chore: Update manifests after change
This commit is contained in:
@@ -3,10 +3,10 @@ kind: ClusterRole
|
||||
metadata:
|
||||
name: external-secrets-cert-controller
|
||||
labels:
|
||||
helm.sh/chart: external-secrets-2.4.1
|
||||
helm.sh/chart: external-secrets-2.5.0
|
||||
app.kubernetes.io/name: external-secrets-cert-controller
|
||||
app.kubernetes.io/instance: external-secrets
|
||||
app.kubernetes.io/version: "v2.4.1"
|
||||
app.kubernetes.io/version: "v2.5.0"
|
||||
app.kubernetes.io/managed-by: Helm
|
||||
app.kubernetes.io/metrics: "cert-controller"
|
||||
rules:
|
||||
|
||||
@@ -3,10 +3,10 @@ kind: ClusterRole
|
||||
metadata:
|
||||
name: external-secrets-controller
|
||||
labels:
|
||||
helm.sh/chart: external-secrets-2.4.1
|
||||
helm.sh/chart: external-secrets-2.5.0
|
||||
app.kubernetes.io/name: external-secrets
|
||||
app.kubernetes.io/instance: external-secrets
|
||||
app.kubernetes.io/version: "v2.4.1"
|
||||
app.kubernetes.io/version: "v2.5.0"
|
||||
app.kubernetes.io/managed-by: Helm
|
||||
rules:
|
||||
- apiGroups:
|
||||
|
||||
@@ -3,10 +3,10 @@ kind: ClusterRole
|
||||
metadata:
|
||||
name: external-secrets-edit
|
||||
labels:
|
||||
helm.sh/chart: external-secrets-2.4.1
|
||||
helm.sh/chart: external-secrets-2.5.0
|
||||
app.kubernetes.io/name: external-secrets
|
||||
app.kubernetes.io/instance: external-secrets
|
||||
app.kubernetes.io/version: "v2.4.1"
|
||||
app.kubernetes.io/version: "v2.5.0"
|
||||
app.kubernetes.io/managed-by: Helm
|
||||
rbac.authorization.k8s.io/aggregate-to-edit: "true"
|
||||
rbac.authorization.k8s.io/aggregate-to-admin: "true"
|
||||
|
||||
@@ -4,10 +4,10 @@ metadata:
|
||||
name: external-secrets-servicebindings
|
||||
labels:
|
||||
servicebinding.io/controller: "true"
|
||||
helm.sh/chart: external-secrets-2.4.1
|
||||
helm.sh/chart: external-secrets-2.5.0
|
||||
app.kubernetes.io/name: external-secrets
|
||||
app.kubernetes.io/instance: external-secrets
|
||||
app.kubernetes.io/version: "v2.4.1"
|
||||
app.kubernetes.io/version: "v2.5.0"
|
||||
app.kubernetes.io/managed-by: Helm
|
||||
rules:
|
||||
- apiGroups:
|
||||
|
||||
@@ -3,10 +3,10 @@ kind: ClusterRole
|
||||
metadata:
|
||||
name: external-secrets-view
|
||||
labels:
|
||||
helm.sh/chart: external-secrets-2.4.1
|
||||
helm.sh/chart: external-secrets-2.5.0
|
||||
app.kubernetes.io/name: external-secrets
|
||||
app.kubernetes.io/instance: external-secrets
|
||||
app.kubernetes.io/version: "v2.4.1"
|
||||
app.kubernetes.io/version: "v2.5.0"
|
||||
app.kubernetes.io/managed-by: Helm
|
||||
rbac.authorization.k8s.io/aggregate-to-view: "true"
|
||||
rbac.authorization.k8s.io/aggregate-to-edit: "true"
|
||||
|
||||
@@ -3,10 +3,10 @@ kind: ClusterRoleBinding
|
||||
metadata:
|
||||
name: external-secrets-cert-controller
|
||||
labels:
|
||||
helm.sh/chart: external-secrets-2.4.1
|
||||
helm.sh/chart: external-secrets-2.5.0
|
||||
app.kubernetes.io/name: external-secrets-cert-controller
|
||||
app.kubernetes.io/instance: external-secrets
|
||||
app.kubernetes.io/version: "v2.4.1"
|
||||
app.kubernetes.io/version: "v2.5.0"
|
||||
app.kubernetes.io/managed-by: Helm
|
||||
app.kubernetes.io/metrics: "cert-controller"
|
||||
roleRef:
|
||||
|
||||
@@ -3,10 +3,10 @@ kind: ClusterRoleBinding
|
||||
metadata:
|
||||
name: external-secrets-controller
|
||||
labels:
|
||||
helm.sh/chart: external-secrets-2.4.1
|
||||
helm.sh/chart: external-secrets-2.5.0
|
||||
app.kubernetes.io/name: external-secrets
|
||||
app.kubernetes.io/instance: external-secrets
|
||||
app.kubernetes.io/version: "v2.4.1"
|
||||
app.kubernetes.io/version: "v2.5.0"
|
||||
app.kubernetes.io/managed-by: Helm
|
||||
roleRef:
|
||||
apiGroup: rbac.authorization.k8s.io
|
||||
|
||||
@@ -564,6 +564,18 @@ spec:
|
||||
credential_source.url in the provided credConfig. This field is merely to double-check the external token source
|
||||
URL is having the expected value.
