type: string clientTimeOutSeconds: description: Timeout specifies a time limit for requests made by this Client. The timeout includes connection @@ -18555,8 +18862,8 @@ metadata: app.kubernetes.io/instance: external-secrets app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: external-secrets - app.kubernetes.io/version: v0.13.0 - helm.sh/chart: external-secrets-0.13.0 + app.kubernetes.io/version: v0.14.0 + helm.sh/chart: external-secrets-0.14.0 name: external-secrets namespace: external-secrets --- @@ -18567,8 +18874,8 @@ metadata: app.kubernetes.io/instance: external-secrets app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: external-secrets-cert-controller - app.kubernetes.io/version: v0.13.0 - helm.sh/chart: external-secrets-0.13.0 + app.kubernetes.io/version: v0.14.0 + helm.sh/chart: external-secrets-0.14.0 name: external-secrets-cert-controller namespace: external-secrets --- @@ -18579,8 +18886,8 @@ metadata: app.kubernetes.io/instance: external-secrets app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: external-secrets-webhook - app.kubernetes.io/version: v0.13.0 - helm.sh/chart: external-secrets-0.13.0 + app.kubernetes.io/version: v0.14.0 + helm.sh/chart: external-secrets-0.14.0 name: external-secrets-webhook namespace: external-secrets --- @@ -18591,8 +18898,8 @@ metadata: app.kubernetes.io/instance: external-secrets app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: external-secrets - app.kubernetes.io/version: v0.13.0 - helm.sh/chart: external-secrets-0.13.0 + app.kubernetes.io/version: v0.14.0 + helm.sh/chart: external-secrets-0.14.0 name: external-secrets-leaderelection namespace: external-secrets rules: @@ -18629,8 +18936,8 @@ metadata: app.kubernetes.io/instance: external-secrets app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: external-secrets-cert-controller - app.kubernetes.io/version: v0.13.0 - helm.sh/chart: external-secrets-0.13.0 + app.kubernetes.io/version: v0.14.0 + helm.sh/chart: external-secrets-0.14.0 name: external-secrets-cert-controller rules: - apiGroups: @@ -18703,8 +19010,8 @@ metadata: app.kubernetes.io/instance: external-secrets app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: external-secrets - app.kubernetes.io/version: v0.13.0 - helm.sh/chart: external-secrets-0.13.0 + app.kubernetes.io/version: v0.14.0 + helm.sh/chart: external-secrets-0.14.0 name: external-secrets-controller rules: - apiGroups: @@ -18741,6 +19048,19 @@ rules: - get - update - patch +- apiGroups: + - generators.external-secrets.io + resources: + - generatorstates + verbs: + - get + - list + - watch + - create + - update + - patch + - delete + - deletecollection - apiGroups: - generators.external-secrets.io resources: @@ -18756,6 +19076,7 @@ rules: - uuids - vaultdynamicsecrets - webhooks + - grafanas verbs: - get - list @@ -18818,8 +19139,8 @@ metadata: app.kubernetes.io/instance: external-secrets app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: external-secrets - app.kubernetes.io/version: v0.13.0 - helm.sh/chart: external-secrets-0.13.0 + app.kubernetes.io/version: v0.14.0 + helm.sh/chart: external-secrets-0.14.0 rbac.authorization.k8s.io/aggregate-to-admin: "true" rbac.authorization.k8s.io/aggregate-to-edit: "true" name: external-secrets-edit @@ -18850,6 +19171,8 @@ rules: - passwords - vaultdynamicsecrets - webhooks + - grafanas + - generatorstates verbs: - create - delete @@ -18864,8 +19187,8 @@ metadata: app.kubernetes.io/instance: external-secrets app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: external-secrets - app.kubernetes.io/version: v0.13.0 - helm.sh/chart: external-secrets-0.13.0 + app.kubernetes.io/version: v0.14.0 + helm.sh/chart: external-secrets-0.14.0 servicebinding.io/controller: "true" name: external-secrets-servicebindings rules: @@ -18885,8 +19208,8 @@ metadata: app.kubernetes.io/instance: external-secrets app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: external-secrets - app.kubernetes.io/version: v0.13.0 - helm.sh/chart: external-secrets-0.13.0 + app.kubernetes.io/version: v0.14.0 + helm.sh/chart: external-secrets-0.14.0 rbac.authorization.k8s.io/aggregate-to-admin: "true" rbac.authorization.k8s.io/aggregate-to-edit: "true" rbac.authorization.k8s.io/aggregate-to-view: "true" @@ -18916,6 +19239,8 @@ rules: - passwords - vaultdynamicsecrets - webhooks + - grafanas + - generatorstates verbs: - get - watch @@ -18928,8 +19253,8 @@ metadata: app.kubernetes.io/instance: external-secrets app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: external-secrets - app.kubernetes.io/version: v0.13.0 - helm.sh/chart: external-secrets-0.13.0 + app.kubernetes.io/version: v0.14.0 + helm.sh/chart: external-secrets-0.14.0 name: external-secrets-leaderelection namespace: external-secrets roleRef: @@ -18948,8 +19273,8 @@ metadata: app.kubernetes.io/instance: external-secrets app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: external-secrets-cert-controller - app.kubernetes.io/version: v0.13.0 - helm.sh/chart: external-secrets-0.13.0 + app.kubernetes.io/version: v0.14.0 + helm.sh/chart: external-secrets-0.14.0 name: external-secrets-cert-controller roleRef: apiGroup: rbac.authorization.k8s.io @@ -18967,8 +19292,8 @@ metadata: