chore: Update manifests after change
This commit is contained in:
@@ -3,10 +3,10 @@ kind: ClusterRole
|
|||||||
metadata:
|
metadata:
|
||||||
name: external-secrets-cert-controller
|
name: external-secrets-cert-controller
|
||||||
labels:
|
labels:
|
||||||
helm.sh/chart: external-secrets-2.4.1
|
helm.sh/chart: external-secrets-2.5.0
|
||||||
app.kubernetes.io/name: external-secrets-cert-controller
|
app.kubernetes.io/name: external-secrets-cert-controller
|
||||||
app.kubernetes.io/instance: external-secrets
|
app.kubernetes.io/instance: external-secrets
|
||||||
app.kubernetes.io/version: "v2.4.1"
|
app.kubernetes.io/version: "v2.5.0"
|
||||||
app.kubernetes.io/managed-by: Helm
|
app.kubernetes.io/managed-by: Helm
|
||||||
app.kubernetes.io/metrics: "cert-controller"
|
app.kubernetes.io/metrics: "cert-controller"
|
||||||
rules:
|
rules:
|
||||||
|
|||||||
@@ -3,10 +3,10 @@ kind: ClusterRole
|
|||||||
metadata:
|
metadata:
|
||||||
name: external-secrets-controller
|
name: external-secrets-controller
|
||||||
labels:
|
labels:
|
||||||
helm.sh/chart: external-secrets-2.4.1
|
helm.sh/chart: external-secrets-2.5.0
|
||||||
app.kubernetes.io/name: external-secrets
|
app.kubernetes.io/name: external-secrets
|
||||||
app.kubernetes.io/instance: external-secrets
|
app.kubernetes.io/instance: external-secrets
|
||||||
app.kubernetes.io/version: "v2.4.1"
|
app.kubernetes.io/version: "v2.5.0"
|
||||||
app.kubernetes.io/managed-by: Helm
|
app.kubernetes.io/managed-by: Helm
|
||||||
rules:
|
rules:
|
||||||
- apiGroups:
|
- apiGroups:
|
||||||
|
|||||||
@@ -3,10 +3,10 @@ kind: ClusterRole
|
|||||||
metadata:
|
metadata:
|
||||||
name: external-secrets-edit
|
name: external-secrets-edit
|
||||||
labels:
|
labels:
|
||||||
helm.sh/chart: external-secrets-2.4.1
|
helm.sh/chart: external-secrets-2.5.0
|
||||||
app.kubernetes.io/name: external-secrets
|
app.kubernetes.io/name: external-secrets
|
||||||
app.kubernetes.io/instance: external-secrets
|
app.kubernetes.io/instance: external-secrets
|
||||||
app.kubernetes.io/version: "v2.4.1"
|
app.kubernetes.io/version: "v2.5.0"
|
||||||
app.kubernetes.io/managed-by: Helm
|
app.kubernetes.io/managed-by: Helm
|
||||||
rbac.authorization.k8s.io/aggregate-to-edit: "true"
|
rbac.authorization.k8s.io/aggregate-to-edit: "true"
|
||||||
rbac.authorization.k8s.io/aggregate-to-admin: "true"
|
rbac.authorization.k8s.io/aggregate-to-admin: "true"
|
||||||
|
|||||||
@@ -4,10 +4,10 @@ metadata:
|
|||||||
name: external-secrets-servicebindings
|
name: external-secrets-servicebindings
|
||||||
labels:
|
labels:
|
||||||
servicebinding.io/controller: "true"
|
servicebinding.io/controller: "true"
|
||||||
helm.sh/chart: external-secrets-2.4.1
|
helm.sh/chart: external-secrets-2.5.0
|
||||||
app.kubernetes.io/name: external-secrets
|
app.kubernetes.io/name: external-secrets
|
||||||
app.kubernetes.io/instance: external-secrets
|
app.kubernetes.io/instance: external-secrets
|
||||||
app.kubernetes.io/version: "v2.4.1"
|
app.kubernetes.io/version: "v2.5.0"
|
||||||
app.kubernetes.io/managed-by: Helm
|
app.kubernetes.io/managed-by: Helm
|
||||||
rules:
|
rules:
|
||||||
- apiGroups:
|
- apiGroups:
|
||||||
|
|||||||
@@ -3,10 +3,10 @@ kind: ClusterRole
|
|||||||
metadata:
|
metadata:
|
||||||
name: external-secrets-view
|
name: external-secrets-view
|
||||||
labels:
|
labels:
|
||||||
helm.sh/chart: external-secrets-2.4.1
|
helm.sh/chart: external-secrets-2.5.0
|
||||||
app.kubernetes.io/name: external-secrets
|
app.kubernetes.io/name: external-secrets
|
||||||
app.kubernetes.io/instance: external-secrets
|
app.kubernetes.io/instance: external-secrets
|
||||||
app.kubernetes.io/version: "v2.4.1"
|
app.kubernetes.io/version: "v2.5.0"
|
||||||
app.kubernetes.io/managed-by: Helm
|
app.kubernetes.io/managed-by: Helm
|
||||||
rbac.authorization.k8s.io/aggregate-to-view: "true"
|
rbac.authorization.k8s.io/aggregate-to-view: "true"
|
||||||
rbac.authorization.k8s.io/aggregate-to-edit: "true"
|
rbac.authorization.k8s.io/aggregate-to-edit: "true"
|
||||||
|
|||||||
@@ -3,10 +3,10 @@ kind: ClusterRoleBinding
|
|||||||
metadata:
|
metadata:
|
||||||
name: external-secrets-cert-controller
|
name: external-secrets-cert-controller
|
||||||
labels:
|
labels:
|
||||||
helm.sh/chart: external-secrets-2.4.1
|
helm.sh/chart: external-secrets-2.5.0
|
||||||
app.kubernetes.io/name: external-secrets-cert-controller
|
app.kubernetes.io/name: external-secrets-cert-controller
|
||||||
app.kubernetes.io/instance: external-secrets
|
app.kubernetes.io/instance: external-secrets
|
||||||
app.kubernetes.io/version: "v2.4.1"
|
app.kubernetes.io/version: "v2.5.0"
|
||||||
app.kubernetes.io/managed-by: Helm
|
app.kubernetes.io/managed-by: Helm
|
||||||
app.kubernetes.io/metrics: "cert-controller"
|
app.kubernetes.io/metrics: "cert-controller"
|
||||||
roleRef:
|
roleRef:
|
||||||
|
|||||||
@@ -3,10 +3,10 @@ kind: ClusterRoleBinding
|
|||||||
metadata:
|
metadata:
|
||||||
name: external-secrets-controller
|
name: external-secrets-controller
|
||||||
labels:
|
labels:
|
||||||
helm.sh/chart: external-secrets-2.4.1
|
helm.sh/chart: external-secrets-2.5.0
|
||||||
app.kubernetes.io/name: external-secrets
|
app.kubernetes.io/name: external-secrets
|
||||||
app.kubernetes.io/instance: external-secrets
|
app.kubernetes.io/instance: external-secrets
|
||||||
app.kubernetes.io/version: "v2.4.1"
|
app.kubernetes.io/version: "v2.5.0"
|
||||||
app.kubernetes.io/managed-by: Helm
|
app.kubernetes.io/managed-by: Helm
|
||||||
roleRef:
|
roleRef:
|
||||||
apiGroup: rbac.authorization.k8s.io
|
apiGroup: rbac.authorization.k8s.io
|
||||||
|
|||||||
@@ -564,6 +564,18 @@ spec:
|
|||||||
credential_source.url in the provided credConfig. This field is merely to double-check the external token source
|
credential_source.url in the provided credConfig. This field is merely to double-check the external token source
|
||||||
URL is having the expected value.
|
URL is having the expected value.
|
||||||
type: string
|
type: string
|
||||||
|
gcpServiceAccountEmail:
|
||||||
|
description: |-
|
||||||
|
GCPServiceAccountEmail is the email of the Google Cloud service account to impersonate
|
||||||
|
after Workload Identity Federation. Use this to grant access through the service account's
|
||||||
|
IAM bindings (for example roles/secretmanager.secretAccessor). When set, it overrides
|
||||||
|
service_account_impersonation_url in the external account JSON from credConfig;
|
||||||
|
when serviceAccountRef is set, it also overrides the "iam.gke.io/gcp-service-account" annotation
|
||||||
|
on that ServiceAccount.
|
||||||
|
example: my-gsa@my-project.iam.gserviceaccount.com
|
||||||
|
minLength: 1
|
||||||
|
pattern: ^.*@.*\.iam\.gserviceaccount\.com$
|
||||||
|
type: string
|
||||||
serviceAccountRef:
|
serviceAccountRef:
|
||||||
description: |-
|
description: |-
|
||||||
serviceAccountRef is the reference to the kubernetes ServiceAccount to be used for obtaining the tokens,
|
serviceAccountRef is the reference to the kubernetes ServiceAccount to be used for obtaining the tokens,
|
||||||
|
|||||||
@@ -486,6 +486,16 @@ spec:
|
|||||||
type: object
|
type: object
|
||||||
type: object
|
type: object
|
||||||
type: object
|
type: object
|
||||||
|
customSessionTags:
|
||||||
|
additionalProperties:
|
||||||
|
type: string
|
||||||
|
description: |-
|
||||||
|
CustomSessionTags defines additional STS session tags to include when SessionTagsPolicy is Custom.
|
||||||
|
These are merged with the automatically injected esoNamespace, esoStoreName, and esoStoreKind tags.
|
||||||
|
type: object
|
||||||
|
x-kubernetes-validations:
|
||||||
|
- message: 'customSessionTags cannot contain automatically injected reserved keys: esoNamespace, esoStoreName, esoStoreKind'
|
||||||
|
rule: '!(''esoNamespace'' in self) && !(''esoStoreName'' in self) && !(''esoStoreKind'' in self)'
|
||||||
externalID:
|
externalID:
|
||||||
description: AWS External ID set on assumed IAM roles
|
description: AWS External ID set on assumed IAM roles
|
||||||
type: string
|
type: string
|
||||||
@@ -541,6 +551,19 @@ spec:
|
|||||||
- value
|
- value
|
||||||
type: object
|
type: object
|
||||||
type: array
|
type: array
|
||||||
|
sessionTagsPolicy:
|
||||||
|
default: None
|
||||||
|
description: |-
|
||||||
|
SessionTagsPolicy controls whether and how STS session tags are added when assuming roles.
|
||||||
|
None (default): no tags are added.
|
||||||
|
Simple: automatically adds esoNamespace (from the ExternalSecret), esoStoreName, and esoStoreKind tags.
|
||||||
|
Custom: adds esoNamespace, esoStoreName, and esoStoreKind plus any tags defined in CustomSessionTags.
|
||||||
|
Note: the IAM role must have sts:TagSession permission when using Simple or Custom.
|
||||||
|
enum:
|
||||||
|
- None
|
||||||
|
- Simple
|
||||||
|
- Custom
|
||||||
|
type: string
|
||||||
transitiveTagKeys:
|
transitiveTagKeys:
|
||||||
description: AWS STS assume role transitive session tags. Required when multiple rules are used with the provider
|
description: AWS STS assume role transitive session tags. Required when multiple rules are used with the provider
|
||||||
items:
|
items:
|
||||||
@@ -1995,6 +2018,18 @@ spec:
|
|||||||
credential_source.url in the provided credConfig. This field is merely to double-check the external token source
|
credential_source.url in the provided credConfig. This field is merely to double-check the external token source
|
||||||
URL is having the expected value.
|
URL is having the expected value.
|
||||||
type: string
|
type: string
|
||||||
|
gcpServiceAccountEmail:
|
||||||
|
description: |-
|
||||||
|
GCPServiceAccountEmail is the email of the Google Cloud service account to impersonate
|
||||||
|
after Workload Identity Federation. Use this to grant access through the service account's
|
||||||
|
IAM bindings (for example roles/secretmanager.secretAccessor). When set, it overrides
|
||||||
|
service_account_impersonation_url in the external account JSON from credConfig;
|
||||||
|
when serviceAccountRef is set, it also overrides the "iam.gke.io/gcp-service-account" annotation
|
||||||
|
on that ServiceAccount.
|
||||||
|
example: my-gsa@my-project.iam.gserviceaccount.com
|
||||||
|
minLength: 1
|
||||||
|
pattern: ^.*@.*\.iam\.gserviceaccount\.com$
|
||||||
|
type: string
|
||||||
serviceAccountRef:
|
serviceAccountRef:
|
||||||
description: |-
|
description: |-
|
||||||
serviceAccountRef is the reference to the kubernetes ServiceAccount to be used for obtaining the tokens,
|
serviceAccountRef is the reference to the kubernetes ServiceAccount to be used for obtaining the tokens,
|
||||||
@@ -4223,7 +4258,10 @@ spec:
|
|||||||
description: Pulumi configures this store to sync secrets using the Pulumi provider
|
description: Pulumi configures this store to sync secrets using the Pulumi provider
|
||||||
properties:
|
properties:
|
||||||
accessToken:
|
accessToken:
|
||||||
description: AccessToken is the access tokens to sign in to the Pulumi Cloud Console.
|
description: |-
|
||||||
|
AccessToken is the access tokens to sign in to the Pulumi Cloud Console.
|
||||||
|
|
||||||
|
Deprecated: Use auth.accessToken instead.
|
||||||
properties:
|
properties:
|
||||||
secretRef:
|
secretRef:
|
||||||
description: SecretRef is a reference to a secret containing the Pulumi API token.
|
description: SecretRef is a reference to a secret containing the Pulumi API token.
