alexlebens/infrastructure
1
0
Fork 0
Code Issues 1 Pull Requests 1 Actions Activity

chore: Update manifests after change

Browse Source
This commit is contained in:
Gitea
2026-04-10 17:14:51 +00:00
parent 59a1d2347c
commit 85e3824cee
33 changed files with 737 additions and 59 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
clusters/cl01tl/manifests/external-secrets/ClusterRole-external-secrets-cert-controller.yaml
View File

@@ -3,10 +3,10 @@ kind: ClusterRole
metadata:
name: external-secrets-cert-controller
labels:
helm.sh/chart: external-secrets-2.2.0
helm.sh/chart: external-secrets-2.3.0
app.kubernetes.io/name: external-secrets-cert-controller
app.kubernetes.io/instance: external-secrets
app.kubernetes.io/version: "v2.2.0"
app.kubernetes.io/version: "v2.3.0"
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/metrics: "cert-controller"
rules:

4
clusters/cl01tl/manifests/external-secrets/ClusterRole-external-secrets-controller.yaml
View File

@@ -3,10 +3,10 @@ kind: ClusterRole
metadata:
name: external-secrets-controller
labels:
helm.sh/chart: external-secrets-2.2.0
helm.sh/chart: external-secrets-2.3.0
app.kubernetes.io/name: external-secrets
app.kubernetes.io/instance: external-secrets
app.kubernetes.io/version: "v2.2.0"
app.kubernetes.io/version: "v2.3.0"
app.kubernetes.io/managed-by: Helm
rules:
- apiGroups:

4
clusters/cl01tl/manifests/external-secrets/ClusterRole-external-secrets-edit.yaml
View File

@@ -3,10 +3,10 @@ kind: ClusterRole
metadata:
name: external-secrets-edit
labels:
helm.sh/chart: external-secrets-2.2.0
helm.sh/chart: external-secrets-2.3.0
app.kubernetes.io/name: external-secrets
app.kubernetes.io/instance: external-secrets
app.kubernetes.io/version: "v2.2.0"
app.kubernetes.io/version: "v2.3.0"
app.kubernetes.io/managed-by: Helm
rbac.authorization.k8s.io/aggregate-to-edit: "true"
rbac.authorization.k8s.io/aggregate-to-admin: "true"

4
clusters/cl01tl/manifests/external-secrets/ClusterRole-external-secrets-servicebindings.yaml
View File

@@ -4,10 +4,10 @@ metadata:
name: external-secrets-servicebindings
labels:
servicebinding.io/controller: "true"
helm.sh/chart: external-secrets-2.2.0
helm.sh/chart: external-secrets-2.3.0
app.kubernetes.io/name: external-secrets
app.kubernetes.io/instance: external-secrets
app.kubernetes.io/version: "v2.2.0"
app.kubernetes.io/version: "v2.3.0"
app.kubernetes.io/managed-by: Helm
rules:
- apiGroups:

4
clusters/cl01tl/manifests/external-secrets/ClusterRole-external-secrets-view.yaml
View File

@@ -3,10 +3,10 @@ kind: ClusterRole
metadata:
name: external-secrets-view
labels:
helm.sh/chart: external-secrets-2.2.0
helm.sh/chart: external-secrets-2.3.0
app.kubernetes.io/name: external-secrets
app.kubernetes.io/instance: external-secrets
app.kubernetes.io/version: "v2.2.0"
app.kubernetes.io/version: "v2.3.0"
app.kubernetes.io/managed-by: Helm
rbac.authorization.k8s.io/aggregate-to-view: "true"
rbac.authorization.k8s.io/aggregate-to-edit: "true"

4
clusters/cl01tl/manifests/external-secrets/ClusterRoleBinding-external-secrets-cert-controller.yaml
View File

@@ -3,10 +3,10 @@ kind: ClusterRoleBinding
metadata:
name: external-secrets-cert-controller
labels:
helm.sh/chart: external-secrets-2.2.0
helm.sh/chart: external-secrets-2.3.0
app.kubernetes.io/name: external-secrets-cert-controller
app.kubernetes.io/instance: external-secrets
app.kubernetes.io/version: "v2.2.0"
app.kubernetes.io/version: "v2.3.0"
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/metrics: "cert-controller"
roleRef:

4
clusters/cl01tl/manifests/external-secrets/ClusterRoleBinding-external-secrets-controller.yaml
View File

@@ -3,10 +3,10 @@ kind: ClusterRoleBinding
metadata:
name: external-secrets-controller
labels:
helm.sh/chart: external-secrets-2.2.0
helm.sh/chart: external-secrets-2.3.0
app.kubernetes.io/name: external-secrets
app.kubernetes.io/instance: external-secrets
app.kubernetes.io/version: "v2.2.0"
app.kubernetes.io/version: "v2.3.0"
app.kubernetes.io/managed-by: Helm
roleRef:
apiGroup: rbac.authorization.k8s.io