app.kubernetes.io/instance: external-secrets app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: external-secrets - app.kubernetes.io/version: v0.13.0 - helm.sh/chart: external-secrets-0.13.0 + app.kubernetes.io/version: v0.14.0 + helm.sh/chart: external-secrets-0.14.0 name: external-secrets-controller roleRef: apiGroup: rbac.authorization.k8s.io @@ -18986,9 +19311,9 @@ metadata: app.kubernetes.io/instance: external-secrets app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: external-secrets-webhook - app.kubernetes.io/version: v0.13.0 + app.kubernetes.io/version: v0.14.0 external-secrets.io/component: webhook - helm.sh/chart: external-secrets-0.13.0 + helm.sh/chart: external-secrets-0.14.0 name: external-secrets-webhook namespace: external-secrets --- @@ -18999,9 +19324,9 @@ metadata: app.kubernetes.io/instance: external-secrets app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: external-secrets-webhook - app.kubernetes.io/version: v0.13.0 + app.kubernetes.io/version: v0.14.0 external-secrets.io/component: webhook - helm.sh/chart: external-secrets-0.13.0 + helm.sh/chart: external-secrets-0.14.0 name: external-secrets-webhook namespace: external-secrets spec: @@ -19022,8 +19347,8 @@ metadata: app.kubernetes.io/instance: external-secrets app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: external-secrets - app.kubernetes.io/version: v0.13.0 - helm.sh/chart: external-secrets-0.13.0 + app.kubernetes.io/version: v0.14.0 + helm.sh/chart: external-secrets-0.14.0 name: external-secrets namespace: external-secrets spec: @@ -19039,8 +19364,8 @@ spec: app.kubernetes.io/instance: external-secrets app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: external-secrets - app.kubernetes.io/version: v0.13.0 - helm.sh/chart: external-secrets-0.13.0 + app.kubernetes.io/version: v0.14.0 + helm.sh/chart: external-secrets-0.14.0 spec: automountServiceAccountToken: true containers: @@ -19049,7 +19374,7 @@ spec: - --metrics-addr=:8080 - --loglevel=info - --zap-time-encoding=epoch - image: oci.external-secrets.io/external-secrets/external-secrets:v0.13.0 + image: oci.external-secrets.io/external-secrets/external-secrets:v0.14.0 imagePullPolicy: IfNotPresent name: external-secrets ports: @@ -19077,8 +19402,8 @@ metadata: app.kubernetes.io/instance: external-secrets app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: external-secrets-cert-controller - app.kubernetes.io/version: v0.13.0 - helm.sh/chart: external-secrets-0.13.0 + app.kubernetes.io/version: v0.14.0 + helm.sh/chart: external-secrets-0.14.0 name: external-secrets-cert-controller namespace: external-secrets spec: @@ -19094,8 +19419,8 @@ spec: app.kubernetes.io/instance: external-secrets app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: external-secrets-cert-controller - app.kubernetes.io/version: v0.13.0 - helm.sh/chart: external-secrets-0.13.0 + app.kubernetes.io/version: v0.14.0 + helm.sh/chart: external-secrets-0.14.0 spec: automountServiceAccountToken: true containers: @@ -19111,7 +19436,7 @@ spec: - --loglevel=info - --zap-time-encoding=epoch - --enable-partial-cache=true - image: oci.external-secrets.io/external-secrets/external-secrets:v0.13.0 + image: oci.external-secrets.io/external-secrets/external-secrets:v0.14.0 imagePullPolicy: IfNotPresent name: cert-controller ports: @@ -19144,8 +19469,8 @@ metadata: app.kubernetes.io/instance: external-secrets app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: external-secrets-webhook - app.kubernetes.io/version: v0.13.0 - helm.sh/chart: external-secrets-0.13.0 + app.kubernetes.io/version: v0.14.0 + helm.sh/chart: external-secrets-0.14.0 name: external-secrets-webhook namespace: external-secrets spec: @@ -19161,8 +19486,8 @@ spec: app.kubernetes.io/instance: external-secrets app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: external-secrets-webhook - app.kubernetes.io/version: v0.13.0 - helm.sh/chart: external-secrets-0.13.0 + app.kubernetes.io/version: v0.14.0 + helm.sh/chart: external-secrets-0.14.0 spec: automountServiceAccountToken: true containers: @@ -19176,7 +19501,7 @@ spec: - --healthz-addr=:8081 - --loglevel=info - --zap-time-encoding=epoch - image: oci.external-secrets.io/external-secrets/external-secrets:v0.13.0 + image: oci.external-secrets.io/external-secrets/external-secrets:v0.14.0 imagePullPolicy: IfNotPresent name: webhook ports: @@ -19220,9 +19545,9 @@ metadata: app.kubernetes.io/instance: external-secrets app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: external-secrets-webhook - app.kubernetes.io/version: v0.13.0 + app.kubernetes.io/version: v0.14.0 external-secrets.io/component: webhook - helm.sh/chart: external-secrets-0.13.0 + helm.sh/chart: external-secrets-0.14.0 name: externalsecret-validate webhooks: - admissionReviewVersions: @@ -19257,9 +19582,9 @@ metadata: app.kubernetes.io/instance: external-secrets app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: external-secrets-webhook - app.kubernetes.io/version: v0.13.0 + app.kubernetes.io/version: v0.14.0 external-secrets.io/component: webhook - helm.sh/chart: external-secrets-0.13.0 + helm.sh/chart: external-secrets-0.14.0 name: secretstore-validate webhooks: - admissionReviewVersions: -- 2.47.2