chore: Update manifests after change
This commit is contained in:
@@ -3,10 +3,10 @@ kind: ClusterRole
|
|||||||
metadata:
|
metadata:
|
||||||
name: external-secrets-cert-controller
|
name: external-secrets-cert-controller
|
||||||
labels:
|
labels:
|
||||||
helm.sh/chart: external-secrets-2.2.0
|
helm.sh/chart: external-secrets-2.3.0
|
||||||
app.kubernetes.io/name: external-secrets-cert-controller
|
app.kubernetes.io/name: external-secrets-cert-controller
|
||||||
app.kubernetes.io/instance: external-secrets
|
app.kubernetes.io/instance: external-secrets
|
||||||
app.kubernetes.io/version: "v2.2.0"
|
app.kubernetes.io/version: "v2.3.0"
|
||||||
app.kubernetes.io/managed-by: Helm
|
app.kubernetes.io/managed-by: Helm
|
||||||
app.kubernetes.io/metrics: "cert-controller"
|
app.kubernetes.io/metrics: "cert-controller"
|
||||||
rules:
|
rules:
|
||||||
|
|||||||
@@ -3,10 +3,10 @@ kind: ClusterRole
|
|||||||
metadata:
|
metadata:
|
||||||
name: external-secrets-controller
|
name: external-secrets-controller
|
||||||
labels:
|
labels:
|
||||||
helm.sh/chart: external-secrets-2.2.0
|
helm.sh/chart: external-secrets-2.3.0
|
||||||
app.kubernetes.io/name: external-secrets
|
app.kubernetes.io/name: external-secrets
|
||||||
app.kubernetes.io/instance: external-secrets
|
app.kubernetes.io/instance: external-secrets
|
||||||
app.kubernetes.io/version: "v2.2.0"
|
app.kubernetes.io/version: "v2.3.0"
|
||||||
app.kubernetes.io/managed-by: Helm
|
app.kubernetes.io/managed-by: Helm
|
||||||
rules:
|
rules:
|
||||||
- apiGroups:
|
- apiGroups:
|
||||||
|
|||||||
@@ -3,10 +3,10 @@ kind: ClusterRole
|
|||||||
metadata:
|
metadata:
|
||||||
name: external-secrets-edit
|
name: external-secrets-edit
|
||||||
labels:
|
labels:
|
||||||
helm.sh/chart: external-secrets-2.2.0
|
helm.sh/chart: external-secrets-2.3.0
|
||||||
app.kubernetes.io/name: external-secrets
|
app.kubernetes.io/name: external-secrets
|
||||||
app.kubernetes.io/instance: external-secrets
|
app.kubernetes.io/instance: external-secrets
|
||||||
app.kubernetes.io/version: "v2.2.0"
|
app.kubernetes.io/version: "v2.3.0"
|
||||||
app.kubernetes.io/managed-by: Helm
|
app.kubernetes.io/managed-by: Helm
|
||||||
rbac.authorization.k8s.io/aggregate-to-edit: "true"
|
rbac.authorization.k8s.io/aggregate-to-edit: "true"
|
||||||
rbac.authorization.k8s.io/aggregate-to-admin: "true"
|
rbac.authorization.k8s.io/aggregate-to-admin: "true"
|
||||||
|
|||||||
@@ -4,10 +4,10 @@ metadata:
|
|||||||
name: external-secrets-servicebindings
|
name: external-secrets-servicebindings
|
||||||
labels:
|
labels:
|
||||||
servicebinding.io/controller: "true"
|
servicebinding.io/controller: "true"
|
||||||
helm.sh/chart: external-secrets-2.2.0
|
helm.sh/chart: external-secrets-2.3.0
|
||||||
app.kubernetes.io/name: external-secrets
|
app.kubernetes.io/name: external-secrets
|
||||||
app.kubernetes.io/instance: external-secrets
|
app.kubernetes.io/instance: external-secrets
|
||||||
app.kubernetes.io/version: "v2.2.0"
|
app.kubernetes.io/version: "v2.3.0"
|
||||||
app.kubernetes.io/managed-by: Helm
|
app.kubernetes.io/managed-by: Helm
|
||||||
rules:
|
rules:
|
||||||
- apiGroups:
|
- apiGroups:
|
||||||
|
|||||||
@@ -3,10 +3,10 @@ kind: ClusterRole
|
|||||||
metadata:
|
metadata:
|
||||||
name: external-secrets-view
|
name: external-secrets-view
|
||||||
labels:
|
labels:
|
||||||
helm.sh/chart: external-secrets-2.2.0
|
helm.sh/chart: external-secrets-2.3.0
|
||||||
app.kubernetes.io/name: external-secrets
|
app.kubernetes.io/name: external-secrets
|
||||||
app.kubernetes.io/instance: external-secrets
|
app.kubernetes.io/instance: external-secrets
|
||||||
app.kubernetes.io/version: "v2.2.0"
|
app.kubernetes.io/version: "v2.3.0"
|
||||||
app.kubernetes.io/managed-by: Helm
|
app.kubernetes.io/managed-by: Helm
|
||||||
rbac.authorization.k8s.io/aggregate-to-view: "true"
|
rbac.authorization.k8s.io/aggregate-to-view: "true"
|
||||||
rbac.authorization.k8s.io/aggregate-to-edit: "true"
|
rbac.authorization.k8s.io/aggregate-to-edit: "true"
|
||||||
|
|||||||
@@ -3,10 +3,10 @@ kind: ClusterRoleBinding
|
|||||||
metadata:
|
metadata:
|
||||||
name: external-secrets-cert-controller
|
name: external-secrets-cert-controller
|
||||||
labels:
|
labels:
|
||||||
helm.sh/chart: external-secrets-2.2.0
|
helm.sh/chart: external-secrets-2.3.0
|
||||||
app.kubernetes.io/name: external-secrets-cert-controller
|
app.kubernetes.io/name: external-secrets-cert-controller
|
||||||
app.kubernetes.io/instance: external-secrets
|
app.kubernetes.io/instance: external-secrets
|
||||||
app.kubernetes.io/version: "v2.2.0"
|
app.kubernetes.io/version: "v2.3.0"
|
||||||
app.kubernetes.io/managed-by: Helm
|
app.kubernetes.io/managed-by: Helm
|
||||||
app.kubernetes.io/metrics: "cert-controller"
|
app.kubernetes.io/metrics: "cert-controller"
|
||||||
roleRef:
|
roleRef:
|
||||||
|
|||||||
@@ -3,10 +3,10 @@ kind: ClusterRoleBinding
|
|||||||
metadata:
|
metadata:
|
||||||
name: external-secrets-controller
|
name: external-secrets-controller
|
||||||
labels:
|
labels:
|
||||||
helm.sh/chart: external-secrets-2.2.0
|
helm.sh/chart: external-secrets-2.3.0
|
||||||
app.kubernetes.io/name: external-secrets
|
app.kubernetes.io/name: external-secrets
|
||||||
app.kubernetes.io/instance: external-secrets
|
app.kubernetes.io/instance: external-secrets
|
||||||
app.kubernetes.io/version: "v2.2.0"
|
app.kubernetes.io/version: "v2.3.0"
|
||||||
app.kubernetes.io/managed-by: Helm
|
app.kubernetes.io/managed-by: Helm
|
||||||
roleRef:
|
roleRef:
|
||||||
apiGroup: rbac.authorization.k8s.io
|
apiGroup: rbac.authorization.k8s.io
|
||||||
|
|||||||
@@ -113,6 +113,13 @@ spec:
|
|||||||
- None
|
- None
|
||||||
- Fetch
|
- Fetch
|
||||||
type: string
|
type: string
|
||||||
|
nullBytePolicy:
|
||||||
|
default: Ignore
|
||||||
|
description: Controls how ESO handles fetched secret data containing NUL bytes for this source.
|
||||||
|
enum:
|
||||||
|
- Ignore
|
||||||
|
- Fail
|
||||||
|
type: string
|
||||||
property:
|
property:
|
||||||
description: Used to select a specific property of the Provider value (if a map), if supported
|
description: Used to select a specific property of the Provider value (if a map), if supported
|
||||||
type: string
|
type: string
|
||||||
@@ -240,6 +247,13 @@ spec:
|
|||||||
- None
|
- None
|
||||||
- Fetch
|
- Fetch
|
||||||
type: string
|
type: string
|
||||||
|
nullBytePolicy:
|
||||||
|
default: Ignore
|
||||||
|
description: Controls how ESO handles fetched secret data containing NUL bytes for this source.
