1
0
Fork 0
mirror of https://github.com/external-secrets/external-secrets.git synced 2024-12-14 11:57:59 +00:00

feat(chart): Enable partial cache for certcontroller when installCRDs=true (#3589)

* chore(chart): Remove unnecessary line breaks to format the list of args

Signed-off-by: Tsubasa Nagasawa <toversus2357@gmail.com>

* feat(chart): Enable partial cache for certcontroller when installCRDs=true

If CRDs are managed by a Helm chart, the addition of the label to the CRDs
required for the partial cache feature is reflected in the update.
Therefore, if installCRDs=true, the partial cache feature is automatically enabled.

Signed-off-by: Tsubasa Nagasawa <toversus2357@gmail.com>

* fix: run ct using main images

Signed-off-by: Moritz Johner <beller.moritz@googlemail.com>

* fix: set helm test values

Signed-off-by: Moritz Johner <beller.moritz@googlemail.com>

* chore: bump CRDs in helm tests

Signed-off-by: Moritz Johner <beller.moritz@googlemail.com>

---------

Signed-off-by: Tsubasa Nagasawa <toversus2357@gmail.com>
Signed-off-by: Moritz Johner <beller.moritz@googlemail.com>
Co-authored-by: Moritz Johner <beller.moritz@googlemail.com>
This commit is contained in:
Tsubasa Nagasawa 2024-06-18 07:50:45 +09:00 committed by GitHub
parent cc00e7a7ff
commit 8ef07f515d
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
4 changed files with 128 additions and 2 deletions

View file

@ -1,2 +1,10 @@
image:
tag: main
webhook:
image:
tag: main
certController:
image:
tag: main

View file

@ -62,10 +62,13 @@ spec:
- --healthz-addr={{ .Values.certController.readinessProbe.address }}:{{ .Values.certController.readinessProbe.port }}
- --loglevel={{ .Values.certController.log.level }}
- --zap-time-encoding={{ .Values.certController.log.timeEncoding }}
{{ if not .Values.crds.createClusterSecretStore -}}
{{- if not .Values.crds.createClusterSecretStore }}
- --crd-names=externalsecrets.external-secrets.io
- --crd-names=secretstores.external-secrets.io
{{- end -}}
{{- end }}
{{- if .Values.installCRDs }}
- --enable-partial-cache=true
{{- end }}
{{- range $key, $value := .Values.certController.extraArgs }}
{{- if $value }}
- --{{ $key }}={{ $value }}

View file

@ -40,6 +40,7 @@ should match snapshot of default values:
- --healthz-addr=:8081
- --loglevel=info
- --zap-time-encoding=epoch
- --enable-partial-cache=true
image: ghcr.io/external-secrets/external-secrets:v0.9.19
imagePullPolicy: IfNotPresent
name: cert-controller

View file

@ -5,6 +5,8 @@ should match snapshot of default values:
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.15.0
labels:
external-secrets.io/component: controller
name: secretstores.external-secrets.io
spec:
conversion:
@ -1555,6 +1557,11 @@ should match snapshot of default values:
ClusterSecretStoreCondition describes a condition by which to choose namespaces to process ExternalSecrets in
for a ClusterSecretStore instance.
properties:
namespaceRegexes:
description: Choose namespaces by using regex matching
items:
type: string
type: array
namespaceSelector:
description: Choose namespace using a labelSelector
properties:
@ -2412,6 +2419,42 @@ should match snapshot of default values:
- clientSecret
- tenant
type: object
device42:
description: Device42 configures this store to sync secrets using the Device42 provider
properties:
auth:
description: Auth configures how secret-manager authenticates with a Device42 instance.
properties:
secretRef:
properties:
credentials:
description: Username / Password is used for authentication.
properties:
key:
description: |-
The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
defaulted, in others it may be required.
type: string
name:
description: The name of the Secret resource being referred to.
type: string
namespace:
description: |-
Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
to the namespace of the referent.
type: string
type: object
type: object
required:
- secretRef
type: object
host:
description: URL configures the Device42 instance URL.
type: string
required:
- auth
- host
type: object
doppler:
description: Doppler configures this store to sync secrets using the Doppler provider
properties:
@ -2693,6 +2736,77 @@ should match snapshot of default values:
required:
- auth
type: object
infisical:
description: Infisical configures this store to sync secrets using the Infisical provider
properties:
auth:
description: Auth configures how the Operator authenticates with the Infisical API
properties:
universalAuthCredentials:
properties:
clientId:
description: |-
A reference to a specific 'key' within a Secret resource,
In some instances, `key` is a required field.
properties:
key:
description: |-
The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
defaulted, in others it may be required.
type: string
name:
description: The name of the Secret resource being referred to.
type: string
namespace:
description: |-
Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
to the namespace of the referent.
type: string
type: object
clientSecret:
description: |-
A reference to a specific 'key' within a Secret resource,
In some instances, `key` is a required field.
properties:
key:
description: |-
The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
defaulted, in others it may be required.
type: string
name:
description: The name of the Secret resource being referred to.
type: string
namespace:
description: |-
Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
to the namespace of the referent.
type: string
type: object
required:
- clientId
- clientSecret
type: object
type: object
hostAPI:
default: https://app.infisical.com/api
type: string
secretsScope:
properties:
environmentSlug:
type: string
projectSlug:
type: string
secretsPath:
default: /
type: string
required:
- environmentSlug
- projectSlug
type: object
required:
- auth
- secretsScope
type: object
keepersecurity:
description: KeeperSecurity configures this store to sync secrets using the KeeperSecurity provider
properties: