JankySolutions/infra
2
0
Fork 0
Code Issues Pull requests 9 Projects Releases Packages 12 Wiki Activity Actions

chore(deps): update helm release external-secrets to v0.14.0 #120

Merged
finn merged 1 commit from renovate/external-secrets-0.x into main 2025-02-04 21:58:01 +00:00
Conversation 0 Commits 1 Files changed 2 +375 -50
2 changed files with 375 additions and 50 deletions
Download patch file Download diff file Expand all files Collapse all files

2
helm/external-secrets/kustomization.yaml
View file

@ -7,5 +7,5 @@ helmCharts:
enabled: false # default, bitwarden-sdk-server doesn't work with vaultwarden (https://github.com/external-secrets/bitwarden-sdk-server/issues/18)
namespace: external-secrets
releaseName: external-secrets
version: 0.13.0
version: 0.14.0
repo: https://charts.external-secrets.io

423
k8s/operators/external-secrets/bundle.yaml
View file

@ -409,6 +409,7 @@ spec:
- UUID
- VaultDynamicSecret
- Webhook
- Grafana
type: string
name:
description: Specify the name of the generator resource
@ -605,6 +606,7 @@ spec:
- UUID
- VaultDynamicSecret
- Webhook
- Grafana
type: string
name:
description: Specify the name of the generator resource
@ -1542,6 +1544,66 @@ spec:
- auth
- installID
type: object
grafanaSpec:
description: GrafanaSpec controls the behavior of the grafana
generator.
properties:
auth:
description: |-
Auth is the authentication configuration to authenticate
against the Grafana instance.
properties:
token:
description: |-
A service account token used to authenticate against the Grafana instance.
Note: you need a token which has elevated permissions to create service accounts.
See here for the documentation on basic roles offered by Grafana:
https://grafana.com/docs/grafana/latest/administration/roles-and-permissions/access-control/rbac-fixed-basic-role-definitions/
properties:
key:
description: The key where the token is found.
maxLength: 253
minLength: 1
pattern: ^[-._a-zA-Z0-9]+$
type: string
name:
description: The name of the Secret resource being
referred to.
maxLength: 253
minLength: 1
pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
type: string
type: object
required:
- token
type: object
serviceAccount:
description: |-
ServiceAccount is the configuration for the service account that
is supposed to be generated by the generator.
properties:
name:
description: Name is the name of the service account that
will be created by ESO.
type: string
role:
description: |-
Role is the role of the service account.
See here for the documentation on basic roles offered by Grafana:
https://grafana.com/docs/grafana/latest/administration/roles-and-permissions/access-control/rbac-fixed-basic-role-definitions/
type: string
required:
- name
- role
type: object
url:
description: URL is the URL of the Grafana instance.
type: string
required:
- auth
- serviceAccount
- url
type: object
passwordSpec:
description: PasswordSpec controls the behavior of the password
generator.
@ -2753,12 +2815,12 @@ spec:
- Fake
- GCRAccessToken
- GithubAccessToken
- QuayAccessToken
- Password
- QuayAccessToken'Password
- STSSessionToken
- UUID
- VaultDynamicSecret
- Webhook
- Grafana
type: string
required:
- generator
@ -5771,6 +5833,8 @@ spec:
properties:
apiUrl:
type: string
apiVersion:
type: string
clientTimeOutSeconds:
description: Timeout specifies a time limit for requests
made by this Client. The timeout includes connection
@ -9148,6 +9212,9 @@ spec:
scope: Namespaced
versions:
- additionalPrinterColumns:
- jsonPath: .spec.secretStoreRef.kind
name: Store
type: string
- jsonPath: .spec.secretStoreRef.name
name: Store
type: string
@ -9461,6 +9528,9 @@ spec:
subresources:
status: {}
- additionalPrinterColumns:
- jsonPath: .spec.secretStoreRef.kind
name: StoreType
type: string
- jsonPath: .spec.secretStoreRef.name
name: Store
type: string
@ -9589,6 +9659,7 @@ spec:
- UUID
- VaultDynamicSecret
- Webhook
- Grafana
type: string
name:
description: Specify the name of the generator resource
@ -9784,6 +9855,7 @@ spec:
- UUID
- VaultDynamicSecret
- Webhook
- Grafana
type: string
name:
description: Specify the name of the generator resource
@ -10285,6 +10357,120 @@ spec:
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.17.1
labels:
external-secrets.io/component: controller
name: generatorstates.generators.external-secrets.io
spec:
conversion:
strategy: Webhook
webhook:
clientConfig:
service:
name: external-secrets-webhook
namespace: external-secrets
path: /convert
conversionReviewVersions:
- v1
group: generators.external-secrets.io
names:
categories:
- external-secrets
- external-secrets-generators
kind: GeneratorState
listKind: GeneratorStateList
plural: generatorstates
shortNames:
- gs
singular: generatorstate
scope: Namespaced
versions:
- additionalPrinterColumns:
- jsonPath: .spec.garbageCollectionDeadline
name: GC Deadline
type: string
- jsonPath: .metadata.creationTimestamp
name: Age
type: date
name: v1alpha1
schema:
openAPIV3Schema:
properties:
apiVersion:
description: |-
APIVersion defines the versioned schema of this representation of an object.