21
clusters/cl01tl/manifests/external-secrets/CustomResourceDefinition-clusterexternalsecrets.external-secrets.io.yaml
View File

@@ -113,6 +113,13 @@ spec:
- None
- Fetch
type: string
nullBytePolicy:
default: Ignore
description: Controls how ESO handles fetched secret data containing NUL bytes for this source.
enum:
- Ignore
- Fail
type: string
property:
description: Used to select a specific property of the Provider value (if a map), if supported
type: string
@@ -240,6 +247,13 @@ spec:
- None
- Fetch
type: string
nullBytePolicy:
default: Ignore
description: Controls how ESO handles fetched secret data containing NUL bytes for this source.
enum:
- Ignore
- Fail
type: string
property:
description: Used to select a specific property of the Provider value (if a map), if supported
type: string
@@ -277,6 +291,13 @@ spec:
description: Finds secrets base
type: string
type: object
nullBytePolicy:
default: Ignore
description: Controls how ESO handles fetched secret data containing NUL bytes for this find source.
enum:
- Ignore
- Fail
type: string
path:
description: A root path to start the find operations.
type: string

3
clusters/cl01tl/manifests/external-secrets/CustomResourceDefinition-clustergenerators.generators.external-secrets.io.yaml
View File

@@ -1258,6 +1258,9 @@ spec:
pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
type: string
type: object
vaultRole:
description: VaultRole specifies the Vault role to use for TLS certificate authentication.
type: string
type: object
gcp:
description: |-

140
clusters/cl01tl/manifests/external-secrets/CustomResourceDefinition-clusterpushsecrets.external-secrets.io.yaml
View File

@@ -164,6 +164,146 @@ spec:
- match
type: object
type: array
dataTo:
description: DataTo defines bulk push rules that expand source Secret keys into provider entries.
items:
description: PushSecretDataTo defines how to bulk-push secrets to providers without explicit per-key mappings.
properties:
conversionStrategy:
default: None
description: Used to define a conversion Strategy for the secret keys
enum:
- None
- ReverseUnicode
type: string
match:
description: |-
Match pattern for selecting keys from the source Secret.
If not specified, all keys are selected.
properties:
regexp:
description: |-
Regexp matches keys by regular expression.
If not specified, all keys are matched.
type: string
type: object
metadata:
description: |-
Metadata is metadata attached to the secret.
The structure of metadata is provider specific, please look it up in the provider documentation.
x-kubernetes-preserve-unknown-fields: true
remoteKey:
description: |-
RemoteKey is the name of the single provider secret that will receive ALL
matched keys bundled as a JSON object (e.g. {"DB_HOST":"...","DB_USER":"..."}).
When set, per-key expansion is skipped and a single push is performed.
The provider's store prefix (if any) is still prepended to this value.
When not set, each matched key is pushed as its own individual provider secret.
type: string
rewrite:
description: |-
Rewrite operations to transform keys before pushing to the provider.
Operations are applied sequentially.
items:
description: PushSecretRewrite defines how to transform secret keys before pushing.
properties:
regexp:
description: Used to rewrite with regular expressions.
properties:
source:
description: Used to define the regular expression of a re.Compiler.
type: string
target:
description: Used to define the target pattern of a ReplaceAll operation.
type: string
required:
- source
- target
type: object
transform:
description: Used to apply string transformation on the secrets.
properties:
template:
description: |-
Used to define the template to apply on the secret name.
`.value ` will specify the secret name in the template.
type: string
required:
- template
type: object
type: object
x-kubernetes-validations:
- message: exactly one of regexp or transform must be set
rule: (has(self.regexp) && !has(self.transform)) || (!has(self.regexp) && has(self.transform))
type: array
storeRef:
description: StoreRef specifies which SecretStore to push to. Required.
properties:
kind:
default: SecretStore
description: Kind of the SecretStore resource (SecretStore or ClusterSecretStore)
enum:
- SecretStore
- ClusterSecretStore
type: string
labelSelector:
description: Optionally, sync to secret stores with label selector
properties:
matchExpressions:
description: matchExpressions is a list of label selector requirements. The requirements are ANDed.
items:
description: |-
A label selector requirement is a selector that contains values, a key, and an operator that
relates the key and values.
properties:
key:
description: key is the label key that the selector applies to.
type: string
operator:
description: |-
operator represents a key's relationship to a set of values.
Valid operators are In, NotIn, Exists and DoesNotExist.
type: string
values:
description: |-
values is an array of string values. If the operator is In or NotIn,
the values array must be non-empty. If the operator is Exists or DoesNotExist,
the values array must be empty. This array is replaced during a strategic
merge patch.
items:
type: string
type: array
x-kubernetes-list-type: atomic
required:
- key
- operator
type: object
type: array
x-kubernetes-list-type: atomic
matchLabels:
additionalProperties:
type: string
description: |-
matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
map is equivalent to an element of matchExpressions, whose key field is "key", the
operator is "In", and the values array contains only "value". The requirements are ANDed.
type: object
type: object
x-kubernetes-map-type: atomic
name:
description: Optionally, sync to the SecretStore of the given name
maxLength: 253
minLength: 1
pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
type: string
type: object
type: object
x-kubernetes-validations:
- message: storeRef must specify either name or labelSelector
rule: has(self.storeRef) && (has(self.storeRef.name) || has(self.storeRef.labelSelector))
- message: 'remoteKey and rewrite are mutually exclusive: rewrite is only supported in per-key mode (without remoteKey)'
rule: '!has(self.remoteKey) || !has(self.rewrite) || size(self.rewrite) == 0'
type: array
deletionPolicy:
default: None
description: Deletion Policy to handle Secrets in the provider.