|
||||||
@@ -4256,6 +4294,91 @@ spec:
|
|||||||
default: https://api.pulumi.com/api/esc
|
default: https://api.pulumi.com/api/esc
|
||||||
description: APIURL is the URL of the Pulumi API.
|
description: APIURL is the URL of the Pulumi API.
|
||||||
type: string
|
type: string
|
||||||
|
auth:
|
||||||
|
description: |-
|
||||||
|
Auth configures how the Operator authenticates with the Pulumi API.
|
||||||
|
Either auth or the deprecated accessToken field must be specified.
|
||||||
|
properties:
|
||||||
|
accessToken:
|
||||||
|
description: AccessToken authenticates using a Pulumi access token stored in a Kubernetes Secret.
|
||||||
|
properties:
|
||||||
|
secretRef:
|
||||||
|
description: SecretRef is a reference to a secret containing the Pulumi API token.
|
||||||
|
properties:
|
||||||
|
key:
|
||||||
|
description: |-
|
||||||
|
A key in the referenced Secret.
|
||||||
|
Some instances of this field may be defaulted, in others it may be required.
|
||||||
|
maxLength: 253
|
||||||
|
minLength: 1
|
||||||
|
pattern: ^[-._a-zA-Z0-9]+$
|
||||||
|
type: string
|
||||||
|
name:
|
||||||
|
description: The name of the Secret resource being referred to.
|
||||||
|
maxLength: 253
|
||||||
|
minLength: 1
|
||||||
|
pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
|
||||||
|
type: string
|
||||||
|
namespace:
|
||||||
|
description: |-
|
||||||
|
The namespace of the Secret resource being referred to.
|
||||||
|
Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent.
|
||||||
|
maxLength: 63
|
||||||
|
minLength: 1
|
||||||
|
pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
|
||||||
|
type: string
|
||||||
|
type: object
|
||||||
|
type: object
|
||||||
|
oidcConfig:
|
||||||
|
description: OIDCConfig authenticates using Kubernetes ServiceAccount tokens via OIDC.
|
||||||
|
properties:
|
||||||
|
expirationSeconds:
|
||||||
|
default: 600
|
||||||
|
description: |-
|
||||||
|
ExpirationSeconds sets the token validity duration for service account and OIDC token.
|
||||||
|
Defaults to 10 minutes.
|
||||||
|
format: int64
|
||||||
|
minimum: 600
|
||||||
|
type: integer
|
||||||
|
organization:
|
||||||
|
description: Organization is the name of the Pulumi organization configured for OIDC authentication.
|
||||||
|
type: string
|
||||||
|
serviceAccountRef:
|
||||||
|
description: ServiceAccountRef specifies the Kubernetes ServiceAccount to use for authentication.
|
||||||
|
properties:
|
||||||
|
audiences:
|
||||||
|
description: |-
|
||||||
|
Audience specifies the `aud` claim for the service account token
|
||||||
|
If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity
|
||||||
|
then this audiences will be appended to the list
|
||||||
|
items:
|
||||||
|
type: string
|
||||||
|
type: array
|
||||||
|
name:
|
||||||
|
description: The name of the ServiceAccount resource being referred to.
|
||||||
|
maxLength: 253
|
||||||
|
minLength: 1
|
||||||
|
pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
|
||||||
|
type: string
|
||||||
|
namespace:
|
||||||
|
description: |-
|
||||||
|
Namespace of the resource being referred to.
|
||||||
|
Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent.
|
||||||
|
maxLength: 63
|
||||||
|
minLength: 1
|
||||||
|
pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
|
||||||
|
type: string
|
||||||
|
required:
|
||||||
|
- name
|
||||||
|
type: object
|
||||||
|
required:
|
||||||
|
- organization
|
||||||
|
- serviceAccountRef
|
||||||
|
type: object
|
||||||
|
type: object
|
||||||
|
x-kubernetes-validations:
|
||||||
|
- message: Exactly one of 'accessToken' or 'oidcConfig' must be specified
|
||||||
|
rule: (has(self.accessToken) && !has(self.oidcConfig)) || (!has(self.accessToken) && has(self.oidcConfig))
|
||||||
environment:
|
environment:
|
||||||
description: |-
|
description: |-
|
||||||
Environment are YAML documents composed of static key-value pairs, programmatic expressions,
|
Environment are YAML documents composed of static key-value pairs, programmatic expressions,
|
||||||
@@ -4272,11 +4395,13 @@ spec:
|
|||||||
description: Project is the name of the Pulumi ESC project the environment belongs to.
|
description: Project is the name of the Pulumi ESC project the environment belongs to.
|
||||||
type: string
|
type: string
|
||||||
required:
|
required:
|
||||||
- accessToken
|
|
||||||
- environment
|
- environment
|
||||||
- organization
|
- organization
|
||||||
- project
|
- project
|
||||||
type: object
|
type: object
|
||||||
|
x-kubernetes-validations:
|
||||||
|
- message: Exactly one of 'auth' or deprecated 'accessToken' must be specified
|
||||||
|
rule: (has(self.auth) && !has(self.accessToken)) || (!has(self.auth) && has(self.accessToken))
|
||||||
scaleway:
|
scaleway:
|
||||||
description: Scaleway configures this store to sync secrets using the Scaleway provider.
|
description: Scaleway configures this store to sync secrets using the Scaleway provider.
|
||||||
properties:
|
properties:
|
||||||
|
|||||||
@@ -202,6 +202,18 @@ spec:
|
|||||||
credential_source.url in the provided credConfig. This field is merely to double-check the external token source
|
credential_source.url in the provided credConfig. This field is merely to double-check the external token source
|
||||||
URL is having the expected value.
|
URL is having the expected value.
|
||||||
type: string
|
type: string
|
||||||
|
gcpServiceAccountEmail:
|
||||||
|
description: |-
|
||||||
|
GCPServiceAccountEmail is the email of the Google Cloud service account to impersonate
|
||||||
|
after Workload Identity Federation. Use this to grant access through the service account's
|
||||||
|
IAM bindings (for example roles/secretmanager.secretAccessor). When set, it overrides
|
||||||
|
service_account_impersonation_url in the external account JSON from credConfig;
|
||||||
|
when serviceAccountRef is set, it also overrides the "iam.gke.io/gcp-service-account" annotation
|
||||||
|
on that ServiceAccount.