|
||||||
|
enum:
|
||||||
|
- Ignore
|
||||||
|
- Fail
|
||||||
|
type: string
|
||||||
property:
|
property:
|
||||||
description: Used to select a specific property of the Provider value (if a map), if supported
|
description: Used to select a specific property of the Provider value (if a map), if supported
|
||||||
type: string
|
type: string
|
||||||
@@ -277,6 +291,13 @@ spec:
|
|||||||
description: Finds secrets base
|
description: Finds secrets base
|
||||||
type: string
|
type: string
|
||||||
type: object
|
type: object
|
||||||
|
nullBytePolicy:
|
||||||
|
default: Ignore
|
||||||
|
description: Controls how ESO handles fetched secret data containing NUL bytes for this find source.
|
||||||
|
enum:
|
||||||
|
- Ignore
|
||||||
|
- Fail
|
||||||
|
type: string
|
||||||
path:
|
path:
|
||||||
description: A root path to start the find operations.
|
description: A root path to start the find operations.
|
||||||
type: string
|
type: string
|
||||||
|
|||||||
@@ -1258,6 +1258,9 @@ spec:
|
|||||||
pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
|
pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
|
||||||
type: string
|
type: string
|
||||||
type: object
|
type: object
|
||||||
|
vaultRole:
|
||||||
|
description: VaultRole specifies the Vault role to use for TLS certificate authentication.
|
||||||
|
type: string
|
||||||
type: object
|
type: object
|
||||||
gcp:
|
gcp:
|
||||||
description: |-
|
description: |-
|
||||||
|
|||||||
@@ -164,6 +164,146 @@ spec:
|
|||||||
- match
|
- match
|
||||||
type: object
|
type: object
|
||||||
type: array
|
type: array
|
||||||
|
dataTo:
|
||||||
|
description: DataTo defines bulk push rules that expand source Secret keys into provider entries.
|
||||||
|
items:
|
||||||
|
description: PushSecretDataTo defines how to bulk-push secrets to providers without explicit per-key mappings.
|
||||||
|
properties:
|
||||||
|
conversionStrategy:
|
||||||
|
default: None
|
||||||
|
description: Used to define a conversion Strategy for the secret keys
|
||||||
|
enum:
|
||||||
|
- None
|
||||||
|
- ReverseUnicode
|
||||||
|
type: string
|
||||||
|
match:
|
||||||
|
description: |-
|
||||||
|
Match pattern for selecting keys from the source Secret.
|
||||||
|
If not specified, all keys are selected.
|
||||||
|
properties:
|
||||||
|
regexp:
|
||||||
|
description: |-
|
||||||
|
Regexp matches keys by regular expression.
|
||||||
|
If not specified, all keys are matched.
|
||||||
|
type: string
|
||||||
|
type: object
|
||||||
|
metadata:
|
||||||
|
description: |-
|
||||||
|
Metadata is metadata attached to the secret.
|
||||||
|
The structure of metadata is provider specific, please look it up in the provider documentation.
|
||||||
|
x-kubernetes-preserve-unknown-fields: true
|
||||||
|
remoteKey:
|
||||||
|
description: |-
|
||||||
|
RemoteKey is the name of the single provider secret that will receive ALL
|
||||||
|
matched keys bundled as a JSON object (e.g. {"DB_HOST":"...","DB_USER":"..."}).
|
||||||
|
When set, per-key expansion is skipped and a single push is performed.
|
||||||
|
The provider's store prefix (if any) is still prepended to this value.
|
||||||
|
When not set, each matched key is pushed as its own individual provider secret.
|
||||||
|
type: string
|
||||||
|
rewrite:
|
||||||
|
description: |-
|
||||||
|
Rewrite operations to transform keys before pushing to the provider.
|
||||||
|
Operations are applied sequentially.
|
||||||
|
items:
|
||||||
|
description: PushSecretRewrite defines how to transform secret keys before pushing.
|
||||||
|
properties:
|
||||||
|
regexp:
|
||||||
|
description: Used to rewrite with regular expressions.
|
||||||
|
properties:
|
||||||
|
source:
|
||||||
|
description: Used to define the regular expression of a re.Compiler.
|
||||||
|
type: string
|
||||||
|
target:
|
||||||
|
description: Used to define the target pattern of a ReplaceAll operation.
|
||||||
|
type: string
|
||||||
|
required:
|
||||||
|
- source
|
||||||
|
- target
|
||||||
|
type: object
|
||||||
|
transform:
|
||||||
|
description: Used to apply string transformation on the secrets.
|
||||||
|
properties:
|
||||||
|
template:
|
||||||
|
description: |-
|
||||||
|
Used to define the template to apply on the secret name.
|
||||||
|
`.value ` will specify the secret name in the template.
|
||||||
|
type: string
|
||||||
|
required:
|
||||||
|
- template
|
||||||
|
type: object
|
||||||
|
type: object
|
||||||
|
x-kubernetes-validations:
|
||||||
|
- message: exactly one of regexp or transform must be set
|
||||||
|
rule: (has(self.regexp) && !has(self.transform)) || (!has(self.regexp) && has(self.transform))
|
||||||
|
type: array
|
||||||
|
storeRef:
|
||||||
|
description: StoreRef specifies which SecretStore to push to. Required.
|
||||||
|
properties:
|
||||||
|
kind:
|
||||||
|
default: SecretStore
|
||||||
|
description: Kind of the SecretStore resource (SecretStore or ClusterSecretStore)
|
||||||
|
enum:
|
||||||
|
- SecretStore
|
||||||
|
- ClusterSecretStore
|
||||||
|
type: string
|
||||||
|
labelSelector:
|
||||||
|
description: Optionally, sync to secret stores with label selector
|
||||||
|
properties:
|
||||||
|
matchExpressions:
|
||||||
|
description: matchExpressions is a list of label selector requirements. The requirements are ANDed.
|
||||||
|
items:
|
||||||
|
description: |-
|
||||||
|
A label selector requirement is a selector that contains values, a key, and an operator that
|
||||||
|
relates the key and values.
|
||||||
|
properties:
|
||||||
|
key:
|
||||||
|
description: key is the label key that the selector applies to.
|
||||||
|
type: string
|
||||||
|
operator:
|
||||||
|
description: |-
|
||||||
|
operator represents a key's relationship to a set of values.
|
||||||
|
Valid operators are In, NotIn, Exists and DoesNotExist.
|
||||||
|
type: string
|
||||||
|
values:
|
||||||
|
description: |-
|
||||||
|
values is an array of string values. If the operator is In or NotIn,
|
||||||
|
the values array must be non-empty. If the operator is Exists or DoesNotExist,
|
||||||
|
the values array must be empty. This array is replaced during a strategic
|
||||||
|
merge patch.
|
||||||
|
items:
|
||||||
|
type: string
|
||||||
|
type: array
|
||||||
|
x-kubernetes-list-type: atomic
|
||||||
|
required:
|
||||||
|
- key
|
||||||
|
- operator
|
||||||
|
type: object
|
||||||
|
type: array
|
||||||
|
x-kubernetes-list-type: atomic
|
||||||
|
matchLabels:
|
||||||
|
additionalProperties:
|
||||||
|
type: string
|
||||||
|
description: |-
|
||||||
|
matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
|
||||||
|
map is equivalent to an element of matchExpressions, whose key field is "key", the
|
||||||
|
operator is "In", and the values array contains only "value". The requirements are ANDed.
|
||||||
|
type: object
|
||||||
|
type: object
|
||||||
|
x-kubernetes-map-type: atomic
|
||||||
|
name:
|
||||||
|
description: Optionally, sync to the SecretStore of the given name
|
||||||
|
maxLength: 253
|
||||||
|
minLength: 1
|
||||||
|
pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
|
||||||
|
type: string
|
||||||
|
type: object
|
||||||
|
type: object
|
||||||
|
x-kubernetes-validations:
|
||||||
|
- message: storeRef must specify either name or labelSelector
|
||||||
|
rule: has(self.storeRef) && (has(self.storeRef.name) || has(self.storeRef.labelSelector))
|
||||||
|
- message: 'remoteKey and rewrite are mutually exclusive: rewrite is only supported in per-key mode (without remoteKey)'
|
||||||
|
rule: '!has(self.remoteKey) || !has(self.rewrite) || size(self.rewrite) == 0'
|
||||||
|
type: array
|
||||||
deletionPolicy:
|
deletionPolicy:
|
||||||
default: None
|
default: None
|
||||||
description: Deletion Policy to handle Secrets in the provider.