Servers should convert recognized schemas to the latest internal value, and
may reject unrecognized values.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
type: string
kind:
description: |-
Kind is a string value representing the REST resource this object represents.
Servers may infer this from the endpoint the client submits requests to.
Cannot be updated.
In CamelCase.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
type: string
metadata:
type: object
spec:
properties:
garbageCollectionDeadline:
description: |-
GarbageCollectionDeadline is the time after which the generator state
will be deleted.
It is set by the controller which creates the generator state and
can be set configured by the user.
If the garbage collection deadline is not set the generator state will not be deleted.
format: date-time
type: string
resource:
description: |-
Resource is the generator manifest that produced the state.
It is a snapshot of the generator manifest at the time the state was produced.
This manifest will be used to delete the resource. Any configuration that is referenced
in the manifest should be available at the time of garbage collection. If that is not the case deletion will
be blocked by a finalizer.
x-kubernetes-preserve-unknown-fields: true
state:
description: State is the state that was produced by the generator
implementation.
x-kubernetes-preserve-unknown-fields: true
required:
- resource
- state
type: object
status:
properties:
conditions:
items:
properties:
lastTransitionTime:
format: date-time
type: string
message:
type: string
reason:
type: string
status:
type: string
type:
type: string
required:
- status
- type
type: object
type: array
type: object
type: object
served: true
storage: true
subresources: {}
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.17.1
@ -10410,6 +10596,122 @@ spec:
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.17.1
labels:
external-secrets.io/component: controller
name: grafanas.generators.external-secrets.io
spec:
conversion:
strategy: Webhook
webhook:
clientConfig:
service:
name: external-secrets-webhook
namespace: external-secrets
path: /convert
conversionReviewVersions:
- v1
group: generators.external-secrets.io
names:
categories:
- external-secrets
- external-secrets-generators
kind: Grafana
listKind: GrafanaList
plural: grafanas
singular: grafana
scope: Namespaced
versions:
- name: v1alpha1
schema:
openAPIV3Schema:
properties:
apiVersion:
description: |-
APIVersion defines the versioned schema of this representation of an object.
Servers should convert recognized schemas to the latest internal value, and
may reject unrecognized values.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
type: string
kind:
description: |-
Kind is a string value representing the REST resource this object represents.
Servers may infer this from the endpoint the client submits requests to.
Cannot be updated.
In CamelCase.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
type: string
metadata:
type: object
spec:
description: GrafanaSpec controls the behavior of the grafana generator.
properties:
auth:
description: |-
Auth is the authentication configuration to authenticate
against the Grafana instance.
properties:
token:
description: |-
A service account token used to authenticate against the Grafana instance.
Note: you need a token which has elevated permissions to create service accounts.