|
||||||
|
example: my-gsa@my-project.iam.gserviceaccount.com
|
||||||
|
minLength: 1
|
||||||
|
pattern: ^.*@.*\.iam\.gserviceaccount\.com$
|
||||||
|
type: string
|
||||||
serviceAccountRef:
|
serviceAccountRef:
|
||||||
description: |-
|
description: |-
|
||||||
serviceAccountRef is the reference to the kubernetes ServiceAccount to be used for obtaining the tokens,
|
serviceAccountRef is the reference to the kubernetes ServiceAccount to be used for obtaining the tokens,
|
||||||
|
|||||||
@@ -486,6 +486,16 @@ spec:
|
|||||||
type: object
|
type: object
|
||||||
type: object
|
type: object
|
||||||
type: object
|
type: object
|
||||||
|
customSessionTags:
|
||||||
|
additionalProperties:
|
||||||
|
type: string
|
||||||
|
description: |-
|
||||||
|
CustomSessionTags defines additional STS session tags to include when SessionTagsPolicy is Custom.
|
||||||
|
These are merged with the automatically injected esoNamespace, esoStoreName, and esoStoreKind tags.
|
||||||
|
type: object
|
||||||
|
x-kubernetes-validations:
|
||||||
|
- message: 'customSessionTags cannot contain automatically injected reserved keys: esoNamespace, esoStoreName, esoStoreKind'
|
||||||
|
rule: '!(''esoNamespace'' in self) && !(''esoStoreName'' in self) && !(''esoStoreKind'' in self)'
|
||||||
externalID:
|
externalID:
|
||||||
description: AWS External ID set on assumed IAM roles
|
description: AWS External ID set on assumed IAM roles
|
||||||
type: string
|
type: string
|
||||||
@@ -541,6 +551,19 @@ spec:
|
|||||||
- value
|
- value
|
||||||
type: object
|
type: object
|
||||||
type: array
|
type: array
|
||||||
|
sessionTagsPolicy:
|
||||||
|
default: None
|
||||||
|
description: |-
|
||||||
|
SessionTagsPolicy controls whether and how STS session tags are added when assuming roles.
|
||||||
|
None (default): no tags are added.
|
||||||
|
Simple: automatically adds esoNamespace (from the ExternalSecret), esoStoreName, and esoStoreKind tags.
|
||||||
|
Custom: adds esoNamespace, esoStoreName, and esoStoreKind plus any tags defined in CustomSessionTags.
|
||||||
|
Note: the IAM role must have sts:TagSession permission when using Simple or Custom.
|
||||||
|
enum:
|
||||||
|
- None
|
||||||
|
- Simple
|
||||||
|
- Custom
|
||||||
|
type: string
|
||||||
transitiveTagKeys:
|
transitiveTagKeys:
|
||||||
description: AWS STS assume role transitive session tags. Required when multiple rules are used with the provider
|
description: AWS STS assume role transitive session tags. Required when multiple rules are used with the provider
|
||||||
items:
|
items:
|
||||||
@@ -1995,6 +2018,18 @@ spec:
|
|||||||
credential_source.url in the provided credConfig. This field is merely to double-check the external token source
|
credential_source.url in the provided credConfig. This field is merely to double-check the external token source
|
||||||
URL is having the expected value.
|
URL is having the expected value.
|
||||||
type: string
|
type: string
|
||||||
|
gcpServiceAccountEmail:
|
||||||
|
description: |-
|
||||||
|
GCPServiceAccountEmail is the email of the Google Cloud service account to impersonate
|
||||||
|
after Workload Identity Federation. Use this to grant access through the service account's
|
||||||
|
IAM bindings (for example roles/secretmanager.secretAccessor). When set, it overrides
|
||||||
|
service_account_impersonation_url in the external account JSON from credConfig;
|
||||||
|
when serviceAccountRef is set, it also overrides the "iam.gke.io/gcp-service-account" annotation
|
||||||
|
on that ServiceAccount.
|
||||||
|
example: my-gsa@my-project.iam.gserviceaccount.com
|
||||||
|
minLength: 1
|
||||||
|
pattern: ^.*@.*\.iam\.gserviceaccount\.com$
|
||||||
|
type: string
|
||||||
serviceAccountRef:
|
serviceAccountRef:
|
||||||
description: |-
|
description: |-
|
||||||
serviceAccountRef is the reference to the kubernetes ServiceAccount to be used for obtaining the tokens,
|
serviceAccountRef is the reference to the kubernetes ServiceAccount to be used for obtaining the tokens,
|
||||||
@@ -4223,7 +4258,10 @@ spec:
|
|||||||
description: Pulumi configures this store to sync secrets using the Pulumi provider
|
description: Pulumi configures this store to sync secrets using the Pulumi provider
|
||||||
properties:
|
properties:
|
||||||
accessToken:
|
accessToken:
|
||||||
description: AccessToken is the access tokens to sign in to the Pulumi Cloud Console.
|
description: |-
|
||||||
|
AccessToken is the access tokens to sign in to the Pulumi Cloud Console.
|
||||||
|
|
||||||
|
Deprecated: Use auth.accessToken instead.
|
||||||
properties:
|
properties:
|
||||||
secretRef:
|
secretRef:
|
||||||
description: SecretRef is a reference to a secret containing the Pulumi API token.
|
description: SecretRef is a reference to a secret containing the Pulumi API token.
|
||||||
@@ -4256,6 +4294,91 @@ spec:
|
|||||||
default: https://api.pulumi.com/api/esc
|
default: https://api.pulumi.com/api/esc
|
||||||
description: APIURL is the URL of the Pulumi API.
|
description: APIURL is the URL of the Pulumi API.
|
||||||
type: string
|
type: string
|
||||||
|
auth:
|
||||||
|
description: |-
|
||||||
|
Auth configures how the Operator authenticates with the Pulumi API.
|
||||||
|
Either auth or the deprecated accessToken field must be specified.
|
||||||
|
properties:
|
||||||
|
accessToken:
|
||||||
|
description: AccessToken authenticates using a Pulumi access token stored in a Kubernetes Secret.
|
||||||
|
properties:
|
||||||
|
secretRef:
|
||||||
|
description: SecretRef is a reference to a secret containing the Pulumi API token.
|
||||||
|
properties:
|
||||||
|
key:
|
||||||
|
description: |-
|
||||||
|
A key in the referenced Secret.
|
||||||
|
Some instances of this field may be defaulted, in others it may be required.
|
||||||
|
maxLength: 253
|
||||||
|
minLength: 1
|
||||||
|
pattern: ^[-._a-zA-Z0-9]+$
|
||||||
|
type: string
|
||||||
|
name:
|
||||||
|
description: The name of the Secret resource being referred to.
|
||||||
|
maxLength: 253
|
||||||
|
minLength: 1
|
||||||
|
pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
|
||||||
|
type: string
|
||||||
|
namespace:
|
||||||
|
description: |-
|
||||||
|
The namespace of the Secret resource being referred to.
|
||||||
|
Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent.
|
||||||
|
maxLength: 63
|
||||||
|
minLength: 1
|
||||||
|
pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
|
||||||
|
type: string
|
||||||
|
type: object
|
||||||
|
type: object
|
||||||
|
oidcConfig:
|
||||||
|
description: OIDCConfig authenticates using Kubernetes ServiceAccount tokens via OIDC.
