diff --git a/clusters/cl01tl/manifests/external-secrets/ClusterRole-external-secrets-cert-controller.yaml b/clusters/cl01tl/manifests/external-secrets/ClusterRole-external-secrets-cert-controller.yaml index ff52e051b..64e36824c 100644 --- a/clusters/cl01tl/manifests/external-secrets/ClusterRole-external-secrets-cert-controller.yaml +++ b/clusters/cl01tl/manifests/external-secrets/ClusterRole-external-secrets-cert-controller.yaml @@ -3,10 +3,10 @@ kind: ClusterRole metadata: name: external-secrets-cert-controller labels: - helm.sh/chart: external-secrets-2.4.1 + helm.sh/chart: external-secrets-2.5.0 app.kubernetes.io/name: external-secrets-cert-controller app.kubernetes.io/instance: external-secrets - app.kubernetes.io/version: "v2.4.1" + app.kubernetes.io/version: "v2.5.0" app.kubernetes.io/managed-by: Helm app.kubernetes.io/metrics: "cert-controller" rules: diff --git a/clusters/cl01tl/manifests/external-secrets/ClusterRole-external-secrets-controller.yaml b/clusters/cl01tl/manifests/external-secrets/ClusterRole-external-secrets-controller.yaml index 1f2654c86..5ff769e9c 100644 --- a/clusters/cl01tl/manifests/external-secrets/ClusterRole-external-secrets-controller.yaml +++ b/clusters/cl01tl/manifests/external-secrets/ClusterRole-external-secrets-controller.yaml @@ -3,10 +3,10 @@ kind: ClusterRole metadata: name: external-secrets-controller labels: - helm.sh/chart: external-secrets-2.4.1 + helm.sh/chart: external-secrets-2.5.0 app.kubernetes.io/name: external-secrets app.kubernetes.io/instance: external-secrets - app.kubernetes.io/version: "v2.4.1" + app.kubernetes.io/version: "v2.5.0" app.kubernetes.io/managed-by: Helm rules: - apiGroups: diff --git a/clusters/cl01tl/manifests/external-secrets/ClusterRole-external-secrets-edit.yaml b/clusters/cl01tl/manifests/external-secrets/ClusterRole-external-secrets-edit.yaml index c96e31a03..5449a1be3 100644 --- a/clusters/cl01tl/manifests/external-secrets/ClusterRole-external-secrets-edit.yaml +++ b/clusters/cl01tl/manifests/external-secrets/ClusterRole-external-secrets-edit.yaml @@ -3,10 +3,10 @@ kind: ClusterRole metadata: name: external-secrets-edit labels: - helm.sh/chart: external-secrets-2.4.1 + helm.sh/chart: external-secrets-2.5.0 app.kubernetes.io/name: external-secrets app.kubernetes.io/instance: external-secrets - app.kubernetes.io/version: "v2.4.1" + app.kubernetes.io/version: "v2.5.0" app.kubernetes.io/managed-by: Helm rbac.authorization.k8s.io/aggregate-to-edit: "true" rbac.authorization.k8s.io/aggregate-to-admin: "true" diff --git a/clusters/cl01tl/manifests/external-secrets/ClusterRole-external-secrets-servicebindings.yaml b/clusters/cl01tl/manifests/external-secrets/ClusterRole-external-secrets-servicebindings.yaml index 352645a61..5c116e916 100644 --- a/clusters/cl01tl/manifests/external-secrets/ClusterRole-external-secrets-servicebindings.yaml +++ b/clusters/cl01tl/manifests/external-secrets/ClusterRole-external-secrets-servicebindings.yaml @@ -4,10 +4,10 @@ metadata: name: external-secrets-servicebindings labels: servicebinding.io/controller: "true" - helm.sh/chart: external-secrets-2.4.1 + helm.sh/chart: external-secrets-2.5.0 app.kubernetes.io/name: external-secrets app.kubernetes.io/instance: external-secrets - app.kubernetes.io/version: "v2.4.1" + app.kubernetes.io/version: "v2.5.0" app.kubernetes.io/managed-by: Helm rules: - apiGroups: diff --git a/clusters/cl01tl/manifests/external-secrets/ClusterRole-external-secrets-view.yaml b/clusters/cl01tl/manifests/external-secrets/ClusterRole-external-secrets-view.yaml index cb2308c7c..f2ac7704d 100644 --- a/clusters/cl01tl/manifests/external-secrets/ClusterRole-external-secrets-view.yaml +++ b/clusters/cl01tl/manifests/external-secrets/ClusterRole-external-secrets-view.yaml @@ -3,10 +3,10 @@ kind: ClusterRole metadata: name: external-secrets-view labels: - helm.sh/chart: external-secrets-2.4.1 + helm.sh/chart: external-secrets-2.5.0 app.kubernetes.io/name: external-secrets app.kubernetes.io/instance: external-secrets - app.kubernetes.io/version: "v2.4.1" + app.kubernetes.io/version: "v2.5.0" app.kubernetes.io/managed-by: Helm rbac.authorization.k8s.io/aggregate-to-view: "true" rbac.authorization.k8s.io/aggregate-to-edit: "true" diff --git a/clusters/cl01tl/manifests/external-secrets/ClusterRoleBinding-external-secrets-cert-controller.yaml b/clusters/cl01tl/manifests/external-secrets/ClusterRoleBinding-external-secrets-cert-controller.yaml index 4439909a6..b214592a3 100644 --- a/clusters/cl01tl/manifests/external-secrets/ClusterRoleBinding-external-secrets-cert-controller.yaml +++ b/clusters/cl01tl/manifests/external-secrets/ClusterRoleBinding-external-secrets-cert-controller.yaml @@ -3,10 +3,10 @@ kind: ClusterRoleBinding metadata: name: external-secrets-cert-controller labels: - helm.sh/chart: external-secrets-2.4.1 + helm.sh/chart: external-secrets-2.5.0 app.kubernetes.io/name: external-secrets-cert-controller app.kubernetes.io/instance: external-secrets - app.kubernetes.io/version: "v2.4.1" + app.kubernetes.io/version: "v2.5.0" app.kubernetes.io/managed-by: Helm app.kubernetes.io/metrics: "cert-controller" roleRef: diff --git a/clusters/cl01tl/manifests/external-secrets/ClusterRoleBinding-external-secrets-controller.yaml b/clusters/cl01tl/manifests/external-secrets/ClusterRoleBinding-external-secrets-controller.yaml index 3a8ce9fe1..295484840 100644 --- a/clusters/cl01tl/manifests/external-secrets/ClusterRoleBinding-external-secrets-controller.yaml +++ b/clusters/cl01tl/manifests/external-secrets/ClusterRoleBinding-external-secrets-controller.yaml @@ -3,10 +3,10 @@ kind: ClusterRoleBinding metadata: name: external-secrets-controller labels: - helm.sh/chart: external-secrets-2.4.1 + helm.sh/chart: external-secrets-2.5.0 app.kubernetes.io/name: external-secrets app.kubernetes.io/instance: external-secrets - app.kubernetes.io/version: "v2.4.1" + app.kubernetes.io/version: "v2.5.0" app.kubernetes.io/managed-by: Helm roleRef: apiGroup: rbac.authorization.k8s.io diff --git a/clusters/cl01tl/manifests/external-secrets/CustomResourceDefinition-clustergenerators.generators.external-secrets.io.yaml b/clusters/cl01tl/manifests/external-secrets/CustomResourceDefinition-clustergenerators.generators.external-secrets.io.yaml index 84b829f9d..ba44bb056 100644 --- a/clusters/cl01tl/manifests/external-secrets/CustomResourceDefinition-clustergenerators.generators.external-secrets.io.yaml +++ b/clusters/cl01tl/manifests/external-secrets/CustomResourceDefinition-clustergenerators.generators.external-secrets.io.yaml @@ -564,6 +564,18 @@ spec: credential_source.url in the provided credConfig. This field is merely to double-check the external token source URL is having the expected value. type: string + gcpServiceAccountEmail: + description: |- + GCPServiceAccountEmail is the email of the Google Cloud service account to impersonate + after Workload Identity Federation. Use this to grant access through the service account's + IAM bindings (for example roles/secretmanager.secretAccessor). When set, it overrides + service_account_impersonation_url in the external account JSON from credConfig; + when serviceAccountRef is set, it also overrides the "iam.gke.io/gcp-service-account" annotation + on that ServiceAccount. + example: my-gsa@my-project.iam.gserviceaccount.com + minLength: 1 + pattern: ^.*@.*\.iam\.gserviceaccount\.com$ + type: string serviceAccountRef: description: |- serviceAccountRef is the reference to the kubernetes ServiceAccount to be used for obtaining the tokens, diff --git a/clusters/cl01tl/manifests/external-secrets/CustomResourceDefinition-clustersecretstores.external-secrets.io.yaml b/clusters/cl01tl/manifests/external-secrets/CustomResourceDefinition-clustersecretstores.external-secrets.io.yaml index 55c89b635..4ccface71 100644 --- a/clusters/cl01tl/manifests/external-secrets/CustomResourceDefinition-clustersecretstores.external-secrets.io.yaml +++ b/clusters/cl01tl/manifests/external-secrets/CustomResourceDefinition-clustersecretstores.external-secrets.io.yaml @@ -486,6 +486,16 @@ spec: type: object type: object type: object + customSessionTags: + additionalProperties: + type: string + description: |- + CustomSessionTags defines additional STS session tags to include when SessionTagsPolicy is Custom. + These are merged with the automatically injected esoNamespace, esoStoreName, and esoStoreKind tags. + type: object + x-kubernetes-validations: + - message: 'customSessionTags cannot contain automatically injected reserved keys: esoNamespace, esoStoreName, esoStoreKind' + rule: '!(''esoNamespace'' in self) && !(''esoStoreName'' in self) && !(''esoStoreKind'' in self)' externalID: description: AWS External ID set on assumed IAM roles type: string @@ -541,6 +551,19 @@ spec: - value type: object type: array + sessionTagsPolicy: + default: None + description: |- + SessionTagsPolicy controls whether and how STS session tags are added when assuming roles. + None (default): no tags are added. + Simple: automatically adds esoNamespace (from the ExternalSecret), esoStoreName, and esoStoreKind tags. + Custom: adds esoNamespace, esoStoreName, and esoStoreKind plus any tags defined in CustomSessionTags. + Note: the IAM role must have sts:TagSession permission when using Simple or Custom. + enum: + - None + - Simple + - Custom + type: string transitiveTagKeys: description: AWS STS assume role transitive session tags. Required when multiple rules are used with the provider items: @@ -1995,6 +2018,18 @@ spec: credential_source.url in the provided credConfig. This field is merely to double-check the external token source URL is having the expected value. type: string + gcpServiceAccountEmail: + description: |- + GCPServiceAccountEmail is the email of the Google Cloud service account to impersonate + after Workload Identity Federation. Use this to grant access through the service account's + IAM bindings (for example roles/secretmanager.secretAccessor). When set, it overrides + service_account_impersonation_url in the external account JSON from credConfig; + when serviceAccountRef is set, it also overrides the "iam.gke.io/gcp-service-account" annotation + on that ServiceAccount. + example: my-gsa@my-project.iam.gserviceaccount.com + minLength: 1 + pattern: ^.