diff --git a/clusters/cl01tl/manifests/external-secrets/ClusterRole-external-secrets-cert-controller.yaml b/clusters/cl01tl/manifests/external-secrets/ClusterRole-external-secrets-cert-controller.yaml index b5962e6e1..d61b2fe86 100644 --- a/clusters/cl01tl/manifests/external-secrets/ClusterRole-external-secrets-cert-controller.yaml +++ b/clusters/cl01tl/manifests/external-secrets/ClusterRole-external-secrets-cert-controller.yaml @@ -3,10 +3,10 @@ kind: ClusterRole metadata: name: external-secrets-cert-controller labels: - helm.sh/chart: external-secrets-2.2.0 + helm.sh/chart: external-secrets-2.3.0 app.kubernetes.io/name: external-secrets-cert-controller app.kubernetes.io/instance: external-secrets - app.kubernetes.io/version: "v2.2.0" + app.kubernetes.io/version: "v2.3.0" app.kubernetes.io/managed-by: Helm app.kubernetes.io/metrics: "cert-controller" rules: diff --git a/clusters/cl01tl/manifests/external-secrets/ClusterRole-external-secrets-controller.yaml b/clusters/cl01tl/manifests/external-secrets/ClusterRole-external-secrets-controller.yaml index 14023cd16..afae46e91 100644 --- a/clusters/cl01tl/manifests/external-secrets/ClusterRole-external-secrets-controller.yaml +++ b/clusters/cl01tl/manifests/external-secrets/ClusterRole-external-secrets-controller.yaml @@ -3,10 +3,10 @@ kind: ClusterRole metadata: name: external-secrets-controller labels: - helm.sh/chart: external-secrets-2.2.0 + helm.sh/chart: external-secrets-2.3.0 app.kubernetes.io/name: external-secrets app.kubernetes.io/instance: external-secrets - app.kubernetes.io/version: "v2.2.0" + app.kubernetes.io/version: "v2.3.0" app.kubernetes.io/managed-by: Helm rules: - apiGroups: diff --git a/clusters/cl01tl/manifests/external-secrets/ClusterRole-external-secrets-edit.yaml b/clusters/cl01tl/manifests/external-secrets/ClusterRole-external-secrets-edit.yaml index 765dc8c05..97955fa81 100644 --- a/clusters/cl01tl/manifests/external-secrets/ClusterRole-external-secrets-edit.yaml +++ b/clusters/cl01tl/manifests/external-secrets/ClusterRole-external-secrets-edit.yaml @@ -3,10 +3,10 @@ kind: ClusterRole metadata: name: external-secrets-edit labels: - helm.sh/chart: external-secrets-2.2.0 + helm.sh/chart: external-secrets-2.3.0 app.kubernetes.io/name: external-secrets app.kubernetes.io/instance: external-secrets - app.kubernetes.io/version: "v2.2.0" + app.kubernetes.io/version: "v2.3.0" app.kubernetes.io/managed-by: Helm rbac.authorization.k8s.io/aggregate-to-edit: "true" rbac.authorization.k8s.io/aggregate-to-admin: "true" diff --git a/clusters/cl01tl/manifests/external-secrets/ClusterRole-external-secrets-servicebindings.yaml b/clusters/cl01tl/manifests/external-secrets/ClusterRole-external-secrets-servicebindings.yaml index 23f2497c0..20a0d9ba1 100644 --- a/clusters/cl01tl/manifests/external-secrets/ClusterRole-external-secrets-servicebindings.yaml +++ b/clusters/cl01tl/manifests/external-secrets/ClusterRole-external-secrets-servicebindings.yaml @@ -4,10 +4,10 @@ metadata: name: external-secrets-servicebindings labels: servicebinding.io/controller: "true" - helm.sh/chart: external-secrets-2.2.0 + helm.sh/chart: external-secrets-2.3.0 app.kubernetes.io/name: external-secrets app.kubernetes.io/instance: external-secrets - app.kubernetes.io/version: "v2.2.0" + app.kubernetes.io/version: "v2.3.0" app.kubernetes.io/managed-by: Helm rules: - apiGroups: diff --git a/clusters/cl01tl/manifests/external-secrets/ClusterRole-external-secrets-view.yaml b/clusters/cl01tl/manifests/external-secrets/ClusterRole-external-secrets-view.yaml index c0385f392..ae8899890 100644 --- a/clusters/cl01tl/manifests/external-secrets/ClusterRole-external-secrets-view.yaml +++ b/clusters/cl01tl/manifests/external-secrets/ClusterRole-external-secrets-view.yaml @@ -3,10 +3,10 @@ kind: ClusterRole metadata: name: external-secrets-view labels: - helm.sh/chart: external-secrets-2.2.0 + helm.sh/chart: external-secrets-2.3.0 app.kubernetes.io/name: external-secrets app.kubernetes.io/instance: external-secrets - app.kubernetes.io/version: "v2.2.0" + app.kubernetes.io/version: "v2.3.0" app.kubernetes.io/managed-by: Helm rbac.authorization.k8s.io/aggregate-to-view: "true" rbac.authorization.k8s.io/aggregate-to-edit: "true" diff --git a/clusters/cl01tl/manifests/external-secrets/ClusterRoleBinding-external-secrets-cert-controller.yaml b/clusters/cl01tl/manifests/external-secrets/ClusterRoleBinding-external-secrets-cert-controller.yaml index 750966196..228c78d9b 100644 --- a/clusters/cl01tl/manifests/external-secrets/ClusterRoleBinding-external-secrets-cert-controller.yaml +++ b/clusters/cl01tl/manifests/external-secrets/ClusterRoleBinding-external-secrets-cert-controller.yaml @@ -3,10 +3,10 @@ kind: ClusterRoleBinding metadata: name: external-secrets-cert-controller labels: - helm.sh/chart: external-secrets-2.2.0 + helm.sh/chart: external-secrets-2.3.0 app.kubernetes.io/name: external-secrets-cert-controller app.kubernetes.io/instance: external-secrets - app.kubernetes.io/version: "v2.2.0" + app.kubernetes.io/version: "v2.3.0" app.kubernetes.io/managed-by: Helm app.kubernetes.io/metrics: "cert-controller" roleRef: diff --git a/clusters/cl01tl/manifests/external-secrets/ClusterRoleBinding-external-secrets-controller.yaml b/clusters/cl01tl/manifests/external-secrets/ClusterRoleBinding-external-secrets-controller.yaml index 35a1ae5ac..4c3faafb6 100644 --- a/clusters/cl01tl/manifests/external-secrets/ClusterRoleBinding-external-secrets-controller.yaml +++ b/clusters/cl01tl/manifests/external-secrets/ClusterRoleBinding-external-secrets-controller.yaml @@ -3,10 +3,10 @@ kind: ClusterRoleBinding metadata: name: external-secrets-controller labels: - helm.sh/chart: external-secrets-2.2.0 + helm.sh/chart: external-secrets-2.3.0 app.kubernetes.io/name: external-secrets