|
||||
type: string
|
||||
gcpServiceAccountEmail:
|
||||
description: |-
|
||||
GCPServiceAccountEmail is the email of the Google Cloud service account to impersonate
|
||||
after Workload Identity Federation. Use this to grant access through the service account's
|
||||
IAM bindings (for example roles/secretmanager.secretAccessor). When set, it overrides
|
||||
service_account_impersonation_url in the external account JSON from credConfig;
|
||||
when serviceAccountRef is set, it also overrides the "iam.gke.io/gcp-service-account" annotation
|
||||
on that ServiceAccount.
|
||||
example: my-gsa@my-project.iam.gserviceaccount.com
|
||||
minLength: 1
|
||||
pattern: ^.*@.*\.iam\.gserviceaccount\.com$
|
||||
type: string
|
||||
serviceAccountRef:
|
||||
description: |-
|
||||
serviceAccountRef is the reference to the kubernetes ServiceAccount to be used for obtaining the tokens,
|
||||
|
||||
@@ -486,6 +486,16 @@ spec:
|
||||
type: object
|
||||
type: object
|
||||
type: object
|
||||
customSessionTags:
|
||||
additionalProperties:
|
||||
type: string
|
||||
description: |-
|
||||
CustomSessionTags defines additional STS session tags to include when SessionTagsPolicy is Custom.
|
||||
These are merged with the automatically injected esoNamespace, esoStoreName, and esoStoreKind tags.
|
||||
type: object
|
||||
x-kubernetes-validations:
|
||||
- message: 'customSessionTags cannot contain automatically injected reserved keys: esoNamespace, esoStoreName, esoStoreKind'
|
||||
rule: '!(''esoNamespace'' in self) && !(''esoStoreName'' in self) && !(''esoStoreKind'' in self)'
|
||||
externalID:
|
||||
description: AWS External ID set on assumed IAM roles
|
||||
type: string
|
||||
@@ -541,6 +551,19 @@ spec:
|
||||
- value
|
||||
type: object
|
||||
type: array
|
||||
sessionTagsPolicy:
|
||||
default: None
|
||||
description: |-
|
||||
SessionTagsPolicy controls whether and how STS session tags are added when assuming roles.
|
||||
None (default): no tags are added.
|
||||
Simple: automatically adds esoNamespace (from the ExternalSecret), esoStoreName, and esoStoreKind tags.
|
||||
Custom: adds esoNamespace, esoStoreName, and esoStoreKind plus any tags defined in CustomSessionTags.
|
||||
Note: the IAM role must have sts:TagSession permission when using Simple or Custom.
|
||||
enum:
|
||||
- None
|
||||
- Simple
|
||||
- Custom
|
||||
type: string
|
||||
transitiveTagKeys:
|
||||
description: AWS STS assume role transitive session tags. Required when multiple rules are used with the provider
|
||||
items:
|
||||
@@ -1995,6 +2018,18 @@ spec:
|
||||
credential_source.url in the provided credConfig. This field is merely to double-check the external token source
|
||||
URL is having the expected value.
|
||||
type: string
|
||||
gcpServiceAccountEmail:
|
||||
description: |-
|
||||
GCPServiceAccountEmail is the email of the Google Cloud service account to impersonate
|
||||
after Workload Identity Federation. Use this to grant access through the service account's
|
||||
IAM bindings (for example roles/secretmanager.secretAccessor). When set, it overrides
|
||||
service_account_impersonation_url in the external account JSON from credConfig;
|
||||
when serviceAccountRef is set, it also overrides the "iam.gke.io/gcp-service-account" annotation
|
||||
on that ServiceAccount.
|
||||
example: my-gsa@my-project.iam.gserviceaccount.com
|
||||
minLength: 1
|
||||
pattern: ^.*@.*\.iam\.gserviceaccount\.com$
|
||||
type: string
|
||||
serviceAccountRef:
|
||||
description: |-
|
||||
serviceAccountRef is the reference to the kubernetes ServiceAccount to be used for obtaining the tokens,
|
||||
@@ -4223,7 +4258,10 @@ spec:
|
||||
description: Pulumi configures this store to sync secrets using the Pulumi provider
|
||||
properties:
|
||||
accessToken:
|
||||
description: AccessToken is the access tokens to sign in to the Pulumi Cloud Console.
|
||||
description: |-
|
||||
AccessToken is the access tokens to sign in to the Pulumi Cloud Console.
|
||||
|
||||
Deprecated: Use auth.accessToken instead.
|
||||
properties:
|
||||
secretRef:
|
||||
description: SecretRef is a reference to a secret containing the Pulumi API token.