|
description: Deletion Policy to handle Secrets in the provider.
|
||||||
|
|||||||
@@ -2088,6 +2088,16 @@ spec:
|
|||||||
description: installationID specifies the Github APP installation that will be used to authenticate the client
|
description: installationID specifies the Github APP installation that will be used to authenticate the client
|
||||||
format: int64
|
format: int64
|
||||||
type: integer
|
type: integer
|
||||||
|
orgSecretVisibility:
|
||||||
|
description: |-
|
||||||
|
orgSecretVisibility controls the visibility of organization secrets pushed via PushSecret.
|
||||||
|
Valid values are "all" or "private".
|
||||||
|
When unset, new secrets are created with visibility "all" and existing secrets preserve
|
||||||
|
whatever visibility they already have in GitHub.
|
||||||
|
enum:
|
||||||
|
- all
|
||||||
|
- private
|
||||||
|
type: string
|
||||||
organization:
|
organization:
|
||||||
description: organization will be used to fetch secrets from the Github organization
|
description: organization will be used to fetch secrets from the Github organization
|
||||||
type: string
|
type: string
|
||||||
@@ -3831,6 +3841,168 @@ spec:
|
|||||||
- region
|
- region
|
||||||
- vault
|
- vault
|
||||||
type: object
|
type: object
|
||||||
|
ovh:
|
||||||
|
description: OVHcloud configures this store to sync secrets using the OVHcloud provider.
|
||||||
|
properties:
|
||||||
|
auth:
|
||||||
|
description: Authentication method (mtls or token).
|
||||||
|
properties:
|
||||||
|
mtls:
|
||||||
|
description: OvhClientMTLS defines the configuration required to authenticate to OVHcloud's Secret Manager using mTLS.
|
||||||
|
properties:
|
||||||
|
caBundle:
|
||||||
|
format: byte
|
||||||
|
type: string
|
||||||
|
caProvider:
|
||||||
|
description: |-
|
||||||
|
CAProvider provides a custom certificate authority for accessing the provider's store.
|
||||||
|
The CAProvider points to a Secret or ConfigMap resource that contains a PEM-encoded certificate.
|
||||||
|
properties:
|
||||||
|
key:
|
||||||
|
description: The key where the CA certificate can be found in the Secret or ConfigMap.
|
||||||
|
maxLength: 253
|
||||||
|
minLength: 1
|
||||||
|
pattern: ^[-._a-zA-Z0-9]+$
|
||||||
|
type: string
|
||||||
|
name:
|
||||||
|
description: The name of the object located at the provider type.
|
||||||
|
maxLength: 253
|
||||||
|
minLength: 1
|
||||||
|
pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
|
||||||
|
type: string
|
||||||
|
namespace:
|
||||||
|
description: |-
|
||||||
|
The namespace the Provider type is in.
|
||||||
|
Can only be defined when used in a ClusterSecretStore.
|
||||||
|
maxLength: 63
|
||||||
|
minLength: 1
|
||||||
|
pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
|
||||||
|
type: string
|
||||||
|
type:
|
||||||
|
description: The type of provider to use such as "Secret", or "ConfigMap".
|
||||||
|
enum:
|
||||||
|
- Secret
|
||||||
|
- ConfigMap
|
||||||
|
type: string
|
||||||
|
required:
|
||||||
|
- name
|
||||||
|
- type
|
||||||
|
type: object
|
||||||
|
certSecretRef:
|
||||||
|
description: |-
|
||||||
|
SecretKeySelector is a reference to a specific 'key' within a Secret resource.
|
||||||
|
In some instances, `key` is a required field.
|
||||||
|
properties:
|
||||||
|
key:
|
||||||
|
description: |-
|
||||||
|
A key in the referenced Secret.
|
||||||
|
Some instances of this field may be defaulted, in others it may be required.
|
||||||
|
maxLength: 253
|
||||||
|
minLength: 1
|
||||||
|
pattern: ^[-._a-zA-Z0-9]+$
|
||||||
|
type: string
|
||||||
|
name:
|
||||||
|
description: The name of the Secret resource being referred to.
|
||||||
|
maxLength: 253
|
||||||
|
minLength: 1
|
||||||
|
pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
|
||||||
|
type: string
|
||||||
|
namespace:
|
||||||
|
description: |-
|
||||||
|
The namespace of the Secret resource being referred to.
|
||||||
|
Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent.
|
||||||
|
maxLength: 63
|
||||||
|
minLength: 1
|
||||||
|
pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
|
||||||
|
type: string
|
||||||
|
type: object
|
||||||
|
keySecretRef:
|
||||||
|
description: |-
|
||||||
|
SecretKeySelector is a reference to a specific 'key' within a Secret resource.
|
||||||
|
In some instances, `key` is a required field.
|
||||||
|
properties:
|
||||||
|
key:
|
||||||
|
description: |-
|
||||||
|
A key in the referenced Secret.
|
||||||
|
Some instances of this field may be defaulted, in others it may be required.
|
||||||
|
maxLength: 253
|
||||||
|
minLength: 1
|
||||||
|
pattern: ^[-._a-zA-Z0-9]+$
|
||||||
|
type: string
|
||||||
|
name:
|
||||||
|
description: The name of the Secret resource being referred to.
|
||||||
|
maxLength: 253
|
||||||
|
minLength: 1
|
||||||
|
pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
|
||||||
|
type: string
|
||||||
|
namespace:
|
||||||
|
description: |-
|
||||||
|
The namespace of the Secret resource being referred to.
|
||||||
|
Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent.
|
||||||
|
maxLength: 63
|
||||||
|
minLength: 1
|
||||||
|
pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
|
||||||
|
type: string
|
||||||
|
type: object
|
||||||
|
required:
|
||||||
|
- certSecretRef
|
||||||
|
- keySecretRef
|
||||||
|
type: object
|
||||||
|
token:
|
||||||
|
description: OvhClientToken defines the configuration required to authenticate to OVHcloud's Secret Manager using a token.
|
||||||
|
properties:
|
||||||
|
tokenSecretRef:
|
||||||
|
description: |-
|
||||||
|
SecretKeySelector is a reference to a specific 'key' within a Secret resource.
|
||||||
|
In some instances, `key` is a required field.
|
||||||
|
properties:
|
||||||
|
key:
|
||||||
|
description: |-
|
||||||
|
A key in the referenced Secret.
|
||||||
|
Some instances of this field may be defaulted, in others it may be required.
|
||||||
|
maxLength: 253
|
||||||
|
minLength: 1
|
||||||
|
pattern: ^[-._a-zA-Z0-9]+$
|
||||||
|
type: string
|
||||||
|
name:
|
||||||
|
description: The name of the Secret resource being referred to.
|
||||||
|
maxLength: 253
|
||||||
|
minLength: 1
|
||||||
|
pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
|
||||||
|
type: string
|
||||||
|
namespace:
|
||||||
|
description: |-
|
||||||
|
The namespace of the Secret resource being referred to.
|
||||||
|
Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent.
|
||||||
|
maxLength: 63
|
||||||
|
minLength: 1
|
||||||
|
pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
|
||||||
|
type: string
|
||||||
|
type: object
|
||||||
|
required:
|
||||||
|
- tokenSecretRef
|
||||||
|
type: object
|
||||||
|
type: object
|
||||||
|
casRequired:
|
||||||
|
description: 'Enables or disables check-and-set (CAS) (default: false).'
|
||||||
|
type: boolean
|
||||||
|
okmsTimeout:
|
||||||
|
default: 30
|
||||||
|
description: 'Setup a timeout in seconds when requests to the KMS are made (default: 30).'
|
||||||
|
format: int32
|
||||||
|
minimum: 1
|
||||||
|
type: integer
|
||||||
|
okmsid:
|
||||||
|
description: specifies the OKMS ID.
|
||||||
|
type: string
|
||||||
|
server:
|
||||||
|
description: specifies the OKMS server endpoint.
|
||||||
|
type: string
|
||||||
|
required:
|
||||||
|
- auth
|
||||||
|
- okmsid
|
||||||
|
- server
|
||||||
|
type: object
|
||||||
passbolt:
|
passbolt:
|
||||||
description: |-
|
description: |-
|
||||||
PassboltProvider provides access to Passbolt secrets manager.
|
PassboltProvider provides access to Passbolt secrets manager.
|
||||||
@@ -4474,6 +4646,9 @@ spec:
|
|||||||
pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
|
pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
|
||||||
type: string
|
type: string
|
||||||
type: object
|
type: object
|
||||||
|
vaultRole:
|
||||||
|
description: VaultRole specifies the Vault role to use for TLS certificate authentication.