*@.*\.iam\.gserviceaccount\.com$ + type: string serviceAccountRef: description: |- serviceAccountRef is the reference to the kubernetes ServiceAccount to be used for obtaining the tokens, @@ -4223,7 +4258,10 @@ spec: description: Pulumi configures this store to sync secrets using the Pulumi provider properties: accessToken: - description: AccessToken is the access tokens to sign in to the Pulumi Cloud Console. + description: |- + AccessToken is the access tokens to sign in to the Pulumi Cloud Console. + + Deprecated: Use auth.accessToken instead. properties: secretRef: description: SecretRef is a reference to a secret containing the Pulumi API token. @@ -4256,6 +4294,91 @@ spec: default: https://api.pulumi.com/api/esc description: APIURL is the URL of the Pulumi API. type: string + auth: + description: |- + Auth configures how the Operator authenticates with the Pulumi API. + Either auth or the deprecated accessToken field must be specified. + properties: + accessToken: + description: AccessToken authenticates using a Pulumi access token stored in a Kubernetes Secret. + properties: + secretRef: + description: SecretRef is a reference to a secret containing the Pulumi API token. + properties: + key: + description: |- + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ + type: string + name: + description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ + type: string + namespace: + description: |- + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + type: object + oidcConfig: + description: OIDCConfig authenticates using Kubernetes ServiceAccount tokens via OIDC. + properties: + expirationSeconds: + default: 600 + description: |- + ExpirationSeconds sets the token validity duration for service account and OIDC token. + Defaults to 10 minutes. + format: int64 + minimum: 600 + type: integer + organization: + description: Organization is the name of the Pulumi organization configured for OIDC authentication. + type: string + serviceAccountRef: + description: ServiceAccountRef specifies the Kubernetes ServiceAccount to use for authentication. + properties: + audiences: + description: |- + Audience specifies the `aud` claim for the service account token + If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity + then this audiences will be appended to the list + items: + type: string + type: array + name: + description: The name of the ServiceAccount resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ + type: string + namespace: + description: |- + Namespace of the resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - name + type: object + required: + - organization + - serviceAccountRef + type: object + type: object + x-kubernetes-validations: + - message: Exactly one of 'accessToken' or 'oidcConfig' must be specified + rule: (has(self.accessToken) && !has(self.oidcConfig)) || (!has(self.accessToken) && has(self.oidcConfig)) environment: description: |- Environment are YAML documents composed of static key-value pairs, programmatic expressions, @@ -4272,11 +4395,13 @@ spec: description: Project is the name of the Pulumi ESC project the environment belongs to. type: string required: - - accessToken - environment - organization - project type: object + x-kubernetes-validations: + - message: Exactly one of 'auth' or deprecated 'accessToken' must be specified + rule: (has(self.auth) && !has(self.accessToken)) || (!has(self.auth) && has(self.accessToken)) scaleway: description: Scaleway configures this store to sync secrets using the Scaleway provider. properties: diff --git a/clusters/cl01tl/manifests/external-secrets/CustomResourceDefinition-gcraccesstokens.generators.external-secrets.io.yaml b/clusters/cl01tl/manifests/external-secrets/CustomResourceDefinition-gcraccesstokens.generators.external-secrets.io.yaml index a228a0db9..2fae9e06e 100644 --- a/clusters/cl01tl/manifests/external-secrets/CustomResourceDefinition-gcraccesstokens.generators.external-secrets.io.yaml +++ b/clusters/cl01tl/manifests/external-secrets/CustomResourceDefinition-gcraccesstokens.generators.external-secrets.io.yaml @@ -202,6 +202,18 @@ spec: credential_source.url in the provided credConfig. This field is merely to double-check the external token source URL is having the expected value. type: string + gcpServiceAccountEmail: + description: |- + GCPServiceAccountEmail is the email of the Google Cloud service account to impersonate + after Workload Identity Federation. Use this to grant access through the service account's + IAM bindings (for example roles/secretmanager.secretAccessor). When set, it overrides + service_account_impersonation_url in the external account JSON from credConfig; + when serviceAccountRef is set, it also overrides the "iam.gke.io/gcp-service-account" annotation + on that ServiceAccount. + example: my-gsa@my-project.iam.gserviceaccount.com + minLength: 1 + pattern: ^.*@.*\.iam\.gserviceaccount\.com$ + type: string serviceAccountRef: description: |- serviceAccountRef is the reference to the kubernetes ServiceAccount to be used for obtaining the tokens, diff --git a/clusters/cl01tl/manifests/external-secrets/CustomResourceDefinition-secretstores.external-secrets.io.yaml b/clusters/cl01tl/manifests/external-secrets/CustomResourceDefinition-secretstores.external-secrets.io.yaml index 489a2ae3c..2ce934661 100644 --- a/clusters/cl01tl/manifests/external-secrets/CustomResourceDefinition-secretstores.external-secrets.io.yaml +++ b/clusters/cl01tl/manifests/external-secrets/CustomResourceDefinition-secretstores.external-secrets.io.yaml @@ -486,6 +486,16 @@ spec: type: object type: object type: object + customSessionTags: + additionalProperties: + type: string + description: |- + CustomSessionTags defines additional STS session tags to include when SessionTagsPolicy is Custom. + These are merged with the automatically injected esoNamespace, esoStoreName, and esoStoreKind tags. + type: object + x-kubernetes-validations: + - message: 'customSessionTags cannot contain automatically injected reserved keys: esoNamespace, esoStoreName, esoStoreKind' + rule: '!(''esoNamespace'' in self) && !(''esoStoreName'' in self) && !(''esoStoreKind'' in self)' externalID: description: AWS External ID set on assumed IAM roles type: string @@ -541,6 +551,19 @@ spec: - value type: object type: array + sessionTagsPolicy: + default: None + description: |- + SessionTagsPolicy controls whether and how STS session tags are added when assuming roles. + None (default): no tags are added. + Simple: automatically adds esoNamespace (from the ExternalSecret), esoStoreName, and esoStoreKind tags. + Custom: adds esoNamespace, esoStoreName, and esoStoreKind plus any tags defined in CustomSessionTags. + Note: the IAM role must have sts:TagSession permission when using Simple or Custom. + enum: + - None + - Simple + - Custom + type: string transitiveTagKeys: description: AWS STS assume role transitive session tags. Required when multiple rules are used with the provider items: @@ -1995,6 +2018,18 @@ spec: credential_source.url in the provided credConfig. This field is merely to double-check the external token source URL is having the expected value. type: string + gcpServiceAccountEmail: + description: |- + GCPServiceAccountEmail is the email of the Google Cloud service account to impersonate + after Workload Identity Federation. Use this to grant access through the service account's + IAM bindings (for example roles/secretmanager.secretAccessor). When set, it overrides + service_account_impersonation_url in the external account JSON from credConfig; + when serviceAccountRef is set, it also overrides the "iam.gke.io/gcp-service-account" annotation + on that ServiceAccount. + example: my-gsa@my-project.iam.gserviceaccount.com + minLength: 1 + pattern: ^.*@.*\.iam\.gserviceaccount\.com$ + type: string serviceAccountRef: description: |- serviceAccountRef is the reference to the kubernetes ServiceAccount to be used for obtaining the tokens, @@ -4223,7 +4258,10 @@ spec: description: Pulumi configures this store to sync secrets using the Pulumi provider properties: accessToken: - description: AccessToken is the access tokens to sign in to the Pulumi Cloud Console. + description: |- + AccessToken is the access tokens to sign in to the Pulumi Cloud Console. + + Deprecated: Use auth.accessToken instead. properties: secretRef: description: SecretRef is a reference to a secret containing the Pulumi API token. @@ -4256,6 +4294,91 @@ spec: default: https://api.pulumi.com/api/esc description: APIURL is the URL of the Pulumi API. type: string + auth: + description: |- + Auth configures how the Operator authenticates with the Pulumi API. + Either auth or the deprecated accessToken field must be specified. + properties: + accessToken: + description: AccessToken authenticates using a Pulumi access token stored in a Kubernetes Secret. + properties: + secretRef: + description: SecretRef is a reference to a secret containing the Pulumi API token. + properties: + key: + description: |- + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ + type: string + name: + description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ + type: string + namespace: + description: |- + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + type: object + oidcConfig: + description: OIDCConfig authenticates using Kubernetes ServiceAccount