app.kubernetes.io/instance: external-secrets - app.kubernetes.io/version: "v2.2.0" + app.kubernetes.io/version: "v2.3.0" app.kubernetes.io/managed-by: Helm roleRef: apiGroup: rbac.authorization.k8s.io diff --git a/clusters/cl01tl/manifests/external-secrets/CustomResourceDefinition-clusterexternalsecrets.external-secrets.io.yaml b/clusters/cl01tl/manifests/external-secrets/CustomResourceDefinition-clusterexternalsecrets.external-secrets.io.yaml index 5a320b822..5b92e8f32 100644 --- a/clusters/cl01tl/manifests/external-secrets/CustomResourceDefinition-clusterexternalsecrets.external-secrets.io.yaml +++ b/clusters/cl01tl/manifests/external-secrets/CustomResourceDefinition-clusterexternalsecrets.external-secrets.io.yaml @@ -113,6 +113,13 @@ spec: - None - Fetch type: string + nullBytePolicy: + default: Ignore + description: Controls how ESO handles fetched secret data containing NUL bytes for this source. + enum: + - Ignore + - Fail + type: string property: description: Used to select a specific property of the Provider value (if a map), if supported type: string @@ -240,6 +247,13 @@ spec: - None - Fetch type: string + nullBytePolicy: + default: Ignore + description: Controls how ESO handles fetched secret data containing NUL bytes for this source. + enum: + - Ignore + - Fail + type: string property: description: Used to select a specific property of the Provider value (if a map), if supported type: string @@ -277,6 +291,13 @@ spec: description: Finds secrets base type: string type: object + nullBytePolicy: + default: Ignore + description: Controls how ESO handles fetched secret data containing NUL bytes for this find source. + enum: + - Ignore + - Fail + type: string path: description: A root path to start the find operations. type: string diff --git a/clusters/cl01tl/manifests/external-secrets/CustomResourceDefinition-clustergenerators.generators.external-secrets.io.yaml b/clusters/cl01tl/manifests/external-secrets/CustomResourceDefinition-clustergenerators.generators.external-secrets.io.yaml index d5ab6967b..7b954dcb8 100644 --- a/clusters/cl01tl/manifests/external-secrets/CustomResourceDefinition-clustergenerators.generators.external-secrets.io.yaml +++ b/clusters/cl01tl/manifests/external-secrets/CustomResourceDefinition-clustergenerators.generators.external-secrets.io.yaml @@ -1258,6 +1258,9 @@ spec: pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: object + vaultRole: + description: VaultRole specifies the Vault role to use for TLS certificate authentication. + type: string type: object gcp: description: |- diff --git a/clusters/cl01tl/manifests/external-secrets/CustomResourceDefinition-clusterpushsecrets.external-secrets.io.yaml b/clusters/cl01tl/manifests/external-secrets/CustomResourceDefinition-clusterpushsecrets.external-secrets.io.yaml index 84cdbf055..ffa496cce 100644 --- a/clusters/cl01tl/manifests/external-secrets/CustomResourceDefinition-clusterpushsecrets.external-secrets.io.yaml +++ b/clusters/cl01tl/manifests/external-secrets/CustomResourceDefinition-clusterpushsecrets.external-secrets.io.yaml @@ -164,6 +164,146 @@ spec: - match type: object type: array + dataTo: + description: DataTo defines bulk push rules that expand source Secret keys into provider entries. + items: + description: PushSecretDataTo defines how to bulk-push secrets to providers without explicit per-key mappings. + properties: + conversionStrategy: + default: None + description: Used to define a conversion Strategy for the secret keys + enum: + - None + - ReverseUnicode + type: string + match: + description: |- + Match pattern for selecting keys from the source Secret. + If not specified, all keys are selected. + properties: + regexp: + description: |- + Regexp matches keys by regular expression. + If not specified, all keys are matched. + type: string + type: object + metadata: + description: |- + Metadata is metadata attached to the secret. + The structure of metadata is provider specific, please look it up in the provider documentation. + x-kubernetes-preserve-unknown-fields: true + remoteKey: + description: |- + RemoteKey is the name of the single provider secret that will receive ALL + matched keys bundled as a JSON object (e.g. {"DB_HOST":"...","DB_USER":"..."}). + When set, per-key expansion is skipped and a single push is performed. + The provider's store prefix (if any) is still prepended to this value. + When not set, each matched key is pushed as its own individual provider secret. + type: string + rewrite: + description: |- + Rewrite operations to transform keys before pushing to the provider. + Operations are applied sequentially. + items: + description: PushSecretRewrite defines how to transform secret keys before pushing. + properties: + regexp: + description: Used to rewrite with regular expressions. + properties: + source: + description: Used to define the regular expression of a re.Compiler. + type: string + target: + description: Used to define the target pattern of a ReplaceAll operation. + type: string + required: + - source + - target + type: object + transform: + description: Used to apply string transformation on the secrets. + properties: + template: + description: |- + Used to define the template to apply on the secret name. + `.value ` will specify the secret name in the template. + type: string + required: + - template + type: object + type: object + x-kubernetes-validations: + - message: exactly one of regexp or transform must be set + rule: (has(self.regexp) && !has(self.transform)) || (!has(self.regexp) && has(self.transform)) + type: array + storeRef: + description: StoreRef specifies which SecretStore to push to. Required. + properties: + kind: + default: SecretStore + description: Kind of the SecretStore resource (SecretStore or