175
clusters/cl01tl/manifests/external-secrets/CustomResourceDefinition-clustersecretstores.external-secrets.io.yaml
View File

@@ -2088,6 +2088,16 @@ spec:
description: installationID specifies the Github APP installation that will be used to authenticate the client
format: int64
type: integer
orgSecretVisibility:
description: |-
orgSecretVisibility controls the visibility of organization secrets pushed via PushSecret.
Valid values are "all" or "private".
When unset, new secrets are created with visibility "all" and existing secrets preserve
whatever visibility they already have in GitHub.
enum:
- all
- private
type: string
organization:
description: organization will be used to fetch secrets from the Github organization
type: string
@@ -3831,6 +3841,168 @@ spec:
- region
- vault
type: object
ovh:
description: OVHcloud configures this store to sync secrets using the OVHcloud provider.
properties:
auth:
description: Authentication method (mtls or token).
properties:
mtls:
description: OvhClientMTLS defines the configuration required to authenticate to OVHcloud's Secret Manager using mTLS.
properties:
caBundle:
format: byte
type: string
caProvider:
description: |-
CAProvider provides a custom certificate authority for accessing the provider's store.
The CAProvider points to a Secret or ConfigMap resource that contains a PEM-encoded certificate.
properties:
key:
description: The key where the CA certificate can be found in the Secret or ConfigMap.
maxLength: 253
minLength: 1
pattern: ^[-._a-zA-Z0-9]+$
type: string
name:
description: The name of the object located at the provider type.
maxLength: 253
minLength: 1
pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
type: string
namespace:
description: |-
The namespace the Provider type is in.
Can only be defined when used in a ClusterSecretStore.
maxLength: 63
minLength: 1
pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
type: string
type:
description: The type of provider to use such as "Secret", or "ConfigMap".
enum:
- Secret
- ConfigMap
type: string
required:
- name
- type
type: object
certSecretRef:
description: |-
SecretKeySelector is a reference to a specific 'key' within a Secret resource.
In some instances, `key` is a required field.
properties:
key:
description: |-
A key in the referenced Secret.
Some instances of this field may be defaulted, in others it may be required.
maxLength: 253
minLength: 1
pattern: ^[-._a-zA-Z0-9]+$
type: string
name:
description: The name of the Secret resource being referred to.
maxLength: 253
minLength: 1
pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
type: string
namespace:
description: |-
The namespace of the Secret resource being referred to.
Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent.
maxLength: 63
minLength: 1
pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
type: string
type: object
keySecretRef:
description: |-
SecretKeySelector is a reference to a specific 'key' within a Secret resource.
In some instances, `key` is a required field.
properties:
key:
description: |-
A key in the referenced Secret.
Some instances of this field may be defaulted, in others it may be required.
maxLength: 253
minLength: 1
pattern: ^[-._a-zA-Z0-9]+$
type: string
name:
description: The name of the Secret resource being referred to.
maxLength: 253
minLength: 1
pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
type: string
namespace:
description: |-
The namespace of the Secret resource being referred to.
Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent.
maxLength: 63
minLength: 1
pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
type: string
type: object
required:
- certSecretRef
- keySecretRef
type: object
token:
description: OvhClientToken defines the configuration required to authenticate to OVHcloud's Secret Manager using a token.
properties:
tokenSecretRef:
description: |-
SecretKeySelector is a reference to a specific 'key' within a Secret resource.
In some instances, `key` is a required field.
properties:
key:
description: |-
A key in the referenced Secret.
Some instances of this field may be defaulted, in others it may be required.
maxLength: 253
minLength: 1
pattern: ^[-._a-zA-Z0-9]+$
type: string
name:
description: The name of the Secret resource being referred to.
maxLength: 253
minLength: 1
pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
type: string
namespace:
description: |-
The namespace of the Secret resource being referred to.
Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent.
maxLength: 63
minLength: 1
pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
type: string
type: object
required:
- tokenSecretRef
type: object
type: object
casRequired:
description: 'Enables or disables check-and-set (CAS) (default: false).'
type: boolean
okmsTimeout:
default: 30
description: 'Setup a timeout in seconds when requests to the KMS are made (default: 30).'
format: int32
minimum: 1
type: integer
okmsid:
description: specifies the OKMS ID.
type: string
server:
description: specifies the OKMS server endpoint.
type: string
required:
- auth
- okmsid
- server
type: object
passbolt:
description: |-
PassboltProvider provides access to Passbolt secrets manager.
@@ -4474,6 +4646,9 @@ spec:
pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
type: string
type: object
vaultRole:
description: VaultRole specifies the Vault role to use for TLS certificate authentication.
type: string
type: object
gcp:
description: |-