|
||||
@@ -4256,6 +4294,91 @@ spec:
|
||||
default: https://api.pulumi.com/api/esc
|
||||
description: APIURL is the URL of the Pulumi API.
|
||||
type: string
|
||||
auth:
|
||||
description: |-
|
||||
Auth configures how the Operator authenticates with the Pulumi API.
|
||||
Either auth or the deprecated accessToken field must be specified.
|
||||
properties:
|
||||
accessToken:
|
||||
description: AccessToken authenticates using a Pulumi access token stored in a Kubernetes Secret.
|
||||
properties:
|
||||
secretRef:
|
||||
description: SecretRef is a reference to a secret containing the Pulumi API token.
|
||||
properties:
|
||||
key:
|
||||
description: |-
|
||||
A key in the referenced Secret.
|
||||
Some instances of this field may be defaulted, in others it may be required.
|
||||
maxLength: 253
|
||||
minLength: 1
|
||||
pattern: ^[-._a-zA-Z0-9]+$
|
||||
type: string
|
||||
name:
|
||||
description: The name of the Secret resource being referred to.
|
||||
maxLength: 253
|
||||
minLength: 1
|
||||
pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
|
||||
type: string
|
||||
namespace:
|
||||
description: |-
|
||||
The namespace of the Secret resource being referred to.
|
||||
Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent.
|
||||
maxLength: 63
|
||||
minLength: 1
|
||||
pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
|
||||
type: string
|
||||
type: object
|
||||
type: object
|
||||
oidcConfig:
|
||||
description: OIDCConfig authenticates using Kubernetes ServiceAccount tokens via OIDC.
|
||||
properties:
|
||||
expirationSeconds:
|
||||
default: 600
|
||||
description: |-
|
||||
ExpirationSeconds sets the token validity duration for service account and OIDC token.
|
||||
Defaults to 10 minutes.
|
||||
format: int64
|
||||
minimum: 600
|
||||
type: integer
|
||||
organization:
|
||||
description: Organization is the name of the Pulumi organization configured for OIDC authentication.
|
||||
type: string
|
||||
serviceAccountRef:
|
||||
description: ServiceAccountRef specifies the Kubernetes ServiceAccount to use for authentication.
|
||||
properties:
|
||||
audiences:
|
||||
description: |-
|
||||
Audience specifies the `aud` claim for the service account token
|
||||
If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity
|
||||
then this audiences will be appended to the list
|
||||
items:
|
||||
type: string
|
||||
type: array
|
||||
name:
|
||||
description: The name of the ServiceAccount resource being referred to.
|
||||
maxLength: 253
|
||||
minLength: 1
|
||||
pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
|
||||
type: string
|
||||
namespace:
|
||||
description: |-
|
||||
Namespace of the resource being referred to.
|
||||
Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent.
|
||||
maxLength: 63
|
||||
minLength: 1
|
||||
pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
|
||||
type: string
|
||||
required:
|
||||
- name
|
||||
type: object
|
||||
required:
|
||||
- organization
|
||||
- serviceAccountRef
|
||||
type: object
|
||||
type: object
|
||||
x-kubernetes-validations:
|
||||
- message: Exactly one of 'accessToken' or 'oidcConfig' must be specified
|
||||
rule: (has(self.accessToken) && !has(self.oidcConfig)) || (!has(self.accessToken) && has(self.oidcConfig))
|
||||
environment:
|
||||
description: |-
|
||||
Environment are YAML documents composed of static key-value pairs, programmatic expressions,
|
||||
@@ -4272,11 +4395,13 @@ spec:
|
||||
description: Project is the name of the Pulumi ESC project the environment belongs to.
|
||||
type: string
|
||||
required:
|
||||
- accessToken
|
||||
- environment
|
||||
- organization
|
||||
- project
|
||||
type: object
|
||||
x-kubernetes-validations:
|
||||
- message: Exactly one of 'auth' or deprecated 'accessToken' must be specified
|
||||
rule: (has(self.auth) && !has(self.accessToken)) || (!has(self.auth) && has(self.accessToken))
|
||||
scaleway:
|
||||
description: Scaleway configures this store to sync secrets using the Scaleway provider.
|
||||
properties:
|
||||
|
||||
@@ -202,6 +202,18 @@ spec:
|
||||
credential_source.url in the provided credConfig. This field is merely to double-check the external token source
|
||||
URL is having the expected value.
|
||||
type: string
|
||||
gcpServiceAccountEmail:
|
||||
description: |-
|
||||
GCPServiceAccountEmail is the email of the Google Cloud service account to impersonate
|
||||
after Workload Identity Federation. Use this to grant access through the service account's
|
||||
IAM bindings (for example roles/secretmanager.secretAccessor). When set, it overrides
|
||||
service_account_impersonation_url in the external account JSON from credConfig;
|
||||
when serviceAccountRef is set, it also overrides the "iam.gke.io/gcp-service-account" annotation
|
||||
on that ServiceAccount.