tokens via OIDC. + properties: + expirationSeconds: + default: 600 + description: |- + ExpirationSeconds sets the token validity duration for service account and OIDC token. + Defaults to 10 minutes. + format: int64 + minimum: 600 + type: integer + organization: + description: Organization is the name of the Pulumi organization configured for OIDC authentication. + type: string + serviceAccountRef: + description: ServiceAccountRef specifies the Kubernetes ServiceAccount to use for authentication. + properties: + audiences: + description: |- + Audience specifies the `aud` claim for the service account token + If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity + then this audiences will be appended to the list + items: + type: string + type: array + name: + description: The name of the ServiceAccount resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ + type: string + namespace: + description: |- + Namespace of the resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - name + type: object + required: + - organization + - serviceAccountRef + type: object + type: object + x-kubernetes-validations: + - message: Exactly one of 'accessToken' or 'oidcConfig' must be specified + rule: (has(self.accessToken) && !has(self.oidcConfig)) || (!has(self.accessToken) && has(self.oidcConfig)) environment: description: |- Environment are YAML documents composed of static key-value pairs, programmatic expressions, @@ -4272,11 +4395,13 @@ spec: description: Project is the name of the Pulumi ESC project the environment belongs to. type: string required: - - accessToken - environment - organization - project type: object + x-kubernetes-validations: + - message: Exactly one of 'auth' or deprecated 'accessToken' must be specified + rule: (has(self.auth) && !has(self.accessToken)) || (!has(self.auth) && has(self.accessToken)) scaleway: description: Scaleway configures this store to sync secrets using the Scaleway provider. properties: diff --git a/clusters/cl01tl/manifests/external-secrets/Deployment-external-secrets-cert-controller.yaml b/clusters/cl01tl/manifests/external-secrets/Deployment-external-secrets-cert-controller.yaml index a68e71e47..9beea06c9 100644 --- a/clusters/cl01tl/manifests/external-secrets/Deployment-external-secrets-cert-controller.yaml +++ b/clusters/cl01tl/manifests/external-secrets/Deployment-external-secrets-cert-controller.yaml @@ -4,10 +4,10 @@ metadata: name: external-secrets-cert-controller namespace: external-secrets labels: - helm.sh/chart: external-secrets-2.4.1 + helm.sh/chart: external-secrets-2.5.0 app.kubernetes.io/name: external-secrets-cert-controller app.kubernetes.io/instance: external-secrets - app.kubernetes.io/version: "v2.4.1" + app.kubernetes.io/version: "v2.5.0" app.kubernetes.io/managed-by: Helm app.kubernetes.io/metrics: "cert-controller" spec: @@ -20,10 +20,10 @@ spec: template: metadata: labels: - helm.sh/chart: external-secrets-2.4.1 + helm.sh/chart: external-secrets-2.5.0 app.kubernetes.io/name: external-secrets-cert-controller app.kubernetes.io/instance: external-secrets - app.kubernetes.io/version: "v2.4.1" + app.kubernetes.io/version: "v2.5.0" app.kubernetes.io/managed-by: Helm app.kubernetes.io/metrics: "cert-controller" spec: @@ -42,7 +42,7 @@ spec: runAsUser: 1000 seccompProfile: type: RuntimeDefault - image: ghcr.io/external-secrets/external-secrets:v2.4.1@sha256:9440a40b394791a5e93f3f7e1b33399ecbdc0e38273de1d69ed83fe12936fc09 + image: ghcr.io/external-secrets/external-secrets:v2.5.0@sha256:45e7bee4e743331288df01efce0e35b41738cffdc89c86a235359a5153257489 imagePullPolicy: IfNotPresent args: - certcontroller diff --git a/clusters/cl01tl/manifests/external-secrets/Deployment-external-secrets-webhook.yaml b/clusters/cl01tl/manifests/external-secrets/Deployment-external-secrets-webhook.yaml index dc986ea75..680130b3b 100644 --- a/clusters/cl01tl/manifests/external-secrets/Deployment-external-secrets-webhook.yaml +++ b/clusters/cl01tl/manifests/external-secrets/Deployment-external-secrets-webhook.yaml @@ -4,10 +4,10 @@ metadata: name: external-secrets-webhook namespace: external-secrets labels: - helm.sh/chart: external-secrets-2.4.1 + helm.sh/chart: external-secrets-2.5.0 app.kubernetes.io/name: external-secrets-webhook app.kubernetes.io/instance: external-secrets - app.kubernetes.io/version: "v2.4.1" + app.kubernetes.io/version: "v2.5.0" app.kubernetes.io/managed-by: Helm app.kubernetes.io/metrics: "webhook" spec: @@ -20,10 +20,10 @@ spec: template: metadata: labels: - helm.sh/chart: external-secrets-2.4.1 + helm.sh/chart: external-secrets-2.5.0 app.kubernetes.io/name: external-secrets-webhook app.kubernetes.io/instance: external-secrets - app.kubernetes.io/version: "v2.4.1" + app.kubernetes.io/version: "v2.5.0" app.kubernetes.io/managed-by: Helm app.kubernetes.io/metrics: "webhook" spec: @@ -42,7 +42,7 @@ spec: runAsUser: 1000 seccompProfile: type: RuntimeDefault - image: ghcr.io/external-secrets/external-secrets:v2.4.1@sha256:9440a40b394791a5e93f3f7e1b33399ecbdc0e38273de1d69ed83fe12936fc09 + image: ghcr.io/external-secrets/external-secrets:v2.5.0@sha256:45e7bee4e743331288df01efce0e35b41738cffdc89c86a235359a5153257489 imagePullPolicy: IfNotPresent args: - webhook diff --git a/clusters/cl01tl/manifests/external-secrets/Deployment-external-secrets.yaml b/clusters/cl01tl/manifests/external-secrets/Deployment-external-secrets.yaml index d7a97c74a..2255e49e6 100644 --- a/clusters/cl01tl/manifests/external-secrets/Deployment-external-secrets.yaml +++ b/clusters/cl01tl/manifests/external-secrets/Deployment-external-secrets.yaml @@ -4,10 +4,10 @@ metadata: name: external-secrets namespace: external-secrets labels: - helm.sh/chart: external-secrets-2.4.1 + helm.sh/chart: external-secrets-2.5.0 app.kubernetes.io/name: external-secrets app.kubernetes.io/instance: external-secrets - app.kubernetes.io/version: "v2.4.1" + app.kubernetes.io/version: "v2.5.0" app.kubernetes.io/managed-by: Helm spec: replicas: 3 @@ -19,10 +19,10 @@ spec: template: metadata: labels: - helm.sh/chart: external-secrets-2.4.1 + helm.sh/chart: external-secrets-2.5.0 app.kubernetes.io/name: external-secrets app.kubernetes.io/instance: external-secrets - app.kubernetes.io/version: "v2.4.1" + app.kubernetes.io/version: "v2.5.0" app.kubernetes.io/managed-by: Helm spec: serviceAccountName: external-secrets @@ -40,7 +40,7 @@ spec: runAsUser: 1000 seccompProfile: type: RuntimeDefault - image: ghcr.io/external-secrets/external-secrets:v2.4.1@sha256:9440a40b394791a5e93f3f7e1b33399ecbdc0e38273de1d69ed83fe12936fc09 + image: ghcr.io/external-secrets/external-secrets:v2.5.0@sha256:45e7bee4e743331288df01efce0e35b41738cffdc89c86a235359a5153257489 imagePullPolicy: IfNotPresent args: - --enable-leader-election=true diff --git a/clusters/cl01tl/manifests/external-secrets/PodDisruptionBudget-external-secrets-pdb.yaml b/clusters/cl01tl/manifests/external-secrets/PodDisruptionBudget-external-secrets-pdb.yaml index f337186ed..95b97e3bb 100644 --- a/clusters/cl01tl/manifests/external-secrets/PodDisruptionBudget-external-secrets-pdb.yaml +++ b/clusters/cl01tl/manifests/external-secrets/PodDisruptionBudget-external-secrets-pdb.yaml @@ -4,10 +4,10 @@ metadata: name: "external-secrets-pdb" namespace: external-secrets labels: - helm.sh/chart: external-secrets-2.4.1 + helm.sh/chart: external-secrets-2.5.0 app.kubernetes.io/name: external-secrets app.kubernetes.io/instance: external-secrets - app.kubernetes.io/version: "v2.4.1" + app.kubernetes.io/version: "v2.5.0" app.kubernetes.io/managed-by: Helm spec: minAvailable: 1 diff --git a/clusters/cl01tl/manifests/external-secrets/Role-external-secrets-leaderelection.yaml b/clusters/cl01tl/manifests/external-secrets/Role-external-secrets-leaderelection.yaml index 41e40c9fc..4379c3e5e 100644 --- a/clusters/cl01tl/manifests/external-secrets/Role-external-secrets-leaderelection.yaml +++ b/clusters/cl01tl/manifests/external-secrets/Role-external-secrets-leaderelection.yaml @@ -4,10 +4,10 @@ metadata: name: external-secrets-leaderelection namespace: external-secrets labels: - helm.sh/chart: external-secrets-2.4.1 + helm.sh/chart: external-secrets-2.5.0 app.kubernetes.io/name: external-secrets app.kubernetes.io/instance: external-secrets - app.kubernetes.io/version: "v2.4.1" + app.kubernetes.io/version: "v2.5.0" app.kubernetes.io/managed-by: Helm rules: - apiGroups: diff --git a/clusters/cl01tl/manifests/external-secrets/RoleBinding-external-secrets-leaderelection.yaml b/clusters/cl01tl/manifests/external-secrets/RoleBinding-external-secrets-leaderelection.yaml index 55452eb3a..e1da3d3a6 100644 --- a/clusters/cl01tl/manifests/external-secrets/RoleBinding-external-secrets-leaderelection.yaml +++ b/clusters/cl01tl/manifests/external-secrets/RoleBinding-external-secrets-leaderelection.yaml @@ -4,10 +4,10 @@ metadata: name: external-secrets-leaderelection namespace: external-secrets labels: - helm.sh/chart: external-secrets-2.4.1 + helm.sh/chart: external-secrets-2.5.0 app.kubernetes.io/name: external-secrets app.kubernetes.io/instance: external-secrets - app.kubernetes.io/version: "v2.4.1" + app.kubernetes.io/version: "v2.5.0" app.kubernetes.io/managed-by: Helm roleRef: apiGroup: rbac.authorization.k8s.io diff --git a/clusters/cl01tl/manifests/external-secrets/Secret-external-secrets-webhook.yaml b/clusters/cl01tl/manifests/external-secrets/Secret-external-secrets-webhook.yaml index 5df4ec20d..a60ca0944 100644 --- a/clusters/cl01tl/manifests/external-secrets/Secret-external-secrets-webhook.yaml +++ b/clusters/cl01tl/manifests/external-secrets/Secret-external-secrets-webhook.yaml @@ -4,10 +4,10 @@ metadata: name: external-secrets-webhook namespace: external-secrets labels: - helm.sh/chart: external-secrets-2.4.1 + helm.sh/chart: external-secrets-2.5.0 app.kubernetes.io/name: external-secrets-webhook app.kubernetes.io/instance: external-secrets - app.kubernetes.io/version: "v2.4.1" + app.kubernetes.io/version: "v2.5.0" app.kubernetes.io/managed-by: Helm app.kubernetes.io/metrics: "webhook" external-secrets.io/component: webhook diff --git a/clusters/cl01tl/manifests/external-secrets/Service-external-secrets-cert-controller-metrics.yaml b/clusters/cl01tl/manifests/external-secrets/Service-external-secrets-cert-controller-metrics.yaml index 85af2e1e6..f91fd47f9 100644 --- a/clusters/cl01tl/manifests/external-secrets/Service-external-secrets-cert-controller-metrics.yaml +++ b/clusters/cl01tl/manifests/external-secrets/Service-external-secrets-cert-controller-metrics.yaml @@ -4,10 +4,10 @@ metadata: name: external-secrets-cert-controller-metrics namespace: external-secrets labels: - helm.sh/chart: external-secrets-2.4.1 + helm.sh/chart: external-secrets-2.5.0 app.kubernetes.io/name: external-secrets-cert-controller app.kubernetes.io/instance: external-secrets - app.kubernetes.io/version: "v2.4.1" + app.kubernetes.io/version: "v2.5.0" app.kubernetes.io/managed-by: Helm app.kubernetes.io/metrics: "cert-controller" spec: diff --git a/clusters/cl01tl/manifests/external-secrets/Service-external-secrets-metrics.yaml b/clusters/cl01tl/manifests/external-secrets/Service-external-secrets-metrics.yaml index 859da7dd3..6515336e9 100644 --- a/clusters/cl01tl/manifests/external-secrets/Service-external-secrets-metrics.yaml +++ b/clusters/cl01tl/manifests/external-secrets/Service-external-secrets-metrics.yaml @@ -4,10 +4,10 @@ metadata: name: external-secrets-metrics namespace: external-secrets labels: - helm.sh/chart: external-secrets-2.4.1 + helm.sh/chart: external-secrets-2.5.0 app.kubernetes.io/name: external-secrets app.kubernetes.io/instance: external-secrets - app.kubernetes.io/version: "v2.4.1" + app.kubernetes.io/version: "v2.5.0" app.kubernetes.io/managed-by: Helm spec: type: ClusterIP diff --git a/clusters/cl01tl/manifests/external-secrets/Service-external-secrets-webhook.yaml b/clusters/cl01tl/manifests/external-secrets/Service-external-secrets-webhook.yaml index 2ce73be3a..aa649b184 100644 --- a/clusters/cl01tl/manifests/external-secrets/Service-external-secrets-webhook.yaml +++ b/clusters/cl01tl/manifests/external-secrets/Service-external-secrets-webhook.yaml @@ -4,10 +4,10 @@ metadata: name: external-secrets-webhook namespace: external-secrets labels: - helm.sh/chart: external-secrets-2.4.1 + helm.sh/chart: external-secrets-2.5.0 app.kubernetes.io/name: external-secrets-webhook app.kubernetes.io/instance: external-secrets - app.kubernetes.io/version: "v2.4.1" + app.kubernetes.io/version: "v2.5.0" app.kubernetes.io/managed-by: Helm app.kubernetes.io/metrics: "webhook" external-secrets.io/component: webhook diff --git a/clusters/cl01tl/manifests/external-secrets/ServiceAccount-external-secrets-cert-controller.yaml b/clusters/cl01tl/manifests/external-secrets/ServiceAccount-external-secrets-cert-controller.yaml index 37ec7c945..c3dfe5f92 100644 --- a/clusters/cl01tl/manifests/external-secrets/ServiceAccount-external-secrets-cert-controller.yaml +++ b/clusters/cl01tl/manifests/external-secrets/ServiceAccount-external-secrets-cert-controller.yaml @@ -4,9 +4,9 @@ metadata: name: external-secrets-cert-controller namespace: external-secrets labels: - helm.sh/chart: external-secrets-2.4.1 + helm.sh/chart: external-secrets-2.5.0 app.kubernetes.io/name: external-secrets-cert-controller app.kubernetes.io/instance: external-secrets - app.kubernetes.io/version: "v2.4.1" + app.kubernetes.io/version: "v2.5.0" app.kubernetes.io/managed-by: Helm app.kubernetes.io/metrics: "cert-controller" diff --git a/clusters/cl01tl/manifests/external-secrets/ServiceAccount-external-secrets-webhook.yaml b/clusters/cl01tl/manifests/external-secrets/ServiceAccount-external-secrets-webhook.yaml index 5bbe89f66..ce59a5c1c 100644 --- a/clusters/cl01tl/manifests/external-secrets/ServiceAccount-external-secrets-webhook.yaml +++ b/clusters/cl01tl/manifests/external-secrets/ServiceAccount-external-secrets-webhook.yaml @@ -4,9 +4,9 @@ metadata: name: external-secrets-webhook namespace: external-secrets labels: - helm.sh/chart: external-secrets-2.4.1 + helm.sh/chart: external-secrets-2.5.0 app.kubernetes.io/name: external-secrets-webhook app.kubernetes.io/instance: external-secrets - app.kubernetes.io/version: "v2.4.1" + app.kubernetes.io/version: "v2.5.0" app.kubernetes.io/managed-by: Helm app.kubernetes.io/metrics: "webhook" diff --git a/clusters/cl01tl/manifests/external-secrets/ServiceAccount-external-secrets.yaml b/clusters/cl01tl/manifests/external-secrets/ServiceAccount-external-secrets.yaml index 8879919fb..686369b8e 100644 --- a/clusters/cl01tl/manifests/external-secrets/ServiceAccount-external-secrets.yaml +++ b/clusters/cl01tl/manifests/external-secrets/ServiceAccount-external-secrets.yaml @@ -4,8 +4,8 @@ metadata: name: external-secrets namespace: external-secrets labels: - helm.sh/chart: external-secrets-2.4.1 + helm.sh/chart: external-secrets-2.5.0 app.kubernetes.io/name: external-secrets app.kubernetes.io/instance: external-secrets - app.kubernetes.io/version: "v2.4.1" + app.kubernetes.io/version: "v2.5.0" app.kubernetes.io/managed-by: Helm diff --git a/clusters/cl01tl/manifests/external-secrets/ServiceMonitor-external-secrets-cert-controller-metrics.yaml b/clusters/cl01tl/manifests/external-secrets/ServiceMonitor-external-secrets-cert-controller-metrics.yaml index c9af61519..1f89ff6dd 100644 --- a/clusters/cl01tl/manifests/external-secrets/ServiceMonitor-external-secrets-cert-controller-metrics.yaml +++ b/clusters/cl01tl/manifests/external-secrets/ServiceMonitor-external-secrets-cert-controller-metrics.yaml @@ -2,10 +2,10 @@ apiVersion: "monitoring.coreos.com/v1" kind: ServiceMonitor metadata: labels: - helm.sh/chart: external-secrets-2.4.1 + helm.sh/chart: external-secrets-2.5.0 app.kubernetes.io/name: external-secrets-cert-controller app.kubernetes.io/instance: external-secrets - app.kubernetes.io/version: "v2.4.1" + app.kubernetes.io/version: "v2.5.0" app.kubernetes.io/managed-by: Helm app.kubernetes.io/metrics: "cert-controller" name: external-secrets-cert-controller-metrics diff --git a/clusters/cl01tl/manifests/external-secrets/ServiceMonitor-external-secrets-metrics.yaml b/clusters/cl01tl/manifests/external-secrets/ServiceMonitor-external-secrets-metrics.yaml index cbcefb494..12966ea65 100644 --- a/clusters/cl01tl/manifests/external-secrets/ServiceMonitor-external-secrets-metrics.yaml +++ b/clusters/cl01tl/manifests/external-secrets/ServiceMonitor-external-secrets-metrics.yaml @@ -2,10 +2,10 @@ apiVersion: "monitoring.coreos.com/v1" kind: ServiceMonitor metadata: labels: - helm.sh/chart: external-secrets-2.4.1 + helm.sh/chart: external-secrets-2.5.0 app.kubernetes.io/name: external-secrets app.kubernetes.io/instance: external-secrets - app.kubernetes.io/version: "v2.4.1" + app.kubernetes.io/version: "v2.5.0" app.kubernetes.io/managed-by: Helm name: external-secrets-metrics namespace: "external-secrets" diff --git a/clusters/cl01tl/manifests/external-secrets/ServiceMonitor-external-secrets-webhook-metrics.yaml b/clusters/cl01tl/manifests/external-secrets/ServiceMonitor-external-secrets-webhook-metrics.yaml index 211c1654b..c88e543ba 100644 --- a/clusters/cl01tl/manifests/external-secrets/ServiceMonitor-external-secrets-webhook-metrics.yaml +++ b/clusters/cl01tl/manifests/external-secrets/ServiceMonitor-external-secrets-webhook-metrics.yaml @@ -2,10 +2,10 @@ apiVersion: "monitoring.coreos.com/v1" kind: ServiceMonitor metadata: labels: - helm.sh/chart: external-secrets-2.4.1 + helm.sh/chart: external-secrets-2.5.0 app.kubernetes.io/name: external-secrets-webhook app.kubernetes.io/instance: external-secrets - app.kubernetes.io/version: "v2.4.1" + app.kubernetes.io/version: "v2.5.0" app.kubernetes.io/managed-by: Helm app.kubernetes.io/metrics: "webhook" name: external-secrets-webhook-metrics diff --git a/clusters/cl01tl/manifests/external-secrets/ValidatingWebhookConfiguration-externalsecret-validate.yaml b/clusters/cl01tl/manifests/external-secrets/ValidatingWebhookConfiguration-externalsecret-validate.yaml index a6ddd55cf..d8090f117 100644 --- a/clusters/cl01tl/manifests/external-secrets/ValidatingWebhookConfiguration-externalsecret-validate.yaml +++ b/clusters/cl01tl/manifests/external-secrets/ValidatingWebhookConfiguration-externalsecret-validate.yaml @@ -3,10 +3,10 @@ kind: ValidatingWebhookConfiguration metadata: name: externalsecret-validate labels: - helm.sh/chart: external-secrets-2.4.1 + helm.sh/chart: external-secrets-2.5.0 app.kubernetes.io/name: external-secrets-webhook app.kubernetes.io/instance: external-secrets - app.kubernetes.io/version: "v2.4.1" + app.kubernetes.io/version: "v2.5.0" app.kubernetes.io/managed-by: Helm app.kubernetes.io/metrics: "webhook" external-secrets.io/component: webhook diff --git a/clusters/cl01tl/manifests/external-secrets/ValidatingWebhookConfiguration-secretstore-validate.yaml b/clusters/cl01tl/manifests/external-secrets/ValidatingWebhookConfiguration-secretstore-validate.yaml index 578085906..e174f7e48 100644 --- a/clusters/cl01tl/manifests/external-secrets/ValidatingWebhookConfiguration-secretstore-validate.yaml +++ b/clusters/cl01tl/manifests/external-secrets/ValidatingWebhookConfiguration-secretstore-validate.yaml @@ -3,10 +3,10 @@ kind: ValidatingWebhookConfiguration metadata: name: secretstore-validate labels: - helm.sh/chart: external-secrets-2.4.1 + helm.sh/chart: external-secrets-2.5.0 app.kubernetes.io/name: external-secrets-webhook app.kubernetes.io/instance: external-secrets - app.kubernetes.io/version: "v2.4.1" + app.kubernetes.io/version: "v2.5.0" app.kubernetes.io/managed-by: Helm app.kubernetes.io/metrics: "webhook" external-secrets.io/component: webhook