ClusterSecretStore) + enum: + - SecretStore + - ClusterSecretStore + type: string + labelSelector: + description: Optionally, sync to secret stores with label selector + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + name: + description: Optionally, sync to the SecretStore of the given name + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ + type: string + type: object + type: object + x-kubernetes-validations: + - message: storeRef must specify either name or labelSelector + rule: has(self.storeRef) && (has(self.storeRef.name) || has(self.storeRef.labelSelector)) + - message: 'remoteKey and rewrite are mutually exclusive: rewrite is only supported in per-key mode (without remoteKey)' + rule: '!has(self.remoteKey) || !has(self.rewrite) || size(self.rewrite) == 0' + type: array deletionPolicy: default: None description: Deletion Policy to handle Secrets in the provider. diff --git a/clusters/cl01tl/manifests/external-secrets/CustomResourceDefinition-clustersecretstores.external-secrets.io.yaml b/clusters/cl01tl/manifests/external-secrets/CustomResourceDefinition-clustersecretstores.external-secrets.io.yaml index 52e6c148d..bafd3b4a3 100644 --- a/clusters/cl01tl/manifests/external-secrets/CustomResourceDefinition-clustersecretstores.external-secrets.io.yaml +++ b/clusters/cl01tl/manifests/external-secrets/CustomResourceDefinition-clustersecretstores.external-secrets.io.yaml @@ -2088,6 +2088,16 @@ spec: description: installationID specifies the Github APP installation that will be used to authenticate the client format: int64 type: integer + orgSecretVisibility: + description: |- + orgSecretVisibility controls the visibility of organization secrets pushed via PushSecret. + Valid values are "all" or "private". + When unset, new secrets are created with visibility "all" and existing secrets preserve + whatever visibility they already have in GitHub. + enum: + - all + - private + type: string organization: description: organization will be used to fetch secrets from the Github organization type: string @@ -3831,6 +3841,168 @@ spec: - region - vault type: object + ovh: + description: OVHcloud configures this store to sync secrets using the OVHcloud provider. + properties: + auth: + description: Authentication method (mtls or token). + properties: + mtls: + description: OvhClientMTLS defines the configuration required to authenticate to OVHcloud's Secret Manager using mTLS. + properties: + caBundle: + format: byte + type: string + caProvider: + description: |- + CAProvider provides a custom certificate authority for accessing the provider's store. + The CAProvider points to a Secret or ConfigMap resource that contains a PEM-encoded certificate. + properties: + key: + description: The key where the CA certificate can be found in the Secret or ConfigMap. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ + type: string + name: + description: The name of the object located at the provider type. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ + type: string + namespace: + description: |- + The namespace the Provider type is in. + Can only be defined when used in a ClusterSecretStore. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: + description: The type of provider to use such as "Secret", or "ConfigMap". + enum: + - Secret + - ConfigMap + type: string + required: + - name + - type + type: object + certSecretRef: + description: |- + SecretKeySelector is a reference to a specific 'key' within a Secret resource. + In some instances, `key` is a required field. + properties: + key: + description: |- + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ + type: string + name: + description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ + type: string + namespace: + description: |- + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + keySecretRef: + description: |- + SecretKeySelector is a reference to a specific 'key' within a Secret resource. + In some instances, `key` is a required field. + properties: + key: + description: |- + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ + type: string + name: + description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ + type: string + namespace: + description: |- + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + required: + - certSecretRef + - keySecretRef + type: object + token: + description: OvhClientToken defines the configuration required to authenticate to OVHcloud's Secret Manager using a token. + properties: + tokenSecretRef: + description: |- + SecretKeySelector is a reference to a specific 'key' within a Secret resource. + In some instances, `key` is a required field. + properties: + key: + description: |- + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ + type: string + name: + description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ + type: string + namespace: + description: |- + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + required: + - tokenSecretRef + type: object + type: object + casRequired: + description: 'Enables or disables check-and-set (CAS) (default: false).' + type: boolean + okmsTimeout: + default: 30 + description: 'Setup a timeout in seconds when requests to the KMS are made (default: 30).' + format: int32 + minimum: 1 + type: integer + okmsid: + description: specifies the OKMS ID. + type: string + server: + description: specifies the OKMS server endpoint. + type: string + required: + - auth + - okmsid + - server + type: object passbolt: description: |- PassboltProvider provides access to Passbolt secrets manager. @@ -4474,6 +4646,9 @@ spec: pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: object + vaultRole: + description: VaultRole specifies the Vault role to use for TLS certificate authentication. + type: string type: object gcp: description: |- diff --git a/clusters/cl01tl/manifests/external-secrets/CustomResourceDefinition-externalsecrets.external-secrets.io.yaml b/clusters/cl01tl/manifests/external-secrets/CustomResourceDefinition-externalsecrets.external-secrets.io.yaml index d23600b4a..5ea8034e6 100644 --- a/clusters/cl01tl/manifests/external-secrets/CustomResourceDefinition-externalsecrets.external-secrets.io.yaml +++ b/clusters/cl01tl/manifests/external-secrets/CustomResourceDefinition-externalsecrets.external-secrets.io.yaml @@ -101,6 +101,13 @@ spec: - None - Fetch type: string + nullBytePolicy: + default: Ignore + description: Controls how ESO handles fetched secret data containing NUL bytes for this source. + enum: + - Ignore + - Fail + type: string property: description: Used to select a specific property of the Provider value (if a map), if supported type: string @@ -228,6 +235,13 @@ spec: - None - Fetch type: string + nullBytePolicy: + default: Ignore + description: Controls how ESO handles fetched secret data containing NUL bytes for this source. + enum: + - Ignore + - Fail + type: string property: description: Used to select a specific property of the Provider value (if a map), if supported type: string @@ -265,6 +279,13 @@ spec: description: Finds secrets base type: string type: object + nullBytePolicy: + default: Ignore + description: Controls how ESO handles fetched secret data containing NUL bytes for this find source. + enum: + - Ignore + - Fail + type: string path: description: A root path to start the find operations. type: string diff --git a/clusters/cl01tl/manifests/external-secrets/CustomResourceDefinition-pushsecrets.external-secrets.io.yaml b/clusters/cl01tl/manifests/external-secrets/CustomResourceDefinition-pushsecrets.external-secrets.io.yaml index b31660da5..1a0edfb78 100644 --- a/clusters/cl01tl/manifests/external-secrets/CustomResourceDefinition-pushsecrets.external-secrets.io.yaml +++ b/clusters/cl01tl/manifests/external-secrets/CustomResourceDefinition-pushsecrets.external-secrets.io.yaml @@ -96,6 +96,146 @@ spec: - match type: object type: array + dataTo: + description: DataTo defines bulk push rules that expand source Secret keys into provider entries. + items: + description: PushSecretDataTo defines how to bulk-push secrets to providers without explicit per-key mappings. + properties: + conversionStrategy: + default: None + description: Used to define a conversion Strategy for the secret keys + enum: + - None + - ReverseUnicode + type: string + match: + description: |- + Match pattern for selecting keys from the source Secret. + If not specified, all keys are selected. + properties: + regexp: + description: |- + Regexp matches keys by regular expression. + If not specified, all keys are matched. + type: string + type: object + metadata: + description: |- + Metadata is metadata attached to the secret. + The structure of metadata is provider specific, please look it up in the provider documentation. + x-kubernetes-preserve-unknown-fields: true + remoteKey: + description: |- + RemoteKey is the name of the single provider secret that will receive ALL + matched keys bundled as a JSON object (e.g. {"DB_HOST":"...","DB_USER":"..."}). + When set, per-key expansion is skipped and a single push is performed. + The provider's store prefix (if any) is still prepended to this value. + When not set, each matched key is pushed as its own individual provider secret. + type: string + rewrite: + description: |- + Rewrite operations to transform keys before pushing to the provider. + Operations are applied sequentially. + items: + description: PushSecretRewrite defines how to transform secret keys before pushing. + properties: + regexp: + description: Used to rewrite with regular expressions. + properties: + source: + description: Used to define the regular expression of a re.Compiler. + type: string + target: + description: Used to define the target pattern of a ReplaceAll operation. + type: string + required: + - source + - target + type: object + transform: + description: Used to apply string transformation on the secrets. + properties: + template: + description: |- + Used to define the template to apply on the secret name. + `.value ` will specify the secret name in the template. + type: string + required: + - template + type: object + type: object + x-kubernetes-validations: + - message: exactly one of regexp or transform must be set + rule: (has(self.regexp) && !has(self.transform)) || (!has(self.regexp) && has(self.transform)) + type: array + storeRef: + description: StoreRef specifies which SecretStore to push to. Required. + properties: + kind: + default: SecretStore + description: Kind of the SecretStore resource (SecretStore or ClusterSecretStore) + enum: + - SecretStore + - ClusterSecretStore + type: string + labelSelector: + description: Optionally, sync to secret stores with label selector + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + name: + description: Optionally, sync to the SecretStore of the given name + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ + type: string + type: object + type: object + x-kubernetes-validations: + - message: storeRef must specify either name or labelSelector + rule: has(self.storeRef) && (has(self.storeRef.name) || has(self.storeRef.labelSelector)) + - message: 'remoteKey and rewrite are mutually exclusive: rewrite is only supported in per-key mode (without remoteKey)' + rule: '!has(self.remoteKey) || !has(self.rewrite) || size(self.rewrite) == 0' + type: array deletionPolicy: default: None description: Deletion Policy to handle Secrets in the provider. diff --git a/clusters/cl01tl/manifests/external-secrets/CustomResourceDefinition-secretstores.external-secrets.io.yaml b/clusters/cl01tl/manifests/external-secrets/CustomResourceDefinition-secretstores.external-secrets.io.yaml index 59c4f5fa4..dfcd0adb9 100644 --- a/clusters/cl01tl/manifests/external-secrets/CustomResourceDefinition-secretstores.external-secrets.io.yaml +++ b/clusters/cl01tl/manifests/external-secrets/CustomResourceDefinition-secretstores.external-secrets.io.yaml @@ -2088,6 +2088,16 @@ spec: description: installationID specifies the Github APP installation that will be used to authenticate the client format: int64 type: integer + orgSecretVisibility: + description: |- + orgSecretVisibility controls the visibility of organization secrets pushed via PushSecret. + Valid values are "all" or "private". + When unset, new secrets are created with visibility "all" and existing secrets preserve + whatever visibility they already have in GitHub. + enum: + - all + - private + type: string organization: description: organization will be used to fetch secrets from the Github organization type: string @@ -3831,6 +3841,168 @@ spec: - region - vault type: object + ovh: + description: OVHcloud configures this store to sync secrets using the OVHcloud provider. + properties: + auth: + description: Authentication method (mtls or token). + properties: + mtls: + description: OvhClientMTLS defines the configuration required to authenticate to OVHcloud's Secret Manager using mTLS. + properties: + caBundle: + format: byte + type: string + caProvider: + description: |- + CAProvider provides a custom certificate authority for accessing the provider's store. + The CAProvider points to a Secret or ConfigMap resource that contains a PEM-encoded certificate. + properties: + key: + description: The key where the CA certificate can be found in the Secret or ConfigMap. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ + type: string + name: + description: The name of the object located at the provider type. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ + type: string + namespace: + description: |- + The namespace the Provider type is in. + Can only be defined when used in a ClusterSecretStore. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: + description: The type of provider to use such as "Secret", or "ConfigMap". + enum: + - Secret + - ConfigMap + type: string + required: + - name + - type + type: object + certSecretRef: + description: |- + SecretKeySelector is a reference to a specific 'key' within a Secret resource. + In some instances, `key` is a required field. + properties: + key: + description: |- + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ + type: string + name: + description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ + type: string + namespace: + description: |- + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + keySecretRef: + description: |- + SecretKeySelector is a reference to a specific 'key' within a Secret resource. + In some instances, `key` is a required field. + properties: + key: + description: |- + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ + type: string + name: + description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ + type: string + namespace: + description: |- + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + required: + - certSecretRef + - keySecretRef + type: object + token: + description: OvhClientToken defines the configuration required to authenticate to OVHcloud's Secret Manager using a token. + properties: + tokenSecretRef: + description: |- + SecretKeySelector is a reference to a specific 'key' within a Secret resource. + In some instances, `key` is a required field. + properties: + key: + description: |- + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ + type: string + name: + description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ + type: string + namespace: + description: |- + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + required: + - tokenSecretRef + type: object + type: object + casRequired: + description: 'Enables or disables check-and-set (CAS) (default: false).' + type: boolean + okmsTimeout: + default: 30 + description: 'Setup a timeout in seconds when requests to the KMS are made (default: 30).' + format: int32 + minimum: 1 + type: integer + okmsid: + description: specifies the OKMS ID. + type: string + server: + description: specifies the OKMS server endpoint. + type: string + required: + - auth + - okmsid + - server + type: object passbolt: description: |- PassboltProvider provides access to Passbolt secrets manager. @@ -4474,6 +4646,9 @@ spec: pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: object + vaultRole: + description: VaultRole specifies the Vault role to use for TLS certificate authentication. + type: string type: object gcp: description: |- diff --git a/clusters/cl01tl/manifests/external-secrets/CustomResourceDefinition-vaultdynamicsecrets.generators.external-secrets.io.yaml b/clusters/cl01tl/manifests/external-secrets/CustomResourceDefinition-vaultdynamicsecrets.generators.external-secrets.io.yaml index 45a915c44..363971736 100644 --- a/clusters/cl01tl/manifests/external-secrets/CustomResourceDefinition-vaultdynamicsecrets.generators.external-secrets.io.yaml +++ b/clusters/cl01tl/manifests/external-secrets/CustomResourceDefinition-vaultdynamicsecrets.generators.external-secrets.io.yaml @@ -214,6 +214,9 @@ spec: pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: object + vaultRole: + description: VaultRole specifies the Vault role to use for TLS certificate authentication. + type: string type: object gcp: description: |- diff --git a/clusters/cl01tl/manifests/external-secrets/Deployment-external-secrets-cert-controller.yaml b/clusters/cl01tl/manifests/external-secrets/Deployment-external-secrets-cert-controller.yaml index 685770016..9d50cbaf4 100644 --- a/clusters/cl01tl/manifests/external-secrets/Deployment-external-secrets-cert-controller.yaml +++ b/clusters/cl01tl/manifests/external-secrets/Deployment-external-secrets-cert-controller.yaml @@ -4,10 +4,10 @@ metadata: name: external-secrets-cert-controller namespace: external-secrets labels: - helm.sh/chart: external-secrets-2.2.0 + helm.sh/chart: external-secrets-2.3.0 app.kubernetes.io/name: external-secrets-cert-controller app.kubernetes.io/instance: external-secrets - app.kubernetes.io/version: "v2.2.0" + app.kubernetes.io/version: "v2.3.0" app.kubernetes.io/managed-by: Helm app.kubernetes.io/metrics: "cert-controller" spec: @@ -20,10 +20,10 @@ spec: template: metadata: labels: - helm.sh/chart: external-secrets-2.2.0 + helm.sh/chart: external-secrets-2.3.0 app.kubernetes.io/name: external-secrets-cert-controller app.kubernetes.io/instance: external-secrets - app.kubernetes.io/version: "v2.2.0" + app.kubernetes.io/version: "v2.3.0" app.kubernetes.io/managed-by: Helm app.kubernetes.io/metrics: "cert-controller" spec: @@ -42,7 +42,7 @@ spec: runAsUser: 1000 seccompProfile: type: RuntimeDefault - image: ghcr.io/external-secrets/external-secrets:v2.2.0@sha256:876e627dbee5b0edd12da49b035469d12418cd6c3c4be5e383ae6a82e8bd4565 + image: ghcr.io/external-secrets/external-secrets:v2.3.0@sha256:c425f51f422506c380550ad32fbf155412c7be84dd1c4b196130dcf04497be80 imagePullPolicy: IfNotPresent args: - certcontroller diff --git a/clusters/cl01tl/manifests/external-secrets/Deployment-external-secrets-webhook.yaml b/clusters/cl01tl/manifests/external-secrets/Deployment-external-secrets-webhook.yaml index 0b5687096..b3170d42a 100644 --- a/clusters/cl01tl/manifests/external-secrets/Deployment-external-secrets-webhook.yaml +++ b/clusters/cl01tl/manifests/external-secrets/Deployment-external-secrets-webhook.yaml @@ -4,10 +4,10 @@ metadata: name: external-secrets-webhook namespace: external-secrets labels: - helm.sh/chart: external-secrets-2.2.0 + helm.sh/chart: external-secrets-2.3.0 app.kubernetes.io/name: external-secrets-webhook app.kubernetes.io/instance: external-secrets - app.kubernetes.io/version: "v2.2.0" + app.kubernetes.io/version: "v2.3.0" app.kubernetes.io/managed-by: Helm app.kubernetes.io/metrics: "webhook" spec: @@ -20,10 +20,10 @@ spec: template: metadata: labels: - helm.sh/chart: external-secrets-2.2.0 + helm.sh/chart: external-secrets-2.3.0 app.kubernetes.io/name: external-secrets-webhook app.kubernetes.io/instance: external-secrets - app.kubernetes.io/version: "v2.2.0" + app.kubernetes.io/version: "v2.3.0" app.kubernetes.io/managed-by: Helm app.kubernetes.io/metrics: "webhook" spec: @@ -42,7 +42,7 @@ spec: runAsUser: 1000 seccompProfile: type: RuntimeDefault - image: ghcr.io/external-secrets/external-secrets:v2.2.0@sha256:876e627dbee5b0edd12da49b035469d12418cd6c3c4be5e383ae6a82e8bd4565 + image: ghcr.io/external-secrets/external-secrets:v2.3.0@sha256:c425f51f422506c380550ad32fbf155412c7be84dd1c4b196130dcf04497be80 imagePullPolicy: IfNotPresent args: - webhook diff --git a/clusters/cl01tl/manifests/external-secrets/Deployment-external-secrets.yaml b/clusters/cl01tl/manifests/external-secrets/Deployment-external-secrets.yaml index 21167ec9e..61805c3e2 100644 --- a/clusters/cl01tl/manifests/external-secrets/Deployment-external-secrets.yaml +++ b/clusters/cl01tl/manifests/external-secrets/Deployment-external-secrets.yaml @@ -4,10 +4,10 @@ metadata: name: external-secrets namespace: external-secrets labels: - helm.sh/chart: external-secrets-2.2.0 + helm.sh/chart: external-secrets-2.3.0 app.kubernetes.io/name: external-secrets app.kubernetes.io/instance: external-secrets - app.kubernetes.io/version: "v2.2.0" + app.kubernetes.io/version: "v2.3.0" app.kubernetes.io/managed-by: Helm spec: replicas: 3 @@ -19,10 +19,10 @@ spec: template: metadata: labels: - helm.sh/chart: external-secrets-2.2.0 + helm.sh/chart: external-secrets-2.3.0 app.kubernetes.io/name: external-secrets app.kubernetes.io/instance: external-secrets - app.kubernetes.io/version: "v2.2.0" + app.kubernetes.io/version: "v2.3.0" app.kubernetes.io/managed-by: Helm spec: serviceAccountName: external-secrets @@ -40,7 +40,7 @@ spec: runAsUser: 1000 seccompProfile: type: RuntimeDefault - image: ghcr.io/external-secrets/external-secrets:v2.2.0@sha256:876e627dbee5b0edd12da49b035469d12418cd6c3c4be5e383ae6a82e8bd4565 + image: ghcr.io/external-secrets/external-secrets:v2.3.0@sha256:c425f51f422506c380550ad32fbf155412c7be84dd1c4b196130dcf04497be80 imagePullPolicy: IfNotPresent args: - --enable-leader-election=true diff --git a/clusters/cl01tl/manifests/external-secrets/PodDisruptionBudget-external-secrets-pdb.yaml b/clusters/cl01tl/manifests/external-secrets/PodDisruptionBudget-external-secrets-pdb.yaml index 3a37a5c7c..9552e8a4d 100644 --- a/clusters/cl01tl/manifests/external-secrets/PodDisruptionBudget-external-secrets-pdb.yaml +++ b/clusters/cl01tl/manifests/external-secrets/PodDisruptionBudget-external-secrets-pdb.yaml @@ -4,10 +4,10 @@ metadata: name: "external-secrets-pdb" namespace: external-secrets labels: - helm.sh/chart: external-secrets-2.2.0 + helm.sh/chart: external-secrets-2.3.0 app.kubernetes.io/name: external-secrets app.kubernetes.io/instance: external-secrets - app.kubernetes.io/version: "v2.2.0" + app.kubernetes.io/version: "v2.3.0" app.kubernetes.io/managed-by: Helm spec: minAvailable: 1 diff --git a/clusters/cl01tl/manifests/external-secrets/Role-external-secrets-leaderelection.yaml b/clusters/cl01tl/manifests/external-secrets/Role-external-secrets-leaderelection.yaml index d9d532fc5..2775303d8 100644 --- a/clusters/cl01tl/manifests/external-secrets/Role-external-secrets-leaderelection.yaml +++ b/clusters/cl01tl/manifests/external-secrets/Role-external-secrets-leaderelection.yaml @@ -4,10 +4,10 @@ metadata: name: external-secrets-leaderelection namespace: external-secrets labels: - helm.sh/chart: external-secrets-2.2.0 + helm.sh/chart: external-secrets-2.3.0 app.kubernetes.io/name: external-secrets app.kubernetes.io/instance: external-secrets - app.kubernetes.io/version: "v2.2.0" + app.kubernetes.io/version: "v2.3.0" app.kubernetes.io/managed-by: Helm rules: - apiGroups: diff --git a/clusters/cl01tl/manifests/external-secrets/RoleBinding-external-secrets-leaderelection.yaml b/clusters/cl01tl/manifests/external-secrets/RoleBinding-external-secrets-leaderelection.yaml index af6574e56..a2d7cd4db 100644 --- a/clusters/cl01tl/manifests/external-secrets/RoleBinding-external-secrets-leaderelection.yaml +++ b/clusters/cl01tl/manifests/external-secrets/RoleBinding-external-secrets-leaderelection.yaml @@ -4,10 +4,10 @@ metadata: name: external-secrets-leaderelection namespace: external-secrets labels: - helm.sh/chart: external-secrets-2.2.0 + helm.sh/chart: external-secrets-2.3.0 app.kubernetes.io/name: external-secrets app.kubernetes.io/instance: external-secrets - app.kubernetes.io/version: "v2.2.0" + app.kubernetes.io/version: "v2.3.0" app.kubernetes.io/managed-by: Helm roleRef: apiGroup: rbac.authorization.k8s.io diff --git a/clusters/cl01tl/manifests/external-secrets/Secret-external-secrets-webhook.yaml b/clusters/cl01tl/manifests/external-secrets/Secret-external-secrets-webhook.yaml index 82219ded6..72b178383 100644 --- a/clusters/cl01tl/manifests/external-secrets/Secret-external-secrets-webhook.yaml +++ b/clusters/cl01tl/manifests/external-secrets/Secret-external-secrets-webhook.yaml @@ -4,10 +4,10 @@ metadata: name: external-secrets-webhook namespace: external-secrets labels: - helm.sh/chart: external-secrets-2.2.0 + helm.sh/chart: external-secrets-2.3.0 app.kubernetes.io/name: external-secrets-webhook app.kubernetes.io/instance: external-secrets - app.kubernetes.io/version: "v2.2.0" + app.kubernetes.io/version: "v2.3.0" app.kubernetes.io/managed-by: Helm app.kubernetes.io/metrics: "webhook" external-secrets.io/component: webhook diff --git a/clusters/cl01tl/manifests/external-secrets/Service-external-secrets-cert-controller-metrics.yaml b/clusters/cl01tl/manifests/external-secrets/Service-external-secrets-cert-controller-metrics.yaml index 3c4e4f39d..48ab933a3 100644 --- a/clusters/cl01tl/manifests/external-secrets/Service-external-secrets-cert-controller-metrics.yaml +++ b/clusters/cl01tl/manifests/external-secrets/Service-external-secrets-cert-controller-metrics.yaml @@ -4,10 +4,10 @@ metadata: name: external-secrets-cert-controller-metrics namespace: external-secrets labels: - helm.sh/chart: external-secrets-2.2.0 + helm.sh/chart: external-secrets-2.3.0 app.kubernetes.io/name: external-secrets-cert-controller app.kubernetes.io/instance: external-secrets - app.kubernetes.io/version: "v2.2.0" + app.kubernetes.io/version: "v2.3.0" app.kubernetes.io/managed-by: Helm app.kubernetes.io/metrics: "cert-controller" spec: diff --git a/clusters/cl01tl/manifests/external-secrets/Service-external-secrets-metrics.yaml b/clusters/cl01tl/manifests/external-secrets/Service-external-secrets-metrics.yaml index 41610c675..ec8bf8529 100644 --- a/clusters/cl01tl/manifests/external-secrets/Service-external-secrets-metrics.yaml +++ b/clusters/cl01tl/manifests/external-secrets/Service-external-secrets-metrics.yaml @@ -4,10 +4,10 @@ metadata: name: external-secrets-metrics namespace: external-secrets labels: - helm.sh/chart: external-secrets-2.2.0 + helm.sh/chart: external-secrets-2.3.0 app.kubernetes.io/name: external-secrets app.kubernetes.io/instance: external-secrets - app.kubernetes.io/version: "v2.2.0" + app.kubernetes.io/version: "v2.3.0" app.kubernetes.io/managed-by: Helm spec: type: ClusterIP diff --git a/clusters/cl01tl/manifests/external-secrets/Service-external-secrets-webhook.yaml b/clusters/cl01tl/manifests/external-secrets/Service-external-secrets-webhook.yaml index d15aaea1d..be96e76fc 100644 --- a/clusters/cl01tl/manifests/external-secrets/Service-external-secrets-webhook.yaml +++ b/clusters/cl01tl/manifests/external-secrets/Service-external-secrets-webhook.yaml @@ -4,10 +4,10 @@ metadata: name: external-secrets-webhook namespace: external-secrets labels: - helm.sh/chart: external-secrets-2.2.0 + helm.sh/chart: external-secrets-2.3.0 app.kubernetes.io/name: external-secrets-webhook app.kubernetes.io/instance: external-secrets - app.kubernetes.io/version: "v2.2.0" + app.kubernetes.io/version: "v2.3.0" app.kubernetes.io/managed-by: Helm app.kubernetes.io/metrics: "webhook" external-secrets.io/component: webhook diff --git a/clusters/cl01tl/manifests/external-secrets/ServiceAccount-external-secrets-cert-controller.yaml b/clusters/cl01tl/manifests/external-secrets/ServiceAccount-external-secrets-cert-controller.yaml index a440d6e75..405fedf09 100644 --- a/clusters/cl01tl/manifests/external-secrets/ServiceAccount-external-secrets-cert-controller.yaml +++ b/clusters/cl01tl/manifests/external-secrets/ServiceAccount-external-secrets-cert-controller.yaml @@ -4,9 +4,9 @@ metadata: name: external-secrets-cert-controller namespace: external-secrets labels: - helm.sh/chart: external-secrets-2.2.0 + helm.sh/chart: external-secrets-2.3.0 app.kubernetes.io/name: external-secrets-cert-controller app.kubernetes.io/instance: external-secrets - app.kubernetes.io/version: "v2.2.0" + app.kubernetes.io/version: "v2.3.0" app.kubernetes.io/managed-by: Helm app.kubernetes.io/metrics: "cert-controller" diff --git a/clusters/cl01tl/manifests/external-secrets/ServiceAccount-external-secrets-webhook.yaml b/clusters/cl01tl/manifests/external-secrets/ServiceAccount-external-secrets-webhook.yaml index b131c913b..5aa59ab30 100644 --- a/clusters/cl01tl/manifests/external-secrets/ServiceAccount-external-secrets-webhook.yaml +++ b/clusters/cl01tl/manifests/external-secrets/ServiceAccount-external-secrets-webhook.yaml @@ -4,9 +4,9 @@ metadata: name: external-secrets-webhook namespace: external-secrets labels: - helm.sh/chart: external-secrets-2.2.0 + helm.sh/chart: external-secrets-2.3.0 app.kubernetes.io/name: external-secrets-webhook app.kubernetes.io/instance: external-secrets - app.kubernetes.io/version: "v2.2.0" + app.kubernetes.io/version: "v2.3.0" app.kubernetes.io/managed-by: Helm app.kubernetes.io/metrics: "webhook" diff --git a/clusters/cl01tl/manifests/external-secrets/ServiceAccount-external-secrets.yaml b/clusters/cl01tl/manifests/external-secrets/ServiceAccount-external-secrets.yaml index 5998eed21..c40f6e8a6 100644 --- a/clusters/cl01tl/manifests/external-secrets/ServiceAccount-external-secrets.yaml +++ b/clusters/cl01tl/manifests/external-secrets/ServiceAccount-external-secrets.yaml @@ -4,8 +4,8 @@ metadata: name: external-secrets namespace: external-secrets labels: - helm.sh/chart: external-secrets-2.2.0 + helm.sh/chart: external-secrets-2.3.0 app.kubernetes.io/name: external-secrets app.kubernetes.io/instance: external-secrets - app.kubernetes.io/version: "v2.2.0" + app.kubernetes.io/version: "v2.3.0" app.kubernetes.io/managed-by: Helm diff --git a/clusters/cl01tl/manifests/external-secrets/ServiceMonitor-external-secrets-cert-controller-metrics.yaml b/clusters/cl01tl/manifests/external-secrets/ServiceMonitor-external-secrets-cert-controller-metrics.yaml index 771f4e2db..add9be1c8 100644 --- a/clusters/cl01tl/manifests/external-secrets/ServiceMonitor-external-secrets-cert-controller-metrics.yaml +++ b/clusters/cl01tl/manifests/external-secrets/ServiceMonitor-external-secrets-cert-controller-metrics.yaml @@ -2,10 +2,10 @@ apiVersion: "monitoring.coreos.com/v1" kind: ServiceMonitor metadata: labels: - helm.sh/chart: external-secrets-2.2.0 + helm.sh/chart: external-secrets-2.3.0 app.kubernetes.io/name: external-secrets-cert-controller app.kubernetes.io/instance: external-secrets - app.kubernetes.io/version: "v2.2.0" + app.kubernetes.io/version: "v2.3.0" app.kubernetes.io/managed-by: Helm app.kubernetes.io/metrics: "cert-controller" name: external-secrets-cert-controller-metrics diff --git a/clusters/cl01tl/manifests/external-secrets/ServiceMonitor-external-secrets-metrics.yaml b/clusters/cl01tl/manifests/external-secrets/ServiceMonitor-external-secrets-metrics.yaml index e288b8a49..6703b66fd 100644 --- a/clusters/cl01tl/manifests/external-secrets/ServiceMonitor-external-secrets-metrics.yaml +++ b/clusters/cl01tl/manifests/external-secrets/ServiceMonitor-external-secrets-metrics.yaml @@ -2,10 +2,10 @@ apiVersion: "monitoring.coreos.com/v1" kind: ServiceMonitor metadata: labels: - helm.sh/chart: external-secrets-2.2.0 + helm.sh/chart: external-secrets-2.3.0 app.kubernetes.io/name: external-secrets app.kubernetes.io/instance: external-secrets - app.kubernetes.io/version: "v2.2.0" + app.kubernetes.io/version: "v2.3.0" app.kubernetes.io/managed-by: Helm name: external-secrets-metrics namespace: "external-secrets" diff --git a/clusters/cl01tl/manifests/external-secrets/ServiceMonitor-external-secrets-webhook-metrics.yaml b/clusters/cl01tl/manifests/external-secrets/ServiceMonitor-external-secrets-webhook-metrics.yaml index ede976d97..a47ef63df 100644 --- a/clusters/cl01tl/manifests/external-secrets/ServiceMonitor-external-secrets-webhook-metrics.yaml +++ b/clusters/cl01tl/manifests/external-secrets/ServiceMonitor-external-secrets-webhook-metrics.yaml @@ -2,10 +2,10 @@ apiVersion: "monitoring.coreos.com/v1" kind: ServiceMonitor metadata: labels: - helm.sh/chart: external-secrets-2.2.0 + helm.sh/chart: external-secrets-2.3.0 app.kubernetes.io/name: external-secrets-webhook app.kubernetes.io/instance: external-secrets - app.kubernetes.io/version: "v2.2.0" + app.kubernetes.io/version: "v2.3.0" app.kubernetes.io/managed-by: Helm app.kubernetes.io/metrics: "webhook" name: external-secrets-webhook-metrics diff --git a/clusters/cl01tl/manifests/external-secrets/ValidatingWebhookConfiguration-externalsecret-validate.yaml b/clusters/cl01tl/manifests/external-secrets/ValidatingWebhookConfiguration-externalsecret-validate.yaml index 079ad615d..110de1897 100644 --- a/clusters/cl01tl/manifests/external-secrets/ValidatingWebhookConfiguration-externalsecret-validate.yaml +++ b/clusters/cl01tl/manifests/external-secrets/ValidatingWebhookConfiguration-externalsecret-validate.yaml @@ -3,10 +3,10 @@ kind: ValidatingWebhookConfiguration metadata: name: externalsecret-validate labels: - helm.sh/chart: external-secrets-2.2.0 + helm.sh/chart: external-secrets-2.3.0 app.kubernetes.io/name: external-secrets-webhook app.kubernetes.io/instance: external-secrets - app.kubernetes.io/version: "v2.2.0" + app.kubernetes.io/version: "v2.3.0" app.kubernetes.io/managed-by: Helm app.kubernetes.io/metrics: "webhook" external-secrets.io/component: webhook diff --git a/clusters/cl01tl/manifests/external-secrets/ValidatingWebhookConfiguration-secretstore-validate.yaml b/clusters/cl01tl/manifests/external-secrets/ValidatingWebhookConfiguration-secretstore-validate.yaml index 76eb26e34..f8c8af948 100644 --- a/clusters/cl01tl/manifests/external-secrets/ValidatingWebhookConfiguration-secretstore-validate.yaml +++ b/clusters/cl01tl/manifests/external-secrets/ValidatingWebhookConfiguration-secretstore-validate.yaml @@ -3,10 +3,10 @@ kind: ValidatingWebhookConfiguration metadata: name: secretstore-validate labels: - helm.sh/chart: external-secrets-2.2.0 + helm.sh/chart: external-secrets-2.3.0 app.kubernetes.io/name: external-secrets-webhook app.kubernetes.io/instance: external-secrets - app.kubernetes.io/version: "v2.2.0" + app.kubernetes.io/version: "v2.3.0" app.kubernetes.io/managed-by: Helm app.kubernetes.io/metrics: "webhook" external-secrets.io/component: webhook