|
||||
example: my-gsa@my-project.iam.gserviceaccount.com
|
||||
minLength: 1
|
||||
pattern: ^.*@.*\.iam\.gserviceaccount\.com$
|
||||
type: string
|
||||
serviceAccountRef:
|
||||
description: |-
|
||||
serviceAccountRef is the reference to the kubernetes ServiceAccount to be used for obtaining the tokens,
|
||||
|
||||
@@ -486,6 +486,16 @@ spec:
|
||||
type: object
|
||||
type: object
|
||||
type: object
|
||||
customSessionTags:
|
||||
additionalProperties:
|
||||
type: string
|
||||
description: |-
|
||||
CustomSessionTags defines additional STS session tags to include when SessionTagsPolicy is Custom.
|
||||
These are merged with the automatically injected esoNamespace, esoStoreName, and esoStoreKind tags.
|
||||
type: object
|
||||
x-kubernetes-validations:
|
||||
- message: 'customSessionTags cannot contain automatically injected reserved keys: esoNamespace, esoStoreName, esoStoreKind'
|
||||
rule: '!(''esoNamespace'' in self) && !(''esoStoreName'' in self) && !(''esoStoreKind'' in self)'
|
||||
externalID:
|
||||
description: AWS External ID set on assumed IAM roles
|
||||
type: string
|
||||
@@ -541,6 +551,19 @@ spec:
|
||||
- value
|
||||
type: object
|
||||
type: array
|
||||
sessionTagsPolicy:
|
||||
default: None
|
||||
description: |-
|
||||
SessionTagsPolicy controls whether and how STS session tags are added when assuming roles.
|
||||
None (default): no tags are added.
|
||||
Simple: automatically adds esoNamespace (from the ExternalSecret), esoStoreName, and esoStoreKind tags.
|
||||
Custom: adds esoNamespace, esoStoreName, and esoStoreKind plus any tags defined in CustomSessionTags.
|
||||
Note: the IAM role must have sts:TagSession permission when using Simple or Custom.
|
||||
enum:
|
||||
- None
|
||||
- Simple
|
||||
- Custom
|
||||
type: string
|
||||
transitiveTagKeys:
|
||||
description: AWS STS assume role transitive session tags. Required when multiple rules are used with the provider
|
||||
items:
|
||||
@@ -1995,6 +2018,18 @@ spec:
|
||||
credential_source.url in the provided credConfig. This field is merely to double-check the external token source
|
||||
URL is having the expected value.
|
||||
type: string
|
||||
gcpServiceAccountEmail:
|
||||
description: |-
|
||||
GCPServiceAccountEmail is the email of the Google Cloud service account to impersonate
|
||||
after Workload Identity Federation. Use this to grant access through the service account's
|
||||
IAM bindings (for example roles/secretmanager.secretAccessor). When set, it overrides
|
||||
service_account_impersonation_url in the external account JSON from credConfig;
|
||||
when serviceAccountRef is set, it also overrides the "iam.gke.io/gcp-service-account" annotation
|
||||
on that ServiceAccount.
|
||||
example: my-gsa@my-project.iam.gserviceaccount.com
|
||||
minLength: 1
|
||||
pattern: ^.*@.*\.iam\.gserviceaccount\.com$
|
||||
type: string
|
||||
serviceAccountRef:
|
||||
description: |-
|
||||
serviceAccountRef is the reference to the kubernetes ServiceAccount to be used for obtaining the tokens,
|
||||
@@ -4223,7 +4258,10 @@ spec:
|
||||
description: Pulumi configures this store to sync secrets using the Pulumi provider
|
||||
properties:
|
||||
accessToken:
|
||||
description: AccessToken is the access tokens to sign in to the Pulumi Cloud Console.
|
||||
description: |-
|
||||
AccessToken is the access tokens to sign in to the Pulumi Cloud Console.
|
||||
|
||||
Deprecated: Use auth.accessToken instead.
|
||||
properties:
|
||||
secretRef:
|
||||
description: SecretRef is a reference to a secret containing the Pulumi API token.
|
||||
@@ -4256,6 +4294,91 @@ spec:
|
||||
default: https://api.pulumi.com/api/esc
|
||||
description: APIURL is the URL of the Pulumi API.
|
||||
type: string
|
||||
auth:
|
||||
description: |-
|
||||
Auth configures how the Operator authenticates with the Pulumi API.
|
||||
Either auth or the deprecated accessToken field must be specified.
|
||||
properties:
|
||||
accessToken:
|
||||
description: AccessToken authenticates using a Pulumi access token stored in a Kubernetes Secret.
|
||||
properties:
|
||||
secretRef:
|
||||
description: SecretRef is a reference to a secret containing the Pulumi API token.
|
||||
properties:
|
||||
key:
|
||||
description: |-
|
||||
A key in the referenced Secret.
|
||||
Some instances of this field may be defaulted, in others it may be required.
|
||||
maxLength: 253
|
||||
minLength: 1
|
||||
pattern: ^[-._a-zA-Z0-9]+$
|
||||
type: string
|
||||
name:
|
||||
description: The name of the Secret resource being referred to.