|
||||||
|
type: string
|
||||||
type: object
|
type: object
|
||||||
gcp:
|
gcp:
|
||||||
description: |-
|
description: |-
|
||||||
|
|||||||
@@ -101,6 +101,13 @@ spec:
|
|||||||
- None
|
- None
|
||||||
- Fetch
|
- Fetch
|
||||||
type: string
|
type: string
|
||||||
|
nullBytePolicy:
|
||||||
|
default: Ignore
|
||||||
|
description: Controls how ESO handles fetched secret data containing NUL bytes for this source.
|
||||||
|
enum:
|
||||||
|
- Ignore
|
||||||
|
- Fail
|
||||||
|
type: string
|
||||||
property:
|
property:
|
||||||
description: Used to select a specific property of the Provider value (if a map), if supported
|
description: Used to select a specific property of the Provider value (if a map), if supported
|
||||||
type: string
|
type: string
|
||||||
@@ -228,6 +235,13 @@ spec:
|
|||||||
- None
|
- None
|
||||||
- Fetch
|
- Fetch
|
||||||
type: string
|
type: string
|
||||||
|
nullBytePolicy:
|
||||||
|
default: Ignore
|
||||||
|
description: Controls how ESO handles fetched secret data containing NUL bytes for this source.
|
||||||
|
enum:
|
||||||
|
- Ignore
|
||||||
|
- Fail
|
||||||
|
type: string
|
||||||
property:
|
property:
|
||||||
description: Used to select a specific property of the Provider value (if a map), if supported
|
description: Used to select a specific property of the Provider value (if a map), if supported
|
||||||
type: string
|
type: string
|
||||||
@@ -265,6 +279,13 @@ spec:
|
|||||||
description: Finds secrets base
|
description: Finds secrets base
|
||||||
type: string
|
type: string
|
||||||
type: object
|
type: object
|
||||||
|
nullBytePolicy:
|
||||||
|
default: Ignore
|
||||||
|
description: Controls how ESO handles fetched secret data containing NUL bytes for this find source.
|
||||||
|
enum:
|
||||||
|
- Ignore
|
||||||
|
- Fail
|
||||||
|
type: string
|
||||||
path:
|
path:
|
||||||
description: A root path to start the find operations.
|
description: A root path to start the find operations.
|
||||||
type: string
|
type: string
|
||||||
|
|||||||
@@ -96,6 +96,146 @@ spec:
|
|||||||
- match
|
- match
|
||||||
type: object
|
type: object
|
||||||
type: array
|
type: array
|
||||||
|
dataTo:
|
||||||
|
description: DataTo defines bulk push rules that expand source Secret keys into provider entries.
|
||||||
|
items:
|
||||||
|
description: PushSecretDataTo defines how to bulk-push secrets to providers without explicit per-key mappings.
|
||||||
|
properties:
|
||||||
|
conversionStrategy:
|
||||||
|
default: None
|
||||||
|
description: Used to define a conversion Strategy for the secret keys
|
||||||
|
enum:
|
||||||
|
- None
|
||||||
|
- ReverseUnicode
|
||||||
|
type: string
|
||||||
|
match:
|
||||||
|
description: |-
|
||||||
|
Match pattern for selecting keys from the source Secret.
|
||||||
|
If not specified, all keys are selected.
|
||||||
|
properties:
|
||||||
|
regexp:
|
||||||
|
description: |-
|
||||||
|
Regexp matches keys by regular expression.
|
||||||
|
If not specified, all keys are matched.
|
||||||
|
type: string
|
||||||
|
type: object
|
||||||
|
metadata:
|
||||||
|
description: |-
|
||||||
|
Metadata is metadata attached to the secret.
|
||||||
|
The structure of metadata is provider specific, please look it up in the provider documentation.
|
||||||
|
x-kubernetes-preserve-unknown-fields: true
|
||||||
|
remoteKey:
|
||||||
|
description: |-
|
||||||
|
RemoteKey is the name of the single provider secret that will receive ALL
|
||||||
|
matched keys bundled as a JSON object (e.g. {"DB_HOST":"...","DB_USER":"..."}).
|
||||||
|
When set, per-key expansion is skipped and a single push is performed.
|
||||||
|
The provider's store prefix (if any) is still prepended to this value.
|
||||||
|
When not set, each matched key is pushed as its own individual provider secret.
|
||||||
|
type: string
|
||||||
|
rewrite:
|
||||||
|
description: |-
|
||||||
|
Rewrite operations to transform keys before pushing to the provider.
|
||||||
|
Operations are applied sequentially.
|
||||||
|
items:
|
||||||
|
description: PushSecretRewrite defines how to transform secret keys before pushing.
|
||||||
|
properties:
|
||||||
|
regexp:
|
||||||
|
description: Used to rewrite with regular expressions.
|
||||||
|
properties:
|
||||||
|
source:
|
||||||
|
description: Used to define the regular expression of a re.Compiler.
|
||||||
|
type: string
|
||||||
|
target:
|
||||||
|
description: Used to define the target pattern of a ReplaceAll operation.
|
||||||
|
type: string
|
||||||
|
required:
|
||||||
|
- source
|
||||||
|
- target
|
||||||
|
type: object
|
||||||
|
transform:
|
||||||
|
description: Used to apply string transformation on the secrets.
|
||||||
|
properties:
|
||||||
|
template:
|
||||||
|
description: |-
|
||||||
|
Used to define the template to apply on the secret name.
|
||||||
|
`.value ` will specify the secret name in the template.
|
||||||
|
type: string
|
||||||
|
required:
|
||||||
|
- template
|
||||||
|
type: object
|
||||||
|
type: object
|
||||||
|
x-kubernetes-validations:
|
||||||
|
- message: exactly one of regexp or transform must be set
|
||||||
|
rule: (has(self.regexp) && !has(self.transform)) || (!has(self.regexp) && has(self.transform))
|
||||||
|
type: array
|
||||||
|
storeRef:
|
||||||
|
description: StoreRef specifies which SecretStore to push to. Required.
|
||||||
|
properties:
|
||||||
|
kind:
|
||||||
|
default: SecretStore
|
||||||
|
description: Kind of the SecretStore resource (SecretStore or ClusterSecretStore)
|
||||||
|
enum:
|
||||||
|
- SecretStore
|
||||||
|
- ClusterSecretStore
|
||||||
|
type: string
|
||||||
|
labelSelector:
|
||||||
|
description: Optionally, sync to secret stores with label selector
|
||||||
|
properties:
|
||||||
|
matchExpressions:
|
||||||
|
description: matchExpressions is a list of label selector requirements. The requirements are ANDed.
|
||||||
|
items:
|
||||||
|
description: |-
|
||||||
|
A label selector requirement is a selector that contains values, a key, and an operator that
|
||||||
|
relates the key and values.
|
||||||
|
properties:
|
||||||
|
key:
|
||||||
|
description: key is the label key that the selector applies to.
|
||||||
|
type: string
|
||||||
|
operator:
|
||||||
|
description: |-
|
||||||
|
operator represents a key's relationship to a set of values.
|
||||||
|
Valid operators are In, NotIn, Exists and DoesNotExist.
|
||||||
|
type: string
|
||||||
|
values:
|
||||||
|
description: |-
|
||||||
|
values is an array of string values. If the operator is In or NotIn,
|
||||||
|
the values array must be non-empty. If the operator is Exists or DoesNotExist,
|
||||||
|
the values array must be empty. This array is replaced during a strategic
|
||||||
|
merge patch.
|
||||||
|
items:
|
||||||
|
type: string
|
||||||
|
type: array
|
||||||
|
x-kubernetes-list-type: atomic
|
||||||
|
required:
|
||||||
|
- key
|
||||||
|
- operator
|
||||||
|
type: object
|
||||||
|
type: array
|
||||||
|
x-kubernetes-list-type: atomic
|
||||||
|
matchLabels:
|
||||||
|
additionalProperties:
|
||||||
|
type: string
|
||||||
|
description: |-
|
||||||
|
matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
|
||||||
|
map is equivalent to an element of matchExpressions, whose key field is "key", the
|
||||||
|
operator is "In", and the values array contains only "value". The requirements are ANDed.
