Update cert-manager certificate duration to 1 year in the Helm chart.
This commit resolves a timing issue in the external-secrets Helm chart,
where the default certificate duration was previously not explicitly
set. This lack of specification led to conflicts with the cert-manager's
lookahead interval. By setting the `webhook.certManager.cert.duration`
to "8760h" (one year), we ensure that cert-manager will renew the
certificate before the external-secrets webhook starts to report issues,
and restarts, due to the certificate nearing expiration (as per the
lookahead interval).
This solution has been discussed in
external-secrets/external-secrets#2519.
Signed-off-by: Thibault Gérondal <tgerondal@emasphere.com>
* feat: add templating to PushSecret
Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com>
* adding unit tests around templating basic concepts and verifying output
Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com>
* extracting some of the common functions of the parser
Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com>
* remove some more duplication
Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com>
* removed commented out code segment
Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com>
* added documentation for templating feature
Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com>
* simplified the templating for annotations and labels
Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com>
---------
Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com>
* extra pod spec option added to helm deployment
Signed-off-by: Adrian Robotka <robotka.adrian@gmail.com>
* output of make helm.docs
Signed-off-by: Adrian Robotka <robotka.adrian@gmail.com>
---------
Signed-off-by: Adrian Robotka <robotka.adrian@gmail.com>
The `scope` parameter used to be the ACR url foobar.azurecr.io, but
this stopped working. Turns out that you need to use the management
endpoint as `scope` in order to authenticate with ACR.
Signed-off-by: Moritz Johner <beller.moritz@googlemail.com>
* Docs - add note clarifying how to use filterpem for future readers
Signed-off-by: arnoldrw <arnold.rw@pg.com>
* Update docs/guides/templating.md
Co-authored-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com>
Signed-off-by: Ryan Arnold <51235300+arnoldrw@users.noreply.github.com>
---------
Signed-off-by: arnoldrw <arnold.rw@pg.com>
Signed-off-by: Ryan Arnold <51235300+arnoldrw@users.noreply.github.com>
Co-authored-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com>
* docs: Recommend use of Workload Identity for Azure Key Vault
Mentions AAD Pod Identity is deprecated and updates overview
of supported authentication modes for Azure Key Vault.
This removes "should use aad-pod-identity" wording, see
https://github.com/external-secrets/external-secrets/discussions/2901
Signed-off-by: Mateusz Łoskot <mateusz@loskot.net>
* docs: Fix missing link to Multi-Tenancy Guide
Signed-off-by: Mateusz Łoskot <mateusz@loskot.net>
* docs: Fix typos
Capitalise own names.
Signed-off-by: Mateusz Łoskot <mateusz@loskot.net>
---------
Signed-off-by: Mateusz Łoskot <mateusz@loskot.net>
* fix: support more types in webhook response
Signed-off-by: Moritz Johner <beller.moritz@googlemail.com>
* fix: properly decode json
Signed-off-by: Moritz Johner <beller.moritz@googlemail.com>
* Update pkg/provider/webhook/webhook.go
Co-authored-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com>
Signed-off-by: Moritz Johner <moolen@users.noreply.github.com>
* Update pkg/provider/webhook/webhook.go
Co-authored-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com>
Signed-off-by: Moritz Johner <moolen@users.noreply.github.com>
* fix: expose errors
Signed-off-by: Moritz Johner <beller.moritz@googlemail.com>
---------
Signed-off-by: Moritz Johner <beller.moritz@googlemail.com>
Signed-off-by: Moritz Johner <moolen@users.noreply.github.com>
Co-authored-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com>
* feat: allow pushing the whole secret to the provider
Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com>
* add documentation about pushing a whole secret
Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com>
* disabling this feature for the rest of the providers for now
Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com>
* added scenario for update with existing property
Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com>
---------
Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com>
