mirror of
https://github.com/external-secrets/external-secrets.git
synced 2024-12-14 11:57:59 +00:00
feat(chart): Enable partial cache for certcontroller when installCRDs=true (#3589)
* chore(chart): Remove unnecessary line breaks to format the list of args Signed-off-by: Tsubasa Nagasawa <toversus2357@gmail.com> * feat(chart): Enable partial cache for certcontroller when installCRDs=true If CRDs are managed by a Helm chart, the addition of the label to the CRDs required for the partial cache feature is reflected in the update. Therefore, if installCRDs=true, the partial cache feature is automatically enabled. Signed-off-by: Tsubasa Nagasawa <toversus2357@gmail.com> * fix: run ct using main images Signed-off-by: Moritz Johner <beller.moritz@googlemail.com> * fix: set helm test values Signed-off-by: Moritz Johner <beller.moritz@googlemail.com> * chore: bump CRDs in helm tests Signed-off-by: Moritz Johner <beller.moritz@googlemail.com> --------- Signed-off-by: Tsubasa Nagasawa <toversus2357@gmail.com> Signed-off-by: Moritz Johner <beller.moritz@googlemail.com> Co-authored-by: Moritz Johner <beller.moritz@googlemail.com>
This commit is contained in:
parent
cc00e7a7ff
commit
8ef07f515d
4 changed files with 128 additions and 2 deletions
|
@ -1,2 +1,10 @@
|
||||||
image:
|
image:
|
||||||
tag: main
|
tag: main
|
||||||
|
|
||||||
|
webhook:
|
||||||
|
image:
|
||||||
|
tag: main
|
||||||
|
|
||||||
|
certController:
|
||||||
|
image:
|
||||||
|
tag: main
|
||||||
|
|
|
@ -62,10 +62,13 @@ spec:
|
||||||
- --healthz-addr={{ .Values.certController.readinessProbe.address }}:{{ .Values.certController.readinessProbe.port }}
|
- --healthz-addr={{ .Values.certController.readinessProbe.address }}:{{ .Values.certController.readinessProbe.port }}
|
||||||
- --loglevel={{ .Values.certController.log.level }}
|
- --loglevel={{ .Values.certController.log.level }}
|
||||||
- --zap-time-encoding={{ .Values.certController.log.timeEncoding }}
|
- --zap-time-encoding={{ .Values.certController.log.timeEncoding }}
|
||||||
{{ if not .Values.crds.createClusterSecretStore -}}
|
{{- if not .Values.crds.createClusterSecretStore }}
|
||||||
- --crd-names=externalsecrets.external-secrets.io
|
- --crd-names=externalsecrets.external-secrets.io
|
||||||
- --crd-names=secretstores.external-secrets.io
|
- --crd-names=secretstores.external-secrets.io
|
||||||
{{- end -}}
|
{{- end }}
|
||||||
|
{{- if .Values.installCRDs }}
|
||||||
|
- --enable-partial-cache=true
|
||||||
|
{{- end }}
|
||||||
{{- range $key, $value := .Values.certController.extraArgs }}
|
{{- range $key, $value := .Values.certController.extraArgs }}
|
||||||
{{- if $value }}
|
{{- if $value }}
|
||||||
- --{{ $key }}={{ $value }}
|
- --{{ $key }}={{ $value }}
|
||||||
|
|
|
@ -40,6 +40,7 @@ should match snapshot of default values:
|
||||||
- --healthz-addr=:8081
|
- --healthz-addr=:8081
|
||||||
- --loglevel=info
|
- --loglevel=info
|
||||||
- --zap-time-encoding=epoch
|
- --zap-time-encoding=epoch
|
||||||
|
- --enable-partial-cache=true
|
||||||
image: ghcr.io/external-secrets/external-secrets:v0.9.19
|
image: ghcr.io/external-secrets/external-secrets:v0.9.19
|
||||||
imagePullPolicy: IfNotPresent
|
imagePullPolicy: IfNotPresent
|
||||||
name: cert-controller
|
name: cert-controller
|
||||||
|
|
|
@ -5,6 +5,8 @@ should match snapshot of default values:
|
||||||
metadata:
|
metadata:
|
||||||
annotations:
|
annotations:
|
||||||
controller-gen.kubebuilder.io/version: v0.15.0
|
controller-gen.kubebuilder.io/version: v0.15.0
|
||||||
|
labels:
|
||||||
|
external-secrets.io/component: controller
|
||||||
name: secretstores.external-secrets.io
|
name: secretstores.external-secrets.io
|
||||||
spec:
|
spec:
|
||||||
conversion:
|
conversion:
|
||||||
|
@ -1555,6 +1557,11 @@ should match snapshot of default values:
|
||||||
ClusterSecretStoreCondition describes a condition by which to choose namespaces to process ExternalSecrets in
|
ClusterSecretStoreCondition describes a condition by which to choose namespaces to process ExternalSecrets in
|
||||||
for a ClusterSecretStore instance.
|
for a ClusterSecretStore instance.
