* build(deps): bump sigs.k8s.io/controller-runtime from 0.11.2 to 0.12.3
Bumps [sigs.k8s.io/controller-runtime](https://github.com/kubernetes-sigs/controller-runtime) from 0.11.2 to 0.12.3.
- [Release notes](https://github.com/kubernetes-sigs/controller-runtime/releases)
- [Changelog](https://github.com/kubernetes-sigs/controller-runtime/blob/master/RELEASE.md)
- [Commits](https://github.com/kubernetes-sigs/controller-runtime/compare/v0.11.2...v0.12.3)
---
updated-dependencies:
- dependency-name: sigs.k8s.io/controller-runtime
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
* feat: bump kubernetes 1.24
Signed-off-by: Moritz Johner <beller.moritz@googlemail.com>
* fix: backwards-compatible vault implementation
Signed-off-by: Moritz Johner <beller.moritz@googlemail.com>
* feat: add audiences field to serviceAccountRef
This will be used by aws, azure, gcp, kubernetes & vault providers
in combination with TokenRequest API: it will _append_ audience claims
to provider-specific audiences.
Signed-off-by: Moritz Johner <beller.moritz@googlemail.com>
* feat: refactor kubernetes client to match provider/client interfaces
the kubernetes provider mixed up provider and client interfaces which
made it really hard to reason about. This commit separates into two
structs, each implements one interface.
The client struct fields have been renamed and annotated so their use
and scope is clear.
Signed-off-by: Moritz Johner <beller.moritz@googlemail.com>
* fix: deprecate expirationSeconds
expirationSeconds is not needed because we generate a
service account token on the fly for a single use.
There will be no replacement for this.
Signed-off-by: Moritz Johner <beller.moritz@googlemail.com>
* fix: rename token fetch audiences field
Signed-off-by: Moritz Johner <beller.moritz@googlemail.com>
* fix: generate CRDs
Signed-off-by: Moritz Johner <beller.moritz@googlemail.com>
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: Moritz Johner <beller.moritz@googlemail.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Moritz Johner <beller.moritz@googlemail.com>
By default ESO reconciles `Kind=ExternalSecret` across every namespace
in a k8s cluster. With the new flag `--nameespace` we can scope the
reconciling only to the provided namespace.
Ticket: #289