See here for the documentation on basic roles offered by Grafana:
https://grafana.com/docs/grafana/latest/administration/roles-and-permissions/access-control/rbac-fixed-basic-role-definitions/
properties:
key:
description: The key where the token is found.
maxLength: 253
minLength: 1
pattern: ^[-._a-zA-Z0-9]+$
type: string
name:
description: The name of the Secret resource being referred
to.
maxLength: 253
minLength: 1
pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
type: string
type: object
required:
- token
type: object
serviceAccount:
description: |-
ServiceAccount is the configuration for the service account that
is supposed to be generated by the generator.
properties:
name:
description: Name is the name of the service account that will
be created by ESO.
type: string
role:
description: |-
Role is the role of the service account.
See here for the documentation on basic roles offered by Grafana:
https://grafana.com/docs/grafana/latest/administration/roles-and-permissions/access-control/rbac-fixed-basic-role-definitions/
type: string
required:
- name
- role
type: object
url:
description: URL is the URL of the Grafana instance.
type: string
required:
- auth
- serviceAccount
- url
type: object
type: object
served: true
storage: true
subresources:
status: {}
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.17.1
@ -10532,6 +10834,8 @@ spec:
kind: PushSecret
listKind: PushSecretList
plural: pushsecrets
shortNames:
- ps
singular: pushsecret
scope: Namespaced
versions:
@ -10712,6 +11016,7 @@ spec:
- UUID
- VaultDynamicSecret
- Webhook
- Grafana
type: string
name:
description: Specify the name of the generator resource
@ -14061,6 +14366,8 @@ spec:
properties:
apiUrl:
type: string
apiVersion:
type: string
clientTimeOutSeconds:
description: Timeout specifies a time limit for requests
made by this Client. The timeout includes connection
@ -18555,8 +18862,8 @@ metadata:
app.kubernetes.io/instance: external-secrets
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: external-secrets
app.kubernetes.io/version: v0.13.0
helm.sh/chart: external-secrets-0.13.0
app.kubernetes.io/version: v0.14.0
helm.sh/chart: external-secrets-0.14.0
name: external-secrets
namespace: external-secrets
---
@ -18567,8 +18874,8 @@ metadata:
app.kubernetes.io/instance: external-secrets
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: external-secrets-cert-controller
app.kubernetes.io/version: v0.13.0
helm.sh/chart: external-secrets-0.13.0
app.kubernetes.io/version: v0.14.0
helm.sh/chart: external-secrets-0.14.0
name: external-secrets-cert-controller
namespace: external-secrets
---
@ -18579,8 +18886,8 @@ metadata:
app.kubernetes.io/instance: external-secrets
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: external-secrets-webhook
app.kubernetes.io/version: v0.13.0
helm.sh/chart: external-secrets-0.13.0
app.kubernetes.io/version: v0.14.0
helm.sh/chart: external-secrets-0.14.0
name: external-secrets-webhook
namespace: external-secrets
---
@ -18591,8 +18898,8 @@ metadata:
app.kubernetes.io/instance: external-secrets
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: external-secrets
app.kubernetes.io/version: v0.13.0
helm.sh/chart: external-secrets-0.13.0
app.kubernetes.io/version: v0.14.0
helm.sh/chart: external-secrets-0.14.0
name: external-secrets-leaderelection
namespace: external-secrets
rules:
@ -18629,8 +18936,8 @@ metadata:
app.kubernetes.io/instance: external-secrets
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: external-secrets-cert-controller
app.kubernetes.io/version: v0.13.0
helm.sh/chart: external-secrets-0.13.0
app.kubernetes.io/version: v0.14.0
helm.sh/chart: external-secrets-0.14.0
name: external-secrets-cert-controller
rules:
- apiGroups:
@ -18703,8 +19010,8 @@ metadata:
app.kubernetes.io/instance: external-secrets
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: external-secrets
app.kubernetes.io/version: v0.13.0
helm.sh/chart: external-secrets-0.13.0
app.kubernetes.io/version: v0.14.0
helm.sh/chart: external-secrets-0.14.0
name: external-secrets-controller
rules:
- apiGroups:
@ -18741,6 +19048,19 @@ rules:
- get
- update
- patch
- apiGroups:
- generators.external-secrets.io
resources:
- generatorstates
verbs:
- get
- list
- watch
- create
- update
- patch
- delete
- deletecollection
- apiGroups:
- generators.external-secrets.io
resources:
@ -18756,6 +19076,7 @@ rules:
- uuids
- vaultdynamicsecrets
- webhooks
- grafanas
verbs:
- get
- list
@ -18818,8 +19139,8 @@ metadata:
app.kubernetes.io/instance: external-secrets
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: external-secrets
app.kubernetes.io/version: v0.13.0
helm.sh/chart: external-secrets-0.13.0
app.kubernetes.io/version: v0.14.0
helm.sh/chart: external-secrets-0.14.0
rbac.authorization.k8s.io/aggregate-to-admin: "true"
rbac.authorization.k8s.io/aggregate-to-edit: "true"
name: external-secrets-edit
@ -18850,6 +19171,8 @@ rules:
- passwords
- vaultdynamicsecrets
- webhooks
- grafanas
- generatorstates
verbs:
- create
- delete
@ -18864,8 +19187,8 @@ metadata:
app.kubernetes.io/instance: external-secrets
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: external-secrets
app.kubernetes.io/version: v0.13.0
helm.sh/chart: external-secrets-0.13.0
app.kubernetes.io/version: v0.14.0
helm.sh/chart: external-secrets-0.14.0
servicebinding.io/controller: "true"
name: external-secrets-servicebindings
rules:
@ -18885,8 +19208,8 @@ metadata:
app.kubernetes.io/instance: external-secrets
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: external-secrets
app.kubernetes.io/version: v0.13.0
helm.sh/chart: external-secrets-0.13.0
app.kubernetes.io/version: v0.14.0
helm.sh/chart: external-secrets-0.14.0
rbac.authorization.k8s.io/aggregate-to-admin: "true"
rbac.authorization.k8s.io/aggregate-to-edit: "true"
rbac.authorization.k8s.io/aggregate-to-view: "true"
@ -18916,6 +19239,8 @@ rules:
- passwords
- vaultdynamicsecrets
- webhooks
- grafanas
- generatorstates
verbs:
- get
- watch
@ -18928,8 +19253,8 @@ metadata:
app.kubernetes.io/instance: external-secrets
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: external-secrets
app.kubernetes.io/version: v0.13.0
helm.sh/chart: external-secrets-0.13.0
app.kubernetes.io/version: v0.14.0
helm.sh/chart: external-secrets-0.14.0
name: external-secrets-leaderelection
namespace: external-secrets
roleRef:
@ -18948,8 +19273,8 @@ metadata:
app.kubernetes.io/instance: external-secrets
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: external-secrets-cert-controller
app.kubernetes.io/version: v0.13.0
helm.sh/chart: external-secrets-0.13.0
app.kubernetes.io/version: v0.14.0
helm.sh/chart: external-secrets-0.14.0
name: external-secrets-cert-controller
roleRef:
apiGroup: rbac.authorization.k8s.io
@ -18967,8 +19292,8 @@ metadata:
app.kubernetes.io/instance: external-secrets
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: external-secrets
app.kubernetes.io/version: v0.13.0
helm.sh/chart: external-secrets-0.13.0
app.kubernetes.io/version: v0.14.0
helm.sh/chart: external-secrets-0.14.0
name: external-secrets-controller
roleRef:
apiGroup: rbac.authorization.k8s.io
@ -18986,9 +19311,9 @@ metadata:
app.kubernetes.io/instance: external-secrets
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: external-secrets-webhook
app.kubernetes.io/version: v0.13.0
app.kubernetes.io/version: v0.14.0
external-secrets.io/component: webhook
helm.sh/chart: external-secrets-0.13.0
helm.sh/chart: external-secrets-0.14.0
name: external-secrets-webhook
namespace: external-secrets
---
@ -18999,9 +19324,9 @@ metadata:
app.kubernetes.io/instance: external-secrets
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: external-secrets-webhook
app.kubernetes.io/version: v0.13.0
app.kubernetes.io/version: v0.14.0
external-secrets.io/component: webhook
helm.sh/chart: external-secrets-0.13.0
helm.sh/chart: external-secrets-0.14.0
name: external-secrets-webhook
namespace: external-secrets
spec:
@ -19022,8 +19347,8 @@ metadata:
app.kubernetes.io/instance: external-secrets
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: external-secrets
app.kubernetes.io/version: v0.13.0
helm.sh/chart: external-secrets-0.13.0
app.kubernetes.io/version: v0.14.0
helm.sh/chart: external-secrets-0.14.0
name: external-secrets
namespace: external-secrets
spec:
@ -19039,8 +19364,8 @@ spec:
app.kubernetes.io/instance: external-secrets
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: external-secrets
app.kubernetes.io/version: v0.13.0
helm.sh/chart: external-secrets-0.13.0
app.kubernetes.io/version: v0.14.0
helm.sh/chart: external-secrets-0.14.0
spec:
automountServiceAccountToken: true
containers:
@ -19049,7 +19374,7 @@ spec:
- --metrics-addr=:8080
- --loglevel=info
- --zap-time-encoding=epoch
image: oci.external-secrets.io/external-secrets/external-secrets:v0.13.0
image: oci.external-secrets.io/external-secrets/external-secrets:v0.14.0
imagePullPolicy: IfNotPresent
name: external-secrets
ports:
@ -19077,8 +19402,8 @@ metadata:
app.kubernetes.io/instance: external-secrets
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: external-secrets-cert-controller
app.kubernetes.io/version: v0.13.0
helm.sh/chart: external-secrets-0.13.0
app.kubernetes.io/version: v0.14.0
helm.sh/chart: external-secrets-0.14.0
name: external-secrets-cert-controller
namespace: external-secrets
spec:
@ -19094,8 +19419,8 @@ spec:
app.kubernetes.io/instance: external-secrets
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: external-secrets-cert-controller
app.kubernetes.io/version: v0.13.0
helm.sh/chart: external-secrets-0.13.0
app.kubernetes.io/version: v0.14.0
helm.sh/chart: external-secrets-0.14.0
spec:
automountServiceAccountToken: true
containers:
@ -19111,7 +19436,7 @@ spec:
- --loglevel=info
- --zap-time-encoding=epoch
- --enable-partial-cache=true
image: oci.external-secrets.io/external-secrets/external-secrets:v0.13.0
image: oci.external-secrets.io/external-secrets/external-secrets:v0.14.0
imagePullPolicy: IfNotPresent
name: cert-controller
ports:
@ -19144,8 +19469,8 @@ metadata:
app.kubernetes.io/instance: external-secrets
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: external-secrets-webhook
app.kubernetes.io/version: v0.13.0
helm.sh/chart: external-secrets-0.13.0
app.kubernetes.io/version: v0.14.0
helm.sh/chart: external-secrets-0.14.0
name: external-secrets-webhook
namespace: external-secrets
spec:
@ -19161,8 +19486,8 @@ spec:
app.kubernetes.io/instance: external-secrets
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: external-secrets-webhook
app.kubernetes.io/version: v0.13.0
helm.sh/chart: external-secrets-0.13.0
app.kubernetes.io/version: v0.14.0
helm.sh/chart: external-secrets-0.14.0
spec:
automountServiceAccountToken: true
containers:
@ -19176,7 +19501,7 @@ spec:
- --healthz-addr=:8081
- --loglevel=info
- --zap-time-encoding=epoch
image: oci.external-secrets.io/external-secrets/external-secrets:v0.13.0
image: oci.external-secrets.io/external-secrets/external-secrets:v0.14.0
imagePullPolicy: IfNotPresent
name: webhook
ports:
@ -19220,9 +19545,9 @@ metadata:
app.kubernetes.io/instance: external-secrets
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: external-secrets-webhook
app.kubernetes.io/version: v0.13.0
app.kubernetes.io/version: v0.14.0
external-secrets.io/component: webhook
helm.sh/chart: external-secrets-0.13.0
helm.sh/chart: external-secrets-0.14.0
name: externalsecret-validate
webhooks:
- admissionReviewVersions:
@ -19257,9 +19582,9 @@ metadata:
app.kubernetes.io/instance: external-secrets
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: external-secrets-webhook
app.kubernetes.io/version: v0.13.0
app.kubernetes.io/version: v0.14.0
external-secrets.io/component: webhook
helm.sh/chart: external-secrets-0.13.0
helm.sh/chart: external-secrets-0.14.0
name: secretstore-validate
webhooks:
- admissionReviewVersions: