mirrors/external-secrets
1
0
Fork 0
mirror of https://github.com/external-secrets/external-secrets.git synced 2024-12-14 11:57:59 +00:00
Code Activity
3061 commits 135 branches 173 tags 201 MiB
Commit graph

165 commits

Author SHA1 Message Date
renanaAkeyless
ed59520674
added akeyless k8s auth option (#1531) 
* added akeyless k8s auth option

Signed-off-by: Docs <renana@akeyless.io>
 2022-09-11 13:25:29 +02:00
dependabot[bot]
67fedc840e
Kubernetes v1.24 upgrade (#1345) 
* build(deps): bump sigs.k8s.io/controller-runtime from 0.11.2 to 0.12.3

Bumps [sigs.k8s.io/controller-runtime](https://github.com/kubernetes-sigs/controller-runtime) from 0.11.2 to 0.12.3.
- [Release notes](https://github.com/kubernetes-sigs/controller-runtime/releases)
- [Changelog](https://github.com/kubernetes-sigs/controller-runtime/blob/master/RELEASE.md)
- [Commits](https://github.com/kubernetes-sigs/controller-runtime/compare/v0.11.2...v0.12.3)

---
updated-dependencies:
- dependency-name: sigs.k8s.io/controller-runtime
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

* feat: bump kubernetes 1.24

Signed-off-by: Moritz Johner <beller.moritz@googlemail.com>

* fix: backwards-compatible vault implementation

Signed-off-by: Moritz Johner <beller.moritz@googlemail.com>

* feat: add audiences field to serviceAccountRef

This will be used by aws, azure, gcp, kubernetes & vault providers
in combination with TokenRequest API: it will _append_ audience claims
to provider-specific audiences.

Signed-off-by: Moritz Johner <beller.moritz@googlemail.com>

* feat: refactor kubernetes client to match provider/client interfaces

the kubernetes provider mixed up provider and client interfaces which
made it really hard to reason about. This commit separates into two
structs, each implements one interface.
The client struct fields have been renamed and annotated so their use
and scope is clear.

Signed-off-by: Moritz Johner <beller.moritz@googlemail.com>

* fix: deprecate expirationSeconds

expirationSeconds is not needed because we generate a
service account token on the fly for a single use.
There will be no replacement for this.

Signed-off-by: Moritz Johner <beller.moritz@googlemail.com>

* fix: rename token fetch audiences field

Signed-off-by: Moritz Johner <beller.moritz@googlemail.com>

* fix: generate CRDs

Signed-off-by: Moritz Johner <beller.moritz@googlemail.com>

Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: Moritz Johner <beller.moritz@googlemail.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Moritz Johner <beller.moritz@googlemail.com>
 2022-08-19 17:32:06 +02:00
Moritz Johner
2d20b5488e
feat: add azkv.environmentType (#1469) 
users of USGovCloud, ChinaCloud, GermanCloud need slightly different
configuration for AADEndpoint and keyvault resource.

This is based on CSI Secret Store Azure KV driver,

Signed-off-by: Moritz Johner <beller.moritz@googlemail.com>

Signed-off-by: Moritz Johner <beller.moritz@googlemail.com>
 2022-08-18 00:12:44 +02:00
Helena Steck
2b5710d8d5
add missing default values for spec.target (#1431) 
Add missing default values for ExternalSecretTarget on CRD definition
Fixes #1233

Signed-off-by: Helena Steck <steckhelena@gmail.com>
 2022-08-08 21:27:13 +02:00
Gustavo Fernandes de Carvalho
b4e7acfaa9
Implements dataFrom key rewrite (#1381) 
* Implements dataFrom key rewrite

Co-authored-by: Moritz Johner <moolen@users.noreply.github.com>
Signed-off-by: Gustavo Carvalho <gusfcarvalho@gmail.com>

* docs: add example to remove invalid characters

Signed-off-by: Moritz Johner <beller.moritz@googlemail.com>

Co-authored-by: Moritz Johner <moolen@users.noreply.github.com>
Co-authored-by: Moritz Johner <beller.moritz@googlemail.com>
 2022-08-04 15:24:02 -03:00
dependabot[bot]
9c09b936b1
build(deps): bump sigs.k8s.io/controller-tools from 0.9.0 to 0.9.2 (#1322) 
* build(deps): bump sigs.k8s.io/controller-tools from 0.9.0 to 0.9.2