|
||||
maxLength: 253
|
||||
minLength: 1
|
||||
pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
|
||||
type: string
|
||||
namespace:
|
||||
description: |-
|
||||
The namespace of the Secret resource being referred to.
|
||||
Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent.
|
||||
maxLength: 63
|
||||
minLength: 1
|
||||
pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
|
||||
type: string
|
||||
type: object
|
||||
type: object
|
||||
oidcConfig:
|
||||
description: OIDCConfig authenticates using Kubernetes ServiceAccount tokens via OIDC.
|
||||
properties:
|
||||
expirationSeconds:
|
||||
default: 600
|
||||
description: |-
|
||||
ExpirationSeconds sets the token validity duration for service account and OIDC token.
|
||||
Defaults to 10 minutes.
|
||||
format: int64
|
||||
minimum: 600
|
||||
type: integer
|
||||
organization:
|
||||
description: Organization is the name of the Pulumi organization configured for OIDC authentication.
|
||||
type: string
|
||||
serviceAccountRef:
|
||||
description: ServiceAccountRef specifies the Kubernetes ServiceAccount to use for authentication.
|
||||
properties:
|
||||
audiences:
|
||||
description: |-
|
||||
Audience specifies the `aud` claim for the service account token
|
||||
If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity
|
||||
then this audiences will be appended to the list
|
||||
items:
|
||||
type: string
|
||||
type: array
|
||||
name:
|
||||
description: The name of the ServiceAccount resource being referred to.
|
||||
maxLength: 253
|
||||
minLength: 1
|
||||
pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
|
||||
type: string
|
||||
namespace:
|
||||
description: |-
|
||||
Namespace of the resource being referred to.
|
||||
Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent.
|
||||
maxLength: 63
|
||||
minLength: 1
|
||||
pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
|
||||
type: string
|
||||
required:
|
||||
- name
|
||||
type: object
|
||||
required:
|
||||
- organization
|
||||
- serviceAccountRef
|
||||
type: object
|
||||
type: object
|
||||
x-kubernetes-validations:
|
||||
- message: Exactly one of 'accessToken' or 'oidcConfig' must be specified
|
||||
rule: (has(self.accessToken) && !has(self.oidcConfig)) || (!has(self.accessToken) && has(self.oidcConfig))
|
||||
environment:
|
||||
description: |-
|
||||
Environment are YAML documents composed of static key-value pairs, programmatic expressions,
|
||||
@@ -4272,11 +4395,13 @@ spec:
|
||||
description: Project is the name of the Pulumi ESC project the environment belongs to.
|
||||
type: string
|
||||
required:
|
||||
- accessToken
|
||||
- environment
|
||||
- organization
|
||||
- project
|
||||
type: object
|
||||
x-kubernetes-validations:
|
||||
- message: Exactly one of 'auth' or deprecated 'accessToken' must be specified
|
||||
rule: (has(self.auth) && !has(self.accessToken)) || (!has(self.auth) && has(self.accessToken))
|
||||
scaleway:
|
||||
description: Scaleway configures this store to sync secrets using the Scaleway provider.
|
||||
properties:
|
||||
|
||||
@@ -4,10 +4,10 @@ metadata:
|
||||
name: external-secrets-cert-controller
|
||||
namespace: external-secrets
|
||||
labels:
|
||||
helm.sh/chart: external-secrets-2.4.1
|
||||
helm.sh/chart: external-secrets-2.5.0
|
||||
app.kubernetes.io/name: external-secrets-cert-controller
|
||||
app.kubernetes.io/instance: external-secrets
|
||||
app.kubernetes.io/version: "v2.4.1"
|
||||
app.kubernetes.io/version: "v2.5.0"
|
||||
app.kubernetes.io/managed-by: Helm
|
||||
app.kubernetes.io/metrics: "cert-controller"
|
||||
spec:
|
||||
@@ -20,10 +20,10 @@ spec:
|
||||
template:
|
||||
metadata:
|
||||
labels:
|
||||
helm.sh/chart: external-secrets-2.4.1
|
||||
helm.sh/chart: external-secrets-2.5.0
|
||||