21
clusters/cl01tl/manifests/external-secrets/CustomResourceDefinition-externalsecrets.external-secrets.io.yaml
View File

@@ -101,6 +101,13 @@ spec:
- None
- Fetch
type: string
nullBytePolicy:
default: Ignore
description: Controls how ESO handles fetched secret data containing NUL bytes for this source.
enum:
- Ignore
- Fail
type: string
property:
description: Used to select a specific property of the Provider value (if a map), if supported
type: string
@@ -228,6 +235,13 @@ spec:
- None
- Fetch
type: string
nullBytePolicy:
default: Ignore
description: Controls how ESO handles fetched secret data containing NUL bytes for this source.
enum:
- Ignore
- Fail
type: string
property:
description: Used to select a specific property of the Provider value (if a map), if supported
type: string
@@ -265,6 +279,13 @@ spec:
description: Finds secrets base
type: string
type: object
nullBytePolicy:
default: Ignore
description: Controls how ESO handles fetched secret data containing NUL bytes for this find source.
enum:
- Ignore
- Fail
type: string
path:
description: A root path to start the find operations.
type: string

140
clusters/cl01tl/manifests/external-secrets/CustomResourceDefinition-pushsecrets.external-secrets.io.yaml
View File

@@ -96,6 +96,146 @@ spec:
- match
type: object
type: array
dataTo:
description: DataTo defines bulk push rules that expand source Secret keys into provider entries.
items:
description: PushSecretDataTo defines how to bulk-push secrets to providers without explicit per-key mappings.
properties:
conversionStrategy:
default: None
description: Used to define a conversion Strategy for the secret keys
enum:
- None
- ReverseUnicode
type: string
match:
description: |-
Match pattern for selecting keys from the source Secret.
If not specified, all keys are selected.
properties:
regexp:
description: |-
Regexp matches keys by regular expression.
If not specified, all keys are matched.
type: string
type: object
metadata:
description: |-
Metadata is metadata attached to the secret.
The structure of metadata is provider specific, please look it up in the provider documentation.
x-kubernetes-preserve-unknown-fields: true
remoteKey:
description: |-
RemoteKey is the name of the single provider secret that will receive ALL
matched keys bundled as a JSON object (e.g. {"DB_HOST":"...","DB_USER":"..."}).
When set, per-key expansion is skipped and a single push is performed.
The provider's store prefix (if any) is still prepended to this value.
When not set, each matched key is pushed as its own individual provider secret.
type: string
rewrite:
description: |-
Rewrite operations to transform keys before pushing to the provider.
Operations are applied sequentially.
items:
description: PushSecretRewrite defines how to transform secret keys before pushing.
properties:
regexp:
description: Used to rewrite with regular expressions.
properties:
source:
description: Used to define the regular expression of a re.Compiler.
type: string
target:
description: Used to define the target pattern of a ReplaceAll operation.
type: string
required:
- source
- target
type: object
transform:
description: Used to apply string transformation on the secrets.
properties:
template:
description: |-
Used to define the template to apply on the secret name.
`.value ` will specify the secret name in the template.
type: string
required:
- template
type: object
type: object
x-kubernetes-validations:
- message: exactly one of regexp or transform must be set
rule: (has(self.regexp) && !has(self.transform)) || (!has(self.regexp) && has(self.transform))
type: array
storeRef:
description: StoreRef specifies which SecretStore to push to. Required.
properties:
kind:
default: SecretStore
description: Kind of the SecretStore resource (SecretStore or ClusterSecretStore)
enum:
- SecretStore
- ClusterSecretStore
type: string
labelSelector:
description: Optionally, sync to secret stores with label selector
properties:
matchExpressions:
description: matchExpressions is a list of label selector requirements. The requirements are ANDed.
items:
description: |-
A label selector requirement is a selector that contains values, a key, and an operator that
relates the key and values.
properties:
key:
description: key is the label key that the selector applies to.
type: string
operator:
description: |-
operator represents a key's relationship to a set of values.
Valid operators are In, NotIn, Exists and DoesNotExist.
type: string
values:
description: |-
values is an array of string values. If the operator is In or NotIn,
the values array must be non-empty. If the operator is Exists or DoesNotExist,
the values array must be empty. This array is replaced during a strategic
merge patch.
items:
type: string
type: array
x-kubernetes-list-type: atomic
required:
- key
- operator
type: object
type: array
x-kubernetes-list-type: atomic
matchLabels:
additionalProperties:
type: string
description: |-
matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
map is equivalent to an element of matchExpressions, whose key field is "key", the
operator is "In", and the values array contains only "value". The requirements are ANDed.
type: object
type: object
x-kubernetes-map-type: atomic
name:
description: Optionally, sync to the SecretStore of the given name
maxLength: 253
minLength: 1
pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
type: string
type: object
type: object
x-kubernetes-validations:
- message: storeRef must specify either name or labelSelector
rule: has(self.storeRef) && (has(self.storeRef.name) || has(self.storeRef.labelSelector))
- message: 'remoteKey and rewrite are mutually exclusive: rewrite is only supported in per-key mode (without remoteKey)'
rule: '!has(self.remoteKey) || !has(self.rewrite) || size(self.rewrite) == 0'
type: array
deletionPolicy:
default: None
description: Deletion Policy to handle Secrets in the provider.