Bumps [sigs.k8s.io/controller-tools](https://github.com/kubernetes-sigs/controller-tools) from 0.9.0 to 0.9.2.
- [Release notes](https://github.com/kubernetes-sigs/controller-tools/releases)
- [Changelog](https://github.com/kubernetes-sigs/controller-tools/blob/master/RELEASE.md)
- [Commits](https://github.com/kubernetes-sigs/controller-tools/compare/v0.9.0...v0.9.2)

---
updated-dependencies:
- dependency-name: sigs.k8s.io/controller-tools
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

* fix: re-gen CRDs

Signed-off-by: Moritz Johner <beller.moritz@googlemail.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Moritz Johner <beller.moritz@googlemail.com>
 2022-07-28 22:39:24 +02:00
Moritz Johner
4affcb7345
🐛Clarify CAProvider usage in struct annotations (#1397) 
Signed-off-by: Moritz Johner <beller.moritz@googlemail.com>
 2022-07-27 18:44:23 -03:00
Devin Buhl
1da44c7fb0
feat: add kustomization file to config/crds/bases folder (#1274) 
* fix: add kustomization file to crds folder

This will allow for the CRDs to be installed into a Kubernetes cluster from a Kustomization, for example:

```yaml
---
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
  - github.com/external-secrets/external-secrets//config/crds/bases?ref=v0.5.6
```

* fix: generate script

* fix: helm.generate

Co-authored-by: Moritz Johner <beller.moritz@googlemail.com>
 2022-07-27 19:28:59 +02:00
Mike
fdf1f9ce6f
feat: Add support for container auth to IBM provider. (#1177) 2022-07-26 22:48:07 +02:00
Gareth Evans
7eff8db532
feat: additional columns for kubectl output (#1359) 2022-07-19 20:48:37 +02:00
Gustavo Fernandes de Carvalho
fa91ba0f6c
Adds DecodingStrategy to ExternalSecrets (#1294) 
Fixes #920

Signed-off-by: Gustavo Carvalho <gustavo.carvalho@container-solutions.com>
 2022-07-12 09:18:00 -03:00
Moritz Johner
cff9be1664
feat(kubernetes): allow service account auth (#1201) 
* feat(kubernetes): allow service account auth

Signed-off-by: Moritz Johner <beller.moritz@googlemail.com>
 2022-06-13 21:49:05 +02:00
Gustavo Carvalho
e3e7acb153 bump controller-tools,google-golang-api,google-golang-grpc versions 
Signed-off-by: Gustavo Carvalho <gustavo.carvalho@container-solutions.com>
 2022-05-25 07:39:22 -03:00
paul-the-alien[bot]
1a6579b876
Merge pull request #1062 from dreadful-dragon/feature/azkv-tags-sync 
azkv tag feature
 2022-05-20 15:51:50 +00:00
paul-the-alien[bot]
3de2cc8bee
Merge pull request #1040 from AndreyZamyslov/yandex-certificate-manager 
Support for Yandex Certificate Manager
 2022-05-17 16:48:58 +00:00
Cristina DE DIOS GONZÁLEZ
3256bc4b82 azkv tag feature 2022-05-16 16:49:34 +02:00
david amick
435aefc7ac
Add 1Password support 2022-05-08 17:01:26 -07:00
Docs
c73206b29c Add senhasegura DSM provider 2022-05-02 13:28:18 -03:00
Gonzalo Servat
db7fd4a037
Fix casing on Gitlab 2022-04-28 21:43:42 +10:00
Docs
dc7df48cae add support for Yandex Certificate Manager 2022-04-22 21:40:52 +03:00
Gustavo Carvalho
3bd0d2d04f Making spec.target optional 
fixes #996

Signed-off-by: Gustavo Carvalho <gustavo.carvalho@container-solutions.com>
 2022-04-20 13:27:13 -03:00
Merlin
4820cc9165 Ignore ExternalSecret processing if the store is not usuable (e.g. 
NotReady).
 2022-04-13 23:24:39 +02:00
Moritz Johner
c2bcceb057
feat: implement deletionPolicy (#900) 
* feat: implement deletionPolicy

Signed-off-by: Moritz Johner <beller.moritz@googlemail.com>
Co-authored-by: Gustavo Fernandes de Carvalho <gustavo.carvalho@container-solutions.com>
 2022-04-05 13:38:06 +02:00
Alfred Krohmer
d7022b1bef
feat(vault): add option for JWT backend to authenticate with Kubernetes service account token (#768) 2022-04-04 21:20:58 +02:00
Gustavo Carvalho
c779ef59e7 Marking v1alpha1 as deprecated. 
Improving docs and menu order.
Signed-off-by: Gustavo Carvalho <gustavo.carvalho@container-solutions.com>
 2022-03-29 11:21:32 -03:00
Moritz Johner
cf7e3832ae
feat(azure): implement workload identity (#738) 
* feat(azure): implement workload identity

Signed-off-by: Moritz Johner <beller.moritz@googlemail.com>
Co-authored-by: Henning Eggers <henning.eggers@inovex.de>
 2022-03-22 21:59:01 +01:00
Docs
bdc5d9b378 fix: update CRDs 2022-03-20 09:34:03 +01:00
Daniel Hix
324c7def06
feat: implement ClusterExternalSecret (#542) 
Co-authored-by: Gustavo Fernandes de Carvalho <gusfcarvalho@gmail.com>
 2022-03-20 09:32:27 +01:00
Gustavo Carvalho
164e8776ec Adding docs and implementing ConversionStrategy 
Signed-off-by: Gustavo Carvalho <gustavo.carvalho@container-solutions.com>
 2022-03-09 06:59:54 -03:00
Gustavo Carvalho
2f23fd28ed Adding GetAllSecrets for Hashicorp Vault 
Signed-off-by: Gustavo Carvalho <gustavo.carvalho@container-solutions.com>
 2022-03-09 05:40:09 -03:00
paul-the-alien[bot]
439ecfaf9d
Merge pull request #783 from AtzeDeVries/allow-gcp-cross-project-secrets 
GCP: allow cluster to be in different project
 2022-03-09 10:03:20 +00:00
Atze de Vries
2f53ab8220 also make optional for v1beta1 and add note to docs 2022-03-03 19:35:38 +01:00
Atze de Vries
739043283c make clusterProjectID omitemtpy 2022-03-02 18:03:45 +01:00
Atze de Vries
da47ad2cac GCP: allow cluster to be in different project 2022-03-02 11:24:04 +01:00
Moritz Johner
8fc4484cc6 feat: implement validating webhook 
Signed-off-by: Moritz Johner <beller.moritz@googlemail.com>
 2022-03-01 21:25:15 +01:00
Moritz Johner
fb8f496204 Merge branch 'main' into feature/conversion-webhook 2022-02-23 08:15:03 +01:00
Gustavo Carvalho
40ec693479 Merge branch 'main' into feature/conversion-webhook 
Fixed conflicts and implemented necessary changes for v1beta1
 2022-02-16 16:00:32 -03:00
Gustavo Carvalho
1d8cfc4a12 Changed logic of Webhook check for certs. 
Signed-off-by: Gustavo Carvalho <gustavo.carvalho@container-solutions.com>
 2022-02-14 15:46:10 -03:00
Gustavo Carvalho
1587fa02b1 Improved deployments and crd logic. Added cert-controller reconcile tests 
Signed-off-by: Gustavo Carvalho <gustavo.carvalho@container-solutions.com>
 2022-02-14 10:08:27 -03:00
Gustavo Carvalho
23784803ff Merge branch 'main' into feature/conversion-webhook 
Updated Oracle provider new specs for v1beta1
Signed-off-by: Gustavo Carvalho <gustavo.carvalho@container-solutions.com>
 2022-02-10 16:55:37 -03:00
Gustavo Carvalho
f1d3802604 Attempting to separate webhook in a new container 
Signed-off-by: Gustavo Carvalho <gustavo.carvalho@container-solutions.com>
 2022-02-10 15:38:54 -03:00
Gustavo Carvalho
fd9e09a1ee WIP: Structured reconciliation loops for CRDs 
Signed-off-by: Gustavo Carvalho <gustavo.carvalho@container-solutions.com>
 2022-02-10 14:12:13 -03:00
Kellin McAvoy
6318811108 Cleanup and remove kustomize manifests in favor of Helm chart 2021-04-08 13:56:11 -05:00
Kellin McAvoy
7be249ba63 Add vault provider implementation 2021-03-26 03:36:48 -05:00
Jonatas Baldin
e171fda212 Add update verb to leasaes.coordination.k8s.io RBAC 2021-03-24 11:27:42 +01:00
Jonatas Baldin
5c85e0ec85 Add empty new line on config/rbac/leader_election_role.yaml 2021-03-24 11:18:31 +01:00
Jonatas Baldin
5ea50f44b0 Add RBAC permissions to the GET/CREATE on the leases.coordination.k8s.io API to enable the operator leader election 2021-03-24 11:17:33 +01:00
Moritz Johner
640978ca9e
feat: awssm refactoring (#57) 
* fix: refactor awssm provider
 2021-03-10 11:43:25 +01:00
Moritz Johner
a017255464
fix: validate refresh interval, refresh externalsecret (#48) 
* fix: refresh es
 2021-03-05 23:58:08 +01:00
Moritz Johner
53cc579ee8
fix: ssm may respond with nil SecretString (#41) 
also: support nested json keys like foo.bar
details here: https://github.com/tidwall/gjson
 2021-02-26 09:11:16 +01:00
Moritz Johner
92be45df6a
add awssm support (#34) 
* feat: add awssm