|
||||||
|
type: object
|
||||||
|
type: object
|
||||||
|
x-kubernetes-map-type: atomic
|
||||||
|
name:
|
||||||
|
description: Optionally, sync to the SecretStore of the given name
|
||||||
|
maxLength: 253
|
||||||
|
minLength: 1
|
||||||
|
pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
|
||||||
|
type: string
|
||||||
|
type: object
|
||||||
|
type: object
|
||||||
|
x-kubernetes-validations:
|
||||||
|
- message: storeRef must specify either name or labelSelector
|
||||||
|
rule: has(self.storeRef) && (has(self.storeRef.name) || has(self.storeRef.labelSelector))
|
||||||
|
- message: 'remoteKey and rewrite are mutually exclusive: rewrite is only supported in per-key mode (without remoteKey)'
|
||||||
|
rule: '!has(self.remoteKey) || !has(self.rewrite) || size(self.rewrite) == 0'
|
||||||
|
type: array
|
||||||
deletionPolicy:
|
deletionPolicy:
|
||||||
default: None
|
default: None
|
||||||
description: Deletion Policy to handle Secrets in the provider.
|
description: Deletion Policy to handle Secrets in the provider.
|
||||||
|
|||||||
@@ -2088,6 +2088,16 @@ spec:
|
|||||||
description: installationID specifies the Github APP installation that will be used to authenticate the client
|
description: installationID specifies the Github APP installation that will be used to authenticate the client
|
||||||
format: int64
|
format: int64
|
||||||
type: integer
|
type: integer
|
||||||
|
orgSecretVisibility:
|
||||||
|
description: |-
|
||||||
|
orgSecretVisibility controls the visibility of organization secrets pushed via PushSecret.
|
||||||
|
Valid values are "all" or "private".
|
||||||
|
When unset, new secrets are created with visibility "all" and existing secrets preserve
|
||||||
|
whatever visibility they already have in GitHub.
|
||||||
|
enum:
|
||||||
|
- all
|
||||||
|
- private
|
||||||
|
type: string
|
||||||
organization:
|
organization:
|
||||||
description: organization will be used to fetch secrets from the Github organization
|
description: organization will be used to fetch secrets from the Github organization
|
||||||
type: string
|
type: string
|
||||||
@@ -3831,6 +3841,168 @@ spec:
|
|||||||
- region
|
- region
|
||||||
- vault
|
- vault
|
||||||
type: object
|
type: object
|
||||||
|
ovh:
|
||||||
|
description: OVHcloud configures this store to sync secrets using the OVHcloud provider.
|
||||||
|
properties:
|
||||||
|
auth:
|
||||||
|
description: Authentication method (mtls or token).
|
||||||
|
properties:
|
||||||
|
mtls:
|
||||||
|
description: OvhClientMTLS defines the configuration required to authenticate to OVHcloud's Secret Manager using mTLS.
|
||||||
|
properties:
|
||||||
|
caBundle:
|
||||||
|
format: byte
|
||||||
|
type: string
|
||||||
|
caProvider:
|
||||||
|
description: |-
|
||||||
|
CAProvider provides a custom certificate authority for accessing the provider's store.
|
||||||
|
The CAProvider points to a Secret or ConfigMap resource that contains a PEM-encoded certificate.
|
||||||
|
properties:
|
||||||
|
key:
|
||||||
|
description: The key where the CA certificate can be found in the Secret or ConfigMap.
|
||||||
|
maxLength: 253
|
||||||
|
minLength: 1
|
||||||
|
pattern: ^[-._a-zA-Z0-9]+$
|
||||||
|
type: string
|
||||||
|
name:
|
||||||
|
description: The name of the object located at the provider type.
|
||||||
|
maxLength: 253
|
||||||
|
minLength: 1
|
||||||
|
pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
|
||||||
|
type: string
|
||||||
|
namespace:
|
||||||
|
description: |-
|
||||||
|
The namespace the Provider type is in.
|
||||||
|
Can only be defined when used in a ClusterSecretStore.
|
||||||
|
maxLength: 63
|
||||||
|
minLength: 1
|
||||||
|
pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
|
||||||
|
type: string
|
||||||
|
type:
|
||||||
|
description: The type of provider to use such as "Secret", or "ConfigMap".
|
||||||
|
enum:
|
||||||
|
- Secret
|
||||||
|
- ConfigMap
|
||||||
|
type: string
|
||||||
|
required:
|
||||||
|
- name
|
||||||
|
- type
|
||||||
|
type: object
|
||||||
|
certSecretRef:
|
||||||
|
description: |-
|
||||||
|
SecretKeySelector is a reference to a specific 'key' within a Secret resource.
|
||||||
|
In some instances, `key` is a required field.
|
||||||
|
properties:
|
||||||
|
key:
|
||||||
|
description: |-
|
||||||
|
A key in the referenced Secret.
|
||||||
|
Some instances of this field may be defaulted, in others it may be required.
|
||||||
|
maxLength: 253
|
||||||
|
minLength: 1
|
||||||
|
pattern: ^[-._a-zA-Z0-9]+$
|
||||||
|
type: string
|
||||||
|
name:
|
||||||
|
description: The name of the Secret resource being referred to.
|
||||||
|
maxLength: 253
|
||||||
|
minLength: 1
|
||||||
|
pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
|
||||||
|
type: string
|
||||||
|
namespace:
|
||||||
|
description: |-
|
||||||
|
The namespace of the Secret resource being referred to.
|
||||||
|
Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent.
|
||||||
|
maxLength: 63
|
||||||
|
minLength: 1
|
||||||
|
pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
|
||||||
|
type: string
|
||||||
|
type: object
|
||||||
|
keySecretRef:
|
||||||
|
description: |-
|
||||||
|
SecretKeySelector is a reference to a specific 'key' within a Secret resource.
|
||||||
|
In some instances, `key` is a required field.
|
||||||
|
properties:
|
||||||
|
key:
|
||||||
|
description: |-
|
||||||
|
A key in the referenced Secret.
|
||||||
|
Some instances of this field may be defaulted, in others it may be required.
|
||||||
|
maxLength: 253
|
||||||
|
minLength: 1
|
||||||
|
pattern: ^[-._a-zA-Z0-9]+$
|
||||||
|
type: string
|
||||||
|
name:
|
||||||
|
description: The name of the Secret resource being referred to.
|
||||||
|
maxLength: 253
|
||||||
|
minLength: 1
|
||||||
|
pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
|
||||||
|
type: string
|
||||||
|
namespace:
|
||||||
|
description: |-
|
||||||
|
The namespace of the Secret resource being referred to.
|
||||||
|
Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent.
|
||||||
|
maxLength: 63
|
||||||
|
minLength: 1
|
||||||
|
pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
|
||||||
|
type: string
|
||||||
|
type: object
|
||||||
|
required:
|
||||||
|
- certSecretRef
|
||||||
|
- keySecretRef
|
||||||
|
type: object
|
||||||
|
token:
|
||||||
|
description: OvhClientToken defines the configuration required to authenticate to OVHcloud's Secret Manager using a token.
|
||||||
|
properties:
|
||||||
|
tokenSecretRef:
|
||||||
|
description: |-
|
||||||
|
SecretKeySelector is a reference to a specific 'key' within a Secret resource.
|
||||||
|
In some instances, `key` is a required field.
|
||||||
|
properties:
|
||||||
|
key:
|
||||||
|
description: |-
|
||||||
|
A key in the referenced Secret.
|
||||||
|
Some instances of this field may be defaulted, in others it may be required.
|
||||||
|
maxLength: 253
|
||||||
|
minLength: 1
|
||||||
|
pattern: ^[-._a-zA-Z0-9]+$
|
||||||
|
type: string
|
||||||
|
name:
|
||||||
|
description: The name of the Secret resource being referred to.
|
||||||
|
maxLength: 253
|
||||||
|
minLength: 1
|
||||||
|
pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
|
||||||
|
type: string
|
||||||
|
namespace:
|
||||||
|
description: |-
|
||||||
|
The namespace of the Secret resource being referred to.
|
||||||
|
Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent.
|
||||||
|
maxLength: 63
|
||||||
|
minLength: 1
|
||||||
|
pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
|
||||||
|
type: string
|
||||||
|
type: object
|
||||||
|
required:
|
||||||
|
- tokenSecretRef
|
||||||
|
type: object
|
||||||
|
type: object
|
||||||
|
casRequired:
|
||||||
|
description: 'Enables or disables check-and-set (CAS) (default: false).'
|
||||||
|
type: boolean
|
||||||
|
okmsTimeout:
|
||||||
|
default: 30
|
||||||
|
description: 'Setup a timeout in seconds when requests to the KMS are made (default: 30).'
|
||||||
|
format: int32
|
||||||
|
minimum: 1
|
||||||
|
type: integer
|
||||||
|
okmsid:
|
||||||
|
description: specifies the OKMS ID.