175
clusters/cl01tl/manifests/external-secrets/CustomResourceDefinition-secretstores.external-secrets.io.yaml
View File

@@ -2088,6 +2088,16 @@ spec:
description: installationID specifies the Github APP installation that will be used to authenticate the client
format: int64
type: integer
orgSecretVisibility:
description: |-
orgSecretVisibility controls the visibility of organization secrets pushed via PushSecret.
Valid values are "all" or "private".
When unset, new secrets are created with visibility "all" and existing secrets preserve
whatever visibility they already have in GitHub.
enum:
- all
- private
type: string
organization:
description: organization will be used to fetch secrets from the Github organization
type: string
@@ -3831,6 +3841,168 @@ spec:
- region
- vault
type: object
ovh:
description: OVHcloud configures this store to sync secrets using the OVHcloud provider.
properties:
auth:
description: Authentication method (mtls or token).
properties:
mtls:
description: OvhClientMTLS defines the configuration required to authenticate to OVHcloud's Secret Manager using mTLS.
properties:
caBundle:
format: byte
type: string
caProvider:
description: |-
CAProvider provides a custom certificate authority for accessing the provider's store.
The CAProvider points to a Secret or ConfigMap resource that contains a PEM-encoded certificate.
properties:
key:
description: The key where the CA certificate can be found in the Secret or ConfigMap.
maxLength: 253
minLength: 1
pattern: ^[-._a-zA-Z0-9]+$
type: string
name:
description: The name of the object located at the provider type.
maxLength: 253
minLength: 1
pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
type: string
namespace:
description: |-
The namespace the Provider type is in.
Can only be defined when used in a ClusterSecretStore.
maxLength: 63
minLength: 1
pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
type: string
type:
description: The type of provider to use such as "Secret", or "ConfigMap".
enum:
- Secret
- ConfigMap
type: string
required:
- name
- type
type: object
certSecretRef:
description: |-
SecretKeySelector is a reference to a specific 'key' within a Secret resource.
In some instances, `key` is a required field.
properties:
key:
description: |-
A key in the referenced Secret.
Some instances of this field may be defaulted, in others it may be required.
maxLength: 253
minLength: 1
pattern: ^[-._a-zA-Z0-9]+$
type: string
name:
description: The name of the Secret resource being referred to.
maxLength: 253
minLength: 1
pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
type: string
namespace:
description: |-
The namespace of the Secret resource being referred to.
Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent.
maxLength: 63
minLength: 1
pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
type: string
type: object
keySecretRef:
description: |-
SecretKeySelector is a reference to a specific 'key' within a Secret resource.
In some instances, `key` is a required field.
properties:
key:
description: |-
A key in the referenced Secret.
Some instances of this field may be defaulted, in others it may be required.
maxLength: 253
minLength: 1
pattern: ^[-._a-zA-Z0-9]+$
type: string
name:
description: The name of the Secret resource being referred to.
maxLength: 253
minLength: 1
pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
type: string
namespace:
description: |-
The namespace of the Secret resource being referred to.
Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent.
maxLength: 63
minLength: 1
pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
type: string
type: object
required:
- certSecretRef
- keySecretRef
type: object
token:
description: OvhClientToken defines the configuration required to authenticate to OVHcloud's Secret Manager using a token.
properties:
tokenSecretRef:
description: |-
SecretKeySelector is a reference to a specific 'key' within a Secret resource.
In some instances, `key` is a required field.
properties:
key:
description: |-
A key in the referenced Secret.
Some instances of this field may be defaulted, in others it may be required.
maxLength: 253
minLength: 1
pattern: ^[-._a-zA-Z0-9]+$
type: string
name:
description: The name of the Secret resource being referred to.
maxLength: 253
minLength: 1
pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
type: string
namespace:
description: |-
The namespace of the Secret resource being referred to.
Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent.
maxLength: 63
minLength: 1
pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
type: string
type: object
required:
- tokenSecretRef
type: object
type: object
casRequired:
description: 'Enables or disables check-and-set (CAS) (default: false).'
type: boolean
okmsTimeout:
default: 30
description: 'Setup a timeout in seconds when requests to the KMS are made (default: 30).'
format: int32
minimum: 1
type: integer
okmsid:
description: specifies the OKMS ID.
type: string
server:
description: specifies the OKMS server endpoint.
type: string
required:
- auth
- okmsid
- server
type: object
passbolt:
description: |-
PassboltProvider provides access to Passbolt secrets manager.
@@ -4474,6 +4646,9 @@ spec:
pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
type: string
type: object
vaultRole:
description: VaultRole specifies the Vault role to use for TLS certificate authentication.
type: string
type: object
gcp:
description: |-

3
clusters/cl01tl/manifests/external-secrets/CustomResourceDefinition-vaultdynamicsecrets.generators.external-secrets.io.yaml
View File

@@ -214,6 +214,9 @@ spec:
pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
type: string
type: object
vaultRole:
description: VaultRole specifies the Vault role to use for TLS certificate authentication.
type: string
type: object
gcp:
description: |-

10
clusters/cl01tl/manifests/external-secrets/Deployment-external-secrets-cert-controller.yaml
View File

@@ -4,10 +4,10 @@ metadata:
name: external-secrets-cert-controller
namespace: external-secrets
labels:
helm.sh/chart: external-secrets-2.2.0
helm.sh/chart: external-secrets-2.3.0
app.kubernetes.io/name: external-secrets-cert-controller
app.kubernetes.io/instance: external-secrets
app.kubernetes.io/version: "v2.2.0"
app.kubernetes.io/version: "v2.3.0"
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/metrics: "cert-controller"
spec:
@@ -20,10 +20,10 @@ spec:
template:
metadata:
labels:
helm.sh/chart: external-secrets-2.2.0
helm.sh/chart: external-secrets-2.3.0
app.kubernetes.io/name: external-secrets-cert-controller
app.kubernetes.io/instance: external-secrets
app.kubernetes.io/version: "v2.2.0"
app.kubernetes.io/version: "v2.3.0"
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/metrics: "cert-controller"
spec:
@@ -42,7 +42,7 @@ spec:
runAsUser: 1000
seccompProfile:
type: RuntimeDefault
image: ghcr.io/external-secrets/external-secrets:v2.2.0@sha256:876e627dbee5b0edd12da49b035469d12418cd6c3c4be5e383ae6a82e8bd4565
image: ghcr.io/external-secrets/external-secrets:v2.3.0@sha256:c425f51f422506c380550ad32fbf155412c7be84dd1c4b196130dcf04497be80
imagePullPolicy: IfNotPresent
args:
- certcontroller

10
clusters/cl01tl/manifests/external-secrets/Deployment-external-secrets-webhook.yaml
View File

@@ -4,10 +4,10 @@ metadata:
name: external-secrets-webhook
namespace: external-secrets
labels:
helm.sh/chart: external-secrets-2.2.0
helm.sh/chart: external-secrets-2.3.0
app.kubernetes.io/name: external-secrets-webhook
app.kubernetes.io/instance: external-secrets
app.kubernetes.io/version: "v2.2.0"
app.kubernetes.io/version: "v2.3.0"
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/metrics: "webhook"
spec:
@@ -20,10 +20,10 @@ spec:
template:
metadata:
labels:
helm.sh/chart: external-secrets-2.2.0
helm.sh/chart: external-secrets-2.3.0
app.kubernetes.io/name: external-secrets-webhook
app.kubernetes.io/instance: external-secrets
app.kubernetes.io/version: "v2.2.0"
app.kubernetes.io/version: "v2.3.0"
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/metrics: "webhook"
spec:
@@ -42,7 +42,7 @@ spec:
runAsUser: 1000
seccompProfile:
type: RuntimeDefault
image: ghcr.io/external-secrets/external-secrets:v2.2.0@sha256:876e627dbee5b0edd12da49b035469d12418cd6c3c4be5e383ae6a82e8bd4565
image: ghcr.io/external-secrets/external-secrets:v2.3.0@sha256:c425f51f422506c380550ad32fbf155412c7be84dd1c4b196130dcf04497be80
imagePullPolicy: IfNotPresent
args:
- webhook

10
clusters/cl01tl/manifests/external-secrets/Deployment-external-secrets.yaml
View File

@@ -4,10 +4,10 @@ metadata:
name: external-secrets
namespace: external-secrets
labels:
helm.sh/chart: external-secrets-2.2.0
helm.sh/chart: external-secrets-2.3.0
app.kubernetes.io/name: external-secrets
app.kubernetes.io/instance: external-secrets
app.kubernetes.io/version: "v2.2.0"
app.kubernetes.io/version: "v2.3.0"
app.kubernetes.io/managed-by: Helm
spec:
replicas: 3
@@ -19,10 +19,10 @@ spec:
template:
metadata:
labels:
helm.sh/chart: external-secrets-2.2.0
helm.sh/chart: external-secrets-2.3.0
app.kubernetes.io/name: external-secrets
app.kubernetes.io/instance: external-secrets
app.kubernetes.io/version: "v2.2.0"
app.kubernetes.io/version: "v2.3.0"
app.kubernetes.io/managed-by: Helm
spec:
serviceAccountName: external-secrets
@@ -40,7 +40,7 @@ spec:
runAsUser: 1000
seccompProfile:
type: RuntimeDefault
image: ghcr.io/external-secrets/external-secrets:v2.2.0@sha256:876e627dbee5b0edd12da49b035469d12418cd6c3c4be5e383ae6a82e8bd4565
image: ghcr.io/external-secrets/external-secrets:v2.3.0@sha256:c425f51f422506c380550ad32fbf155412c7be84dd1c4b196130dcf04497be80
imagePullPolicy: IfNotPresent
args:
- --enable-leader-election=true