fixes #26
 2021-02-24 20:01:28 +01:00
Moritz Johner
89c56c269f
feat: status conditions (#25) 
* feat: implement es ready condition

Co-authored-by: Kellin <kellinmcavoy@gmail.com>
 2021-02-15 21:51:38 +01:00
Moritz Johner
b460153452 chore: update crd-spec 
see https://github.com/external-secrets/crd-spec/pull/3

Signed-off-by: Moritz Johner <beller.moritz@googlemail.com>
 2021-02-06 13:10:00 +01:00
Lucas Severo Alves
3227e730f1 Change dir structure and adapt 2021-01-27 12:08:28 +01:00
Jonatas Baldin
5e3c3e8d3f Fix README examples and resource samples 2021-01-06 16:49:59 +01:00
Kellin McAvoy
987d499241 cleanup: add lint and editorconfig 2020-12-21 14:38:48 -05:00
Jonatas Baldin
364f6be071
Merge pull request #9 from external-secrets/feat/provider-interface 
feat: provider interface
 2020-12-09 17:35:31 +01:00
Moritz Johner
2f5da00f50 fix: update example store 2020-12-09 13:16:34 +01:00
Jonatas Baldin
ec599c51c2
Remove old CRDs from x-k8s.io domain (#10) 2020-12-02 00:26:03 +01:00
Kellin McAvoy
f1fb6cfa06 feat: implement provider interface 
adds the provider interface, generic store and schema registration.
mostly taken from  itscontained/secret-manager

Co-authored-by: Moritz Johner <beller.moritz@googlemail.com>
 2020-12-01 15:57:14 +01:00
Jonatas Baldin
fe86491c76 Change CRD subdomain from external-secerets.x-k8s.io to external-secrets.io 2020-11-30 13:24:07 +01:00
Jonatas Baldin
a94b8db3f3 Generate manifests 2020-11-24 11:52:06 +01:00
Jonatas Baldin
5764efe196 Improve wording on ExternalSecret sample 2020-11-24 11:51:20 +01:00
Jonatas Baldin
3546ee0661 Add Kind to ExternalSecret.spec.secretStoreRef 2020-11-24 11:51:03 +01:00
Jonatas Baldin
52fc65aeef Bootstrap project 2020-11-23 15:21:01 +01:00