|
||||||
|
type: string
|
||||||
|
server:
|
||||||
|
description: specifies the OKMS server endpoint.
|
||||||
|
type: string
|
||||||
|
required:
|
||||||
|
- auth
|
||||||
|
- okmsid
|
||||||
|
- server
|
||||||
|
type: object
|
||||||
passbolt:
|
passbolt:
|
||||||
description: |-
|
description: |-
|
||||||
PassboltProvider provides access to Passbolt secrets manager.
|
PassboltProvider provides access to Passbolt secrets manager.
|
||||||
@@ -4474,6 +4646,9 @@ spec:
|
|||||||
pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
|
pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
|
||||||
type: string
|
type: string
|
||||||
type: object
|
type: object
|
||||||
|
vaultRole:
|
||||||
|
description: VaultRole specifies the Vault role to use for TLS certificate authentication.
|
||||||
|
type: string
|
||||||
type: object
|
type: object
|
||||||
gcp:
|
gcp:
|
||||||
description: |-
|
description: |-
|
||||||
|
|||||||
@@ -214,6 +214,9 @@ spec:
|
|||||||
pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
|
pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
|
||||||
type: string
|
type: string
|
||||||
type: object
|
type: object
|
||||||
|
vaultRole:
|
||||||
|
description: VaultRole specifies the Vault role to use for TLS certificate authentication.
|
||||||
|
type: string
|
||||||
type: object
|
type: object
|
||||||
gcp:
|
gcp:
|
||||||
description: |-
|
description: |-
|
||||||
|
|||||||
@@ -4,10 +4,10 @@ metadata:
|
|||||||
name: external-secrets-cert-controller
|
name: external-secrets-cert-controller
|
||||||
namespace: external-secrets
|
namespace: external-secrets
|
||||||
labels:
|
labels:
|
||||||
helm.sh/chart: external-secrets-2.2.0
|
helm.sh/chart: external-secrets-2.3.0
|
||||||
app.kubernetes.io/name: external-secrets-cert-controller
|
app.kubernetes.io/name: external-secrets-cert-controller
|
||||||
app.kubernetes.io/instance: external-secrets
|
app.kubernetes.io/instance: external-secrets
|
||||||
app.kubernetes.io/version: "v2.2.0"
|
app.kubernetes.io/version: "v2.3.0"
|
||||||
app.kubernetes.io/managed-by: Helm
|
app.kubernetes.io/managed-by: Helm
|
||||||
app.kubernetes.io/metrics: "cert-controller"
|
app.kubernetes.io/metrics: "cert-controller"
|
||||||
spec:
|
spec:
|
||||||
@@ -20,10 +20,10 @@ spec:
|
|||||||
template:
|
template:
|
||||||
metadata:
|
metadata:
|
||||||
labels:
|
labels:
|
||||||
helm.sh/chart: external-secrets-2.2.0
|
helm.sh/chart: external-secrets-2.3.0
|
||||||
app.kubernetes.io/name: external-secrets-cert-controller
|
app.kubernetes.io/name: external-secrets-cert-controller
|
||||||
app.kubernetes.io/instance: external-secrets
|
app.kubernetes.io/instance: external-secrets
|
||||||
app.kubernetes.io/version: "v2.2.0"
|
app.kubernetes.io/version: "v2.3.0"
|
||||||
app.kubernetes.io/managed-by: Helm
|
app.kubernetes.io/managed-by: Helm
|
||||||
app.kubernetes.io/metrics: "cert-controller"
|
app.kubernetes.io/metrics: "cert-controller"
|
||||||
spec:
|
spec:
|
||||||
@@ -42,7 +42,7 @@ spec:
|
|||||||
runAsUser: 1000
|
runAsUser: 1000
|
||||||
seccompProfile:
|
seccompProfile:
|
||||||
type: RuntimeDefault
|
type: RuntimeDefault
|
||||||
image: ghcr.io/external-secrets/external-secrets:v2.2.0@sha256:876e627dbee5b0edd12da49b035469d12418cd6c3c4be5e383ae6a82e8bd4565
|
image: ghcr.io/external-secrets/external-secrets:v2.3.0@sha256:c425f51f422506c380550ad32fbf155412c7be84dd1c4b196130dcf04497be80
|
||||||
imagePullPolicy: IfNotPresent
|
imagePullPolicy: IfNotPresent
|
||||||
args:
|
args:
|
||||||
- certcontroller
|
- certcontroller
|
||||||
|
|||||||
@@ -4,10 +4,10 @@ metadata:
|
|||||||
name: external-secrets-webhook
|
name: external-secrets-webhook
|
||||||
namespace: external-secrets
|
namespace: external-secrets
|
||||||
labels:
|
labels:
|
||||||
helm.sh/chart: external-secrets-2.2.0
|
helm.sh/chart: external-secrets-2.3.0
|
||||||
app.kubernetes.io/name: external-secrets-webhook
|
app.kubernetes.io/name: external-secrets-webhook
|
||||||
app.kubernetes.io/instance: external-secrets
|
app.kubernetes.io/instance: external-secrets
|
||||||
app.kubernetes.io/version: "v2.2.0"
|
app.kubernetes.io/version: "v2.3.0"
|
||||||
app.kubernetes.io/managed-by: Helm
|
app.kubernetes.io/managed-by: Helm
|
||||||
app.kubernetes.io/metrics: "webhook"
|
app.kubernetes.io/metrics: "webhook"
|
||||||
spec:
|
spec:
|
||||||
@@ -20,10 +20,10 @@ spec:
|
|||||||
template:
|
template:
|
||||||
metadata:
|
metadata:
|
||||||
labels:
|
labels:
|
||||||
helm.sh/chart: external-secrets-2.2.0
|
helm.sh/chart: external-secrets-2.3.0
|
||||||
app.kubernetes.io/name: external-secrets-webhook
|
app.kubernetes.io/name: external-secrets-webhook
|
||||||
app.kubernetes.io/instance: external-secrets
|
app.kubernetes.io/instance: external-secrets
|
||||||
app.kubernetes.io/version: "v2.2.0"
|
app.kubernetes.io/version: "v2.3.0"
|
||||||
app.kubernetes.io/managed-by: Helm
|
app.kubernetes.io/managed-by: Helm
|
||||||
app.kubernetes.io/metrics: "webhook"
|
app.kubernetes.io/metrics: "webhook"
|
||||||
spec:
|
spec:
|
||||||
@@ -42,7 +42,7 @@ spec:
|
|||||||
runAsUser: 1000
|
runAsUser: 1000
|
||||||
seccompProfile:
|
seccompProfile:
|
||||||
type: RuntimeDefault
|
type: RuntimeDefault
|
||||||
image: ghcr.io/external-secrets/external-secrets:v2.2.0@sha256:876e627dbee5b0edd12da49b035469d12418cd6c3c4be5e383ae6a82e8bd4565
|
image: ghcr.io/external-secrets/external-secrets:v2.3.0@sha256:c425f51f422506c380550ad32fbf155412c7be84dd1c4b196130dcf04497be80
|
||||||
imagePullPolicy: IfNotPresent
|
imagePullPolicy: IfNotPresent
|
||||||
args:
|
args:
|
||||||
- webhook
|
- webhook
|
||||||
|
|||||||
@@ -4,10 +4,10 @@ metadata:
|
|||||||
name: external-secrets
|
name: external-secrets
|
||||||
namespace: external-secrets
|
namespace: external-secrets
|
||||||
labels:
|
labels:
|
||||||
helm.sh/chart: external-secrets-2.2.0
|
helm.sh/chart: external-secrets-2.3.0
|
||||||
app.kubernetes.io/name: external-secrets
|
app.kubernetes.io/name: external-secrets
|
||||||
app.kubernetes.io/instance: external-secrets
|
app.kubernetes.io/instance: external-secrets
|
||||||
app.kubernetes.io/version: "v2.2.0"
|
app.kubernetes.io/version: "v2.3.0"
|
||||||
app.kubernetes.io/managed-by: Helm
|
app.kubernetes.io/managed-by: Helm
|
||||||
spec:
|
spec:
|
||||||
replicas: 3
|
replicas: 3
|
||||||
@@ -19,10 +19,10 @@ spec:
|
|||||||
template:
|
template:
|
||||||
metadata:
|
metadata:
|
||||||
labels:
|
labels:
|
||||||
helm.sh/chart: external-secrets-2.2.0
|
helm.sh/chart: external-secrets-2.3.0
