mirror of
https://github.com/external-secrets/external-secrets.git
synced 2024-12-14 11:57:59 +00:00
feat(chart): Enable partial cache for certcontroller when installCRDs=true (#3589)
* chore(chart): Remove unnecessary line breaks to format the list of args Signed-off-by: Tsubasa Nagasawa <toversus2357@gmail.com> * feat(chart): Enable partial cache for certcontroller when installCRDs=true If CRDs are managed by a Helm chart, the addition of the label to the CRDs required for the partial cache feature is reflected in the update. Therefore, if installCRDs=true, the partial cache feature is automatically enabled. Signed-off-by: Tsubasa Nagasawa <toversus2357@gmail.com> * fix: run ct using main images Signed-off-by: Moritz Johner <beller.moritz@googlemail.com> * fix: set helm test values Signed-off-by: Moritz Johner <beller.moritz@googlemail.com> * chore: bump CRDs in helm tests Signed-off-by: Moritz Johner <beller.moritz@googlemail.com> --------- Signed-off-by: Tsubasa Nagasawa <toversus2357@gmail.com> Signed-off-by: Moritz Johner <beller.moritz@googlemail.com> Co-authored-by: Moritz Johner <beller.moritz@googlemail.com>
This commit is contained in:
Tsubasa Nagasawa
GitHub
parent
cc00e7a7ff
commit
8ef07f515d
4 changed files with 128 additions and 2 deletions
|
|
@ -1,2 +1,10 @@
|
|||
image:
|
||||
tag: main
|
||||
|
||||
webhook:
|
||||
image:
|
||||
tag: main
|
||||
|
||||
certController:
|
||||
image:
|
||||
tag: main
|
||||
|
|
|
|||
|
|
@ -62,10 +62,13 @@ spec:
|
|||
- --healthz-addr={{ .Values.certController.readinessProbe.address }}:{{ .Values.certController.readinessProbe.port }}
|
||||
- --loglevel={{ .Values.certController.log.level }}
|
||||
- --zap-time-encoding={{ .Values.certController.log.timeEncoding }}
|
||||
{{ if not .Values.crds.createClusterSecretStore -}}
|
||||
{{- if not .Values.crds.createClusterSecretStore }}
|
||||
- --crd-names=externalsecrets.external-secrets.io
|
||||
- --crd-names=secretstores.external-secrets.io
|
||||
{{- end -}}
|
||||
{{- end }}
|
||||
{{- if .Values.installCRDs }}
|
||||
- --enable-partial-cache=true
|
||||
{{- end }}
|
||||
{{- range $key, $value := .Values.certController.extraArgs }}
|
||||
{{- if $value }}
|
||||
- --{{ $key }}={{ $value }}
|
||||
|
|
|
|||
|
|
@ -40,6 +40,7 @@ should match snapshot of default values:
|
|||
- --healthz-addr=:8081
|
||||
- --loglevel=info
|
||||
- --zap-time-encoding=epoch
|
||||
- --enable-partial-cache=true
|
||||
image: ghcr.io/external-secrets/external-secrets:v0.9.19
|
||||
imagePullPolicy: IfNotPresent
|
||||
name: cert-controller
|
||||
|
|
|
|||
|
|
@ -5,6 +5,8 @@ should match snapshot of default values:
|
|||
metadata:
|
||||
annotations:
|
||||
controller-gen.kubebuilder.io/version: v0.15.0
|
||||
labels:
|
||||
external-secrets.io/component: controller
|
||||
name: secretstores.external-secrets.io
|
||||
spec:
|
||||
conversion:
|
||||
|
|
@ -1555,6 +1557,11 @@ should match snapshot of default values:
|
|||
ClusterSecretStoreCondition describes a condition by which to choose namespaces to process ExternalSecrets in
|
||||
for a ClusterSecretStore instance.