4
clusters/cl01tl/manifests/external-secrets/PodDisruptionBudget-external-secrets-pdb.yaml
View File

@@ -4,10 +4,10 @@ metadata:
name: "external-secrets-pdb"
namespace: external-secrets
labels:
helm.sh/chart: external-secrets-2.2.0
helm.sh/chart: external-secrets-2.3.0
app.kubernetes.io/name: external-secrets
app.kubernetes.io/instance: external-secrets
app.kubernetes.io/version: "v2.2.0"
app.kubernetes.io/version: "v2.3.0"
app.kubernetes.io/managed-by: Helm
spec:
minAvailable: 1

4
clusters/cl01tl/manifests/external-secrets/Role-external-secrets-leaderelection.yaml
View File

@@ -4,10 +4,10 @@ metadata:
name: external-secrets-leaderelection
namespace: external-secrets
labels:
helm.sh/chart: external-secrets-2.2.0
helm.sh/chart: external-secrets-2.3.0
app.kubernetes.io/name: external-secrets
app.kubernetes.io/instance: external-secrets
app.kubernetes.io/version: "v2.2.0"
app.kubernetes.io/version: "v2.3.0"
app.kubernetes.io/managed-by: Helm
rules:
- apiGroups:

4
clusters/cl01tl/manifests/external-secrets/RoleBinding-external-secrets-leaderelection.yaml
View File

@@ -4,10 +4,10 @@ metadata:
name: external-secrets-leaderelection
namespace: external-secrets
labels:
helm.sh/chart: external-secrets-2.2.0
helm.sh/chart: external-secrets-2.3.0
app.kubernetes.io/name: external-secrets
app.kubernetes.io/instance: external-secrets
app.kubernetes.io/version: "v2.2.0"
app.kubernetes.io/version: "v2.3.0"
app.kubernetes.io/managed-by: Helm
roleRef:
apiGroup: rbac.authorization.k8s.io

4
clusters/cl01tl/manifests/external-secrets/Secret-external-secrets-webhook.yaml
View File

@@ -4,10 +4,10 @@ metadata:
name: external-secrets-webhook
namespace: external-secrets
labels:
helm.sh/chart: external-secrets-2.2.0
helm.sh/chart: external-secrets-2.3.0
app.kubernetes.io/name: external-secrets-webhook
app.kubernetes.io/instance: external-secrets
app.kubernetes.io/version: "v2.2.0"
app.kubernetes.io/version: "v2.3.0"
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/metrics: "webhook"
external-secrets.io/component: webhook

4
clusters/cl01tl/manifests/external-secrets/Service-external-secrets-cert-controller-metrics.yaml
View File

@@ -4,10 +4,10 @@ metadata:
name: external-secrets-cert-controller-metrics
namespace: external-secrets
labels:
helm.sh/chart: external-secrets-2.2.0
helm.sh/chart: external-secrets-2.3.0
app.kubernetes.io/name: external-secrets-cert-controller
app.kubernetes.io/instance: external-secrets
app.kubernetes.io/version: "v2.2.0"
app.kubernetes.io/version: "v2.3.0"
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/metrics: "cert-controller"
spec:

4
clusters/cl01tl/manifests/external-secrets/Service-external-secrets-metrics.yaml
View File

@@ -4,10 +4,10 @@ metadata:
name: external-secrets-metrics
namespace: external-secrets
labels:
helm.sh/chart: external-secrets-2.2.0
helm.sh/chart: external-secrets-2.3.0
app.kubernetes.io/name: external-secrets
app.kubernetes.io/instance: external-secrets
app.kubernetes.io/version: "v2.2.0"
app.kubernetes.io/version: "v2.3.0"
app.kubernetes.io/managed-by: Helm
spec:
type: ClusterIP

4
clusters/cl01tl/manifests/external-secrets/Service-external-secrets-webhook.yaml
View File

@@ -4,10 +4,10 @@ metadata:
name: external-secrets-webhook
namespace: external-secrets
labels:
helm.sh/chart: external-secrets-2.2.0
helm.sh/chart: external-secrets-2.3.0
app.kubernetes.io/name: external-secrets-webhook
app.kubernetes.io/instance: external-secrets
app.kubernetes.io/version: "v2.2.0"
app.kubernetes.io/version: "v2.3.0"
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/metrics: "webhook"
external-secrets.io/component: webhook

4
clusters/cl01tl/manifests/external-secrets/ServiceAccount-external-secrets-cert-controller.yaml
View File