|
||||||
app.kubernetes.io/name: external-secrets
|
app.kubernetes.io/name: external-secrets
|
||||||
app.kubernetes.io/instance: external-secrets
|
app.kubernetes.io/instance: external-secrets
|
||||||
app.kubernetes.io/version: "v2.2.0"
|
app.kubernetes.io/version: "v2.3.0"
|
||||||
app.kubernetes.io/managed-by: Helm
|
app.kubernetes.io/managed-by: Helm
|
||||||
spec:
|
spec:
|
||||||
serviceAccountName: external-secrets
|
serviceAccountName: external-secrets
|
||||||
@@ -40,7 +40,7 @@ spec:
|
|||||||
runAsUser: 1000
|
runAsUser: 1000
|
||||||
seccompProfile:
|
seccompProfile:
|
||||||
type: RuntimeDefault
|
type: RuntimeDefault
|
||||||
image: ghcr.io/external-secrets/external-secrets:v2.2.0@sha256:876e627dbee5b0edd12da49b035469d12418cd6c3c4be5e383ae6a82e8bd4565
|
image: ghcr.io/external-secrets/external-secrets:v2.3.0@sha256:c425f51f422506c380550ad32fbf155412c7be84dd1c4b196130dcf04497be80
|
||||||
imagePullPolicy: IfNotPresent
|
imagePullPolicy: IfNotPresent
|
||||||
args:
|
args:
|
||||||
- --enable-leader-election=true
|
- --enable-leader-election=true
|
||||||
|
|||||||
@@ -4,10 +4,10 @@ metadata:
|
|||||||
name: "external-secrets-pdb"
|
name: "external-secrets-pdb"
|
||||||
namespace: external-secrets
|
namespace: external-secrets
|
||||||
labels:
|
labels:
|
||||||
helm.sh/chart: external-secrets-2.2.0
|
helm.sh/chart: external-secrets-2.3.0
|
||||||
app.kubernetes.io/name: external-secrets
|
app.kubernetes.io/name: external-secrets
|
||||||
app.kubernetes.io/instance: external-secrets
|
app.kubernetes.io/instance: external-secrets
|
||||||
app.kubernetes.io/version: "v2.2.0"
|
app.kubernetes.io/version: "v2.3.0"
|
||||||
app.kubernetes.io/managed-by: Helm
|
app.kubernetes.io/managed-by: Helm
|
||||||
spec:
|
spec:
|
||||||
minAvailable: 1
|
minAvailable: 1
|
||||||
|
|||||||
@@ -4,10 +4,10 @@ metadata:
|
|||||||
name: external-secrets-leaderelection
|
name: external-secrets-leaderelection
|
||||||
namespace: external-secrets
|
namespace: external-secrets
|
||||||
labels:
|
labels:
|
||||||
helm.sh/chart: external-secrets-2.2.0
|
helm.sh/chart: external-secrets-2.3.0
|
||||||
app.kubernetes.io/name: external-secrets
|
app.kubernetes.io/name: external-secrets
|
||||||
app.kubernetes.io/instance: external-secrets
|
app.kubernetes.io/instance: external-secrets
|
||||||
app.kubernetes.io/version: "v2.2.0"
|
app.kubernetes.io/version: "v2.3.0"
|
||||||
app.kubernetes.io/managed-by: Helm
|
app.kubernetes.io/managed-by: Helm
|
||||||
rules:
|
rules:
|
||||||
- apiGroups:
|
- apiGroups:
|
||||||
|
|||||||
@@ -4,10 +4,10 @@ metadata:
|
|||||||
name: external-secrets-leaderelection
|
name: external-secrets-leaderelection
|
||||||
namespace: external-secrets
|
namespace: external-secrets
|
||||||
labels:
|
labels:
|
||||||
helm.sh/chart: external-secrets-2.2.0
|
helm.sh/chart: external-secrets-2.3.0
|
||||||
app.kubernetes.io/name: external-secrets
|
app.kubernetes.io/name: external-secrets
|
||||||
app.kubernetes.io/instance: external-secrets
|
app.kubernetes.io/instance: external-secrets
|
||||||
app.kubernetes.io/version: "v2.2.0"
|
app.kubernetes.io/version: "v2.3.0"
|
||||||
app.kubernetes.io/managed-by: Helm
|
app.kubernetes.io/managed-by: Helm
|
||||||
roleRef:
|
roleRef:
|
||||||
apiGroup: rbac.authorization.k8s.io
|
apiGroup: rbac.authorization.k8s.io
|
||||||
|
|||||||
@@ -4,10 +4,10 @@ metadata:
|
|||||||
name: external-secrets-webhook
|
name: external-secrets-webhook
|
||||||
namespace: external-secrets
|
namespace: external-secrets
|
||||||
labels:
|
labels:
|
||||||
helm.sh/chart: external-secrets-2.2.0
|
helm.sh/chart: external-secrets-2.3.0
|
||||||
app.kubernetes.io/name: external-secrets-webhook
|
app.kubernetes.io/name: external-secrets-webhook
|
||||||
app.kubernetes.io/instance: external-secrets
|
app.kubernetes.io/instance: external-secrets
|
||||||
app.kubernetes.io/version: "v2.2.0"
|
app.kubernetes.io/version: "v2.3.0"
|
||||||
app.kubernetes.io/managed-by: Helm
|
app.kubernetes.io/managed-by: Helm
|
||||||
app.kubernetes.io/metrics: "webhook"
|
app.kubernetes.io/metrics: "webhook"
|
||||||
external-secrets.io/component: webhook
|
external-secrets.io/component: webhook
|
||||||
|
|||||||
@@ -4,10 +4,10 @@ metadata:
|
|||||||
name: external-secrets-cert-controller-metrics
|
name: external-secrets-cert-controller-metrics
|
||||||
namespace: external-secrets
|
namespace: external-secrets
|
||||||
labels:
|
labels:
|
||||||
helm.sh/chart: external-secrets-2.2.0
|
helm.sh/chart: external-secrets-2.3.0
|
||||||
app.kubernetes.io/name: external-secrets-cert-controller
|
app.kubernetes.io/name: external-secrets-cert-controller
|
||||||
app.kubernetes.io/instance: external-secrets
|
app.kubernetes.io/instance: external-secrets
|
||||||
app.kubernetes.io/version: "v2.2.0"
|
app.kubernetes.io/version: "v2.3.0"
|
||||||
app.kubernetes.io/managed-by: Helm
|
app.kubernetes.io/managed-by: Helm
|
||||||
app.kubernetes.io/metrics: "cert-controller"
|
app.kubernetes.io/metrics: "cert-controller"
|
||||||
spec:
|
spec:
|
||||||
|
|||||||
@@ -4,10 +4,10 @@ metadata:
|
|||||||
name: external-secrets-metrics
|
name: external-secrets-metrics
|
||||||
namespace: external-secrets
|
namespace: external-secrets
|
||||||
labels:
|
labels:
|
||||||
helm.sh/chart: external-secrets-2.2.0
|
helm.sh/chart: external-secrets-2.3.0
|
||||||
app.kubernetes.io/name: external-secrets
|
app.kubernetes.io/name: external-secrets
|
||||||
app.kubernetes.io/instance: external-secrets
|
app.kubernetes.io/instance: external-secrets
|
||||||
app.kubernetes.io/version: "v2.2.0"
|
app.kubernetes.io/version: "v2.3.0"
|
||||||
app.kubernetes.io/managed-by: Helm
|
app.kubernetes.io/managed-by: Helm
|
||||||
spec:
|
spec:
|
||||||
type: ClusterIP
|
type: ClusterIP
|
||||||
|
|||||||
@@ -4,10 +4,10 @@ metadata:
|
|||||||
name: external-secrets-webhook
|
name: external-secrets-webhook
|
||||||
namespace: external-secrets
|
namespace: external-secrets
|
||||||
labels:
|
labels:
|
||||||
helm.sh/chart: external-secrets-2.2.0
|
helm.sh/chart: external-secrets-2.3.0
|
||||||
app.kubernetes.io/name: external-secrets-webhook
|
app.kubernetes.io/name: external-secrets-webhook
|
||||||
app.kubernetes.io/instance: external-secrets
|
app.kubernetes.io/instance: external-secrets
|
||||||
app.kubernetes.io/version: "v2.2.0"
|
app.kubernetes.io/version: "v2.3.0"
|
||||||
app.kubernetes.io/managed-by: Helm
|
app.kubernetes.io/managed-by: Helm
|
||||||
app.kubernetes.io/metrics: "webhook"
|
app.kubernetes.io/metrics: "webhook"