|
||||||
|
properties:
|
||||||
|
expirationSeconds:
|
||||||
|
default: 600
|
||||||
|
description: |-
|
||||||
|
ExpirationSeconds sets the token validity duration for service account and OIDC token.
|
||||||
|
Defaults to 10 minutes.
|
||||||
|
format: int64
|
||||||
|
minimum: 600
|
||||||
|
type: integer
|
||||||
|
organization:
|
||||||
|
description: Organization is the name of the Pulumi organization configured for OIDC authentication.
|
||||||
|
type: string
|
||||||
|
serviceAccountRef:
|
||||||
|
description: ServiceAccountRef specifies the Kubernetes ServiceAccount to use for authentication.
|
||||||
|
properties:
|
||||||
|
audiences:
|
||||||
|
description: |-
|
||||||
|
Audience specifies the `aud` claim for the service account token
|
||||||
|
If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity
|
||||||
|
then this audiences will be appended to the list
|
||||||
|
items:
|
||||||
|
type: string
|
||||||
|
type: array
|
||||||
|
name:
|
||||||
|
description: The name of the ServiceAccount resource being referred to.
|
||||||
|
maxLength: 253
|
||||||
|
minLength: 1
|
||||||
|
pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
|
||||||
|
type: string
|
||||||
|
namespace:
|
||||||
|
description: |-
|
||||||
|
Namespace of the resource being referred to.
|
||||||
|
Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent.
|
||||||
|
maxLength: 63
|
||||||
|
minLength: 1
|
||||||
|
pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
|
||||||
|
type: string
|
||||||
|
required:
|
||||||
|
- name
|
||||||
|
type: object
|
||||||
|
required:
|
||||||
|
- organization
|
||||||
|
- serviceAccountRef
|
||||||
|
type: object
|
||||||
|
type: object
|
||||||
|
x-kubernetes-validations:
|
||||||
|
- message: Exactly one of 'accessToken' or 'oidcConfig' must be specified
|
||||||
|
rule: (has(self.accessToken) && !has(self.oidcConfig)) || (!has(self.accessToken) && has(self.oidcConfig))
|
||||||
environment:
|
environment:
|
||||||
description: |-
|
description: |-
|
||||||
Environment are YAML documents composed of static key-value pairs, programmatic expressions,
|
Environment are YAML documents composed of static key-value pairs, programmatic expressions,
|
||||||
@@ -4272,11 +4395,13 @@ spec:
|
|||||||
description: Project is the name of the Pulumi ESC project the environment belongs to.
|
description: Project is the name of the Pulumi ESC project the environment belongs to.
|
||||||
type: string
|
type: string
|
||||||
required:
|
required:
|
||||||
- accessToken
|
|
||||||
- environment
|
- environment
|
||||||
- organization
|
- organization
|
||||||
- project
|
- project
|
||||||
type: object
|
type: object
|
||||||
|
x-kubernetes-validations:
|
||||||
|
- message: Exactly one of 'auth' or deprecated 'accessToken' must be specified
|
||||||
|
rule: (has(self.auth) && !has(self.accessToken)) || (!has(self.auth) && has(self.accessToken))
|
||||||
scaleway:
|
scaleway:
|
||||||
description: Scaleway configures this store to sync secrets using the Scaleway provider.
|
description: Scaleway configures this store to sync secrets using the Scaleway provider.
|
||||||
properties:
|
properties:
|
||||||
|
|||||||
@@ -4,10 +4,10 @@ metadata:
|
|||||||
name: external-secrets-cert-controller
|
name: external-secrets-cert-controller
|
||||||
namespace: external-secrets
|
namespace: external-secrets
|
||||||
labels:
|
labels:
|
||||||
helm.sh/chart: external-secrets-2.4.1
|
helm.sh/chart: external-secrets-2.5.0
|
||||||
app.kubernetes.io/name: external-secrets-cert-controller
|
app.kubernetes.io/name: external-secrets-cert-controller
|
||||||
app.kubernetes.io/instance: external-secrets
|
app.kubernetes.io/instance: external-secrets
|
||||||
app.kubernetes.io/version: "v2.4.1"
|
app.kubernetes.io/version: "v2.5.0"
|
||||||
app.kubernetes.io/managed-by: Helm
|
app.kubernetes.io/managed-by: Helm
|
||||||
app.kubernetes.io/metrics: "cert-controller"
|
app.kubernetes.io/metrics: "cert-controller"
|
||||||
spec:
|
spec:
|
||||||
@@ -20,10 +20,10 @@ spec:
|
|||||||
template:
|
template:
|
||||||
metadata:
|
metadata:
|
||||||
labels:
|
labels:
|
||||||
helm.sh/chart: external-secrets-2.4.1
|
helm.sh/chart: external-secrets-2.5.0
|
||||||
app.kubernetes.io/name: external-secrets-cert-controller
|
app.kubernetes.io/name: external-secrets-cert-controller
|
||||||
app.kubernetes.io/instance: external-secrets
|
app.kubernetes.io/instance: external-secrets
|
||||||
app.kubernetes.io/version: "v2.4.1"
|
app.kubernetes.io/version: "v2.5.0"
|
||||||
app.kubernetes.io/managed-by: Helm
|
app.kubernetes.io/managed-by: Helm
|
||||||
app.kubernetes.io/metrics: "cert-controller"
|
app.kubernetes.io/metrics: "cert-controller"
|
||||||
spec:
|
spec:
|
||||||
@@ -42,7 +42,7 @@ spec:
|
|||||||
runAsUser: 1000
|
runAsUser: 1000
|
||||||
seccompProfile:
|
seccompProfile:
|
||||||
type: RuntimeDefault
|
type: RuntimeDefault
|
||||||
image: ghcr.io/external-secrets/external-secrets:v2.4.1@sha256:9440a40b394791a5e93f3f7e1b33399ecbdc0e38273de1d69ed83fe12936fc09
|
image: ghcr.io/external-secrets/external-secrets:v2.5.0@sha256:45e7bee4e743331288df01efce0e35b41738cffdc89c86a235359a5153257489
|
||||||
imagePullPolicy: IfNotPresent
|
imagePullPolicy: IfNotPresent
|
||||||
args:
|
args:
|
||||||
- certcontroller
|
- certcontroller
|
||||||
|
|||||||
@@ -4,10 +4,10 @@ metadata:
|
|||||||
name: external-secrets-webhook
|
name: external-secrets-webhook
|
||||||
namespace: external-secrets
|
namespace: external-secrets
|
||||||
labels:
|
labels:
|
||||||
helm.sh/chart: external-secrets-2.4.1
|
helm.sh/chart: external-secrets-2.5.0
|
||||||
app.kubernetes.io/name: external-secrets-webhook
|
app.kubernetes.io/name: external-secrets-webhook
|
||||||
app.kubernetes.io/instance: external-secrets
|
app.kubernetes.io/instance: external-secrets
|
||||||
app.kubernetes.io/version: "v2.4.1"
|
app.kubernetes.io/version: "v2.5.0"
|
||||||
app.kubernetes.io/managed-by: Helm
|
app.kubernetes.io/managed-by: Helm
|
||||||
app.kubernetes.io/metrics: "webhook"
|
app.kubernetes.io/metrics: "webhook"
|
||||||
spec:
|
spec:
|
||||||
@@ -20,10 +20,10 @@ spec:
|
|||||||
template:
|
template:
|
||||||
metadata:
|
metadata:
|
||||||
labels:
|
labels:
|
||||||
helm.sh/chart: external-secrets-2.4.1
|
helm.sh/chart: external-secrets-2.5.0
|
||||||
app.kubernetes.io/name: external-secrets-webhook
|
app.kubernetes.io/name: external-secrets-webhook
|
||||||
app.kubernetes.io/instance: external-secrets
|
app.kubernetes.io/instance: external-secrets
|
||||||
app.kubernetes.io/version: "v2.4.1"
|
app.kubernetes.io/version: "v2.5.0"
|
||||||
app.kubernetes.io/managed-by: Helm
|
app.kubernetes.io/managed-by: Helm
|
||||||
app.kubernetes.io/metrics: "webhook"
|
app.kubernetes.io/metrics: "webhook"
|
||||||
spec:
|
spec:
|
||||||
@@ -42,7 +42,7 @@ spec:
|
|||||||
runAsUser: 1000
|
runAsUser: 1000
|
||||||
seccompProfile:
|
seccompProfile:
|
||||||
type: RuntimeDefault
|
type: RuntimeDefault
|
||||||
image: ghcr.io/external-secrets/external-secrets:v2.4.1@sha256:9440a40b394791a5e93f3f7e1b33399ecbdc0e38273de1d69ed83fe12936fc09
|
image: ghcr.io/external-secrets/external-secrets:v2.5.0@sha256:45e7bee4e743331288df01efce0e35b41738cffdc89c86a235359a5153257489
|
||||||
imagePullPolicy: IfNotPresent
|
imagePullPolicy: IfNotPresent
|
||||||
args:
|
args:
|
||||||
- webhook
|
- webhook
|
||||||
|
|||||||
@@ -4,10 +4,10 @@ metadata:
|
|||||||
name: external-secrets
|
name: external-secrets
|
||||||
namespace: external-secrets
|
namespace: external-secrets
|
||||||
labels:
|
labels:
|
||||||
helm.sh/chart: external-secrets-2.4.1
|
helm.sh/chart: external-secrets-2.5.0
|
||||||
app.kubernetes.io/name: external-secrets
|
app.kubernetes.io/name: external-secrets
|
||||||
app.kubernetes.io/instance: external-secrets
|
app.kubernetes.io/instance: external-secrets
|
||||||
app.kubernetes.io/version: "v2.4.1"
|
app.kubernetes.io/version: "v2.5.0"
|
||||||
app.kubernetes.io/managed-by: Helm
|
app.kubernetes.io/managed-by: Helm
|
||||||
spec:
|
spec:
|
||||||
replicas: 3
|
replicas: 3
|
||||||
@@ -19,10 +19,10 @@ spec:
|
|||||||
template:
|
template:
|
||||||
metadata:
|
metadata:
|
||||||
labels:
|
labels:
|
||||||
helm.sh/chart: external-secrets-2.4.1
|
helm.sh/chart: external-secrets-2.5.0
|
||||||
app.kubernetes.io/name: external-secrets
|
app.kubernetes.io/name: external-secrets
|
||||||
app.kubernetes.io/instance: external-secrets
|
app.kubernetes.io/instance: external-secrets
|
||||||
app.kubernetes.io/version: "v2.4.1"
|
app.kubernetes.io/version: "v2.5.0"
|
||||||
app.kubernetes.io/managed-by: Helm
|
app.kubernetes.io/managed-by: Helm
|
||||||
spec:
|
spec:
|
||||||
serviceAccountName: external-secrets
|
serviceAccountName: external-secrets
|
||||||
@@ -40,7 +40,7 @@ spec:
|
|||||||
runAsUser: 1000
|
runAsUser: 1000
|
||||||
seccompProfile:
|
seccompProfile:
|
||||||
type: RuntimeDefault
|
type: RuntimeDefault
|
||||||
image: ghcr.io/external-secrets/external-secrets:v2.4.1@sha256:9440a40b394791a5e93f3f7e1b33399ecbdc0e38273de1d69ed83fe12936fc09
|
image: ghcr.io/external-secrets/external-secrets:v2.5.0@sha256:45e7bee4e743331288df01efce0e35b41738cffdc89c86a235359a5153257489
|
||||||
imagePullPolicy: IfNotPresent
|
imagePullPolicy: IfNotPresent
|
||||||
args:
|
args:
|
||||||
- --enable-leader-election=true
|
- --enable-leader-election=true
|
||||||
|
|||||||
@@ -4,10 +4,10 @@ metadata:
|
|||||||
name: "external-secrets-pdb"
|
name: "external-secrets-pdb"
|
||||||
namespace: external-secrets
|
namespace: external-secrets
|
||||||
labels:
|
labels:
|
||||||
helm.sh/chart: external-secrets-2.4.1
|
helm.sh/chart: external-secrets-2.5.0
|
||||||
app.kubernetes.io/name: external-secrets
|
app.kubernetes.io/name: external-secrets
|
||||||
app.kubernetes.io/instance: external-secrets
|
app.kubernetes.io/instance: external-secrets
|
||||||
app.kubernetes.io/version: "v2.4.1"
|
app.kubernetes.io/version: "v2.5.0"
|
||||||
app.kubernetes.io/managed-by: Helm
|
app.kubernetes.io/managed-by: Helm
|
||||||
spec:
|
spec:
|
||||||
minAvailable: 1
|
minAvailable: 1
|
||||||
|
|||||||
@@ -4,10 +4,10 @@ metadata:
|
|||||||
name: external-secrets-leaderelection
|
name: external-secrets-leaderelection
|
||||||
namespace: external-secrets
|
namespace: external-secrets
|
||||||
labels:
|
labels:
|
||||||
helm.sh/chart: external-secrets-2.4.1
|
helm.sh/chart: external-secrets-2.5.0
|
||||||
app.kubernetes.io/name: external-secrets
|
app.kubernetes.io/name: external-secrets
|
||||||
app.kubernetes.io/instance: external-secrets
|
app.kubernetes.io/instance: external-secrets
|
||||||
app.kubernetes.io/version: "v2.4.1"
|
app.kubernetes.io/version: "v2.5.0"
|
||||||
app.kubernetes.io/managed-by: Helm
|
app.kubernetes.io/managed-by: Helm
|
||||||
rules:
|
rules:
|
||||||
- apiGroups:
|
- apiGroups:
|
||||||
|
|||||||
@@ -4,10 +4,10 @@ metadata:
|
|||||||
name: external-secrets-leaderelection
|
name: external-secrets-leaderelection
|
||||||
namespace: external-secrets
|
namespace: external-secrets
|
||||||
labels:
|
labels:
|
||||||
helm.sh/chart: external-secrets-2.4.1
|
helm.sh/chart: external-secrets-2.5.0
|
||||||
app.kubernetes.io/name: external-secrets
|
app.kubernetes.io/name: external-secrets
|
||||||
app.kubernetes.io/instance: external-secrets
|
app.kubernetes.io/instance: external-secrets
|
||||||
app.kubernetes.io/version: "v2.4.1"
|
app.kubernetes.io/version: "v2.5.0"
|
||||||
app.kubernetes.io/managed-by: Helm
|
app.kubernetes.io/managed-by: Helm
|
||||||
roleRef:
|
roleRef:
|
||||||
apiGroup: rbac.authorization.k8s.io
|
apiGroup: rbac.authorization.k8s.io
|
||||||
|
|||||||
@@ -4,10 +4,10 @@ metadata:
|
|||||||
name: external-secrets-webhook
|
name: external-secrets-webhook
|
||||||
namespace: external-secrets
|
namespace: external-secrets
|
||||||
labels:
|
labels:
|
||||||
helm.sh/chart: external-secrets-2.4.1
|
helm.sh/chart: external-secrets-2.5.0
|
||||||
app.kubernetes.io/name: external-secrets-webhook
|
app.kubernetes.io/name: external-secrets-webhook
|
||||||
app.kubernetes.io/instance: external-secrets
|
app.kubernetes.io/instance: external-secrets
|
||||||
app.kubernetes.io/version: "v2.4.1"
|
app.kubernetes.io/version: "v2.5.0"
|
||||||
app.kubernetes.io/managed-by: Helm
|
app.kubernetes.io/managed-by: Helm
|
||||||
app.kubernetes.io/metrics: "webhook"
|
app.kubernetes.io/metrics: "webhook"
|
||||||
external-secrets.io/component: webhook
|
external-secrets.io/component: webhook
|
||||||
|
|||||||
@@ -4,10 +4,10 @@ metadata:
|
|||||||
name: external-secrets-cert-controller-metrics
|
name: external-secrets-cert-controller-metrics
|
||||||
namespace: external-secrets
|
namespace: external-secrets
|
||||||
labels:
|
labels:
|
||||||
helm.sh/chart: external-secrets-2.4.1
|
helm.sh/chart: external-secrets-2.5.0
|
||||||
app.kubernetes.io/name: external-secrets-cert-controller
|
app.kubernetes.io/name: external-secrets-cert-controller
|
||||||
app.kubernetes.io/instance: external-secrets
|
app.kubernetes.io/instance: external-secrets
|
||||||
app.kubernetes.io/version: "v2.4.1"
|
app.kubernetes.io/version: "v2.5.0"
|
||||||
app.kubernetes.io/managed-by: Helm
|
app.kubernetes.io/managed-by: Helm
|
||||||
app.kubernetes.io/metrics: "cert-controller"
|
app.kubernetes.io/metrics: "cert-controller"
|
||||||
spec:
|
spec:
|
||||||
|
|||||||
@@ -4,10 +4,10 @@ metadata:
|
|||||||
name: external-secrets-metrics
|
name: external-secrets-metrics
|
||||||
namespace: external-secrets
|
namespace: external-secrets
|
||||||
labels:
|
labels:
|
||||||
helm.sh/chart: external-secrets-2.4.1
|
helm.sh/chart: external-secrets-2.5.0
|
||||||
app.kubernetes.io/name: external-secrets
|
app.kubernetes.io/name: external-secrets
|
||||||
app.kubernetes.io/instance: external-secrets
|
app.kubernetes.io/instance: external-secrets
|
||||||
app.kubernetes.io/version: "v2.4.1"
|
app.kubernetes.io/version: "v2.5.0"
|
||||||
app.kubernetes.io/managed-by: Helm
|
app.kubernetes.io/managed-by: Helm
|
||||||
spec:
|
spec:
|
||||||
type: ClusterIP
|
type: ClusterIP
|
||||||
|
|||||||
@@ -4,10 +4,10 @@ metadata:
|
|||||||
name: external-secrets-webhook
|
name: external-secrets-webhook
|
||||||
namespace: external-secrets
|
namespace: external-secrets
|
||||||
labels:
|
labels:
|
||||||
helm.sh/chart: external-secrets-2.4.1
|
helm.sh/chart: external-secrets-2.5.0
|
||||||
app.kubernetes.io/name: external-secrets-webhook
|
app.kubernetes.io/name: external-secrets-webhook
|
||||||
app.kubernetes.io/instance: external-secrets
|
app.kubernetes.io/instance: external-secrets
|
||||||
app.kubernetes.io/version: "v2.4.1"
|
app.kubernetes.io/version: "v2.5.0"
|
||||||
app.kubernetes.io/managed-by: Helm
|
app.kubernetes.io/managed-by: Helm
|
||||||
app.kubernetes.io/metrics: "webhook"
|
app.kubernetes.io/metrics: "webhook"
|
||||||
external-secrets.io/component: webhook
|
external-secrets.io/component: webhook
|
||||||
|
|||||||
@@ -4,9 +4,9 @@ metadata:
|
|||||||
name: external-secrets-cert-controller
|
name: external-secrets-cert-controller
|
||||||
namespace: external-secrets
|
namespace: external-secrets
|
||||||
labels:
|
labels:
|
||||||
helm.sh/chart: external-secrets-2.4.1
|
helm.sh/chart: external-secrets-2.5.0
|
||||||
app.kubernetes.io/name: external-secrets-cert-controller
|
app.kubernetes.io/name: external-secrets-cert-controller
|
||||||
app.kubernetes.io/instance: external-secrets
|
app.kubernetes.io/instance: external-secrets
|
||||||
app.kubernetes.io/version: "v2.4.1"
|
app.kubernetes.io/version: "v2.5.0"
|
||||||
app.kubernetes.io/managed-by: Helm
|
app.kubernetes.io/managed-by: Helm
|
||||||
app.kubernetes.io/metrics: "cert-controller"
|
app.kubernetes.io/metrics: "cert-controller"
|
||||||
|
|||||||
@@ -4,9 +4,9 @@ metadata:
|
|||||||
name: external-secrets-webhook
|
name: external-secrets-webhook
|
||||||
namespace: external-secrets
|
namespace: external-secrets
|
||||||
labels:
|
labels:
|
||||||
helm.sh/chart: external-secrets-2.4.1
|
helm.sh/chart: external-secrets-2.5.0
|
||||||
app.kubernetes.io/name: external-secrets-webhook
|
app.kubernetes.io/name: external-secrets-webhook
|
||||||
app.kubernetes.io/instance: external-secrets
|
app.kubernetes.io/instance: external-secrets
|
||||||
app.kubernetes.io/version: "v2.4.1"
|
app.kubernetes.io/version: "v2.5.0"
|
||||||
app.kubernetes.io/managed-by: Helm
|
app.kubernetes.io/managed-by: Helm
|
||||||
app.kubernetes.io/metrics: "webhook"
|
app.kubernetes.io/metrics: "webhook"
|
||||||
|
|||||||
@@ -4,8 +4,8 @@ metadata:
|
|||||||
name: external-secrets
|
name: external-secrets
|
||||||
namespace: external-secrets
|
namespace: external-secrets
|
||||||
labels:
|
labels:
|
||||||
helm.sh/chart: external-secrets-2.4.1
|
helm.sh/chart: external-secrets-2.5.0
|
||||||
app.kubernetes.io/name: external-secrets
|
app.kubernetes.io/name: external-secrets
|
||||||
app.kubernetes.io/instance: external-secrets
|
app.kubernetes.io/instance: external-secrets
|
||||||
app.kubernetes.io/version: "v2.4.1"
|
app.kubernetes.io/version: "v2.5.0"
|
||||||
app.kubernetes.io/managed-by: Helm
|
app.kubernetes.io/managed-by: Helm
|
||||||
|
|||||||
@@ -2,10 +2,10 @@ apiVersion: "monitoring.coreos.com/v1"
|
|||||||
kind: ServiceMonitor
|
kind: ServiceMonitor
|
||||||
metadata:
|
metadata:
|
||||||
labels:
|
labels:
|
||||||
helm.sh/chart: external-secrets-2.4.1
|
helm.sh/chart: external-secrets-2.5.0
|
||||||
app.kubernetes.io/name: external-secrets-cert-controller
|
app.kubernetes.io/name: external-secrets-cert-controller
|
||||||
app.kubernetes.io/instance: external-secrets
|
app.kubernetes.io/instance: external-secrets
|
||||||
app.kubernetes.io/version: "v2.4.1"
|
app.kubernetes.io/version: "v2.5.0"
|
||||||
app.kubernetes.io/managed-by: Helm
|
app.kubernetes.io/managed-by: Helm
|
||||||
app.kubernetes.io/metrics: "cert-controller"
|
app.kubernetes.io/metrics: "cert-controller"
|
||||||
name: external-secrets-cert-controller-metrics
|
name: external-secrets-cert-controller-metrics
|
||||||
|
|||||||
@@ -2,10 +2,10 @@ apiVersion: "monitoring.coreos.com/v1"
|
|||||||
kind: ServiceMonitor
|
kind: ServiceMonitor
|
||||||
metadata:
|
metadata:
|
||||||
labels:
|
labels:
|
||||||
helm.sh/chart: external-secrets-2.4.1
|
helm.sh/chart: external-secrets-2.5.0
|
||||||
app.kubernetes.io/name: external-secrets
|
app.kubernetes.io/name: external-secrets
|
||||||
app.kubernetes.io/instance: external-secrets
|
app.kubernetes.io/instance: external-secrets
|
||||||
app.kubernetes.io/version: "v2.4.1"
|
app.kubernetes.io/version: "v2.5.0"
|
||||||
app.kubernetes.io/managed-by: Helm
|
app.kubernetes.io/managed-by: Helm
|
||||||
name: external-secrets-metrics
|
name: external-secrets-metrics
|
||||||
namespace: "external-secrets"
|
namespace: "external-secrets"
|
||||||
|
|||||||
@@ -2,10 +2,10 @@ apiVersion: "monitoring.coreos.com/v1"
|
|||||||
kind: ServiceMonitor
|
kind: ServiceMonitor
|
||||||
metadata:
|
metadata:
|
||||||
labels:
|
labels:
|
||||||
helm.sh/chart: external-secrets-2.4.1
|
helm.sh/chart: external-secrets-2.5.0
|
||||||
app.kubernetes.io/name: external-secrets-webhook
|
app.kubernetes.io/name: external-secrets-webhook
|
||||||
app.kubernetes.io/instance: external-secrets
|
app.kubernetes.io/instance: external-secrets
|
||||||
app.kubernetes.io/version: "v2.4.1"
|
app.kubernetes.io/version: "v2.5.0"
|
||||||
app.kubernetes.io/managed-by: Helm
|
app.kubernetes.io/managed-by: Helm
|
||||||
app.kubernetes.io/metrics: "webhook"
|
app.kubernetes.io/metrics: "webhook"
|
||||||
name: external-secrets-webhook-metrics
|
name: external-secrets-webhook-metrics
|
||||||
|
|||||||
@@ -3,10 +3,10 @@ kind: ValidatingWebhookConfiguration
|
|||||||
metadata:
|
metadata:
|
||||||
name: externalsecret-validate
|
name: externalsecret-validate
|
||||||
labels:
|
labels:
|
||||||
helm.sh/chart: external-secrets-2.4.1
|
helm.sh/chart: external-secrets-2.5.0
|
||||||
app.kubernetes.io/name: external-secrets-webhook
|
app.kubernetes.io/name: external-secrets-webhook
|
||||||
app.kubernetes.io/instance: external-secrets
|
app.kubernetes.io/instance: external-secrets
|
||||||
app.kubernetes.io/version: "v2.4.1"
|
app.kubernetes.io/version: "v2.5.0"
|
||||||
app.kubernetes.io/managed-by: Helm
|
app.kubernetes.io/managed-by: Helm
|
||||||
app.kubernetes.io/metrics: "webhook"
|
app.kubernetes.io/metrics: "webhook"
|
||||||
external-secrets.io/component: webhook
|
external-secrets.io/component: webhook
|
||||||
|
|||||||
@@ -3,10 +3,10 @@ kind: ValidatingWebhookConfiguration
|
|||||||
metadata:
|
metadata:
|
||||||
name: secretstore-validate
|
name: secretstore-validate
|
||||||
labels:
|
labels:
|
||||||
helm.sh/chart: external-secrets-2.4.1
|
helm.sh/chart: external-secrets-2.5.0
|
||||||
app.kubernetes.io/name: external-secrets-webhook
|
app.kubernetes.io/name: external-secrets-webhook
|
||||||
app.kubernetes.io/instance: external-secrets
|
app.kubernetes.io/instance: external-secrets
|
||||||
app.kubernetes.io/version: "v2.4.1"
|
app.kubernetes.io/version: "v2.5.0"
|
||||||
app.kubernetes.io/managed-by: Helm
|
app.kubernetes.io/managed-by: Helm
|
||||||
app.kubernetes.io/metrics: "webhook"
|
app.kubernetes.io/metrics: "webhook"
|
||||||
external-secrets.io/component: webhook
|
external-secrets.io/component: webhook
|
||||||
|
|||||||
Reference in New Issue
Block a user