app.kubernetes.io/name: external-secrets-cert-controller
|
||||
app.kubernetes.io/instance: external-secrets
|
||||
app.kubernetes.io/version: "v2.4.1"
|
||||
app.kubernetes.io/version: "v2.5.0"
|
||||
app.kubernetes.io/managed-by: Helm
|
||||
app.kubernetes.io/metrics: "cert-controller"
|
||||
spec:
|
||||
@@ -42,7 +42,7 @@ spec:
|
||||
runAsUser: 1000
|
||||
seccompProfile:
|
||||
type: RuntimeDefault
|
||||
image: ghcr.io/external-secrets/external-secrets:v2.4.1@sha256:9440a40b394791a5e93f3f7e1b33399ecbdc0e38273de1d69ed83fe12936fc09
|
||||
image: ghcr.io/external-secrets/external-secrets:v2.5.0@sha256:45e7bee4e743331288df01efce0e35b41738cffdc89c86a235359a5153257489
|
||||
imagePullPolicy: IfNotPresent
|
||||
args:
|
||||
- certcontroller
|
||||
|
||||
@@ -4,10 +4,10 @@ metadata:
|
||||
name: external-secrets-webhook
|
||||
namespace: external-secrets
|
||||
labels:
|
||||
helm.sh/chart: external-secrets-2.4.1
|
||||
helm.sh/chart: external-secrets-2.5.0
|
||||
app.kubernetes.io/name: external-secrets-webhook
|
||||
app.kubernetes.io/instance: external-secrets
|
||||
app.kubernetes.io/version: "v2.4.1"
|
||||
app.kubernetes.io/version: "v2.5.0"
|
||||
app.kubernetes.io/managed-by: Helm
|
||||
app.kubernetes.io/metrics: "webhook"
|
||||
spec:
|
||||
@@ -20,10 +20,10 @@ spec:
|
||||
template:
|
||||
metadata:
|
||||
labels:
|
||||
helm.sh/chart: external-secrets-2.4.1
|
||||
helm.sh/chart: external-secrets-2.5.0
|
||||
app.kubernetes.io/name: external-secrets-webhook
|
||||
app.kubernetes.io/instance: external-secrets
|
||||
app.kubernetes.io/version: "v2.4.1"
|
||||
app.kubernetes.io/version: "v2.5.0"
|
||||
app.kubernetes.io/managed-by: Helm
|
||||
app.kubernetes.io/metrics: "webhook"
|
||||
spec:
|
||||
@@ -42,7 +42,7 @@ spec:
|
||||
runAsUser: 1000
|
||||
seccompProfile:
|
||||
type: RuntimeDefault
|
||||
image: ghcr.io/external-secrets/external-secrets:v2.4.1@sha256:9440a40b394791a5e93f3f7e1b33399ecbdc0e38273de1d69ed83fe12936fc09
|
||||
image: ghcr.io/external-secrets/external-secrets:v2.5.0@sha256:45e7bee4e743331288df01efce0e35b41738cffdc89c86a235359a5153257489
|
||||
imagePullPolicy: IfNotPresent
|
||||
args:
|
||||
- webhook
|
||||
|
||||
@@ -4,10 +4,10 @@ metadata:
|
||||
name: external-secrets
|
||||
namespace: external-secrets
|
||||
labels:
|
||||
helm.sh/chart: external-secrets-2.4.1
|
||||
helm.sh/chart: external-secrets-2.5.0
|
||||
app.kubernetes.io/name: external-secrets
|
||||
app.kubernetes.io/instance: external-secrets
|
||||
app.kubernetes.io/version: "v2.4.1"
|
||||
app.kubernetes.io/version: "v2.5.0"
|
||||
app.kubernetes.io/managed-by: Helm
|
||||
spec:
|
||||
replicas: 3
|
||||
@@ -19,10 +19,10 @@ spec:
|
||||
template:
|
||||
metadata:
|
||||
labels:
|
||||
helm.sh/chart: external-secrets-2.4.1
|
||||
helm.sh/chart: external-secrets-2.5.0
|
||||
app.kubernetes.io/name: external-secrets
|
||||
app.kubernetes.io/instance: external-secrets
|
||||
app.kubernetes.io/version: "v2.4.1"
|
||||
app.kubernetes.io/version: "v2.5.0"
|
||||
app.kubernetes.io/managed-by: Helm
|
||||
spec:
|
||||
serviceAccountName: external-secrets
|
||||
@@ -40,7 +40,7 @@ spec:
|
||||
runAsUser: 1000
|
||||
seccompProfile:
|
||||
type: RuntimeDefault
|
||||
image: ghcr.io/external-secrets/external-secrets:v2.4.1@sha256:9440a40b394791a5e93f3f7e1b33399ecbdc0e38273de1d69ed83fe12936fc09
|
||||
image: ghcr.io/external-secrets/external-secrets:v2.5.0@sha256:45e7bee4e743331288df01efce0e35b41738cffdc89c86a235359a5153257489
|
||||
imagePullPolicy: IfNotPresent
|
||||
args:
|
||||
- --enable-leader-election=true
|
||||
|
||||
@@ -4,10 +4,10 @@ metadata:
|
||||
name: "external-secrets-pdb"
|
||||
namespace: external-secrets
|
||||
labels:
|
||||
helm.sh/chart: external-secrets-2.4.1
|
||||
helm.sh/chart: external-secrets-2.5.0
|
||||
app.kubernetes.io/name: external-secrets