|
||||||
external-secrets.io/component: webhook
|
external-secrets.io/component: webhook
|
||||||
|
|||||||
@@ -4,9 +4,9 @@ metadata:
|
|||||||
name: external-secrets-cert-controller
|
name: external-secrets-cert-controller
|
||||||
namespace: external-secrets
|
namespace: external-secrets
|
||||||
labels:
|
labels:
|
||||||
helm.sh/chart: external-secrets-2.2.0
|
helm.sh/chart: external-secrets-2.3.0
|
||||||
app.kubernetes.io/name: external-secrets-cert-controller
|
app.kubernetes.io/name: external-secrets-cert-controller
|
||||||
app.kubernetes.io/instance: external-secrets
|
app.kubernetes.io/instance: external-secrets
|
||||||
app.kubernetes.io/version: "v2.2.0"
|
app.kubernetes.io/version: "v2.3.0"
|
||||||
app.kubernetes.io/managed-by: Helm
|
app.kubernetes.io/managed-by: Helm
|
||||||
app.kubernetes.io/metrics: "cert-controller"
|
app.kubernetes.io/metrics: "cert-controller"
|
||||||
|
|||||||
@@ -4,9 +4,9 @@ metadata:
|
|||||||
name: external-secrets-webhook
|
name: external-secrets-webhook
|
||||||
namespace: external-secrets
|
namespace: external-secrets
|
||||||
labels:
|
labels:
|
||||||
helm.sh/chart: external-secrets-2.2.0
|
helm.sh/chart: external-secrets-2.3.0
|
||||||
app.kubernetes.io/name: external-secrets-webhook
|
app.kubernetes.io/name: external-secrets-webhook
|
||||||
app.kubernetes.io/instance: external-secrets
|
app.kubernetes.io/instance: external-secrets
|
||||||
app.kubernetes.io/version: "v2.2.0"
|
app.kubernetes.io/version: "v2.3.0"
|
||||||
app.kubernetes.io/managed-by: Helm
|
app.kubernetes.io/managed-by: Helm
|
||||||
app.kubernetes.io/metrics: "webhook"
|
app.kubernetes.io/metrics: "webhook"
|
||||||
|
|||||||
@@ -4,8 +4,8 @@ metadata:
|
|||||||
name: external-secrets
|
name: external-secrets
|
||||||
namespace: external-secrets
|
namespace: external-secrets
|
||||||
labels:
|
labels:
|
||||||
helm.sh/chart: external-secrets-2.2.0
|
helm.sh/chart: external-secrets-2.3.0
|
||||||
app.kubernetes.io/name: external-secrets
|
app.kubernetes.io/name: external-secrets
|
||||||
app.kubernetes.io/instance: external-secrets
|
app.kubernetes.io/instance: external-secrets
|
||||||
app.kubernetes.io/version: "v2.2.0"
|
app.kubernetes.io/version: "v2.3.0"
|
||||||
app.kubernetes.io/managed-by: Helm
|
app.kubernetes.io/managed-by: Helm
|
||||||
|
|||||||
@@ -2,10 +2,10 @@ apiVersion: "monitoring.coreos.com/v1"
|
|||||||
kind: ServiceMonitor
|
kind: ServiceMonitor
|
||||||
metadata:
|
metadata:
|
||||||
labels:
|
labels:
|
||||||
helm.sh/chart: external-secrets-2.2.0
|
helm.sh/chart: external-secrets-2.3.0
|
||||||
app.kubernetes.io/name: external-secrets-cert-controller
|
app.kubernetes.io/name: external-secrets-cert-controller
|
||||||
app.kubernetes.io/instance: external-secrets
|
app.kubernetes.io/instance: external-secrets
|
||||||
app.kubernetes.io/version: "v2.2.0"
|
app.kubernetes.io/version: "v2.3.0"
|
||||||
app.kubernetes.io/managed-by: Helm
|
app.kubernetes.io/managed-by: Helm
|
||||||
app.kubernetes.io/metrics: "cert-controller"
|
app.kubernetes.io/metrics: "cert-controller"
|
||||||
name: external-secrets-cert-controller-metrics
|
name: external-secrets-cert-controller-metrics
|
||||||
|
|||||||
@@ -2,10 +2,10 @@ apiVersion: "monitoring.coreos.com/v1"
|
|||||||
kind: ServiceMonitor
|
kind: ServiceMonitor
|
||||||
metadata:
|
metadata:
|
||||||
labels:
|
labels:
|
||||||
helm.sh/chart: external-secrets-2.2.0
|
helm.sh/chart: external-secrets-2.3.0
|
||||||
app.kubernetes.io/name: external-secrets
|
app.kubernetes.io/name: external-secrets
|
||||||
app.kubernetes.io/instance: external-secrets
|
app.kubernetes.io/instance: external-secrets
|
||||||
app.kubernetes.io/version: "v2.2.0"
|
app.kubernetes.io/version: "v2.3.0"
|
||||||
app.kubernetes.io/managed-by: Helm
|
app.kubernetes.io/managed-by: Helm
|
||||||
name: external-secrets-metrics
|
name: external-secrets-metrics
|
||||||
namespace: "external-secrets"
|
namespace: "external-secrets"
|
||||||
|
|||||||
@@ -2,10 +2,10 @@ apiVersion: "monitoring.coreos.com/v1"
|
|||||||
kind: ServiceMonitor
|
kind: ServiceMonitor
|
||||||
metadata:
|
metadata:
|
||||||
labels:
|
labels:
|
||||||
helm.sh/chart: external-secrets-2.2.0
|
helm.sh/chart: external-secrets-2.3.0
|
||||||
app.kubernetes.io/name: external-secrets-webhook
|
app.kubernetes.io/name: external-secrets-webhook
|
||||||
app.kubernetes.io/instance: external-secrets
|
app.kubernetes.io/instance: external-secrets
|
||||||
app.kubernetes.io/version: "v2.2.0"
|
app.kubernetes.io/version: "v2.3.0"
|
||||||
app.kubernetes.io/managed-by: Helm
|
app.kubernetes.io/managed-by: Helm
|
||||||
app.kubernetes.io/metrics: "webhook"
|
app.kubernetes.io/metrics: "webhook"
|
||||||
name: external-secrets-webhook-metrics
|
name: external-secrets-webhook-metrics
|
||||||
|
|||||||
@@ -3,10 +3,10 @@ kind: ValidatingWebhookConfiguration
|
|||||||
metadata:
|
metadata:
|
||||||
name: externalsecret-validate
|
name: externalsecret-validate
|
||||||
labels:
|
labels:
|
||||||
helm.sh/chart: external-secrets-2.2.0
|
helm.sh/chart: external-secrets-2.3.0
|
||||||
app.kubernetes.io/name: external-secrets-webhook
|
app.kubernetes.io/name: external-secrets-webhook
|
||||||
app.kubernetes.io/instance: external-secrets
|
app.kubernetes.io/instance: external-secrets
|
||||||
app.kubernetes.io/version: "v2.2.0"
|
app.kubernetes.io/version: "v2.3.0"
|
||||||
app.kubernetes.io/managed-by: Helm
|
app.kubernetes.io/managed-by: Helm
|
||||||
app.kubernetes.io/metrics: "webhook"
|
app.kubernetes.io/metrics: "webhook"
|
||||||
external-secrets.io/component: webhook
|
external-secrets.io/component: webhook
|
||||||
|
|||||||
@@ -3,10 +3,10 @@ kind: ValidatingWebhookConfiguration
|
|||||||
metadata:
|
metadata:
|
||||||
name: secretstore-validate
|
name: secretstore-validate
|
||||||
labels:
|
labels:
|
||||||
helm.sh/chart: external-secrets-2.2.0
|
helm.sh/chart: external-secrets-2.3.0
|
||||||
app.kubernetes.io/name: external-secrets-webhook
|
app.kubernetes.io/name: external-secrets-webhook
|
||||||
app.kubernetes.io/instance: external-secrets
|
app.kubernetes.io/instance: external-secrets
|
||||||
app.kubernetes.io/version: "v2.2.0"
|
app.kubernetes.io/version: "v2.3.0"
|
||||||
app.kubernetes.io/managed-by: Helm
|
app.kubernetes.io/managed-by: Helm
|
||||||
app.kubernetes.io/metrics: "webhook"
|
app.kubernetes.io/metrics: "webhook"
|
||||||
external-secrets.io/component: webhook
|
external-secrets.io/component: webhook
|
||||||
|
|||||||
Reference in New Issue
Block a user