1
0
Fork 0
mirror of https://github.com/external-secrets/external-secrets.git synced 2024-12-14 11:57:59 +00:00
Commit graph

21 commits

Author SHA1 Message Date
Moritz Johner
5ef3b23a68
feat: make cache generic, refactor feature flags (#1640)
Signed-off-by: Moritz Johner <beller.moritz@googlemail.com>

Signed-off-by: Moritz Johner <beller.moritz@googlemail.com>
2023-01-19 17:25:47 +01:00
Riccardo Colella
131bd617aa
[FEATURE] Customizable encoding of logging timestamp (#1808)
Objective of this commit is to allow logs to be more readable.

Default log ts encoding in the logger employed (zap) is unix time.
This leads to logs not much human-readable. This change introduces the
possibility to customize the ts with a set of preconfigured encodings:
one of 'epoch', 'millis', 'nano', 'iso8601', 'rfc3339' or 'rfc3339nano'

Default value does not change

Signed-off-by: RiccardoColella <colella.git@outlook.com>

Signed-off-by: RiccardoColella <colella.git@outlook.com>
2022-12-13 21:01:07 +01:00
Steven Bressey
7416a84b2a
Add flag to set CRD names in cert controller (#1811)
* added new crd-names flag to reconcile only installed CRDs in cert controller

Signed-off-by: Steven Bressey <sbressey@bressey.me>

* add guide to disable cluster features

Signed-off-by: Steven Bressey <sbressey@bressey.me>

* fix fmt

Signed-off-by: Steven Bressey <sbressey@bressey.me>
Co-authored-by: Steven Bressey <sbressey@bressey.me>
2022-12-13 20:56:30 +01:00
Gustavo Fernandes de Carvalho
0cb799b5cf
Feature/push secret (#1315)
Introduces Push Secret feature with implementations for the following providers:

* GCP Secret Manager
* AWS Secrets Manager
* AWS Parameter Store
* Hashicorp Vault KV

Signed-off-by: Dominic Meddick <dominic.meddick@engineerbetter.com>
Signed-off-by: Amr Fawzy <amr.fawzy@container-solutions.com>
Signed-off-by: William Young <will.young@engineerbetter.com>
Signed-off-by: James Cleveland <james.cleveland@engineerbetter.com>
Signed-off-by: Lilly Daniell <lilly.daniell@engineerbetter.com>
Signed-off-by: Adrienne Galloway <adrienne.galloway@engineerbetter.com>
Signed-off-by: Marcus Dantas <marcus.dantas@engineerbetter.com>
Signed-off-by: Gustavo Carvalho <gusfcarvalho@gmail.com>
Signed-off-by: Nick Ruffles <nick.ruffles@engineerbetter.com>
2022-11-29 16:04:46 -03:00
Moritz Johner
dabfa5a589
Feature: initial generator implementation + Github Actions OIDC/AWS (#1539)
Signed-off-by: Moritz Johner <beller.moritz@googlemail.com>
Co-authored-by: Gustavo Fernandes de Carvalho <gusfcarvalho@gmail.com>
2022-10-29 20:15:50 +02:00
Nic Eggert
773956f5d3
Add optional caching for Vault clients, including token re-use. (#1537)
The new functionality is controlled using the newly-introduced
--experimental-enable-vault-token-cache and
--experimental-vault-token-cache-size command-line flags.

Signed-off-by: NicEggert <nicholas.eggert@target.com>
2022-09-30 20:41:36 +02:00
Moritz Johner
ed0ceb8d84
fix: aws parameter store json decode, bump go 1.19 (#1525)
* fix: parameter store should decode complex json values

Signed-off-by: Moritz Johner <beller.moritz@googlemail.com>
2022-09-06 19:46:36 +02:00
João Silva
744309abfa
Add webhook tls options (#1466)
During our internal security scan, the webhook for external-secrets was
flagged because it supports protocol vulnerable to Sweet32
(https://sweet32.info/). In order to avoid the webhook from being
flagged, we need to restrict the TLS ciphers on controller runtime.

To do this I needed to update the dependency to 0.12.3 and some other
conflicting dependencies.

Signed-off-by: Joao Pedro Silva <jp.silva15@gmail.com>
2022-08-31 18:18:45 +02:00
Gustavo Fernandes de Carvalho
4369b507e3
🐛Configure cache and throttle options (#1380)
* Adding configuration of Secrtets/Configmap caching behavior

Signed-off-by: Gustavo Carvalho <gustavo.carvalho@container-solutions.com>

* Adding client-sided qps/burst configuration

Signed-off-by: Gustavo Carvalho <gustavo.carvalho@container-solutions.com>
2022-07-23 19:56:02 -03:00
Gustavo Fernandes de Carvalho
ccea3d532f
🐛 Adds ability to configure cert lookahead interval for webhook pod. (#1304)
Fixes #1249

Signed-off-by: Gustavo Carvalho <gustavo.carvalho@container-solutions.com>
2022-07-12 06:25:16 -03:00
Alberto Llamas
5ec222dfd0 update 2022-06-21 11:52:01 +02:00
Merlin
4820cc9165 Ignore ExternalSecret processing if the store is not usuable (e.g.
NotReady).
2022-04-13 23:24:39 +02:00
Gustavo Carvalho
26a824fb2a Updated default ports to 10250
Signed-off-by: Gustavo Carvalho <gustavo.carvalho@container-solutions.com>
2022-04-12 07:27:16 -03:00
Gustavo Carvalho
b5220fa618 Adding some options for webhook deployment:
* hostNetwork for webhook pod
 * FailurePolicy for validatingwebhook definition
 * Changed webhook port to a configurable value
 * Defined default value as 9443
Fixes #944

Signed-off-by: Gustavo Carvalho <gustavo.carvalho@container-solutions.com>
2022-04-11 15:16:20 -03:00
Eric Chan
8dd8ca4d92 add new flags to control both cluster store and cluster external secret reconciler 2022-03-24 23:55:08 +10:00
Eric Chan
da6e457b50 skip processing cluster secret store 2022-03-24 23:55:00 +10:00
Eric Chan
553d99a456 Add the ability to support scoped RBAC with a scoped namespace 2022-03-24 23:54:46 +10:00
Daniel Hix
324c7def06
feat: implement ClusterExternalSecret (#542)
Co-authored-by: Gustavo Fernandes de Carvalho <gusfcarvalho@gmail.com>
2022-03-20 09:32:27 +01:00
Moritz Johner
8fc4484cc6 feat: implement validating webhook
Signed-off-by: Moritz Johner <beller.moritz@googlemail.com>
2022-03-01 21:25:15 +01:00
Gustavo Carvalho
847b95e4fd Merge branch 'main' into feature/conversion-webhook
Disabled secrets cache for cert controller.

Signed-off-by: Gustavo Carvalho <gustavo.carvalho@container-solutions.com>
2022-02-17 09:35:20 -03:00
Gustavo Carvalho
2e6017dd4b Using cobra commands instead of several binaries
Signed-off-by: Gustavo Carvalho <gustavo.carvalho@container-solutions.com>
2022-02-15 08:52:52 -03:00