Skip to content

chore(chart-deps): update external-secrets to version 2.7.0 #3399

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Draft
svcAPLBot wants to merge 1 commit into
base: main
Choose a base branch
from
Draft

chore(chart-deps): update external-secrets to version 2.7.0 #3399

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion chart/chart-index/Chart.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -32,7 +32,7 @@ dependencies:
version: 1.21.1
repository: https://kubernetes-sigs.github.io/external-dns
- name: external-secrets
version: 2.5.0
version: 2.7.0
repository: https://charts.external-secrets.io
- name: gitea
version: 12.6.0
Expand Down
4 changes: 2 additions & 2 deletions charts/external-secrets/Chart.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
apiVersion: v2
appVersion: v2.5.0
appVersion: v2.7.0
dependencies:
- condition: bitwarden-sdk-server.enabled
name: bitwarden-sdk-server
Expand All @@ -17,4 +17,4 @@ maintainers:
name: mcavoyk
name: external-secrets
type: application
version: 2.5.0
version: 2.7.0
3 changes: 2 additions & 1 deletion charts/external-secrets/README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,7 @@

[//]: # (README.md generated by gotmpl. DO NOT EDIT.)

![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![Version: 2.5.0](https://img.shields.io/badge/Version-2.5.0-informational?style=flat-square)
![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![Version: 2.7.0](https://img.shields.io/badge/Version-2.7.0-informational?style=flat-square)

External secrets management for Kubernetes

Expand Down Expand Up @@ -243,6 +243,7 @@ The command removes all the Kubernetes components associated with the chart and
| serviceMonitor.relabelings | list | `[]` | Relabel configs to apply to samples before ingestion. [Relabeling](https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config) |
| serviceMonitor.renderMode | string | `"skipIfMissing"` | How should we react to missing CRD "`monitoring.coreos.com/v1/ServiceMonitor`" Possible values: - `skipIfMissing`: Only render ServiceMonitor resources if CRD is present, skip if missing. - `failIfMissing`: Fail Helm install if CRD is not present. - `alwaysRender` : Always render ServiceMonitor resources, do not check for CRD. @schema enum: - skipIfMissing - failIfMissing - alwaysRender @schema |
| serviceMonitor.scrapeTimeout | string | `"25s"` | Timeout if metrics can't be retrieved in given time interval |
| storeRequeueInterval | string | `""` | Default time duration between reconciling (Cluster)SecretStores. |
| strategy | object | `{}` | Set deployment strategy |
| systemAuthDelegator | bool | `false` | If true the system:auth-delegator ClusterRole will be added to RBAC |
| tolerations | list | `[]` | |
Expand Down
214 changes: 214 additions & 0 deletions charts/external-secrets/crds/beyondtrustworkloadcredentialsdynamicsecret.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,214 @@
---
# Source: external-secrets/templates/crds/beyondtrustworkloadcredentialsdynamicsecret.yaml
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.19.0
labels:
external-secrets.io/component: controller
name: beyondtrustworkloadcredentialsdynamicsecrets.generators.external-secrets.io
spec:
group: generators.external-secrets.io
names:
categories:
- external-secrets
- external-secrets-generators
kind: BeyondtrustWorkloadCredentialsDynamicSecret
listKind: BeyondtrustWorkloadCredentialsDynamicSecretList
plural: beyondtrustworkloadcredentialsdynamicsecrets
singular: beyondtrustworkloadcredentialsdynamicsecret
scope: Namespaced
versions:
- name: v1alpha1
schema:
openAPIV3Schema:
description: |-
BeyondtrustWorkloadCredentialsDynamicSecret represents a generator that requests dynamic credentials from BeyondTrust Workload Credentials.
This generator calls the BeyondTrust Workload Credentials API to generate fresh, temporary credentials
(such as AWS STS credentials) each time an ExternalSecret is refreshed.
Dynamic secret definitions must be created in BeyondTrust Workload Credentials before they can be referenced.
For complete documentation, see: https://docs.beyondtrust.com/bt-docs/docs/secrets-api
properties:
apiVersion:
description: |-
APIVersion defines the versioned schema of this representation of an object.
Servers should convert recognized schemas to the latest internal value, and
may reject unrecognized values.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
type: string
kind:
description: |-
Kind is a string value representing the REST resource this object represents.
Servers may infer this from the endpoint the client submits requests to.
Cannot be updated.
In CamelCase.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
type: string
metadata:
type: object
spec:
description: |-
BeyondtrustWorkloadCredentialsDynamicSecretSpec defines the desired spec for BeyondtrustWorkloadCredentials dynamic generator.
This generator enables obtaining temporary, short-lived credentials from BeyondTrust Workload Credentials.
For more information, see: https://docs.beyondtrust.com/bt-docs/docs/secrets-api
properties:
controller:
description: |-
Controller selects the controller that should handle this generator.
Leave empty to use the default controller.
type: string
provider:
description: |-
Provider contains the BeyondtrustWorkloadCredentials provider configuration including authentication,
server connection details, and the folder path to the dynamic secret definition.
The folderPath should point to a dynamic secret definition that has been created in
BeyondTrust Workload Credentials (e.g., "production/aws-temp").
For setup details, see: https://docs.beyondtrust.com/bt-docs/docs/secrets-api
properties:
auth:
description: |-
Auth configures how the Operator authenticates with the BeyondTrust Workload Credentials API.
Currently supports API key authentication via Kubernetes secret reference.
For authentication setup, see: https://docs.beyondtrust.com/bt-docs/docs/secrets-api#authentication
properties:
apikey:
description: |-
APIKey configures API token authentication for BeyondTrust Workload Credentials.
The token is retrieved from a Kubernetes secret and used as a Bearer token for API requests.
properties:
token:
description: |-
Token references the Kubernetes secret containing the BeyondTrust Workload Credentials API token.
The secret should contain the API key used to authenticate with BeyondTrust Workload Credentials.
Create an API token in your BeyondTrust Workload Credentials console and store it in a Kubernetes secret.
For details on creating API tokens, see: https://docs.beyondtrust.com/bt-docs/docs/secrets-api#authentication
properties:
key:
description: |-
A key in the referenced Secret.
Some instances of this field may be defaulted, in others it may be required.
maxLength: 253
minLength: 1
pattern: ^[-._a-zA-Z0-9]+$
type: string
name:
description: The name of the Secret resource being referred to.
maxLength: 253
minLength: 1
pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
type: string
namespace:
description: |-
The namespace of the Secret resource being referred to.
Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent.
maxLength: 63
minLength: 1
pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
type: string
type: object
required:
- token
type: object
required:
- apikey
type: object
caBundle:
description: |-
CABundle is a base64-encoded CA certificate used to validate the BeyondTrust Workload Credentials API TLS certificate.
Use this when your BeyondTrust instance uses a self-signed certificate or internal CA.
If not set, the system's trusted root certificates are used.
format: byte
type: string
caProvider:
description: |-
CAProvider points to a Secret or ConfigMap containing a PEM-encoded CA certificate.
This is used to validate the BeyondTrust Workload Credentials API TLS certificate.
Use this as an alternative to CABundle when you want to reference an existing Kubernetes resource.
properties:
key:
description: The key where the CA certificate can be found in the Secret or ConfigMap.
maxLength: 253
minLength: 1
pattern: ^[-._a-zA-Z0-9]+$
type: string
name:
description: The name of the object located at the provider type.
maxLength: 253
minLength: 1
pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
type: string
namespace:
description: |-
The namespace the Provider type is in.
Can only be defined when used in a ClusterSecretStore.
maxLength: 63
minLength: 1
pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
type: string
type:
description: The type of provider to use such as "Secret", or "ConfigMap".
enum:
- Secret
- ConfigMap
type: string
required:
- name
- type
type: object
folderPath:
description: |-
FolderPath specifies the default folder path for secret retrieval.
Secrets will be fetched from this folder unless overridden in the ExternalSecret spec.
Example: "production/database" or "dev/api-keys"
Leave empty to retrieve secrets from the root folder.
For folder organization, see: https://docs.beyondtrust.com/bt-docs/docs/secrets-api#folders
type: string
server:
description: |-
Server configures the BeyondTrust Workload Credentials server connection details.
Includes the API URL and Site ID for your BeyondTrust instance.
For API reference, see: https://docs.beyondtrust.com/bt-docs/docs/secrets-api
properties:
apiUrl:
description: |-
APIURL is the base URL of your BeyondTrust Workload Credentials API server.
This should be the full URL to your BeyondTrust instance.
Example: https://api.beyondtrust.io/siie
For more information, see: https://docs.beyondtrust.com/bt-docs/docs/secrets-api#base-url
type: string
siteId:
description: |-
SiteID is your BeyondTrust Workload Credentials site identifier (UUID format).
This identifier is unique to your BeyondTrust Workload Credentials instance.
You can find your Site ID in the BeyondTrust Workload Credentials admin console.
Example: a1b2c3d4-e5f6-4890-abcd-ef1234567890
For more information, see: https://docs.beyondtrust.com/bt-docs/docs/secrets-api
type: string
required:
- apiUrl
- siteId
type: object
required:
- auth
- server
type: object
retrySettings:
description: |-
RetrySettings configures exponential backoff for failed API requests.
If not specified, uses the default retry settings.
properties:
maxRetries:
format: int32
type: integer
retryInterval:
type: string
type: object
required:
- provider
type: object
type: object
served: true
storage: true
subresources:
status: {}
Loading
Loading