|
||||
app.kubernetes.io/instance: external-secrets
|
||||
app.kubernetes.io/version: "v2.4.1"
|
||||
app.kubernetes.io/version: "v2.5.0"
|
||||
app.kubernetes.io/managed-by: Helm
|
||||
spec:
|
||||
minAvailable: 1
|
||||
|
||||
@@ -4,10 +4,10 @@ metadata:
|
||||
name: external-secrets-leaderelection
|
||||
namespace: external-secrets
|
||||
labels:
|
||||
helm.sh/chart: external-secrets-2.4.1
|
||||
helm.sh/chart: external-secrets-2.5.0
|
||||
app.kubernetes.io/name: external-secrets
|
||||
app.kubernetes.io/instance: external-secrets
|
||||
app.kubernetes.io/version: "v2.4.1"
|
||||
app.kubernetes.io/version: "v2.5.0"
|
||||
app.kubernetes.io/managed-by: Helm
|
||||
rules:
|
||||
- apiGroups:
|
||||
|
||||
@@ -4,10 +4,10 @@ metadata:
|
||||
name: external-secrets-leaderelection
|
||||
namespace: external-secrets
|
||||
labels:
|
||||
helm.sh/chart: external-secrets-2.4.1
|
||||
helm.sh/chart: external-secrets-2.5.0
|
||||
app.kubernetes.io/name: external-secrets
|
||||
app.kubernetes.io/instance: external-secrets
|
||||
app.kubernetes.io/version: "v2.4.1"
|
||||
app.kubernetes.io/version: "v2.5.0"
|
||||
app.kubernetes.io/managed-by: Helm
|
||||
roleRef:
|
||||
apiGroup: rbac.authorization.k8s.io
|
||||
|
||||
@@ -4,10 +4,10 @@ metadata:
|
||||
name: external-secrets-webhook
|
||||
namespace: external-secrets
|
||||
labels:
|
||||
helm.sh/chart: external-secrets-2.4.1
|
||||
helm.sh/chart: external-secrets-2.5.0
|
||||
app.kubernetes.io/name: external-secrets-webhook
|
||||
app.kubernetes.io/instance: external-secrets
|
||||
app.kubernetes.io/version: "v2.4.1"
|
||||
app.kubernetes.io/version: "v2.5.0"
|
||||
app.kubernetes.io/managed-by: Helm
|
||||
app.kubernetes.io/metrics: "webhook"
|
||||
external-secrets.io/component: webhook
|
||||
|
||||
@@ -4,10 +4,10 @@ metadata:
|
||||
name: external-secrets-cert-controller-metrics
|
||||
namespace: external-secrets
|
||||
labels:
|
||||
helm.sh/chart: external-secrets-2.4.1
|
||||
helm.sh/chart: external-secrets-2.5.0
|
||||
app.kubernetes.io/name: external-secrets-cert-controller
|
||||
app.kubernetes.io/instance: external-secrets
|
||||
app.kubernetes.io/version: "v2.4.1"
|
||||
app.kubernetes.io/version: "v2.5.0"
|
||||
app.kubernetes.io/managed-by: Helm
|
||||
app.kubernetes.io/metrics: "cert-controller"
|
||||
spec:
|
||||
|
||||
@@ -4,10 +4,10 @@ metadata:
|
||||
name: external-secrets-metrics
|
||||
namespace: external-secrets
|
||||
labels:
|
||||
helm.sh/chart: external-secrets-2.4.1
|
||||
helm.sh/chart: external-secrets-2.5.0
|
||||
app.kubernetes.io/name: external-secrets
|
||||
app.kubernetes.io/instance: external-secrets
|
||||
app.kubernetes.io/version: "v2.4.1"
|
||||
app.kubernetes.io/version: "v2.5.0"
|
||||
app.kubernetes.io/managed-by: Helm
|
||||
spec:
|
||||
type: ClusterIP
|
||||
|
||||
@@ -4,10 +4,10 @@ metadata:
|
||||
name: external-secrets-webhook
|
||||
namespace: external-secrets
|
||||
labels:
|
||||
helm.sh/chart: external-secrets-2.4.1
|
||||
helm.sh/chart: external-secrets-2.5.0
|
||||
app.kubernetes.io/name: external-secrets-webhook
|
||||
app.kubernetes.io/instance: external-secrets
|
||||
app.kubernetes.io/version: "v2.4.1"
|
||||
app.kubernetes.io/version: "v2.5.0"
|
||||
app.kubernetes.io/managed-by: Helm
|
||||
app.kubernetes.io/metrics: "webhook"
|
||||
external-secrets.io/component: webhook
|
||||
|
||||
@@ -4,9 +4,9 @@ metadata:
|
||||
name: external-secrets-cert-controller
|
||||
namespace: external-secrets
|
||||
labels:
|
||||
helm.sh/chart: external-secrets-2.4.1
|
||||
helm.sh/chart: external-secrets-2.5.0
|
||||
app.kubernetes.io/name: external-secrets-cert-controller
|
||||
app.kubernetes.io/instance: external-secrets
|
||||
app.kubernetes.io/version: "v2.4.1"
|
||||
app.kubernetes.io/version: "v2.5.0"
|
||||
app.kubernetes.io/managed-by: Helm
|
||||
app.kubernetes.io/metrics: "cert-controller"
|
||||
|
||||
@@ -4,9 +4,9 @@ metadata:
|
||||
name: external-secrets-webhook
|
||||
namespace: external-secrets
|
||||
labels:
|
||||
helm.sh/chart: external-secrets-2.4.1
|
||||
helm.sh/chart: external-secrets-2.5.0
|
||||
app.kubernetes.io/name: external-secrets-webhook
|
||||
app.kubernetes.io/instance: external-secrets
|
||||
app.kubernetes.io/version: "v2.4.1"
|
||||
app.kubernetes.io/version: "v2.5.0"
|
||||
app.kubernetes.io/managed-by: Helm
|
||||
app.kubernetes.io/metrics: "webhook"
|
||||
|
||||
@@ -4,8 +4,8 @@ metadata:
|
||||
name: external-secrets
|
||||
namespace: external-secrets
|
||||
labels:
|
||||
helm.sh/chart: external-secrets-2.4.1
|
||||
helm.sh/chart: external-secrets-2.5.0
|
||||
app.kubernetes.io/name: external-secrets
|
||||
app.kubernetes.io/instance: external-secrets
|
||||
app.kubernetes.io/version: "v2.4.1"
|
||||
app.kubernetes.io/version: "v2.5.0"
|
||||
app.kubernetes.io/managed-by: Helm
|
||||
|
||||
@@ -2,10 +2,10 @@ apiVersion: "monitoring.coreos.com/v1"
|
||||
kind: ServiceMonitor
|
||||
metadata:
|
||||
labels:
|
||||
helm.sh/chart: external-secrets-2.4.1
|
||||
helm.sh/chart: external-secrets-2.5.0
|
||||
app.kubernetes.io/name: external-secrets-cert-controller
|
||||
app.kubernetes.io/instance: external-secrets
|
||||
app.kubernetes.io/version: "v2.4.1"
|
||||
app.kubernetes.io/version: "v2.5.0"
|
||||
app.kubernetes.io/managed-by: Helm
|
||||
app.kubernetes.io/metrics: "cert-controller"
|
||||
name: external-secrets-cert-controller-metrics
|
||||
|
||||
@@ -2,10 +2,10 @@ apiVersion: "monitoring.coreos.com/v1"
|
||||
kind: ServiceMonitor
|
||||
metadata:
|
||||
labels:
|
||||
helm.sh/chart: external-secrets-2.4.1
|
||||
helm.sh/chart: external-secrets-2.5.0
|
||||
app.kubernetes.io/name: external-secrets
|
||||
app.kubernetes.io/instance: external-secrets
|
||||
app.kubernetes.io/version: "v2.4.1"
|
||||
app.kubernetes.io/version: "v2.5.0"
|
||||
app.kubernetes.io/managed-by: Helm
|
||||
name: external-secrets-metrics
|
||||
namespace: "external-secrets"
|
||||
|
||||
@@ -2,10 +2,10 @@ apiVersion: "monitoring.coreos.com/v1"
|
||||
kind: ServiceMonitor
|
||||
metadata:
|
||||
labels:
|
||||
helm.sh/chart: external-secrets-2.4.1
|
||||
helm.sh/chart: external-secrets-2.5.0
|
||||
app.kubernetes.io/name: external-secrets-webhook
|
||||
app.kubernetes.io/instance: external-secrets
|
||||
app.kubernetes.io/version: "v2.4.1"
|
||||
app.kubernetes.io/version: "v2.5.0"
|
||||
app.kubernetes.io/managed-by: Helm
|
||||
app.kubernetes.io/metrics: "webhook"
|
||||
name: external-secrets-webhook-metrics
|
||||
|
||||
@@ -3,10 +3,10 @@ kind: ValidatingWebhookConfiguration
|
||||
metadata:
|
||||
name: externalsecret-validate
|
||||
labels:
|
||||
helm.sh/chart: external-secrets-2.4.1
|
||||
helm.sh/chart: external-secrets-2.5.0
|
||||
app.kubernetes.io/name: external-secrets-webhook
|
||||
app.kubernetes.io/instance: external-secrets
|
||||
app.kubernetes.io/version: "v2.4.1"
|
||||
app.kubernetes.io/version: "v2.5.0"
|
||||
app.kubernetes.io/managed-by: Helm
|
||||
app.kubernetes.io/metrics: "webhook"
|
||||
external-secrets.io/component: webhook
|
||||
|
||||
@@ -3,10 +3,10 @@ kind: ValidatingWebhookConfiguration
|
||||
metadata:
|
||||
name: secretstore-validate
|
||||
labels:
|
||||
helm.sh/chart: external-secrets-2.4.1
|
||||
helm.sh/chart: external-secrets-2.5.0
|
||||
app.kubernetes.io/name: external-secrets-webhook
|
||||
app.kubernetes.io/instance: external-secrets
|
||||
app.kubernetes.io/version: "v2.4.1"
|
||||
app.kubernetes.io/version: "v2.5.0"
|
||||
app.kubernetes.io/managed-by: Helm
|
||||
app.kubernetes.io/metrics: "webhook"
|
||||
external-secrets.io/component: webhook
|
||||
|
||||
Reference in New Issue
Block a user