|
||||
properties:
|
||||
namespaceRegexes:
|
||||
description: Choose namespaces by using regex matching
|
||||
items:
|
||||
type: string
|
||||
type: array
|
||||
namespaceSelector:
|
||||
description: Choose namespace using a labelSelector
|
||||
properties:
|
||||
|
|
@ -2412,6 +2419,42 @@ should match snapshot of default values:
|
|||
- clientSecret
|
||||
- tenant
|
||||
type: object
|
||||
device42:
|
||||
description: Device42 configures this store to sync secrets using the Device42 provider
|
||||
properties:
|
||||
auth:
|
||||
description: Auth configures how secret-manager authenticates with a Device42 instance.
|
||||
properties:
|
||||
secretRef:
|
||||
properties:
|
||||
credentials:
|
||||
description: Username / Password is used for authentication.
|
||||
properties:
|
||||
key:
|
||||
description: |-
|
||||
The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
|
||||
defaulted, in others it may be required.
|
||||
type: string
|
||||
name:
|
||||
description: The name of the Secret resource being referred to.
|
||||
type: string
|
||||
namespace:
|
||||
description: |-
|
||||
Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
|
||||
to the namespace of the referent.
|
||||
type: string
|
||||
type: object
|
||||
type: object
|
||||
required:
|
||||
- secretRef
|
||||
type: object
|
||||
host:
|
||||
description: URL configures the Device42 instance URL.
|
||||
type: string
|
||||
required:
|
||||
- auth
|
||||
- host
|
||||
type: object
|
||||
doppler:
|
||||
description: Doppler configures this store to sync secrets using the Doppler provider
|
||||
properties:
|
||||
|
|
@ -2693,6 +2736,77 @@ should match snapshot of default values:
|
|||
required:
|
||||
- auth
|
||||
type: object
|
||||
infisical:
|
||||
description: Infisical configures this store to sync secrets using the Infisical provider
|
||||
properties:
|
||||
auth:
|
||||
description: Auth configures how the Operator authenticates with the Infisical API
|
||||
properties:
|
||||
universalAuthCredentials:
|
||||
properties:
|
||||
clientId:
|
||||
description: |-
|
||||
A reference to a specific 'key' within a Secret resource,
|
||||
In some instances, `key` is a required field.
|
||||
properties:
|
||||
key:
|
||||
description: |-
|
||||
The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
|
||||
defaulted, in others it may be required.
|
||||
type: string
|
||||
name:
|
||||
description: The name of the Secret resource being referred to.
|
||||
type: string
|
||||
namespace:
|
||||
description: |-
|
||||
Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
|
||||
to the namespace of the referent.
|
||||
type: string
|
||||
type: object
|
||||
clientSecret:
|
||||
description: |-
|
||||
A reference to a specific 'key' within a Secret resource,
|
||||
In some instances, `key` is a required field.
|
||||
properties:
|
||||
key:
|
||||
description: |-
|
||||
The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
|
||||
defaulted, in others it may be required.
|
||||
type: string
|
||||
name:
|
||||
description: The name of the Secret resource being referred to.
|
||||
type: string
|
||||
namespace:
|
||||
description: |-
|
||||
Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
|
||||
to the namespace of the referent.
|
||||
type: string
|
||||
type: object
|
||||
required:
|
||||
- clientId
|
||||
- clientSecret
|
||||
type: object
|
||||
type: object
|
||||
hostAPI:
|
||||
default: https://app.infisical.com/api
|
||||
type: string
|
||||
secretsScope:
|
||||
properties:
|
||||
environmentSlug:
|
||||
type: string
|
||||
projectSlug:
|
||||
type: string
|
||||
secretsPath:
|
||||
default: /
|
||||
type: string
|
||||
required:
|
||||
- environmentSlug
|
||||
- projectSlug
|
||||
type: object
|
||||
required:
|
||||
- auth
|
||||
- secretsScope
|
||||
type: object
|
||||
keepersecurity:
|
||||
description: KeeperSecurity configures this store to sync secrets using the KeeperSecurity provider
|
||||
properties:
|
||||
|
|
|
|||
Loading…
Reference in a new issue