@@ -4,9 +4,9 @@ metadata:
name: external-secrets-cert-controller
namespace: external-secrets
labels:
helm.sh/chart: external-secrets-2.2.0
helm.sh/chart: external-secrets-2.3.0
app.kubernetes.io/name: external-secrets-cert-controller
app.kubernetes.io/instance: external-secrets
app.kubernetes.io/version: "v2.2.0"
app.kubernetes.io/version: "v2.3.0"
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/metrics: "cert-controller"

4
clusters/cl01tl/manifests/external-secrets/ServiceAccount-external-secrets-webhook.yaml
View File

@@ -4,9 +4,9 @@ metadata:
name: external-secrets-webhook
namespace: external-secrets
labels:
helm.sh/chart: external-secrets-2.2.0
helm.sh/chart: external-secrets-2.3.0
app.kubernetes.io/name: external-secrets-webhook
app.kubernetes.io/instance: external-secrets
app.kubernetes.io/version: "v2.2.0"
app.kubernetes.io/version: "v2.3.0"
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/metrics: "webhook"

4
clusters/cl01tl/manifests/external-secrets/ServiceAccount-external-secrets.yaml
View File

@@ -4,8 +4,8 @@ metadata:
name: external-secrets
namespace: external-secrets
labels:
helm.sh/chart: external-secrets-2.2.0
helm.sh/chart: external-secrets-2.3.0
app.kubernetes.io/name: external-secrets
app.kubernetes.io/instance: external-secrets
app.kubernetes.io/version: "v2.2.0"
app.kubernetes.io/version: "v2.3.0"
app.kubernetes.io/managed-by: Helm

4
clusters/cl01tl/manifests/external-secrets/ServiceMonitor-external-secrets-cert-controller-metrics.yaml
View File

@@ -2,10 +2,10 @@ apiVersion: "monitoring.coreos.com/v1"
kind: ServiceMonitor
metadata:
labels:
helm.sh/chart: external-secrets-2.2.0
helm.sh/chart: external-secrets-2.3.0
app.kubernetes.io/name: external-secrets-cert-controller
app.kubernetes.io/instance: external-secrets
app.kubernetes.io/version: "v2.2.0"
app.kubernetes.io/version: "v2.3.0"
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/metrics: "cert-controller"
name: external-secrets-cert-controller-metrics

4
clusters/cl01tl/manifests/external-secrets/ServiceMonitor-external-secrets-metrics.yaml
View File

@@ -2,10 +2,10 @@ apiVersion: "monitoring.coreos.com/v1"
kind: ServiceMonitor
metadata:
labels:
helm.sh/chart: external-secrets-2.2.0
helm.sh/chart: external-secrets-2.3.0
app.kubernetes.io/name: external-secrets
app.kubernetes.io/instance: external-secrets
app.kubernetes.io/version: "v2.2.0"
app.kubernetes.io/version: "v2.3.0"
app.kubernetes.io/managed-by: Helm
name: external-secrets-metrics
namespace: "external-secrets"

4
clusters/cl01tl/manifests/external-secrets/ServiceMonitor-external-secrets-webhook-metrics.yaml
View File

@@ -2,10 +2,10 @@ apiVersion: "monitoring.coreos.com/v1"
kind: ServiceMonitor
metadata:
labels:
helm.sh/chart: external-secrets-2.2.0
helm.sh/chart: external-secrets-2.3.0
app.kubernetes.io/name: external-secrets-webhook
app.kubernetes.io/instance: external-secrets
app.kubernetes.io/version: "v2.2.0"
app.kubernetes.io/version: "v2.3.0"
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/metrics: "webhook"
name: external-secrets-webhook-metrics

4
clusters/cl01tl/manifests/external-secrets/ValidatingWebhookConfiguration-externalsecret-validate.yaml
View File

@@ -3,10 +3,10 @@ kind: ValidatingWebhookConfiguration
metadata:
name: externalsecret-validate
labels:
helm.sh/chart: external-secrets-2.2.0
helm.sh/chart: external-secrets-2.3.0
app.kubernetes.io/name: external-secrets-webhook
app.kubernetes.io/instance: external-secrets
app.kubernetes.io/version: "v2.2.0"
app.kubernetes.io/version: "v2.3.0"
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/metrics: "webhook"
external-secrets.io/component: webhook

4
clusters/cl01tl/manifests/external-secrets/ValidatingWebhookConfiguration-secretstore-validate.yaml
View File

@@ -3,10 +3,10 @@ kind: ValidatingWebhookConfiguration
metadata:
name: secretstore-validate
labels:
helm.sh/chart: external-secrets-2.2.0
helm.sh/chart: external-secrets-2.3.0
app.kubernetes.io/name: external-secrets-webhook
app.kubernetes.io/instance: external-secrets
app.kubernetes.io/version: "v2.2.0"
app.kubernetes.io/version: "v2.3.0"
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/metrics: "webhook"
external-secrets.io/component: webhook