|
||||||
properties:
|
properties:
|
||||||
|
namespaceRegexes:
|
||||||
|
description: Choose namespaces by using regex matching
|
||||||
|
items:
|
||||||
|
type: string
|
||||||
|
type: array
|
||||||
namespaceSelector:
|
namespaceSelector:
|
||||||
description: Choose namespace using a labelSelector
|
description: Choose namespace using a labelSelector
|
||||||
properties:
|
properties:
|
||||||
|
@ -2412,6 +2419,42 @@ should match snapshot of default values:
|
||||||
- clientSecret
|
- clientSecret
|
||||||
- tenant
|
- tenant
|
||||||
type: object
|
type: object
|
||||||
|
device42:
|
||||||
|
description: Device42 configures this store to sync secrets using the Device42 provider
|
||||||
|
properties:
|
||||||
|
auth:
|
||||||
|
description: Auth configures how secret-manager authenticates with a Device42 instance.
|
||||||
|
properties:
|
||||||
|
secretRef:
|
||||||
|
properties:
|
||||||
|
credentials:
|
||||||
|
description: Username / Password is used for authentication.
|
||||||
|
properties:
|
||||||
|
key:
|
||||||
|
description: |-
|
||||||
|
The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
|
||||||
|
defaulted, in others it may be required.
|
||||||
|
type: string
|
||||||
|
name:
|
||||||
|
description: The name of the Secret resource being referred to.
|
||||||
|
type: string
|
||||||
|
namespace:
|
||||||
|
description: |-
|
||||||
|
Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
|
||||||
|
to the namespace of the referent.
|
||||||
|
type: string
|
||||||
|
type: object
|
||||||
|
type: object
|
||||||
|
required:
|
||||||
|
- secretRef
|
||||||
|
type: object
|
||||||
|
host:
|
||||||
|
description: URL configures the Device42 instance URL.
|
||||||
|
type: string
|
||||||
|
required:
|
||||||
|
- auth
|
||||||
|
- host
|
||||||
|
type: object
|
||||||
doppler:
|
doppler:
|
||||||
description: Doppler configures this store to sync secrets using the Doppler provider
|
description: Doppler configures this store to sync secrets using the Doppler provider
|
||||||
properties:
|
properties:
|
||||||
|
@ -2693,6 +2736,77 @@ should match snapshot of default values:
|
||||||
required:
|
required:
|
||||||
- auth
|
- auth
|
||||||
type: object
|
type: object
|
||||||
|
infisical:
|
||||||
|
description: Infisical configures this store to sync secrets using the Infisical provider
|
||||||
|
properties:
|
||||||
|
auth:
|
||||||
|
description: Auth configures how the Operator authenticates with the Infisical API
|
||||||
|
properties:
|
||||||
|
universalAuthCredentials:
|
||||||
|
properties:
|
||||||
|
clientId:
|
||||||
|
description: |-
|
||||||
|
A reference to a specific 'key' within a Secret resource,
|
||||||
|
In some instances, `key` is a required field.
|
||||||
|
properties:
|
||||||
|
key:
|
||||||
|
description: |-
|
||||||
|
The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
|
||||||
|
defaulted, in others it may be required.
|
||||||
|
type: string
|
||||||
|
name:
|
||||||
|
description: The name of the Secret resource being referred to.
|
||||||
|
type: string
|
||||||
|
namespace:
|
||||||
|
description: |-
|
||||||
|
Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
|
||||||
|
to the namespace of the referent.
|
||||||
|
type: string
|
||||||
|
type: object
|
||||||
|
clientSecret:
|
||||||
|
description: |-
|
||||||
|
A reference to a specific 'key' within a Secret resource,
|
||||||
|
In some instances, `key` is a required field.
|
||||||
|
properties:
|
||||||
|
key:
|
||||||
|
description: |-
|
||||||
|
The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
|
||||||
|
defaulted, in others it may be required.
|
||||||
|
type: string
|
||||||
|
name:
|
||||||
|
description: The name of the Secret resource being referred to.
|
||||||
|
type: string
|
||||||
|
namespace:
|
||||||
|
description: |-
|
||||||
|
Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
|
||||||
|
to the namespace of the referent.
|
||||||
|
type: string
|
||||||
|
type: object
|
||||||
|
required:
|
||||||
|
- clientId
|
||||||
|
- clientSecret
|
||||||
|
type: object
|
||||||
|
type: object
|
||||||
|
hostAPI:
|
||||||
|
default: https://app.infisical.com/api
|
||||||
|
type: string
|
||||||
|
secretsScope:
|
||||||
|
properties:
|
||||||
|
environmentSlug:
|
||||||
|
type: string
|
||||||
|
projectSlug:
|
||||||
|
type: string
|
||||||
|
secretsPath:
|
||||||
|
default: /
|
||||||
|
type: string
|
||||||
|
required:
|
||||||
|
- environmentSlug
|
||||||
|
- projectSlug
|
||||||
|
type: object
|
||||||
|
required:
|
||||||
|
- auth
|
||||||
|
- secretsScope
|
||||||
|
type: object
|
||||||
keepersecurity:
|
keepersecurity:
|
||||||
description: KeeperSecurity configures this store to sync secrets using the KeeperSecurity provider
|
description: KeeperSecurity configures this store to sync secrets using the KeeperSecurity provider
|
||||||
properties:
|
properties:
|
||||||
|
|
Loading…
Reference in a new issue