Shuhei Kitagawa
67fccd4fca
Allow specifying the same namespace for SecretStores ( #3555 )
...
* Allow specifying the same namespace for SecretStores
Signed-off-by: shuheiktgw <s-kitagawa@mercari.com>
* Fix unit tests
Signed-off-by: shuheiktgw <s-kitagawa@mercari.com>
---------
Signed-off-by: shuheiktgw <s-kitagawa@mercari.com>
2024-07-03 20:56:55 -03:00
Andrew Gunnerson
2053df7b7c
fix(vault): Treat tokens expiring in <60s as expired ( #3637 )
...
* fix(vault): Treat tokens expiring in <60s as expired
Without this, it's possible to hit a TOCTOU issue where checkToken()
sees a valid token, but it expires before the actual operation is
performed. This condition is only reachable when the experimental
caching feature is enabled.
60 seconds was chosen as a sane (but arbitrary) value. It should be more
than enough to cover the amount of time between checkToken() and the
actual operation.
Signed-off-by: Andrew Gunnerson <andrew.gunnerson@elastic.co>
* ADOPTERS.md: Add Elastic
Signed-off-by: Andrew Gunnerson <andrew.gunnerson@elastic.co>
---------
Signed-off-by: Andrew Gunnerson <andrew.gunnerson@elastic.co>
2024-07-03 20:56:38 -03:00
Christophe Collot
504b5506f4
feat: implement pushing whole k8s secret to Azure Keyvault ( #3650 )
...
* feat: implement pushing whole secrets to azure keyvault
Signed-off-by: Christophe Collot <christophe.collot.cloud@gmail.com>
* bump e2e pipeline (#3646 )
Signed-off-by: Gustavo Carvalho <gustavo.carvalho@productmadness.com>
Signed-off-by: Christophe Collot <christophe.collot.cloud@gmail.com>
* fix e2e permissions (#3647 )
Signed-off-by: Gustavo Carvalho <gustavo.carvalho@productmadness.com>
Signed-off-by: Christophe Collot <christophe.collot.cloud@gmail.com>
* bump docs with e2e commands (#3648 )
Signed-off-by: Christophe Collot <christophe.collot.cloud@gmail.com>
* also needs pull-requests (#3649 )
Signed-off-by: Gustavo Carvalho <gustavo.carvalho@productmadness.com>
Signed-off-by: Christophe Collot <christophe.collot.cloud@gmail.com>
* style: remove unnecessary line
Signed-off-by: Christophe Collot <christophe.collot.cloud@gmail.com>
* style: remove trailing line
Signed-off-by: Christophe Collot <christophe.collot.cloud@gmail.com>
---------
Signed-off-by: Christophe Collot <christophe.collot.cloud@gmail.com>
Signed-off-by: Gustavo Carvalho <gustavo.carvalho@productmadness.com>
Co-authored-by: Gustavo Fernandes de Carvalho <17139678+gusfcarvalho@users.noreply.github.com>
2024-07-03 08:38:01 +02:00
Doug Goldstein
93e9b4cef7
fix(webhook): perform conversion of data ( #3638 )
...
Instead of assuming that the data fields are strings that can be
converted to byte array, convert the actual type to a byte array.
fixes #3239
Signed-off-by: Doug Goldstein <cardoe@cardoe.com>
2024-07-03 07:42:34 +02:00
Gustavo Fernandes de Carvalho
4d9e0c37ff
use github token to allow comment ( #3651 )
...
Signed-off-by: Gustavo Carvalho <gustavo.carvalho@productmadness.com>
2024-07-02 11:18:32 -03:00
Gustavo Fernandes de Carvalho
6c8e9aa6d0
also needs pull-requests ( #3649 )
...
Signed-off-by: Gustavo Carvalho <gustavo.carvalho@productmadness.com>
2024-07-02 07:13:54 -03:00
Gustavo Fernandes de Carvalho
4aeba81f07
bump docs with e2e commands ( #3648 )
2024-07-02 07:09:35 -03:00
Gustavo Fernandes de Carvalho
3909efa367
fix e2e permissions ( #3647 )
...
Signed-off-by: Gustavo Carvalho <gustavo.carvalho@productmadness.com>
2024-07-02 05:48:36 -03:00
Gustavo Fernandes de Carvalho
943a51d8d5
bump e2e pipeline ( #3646 )
...
Signed-off-by: Gustavo Carvalho <gustavo.carvalho@productmadness.com>
2024-07-02 05:34:54 -03:00
Joe Stevens
f516892164
implement handling for pushing whole k8s secret to gcsm ( #3644 )
...
Signed-off-by: Joseph Stevens <thejosephstevens@gmail.com>
2024-07-02 08:08:55 +02:00
kaedwen
48cccaeded
add AuthRef to kubernetes provider fixes #3627 ( #3628 )
...
* add AuthRef to kubernetes provider fixes #3627
Signed-off-by: kaedwen <kaedwen@heinrich.blue>
* run make reviewable
Signed-off-by: kaedwen <kaedwen@heinrich.blue>
* fix validation for given authRef
Signed-off-by: kaedwen <kaedwen@heinrich.blue>
* refactor kubernetes provider auth
Signed-off-by: kaedwen <kaedwen@heinrich.blue>
* satisfy linter
Signed-off-by: kaedwen <kaedwen@heinrich.blue>
* add URL for kubernetes provider tests
Signed-off-by: kaedwen <kaedwen@heinrich.blue>
---------
Signed-off-by: kaedwen <kaedwen@heinrich.blue>
2024-07-01 23:31:10 +02:00
dependabot[bot]
c6bafe8c61
chore(deps): bump importlib-metadata in /hack/api-docs ( #3639 )
...
Bumps [importlib-metadata](https://github.com/python/importlib_metadata ) from 7.2.1 to 8.0.0.
- [Release notes](https://github.com/python/importlib_metadata/releases )
- [Changelog](https://github.com/python/importlib_metadata/blob/main/NEWS.rst )
- [Commits](https://github.com/python/importlib_metadata/compare/v7.2.1...v8.0.0 )
---
updated-dependencies:
- dependency-name: importlib-metadata
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-07-01 18:06:05 +02:00
dependabot[bot]
3eb960052d
chore(deps): bump github/codeql-action from 3.25.10 to 3.25.11 ( #3640 )
2024-07-01 17:03:21 +03:00
eso-service-account-app[bot]
cd1ce790f7
update dependencies ( #3641 )
2024-07-01 17:02:33 +03:00
Sverre Boschman
00cf351548
docs: fix dataFrom.find in ExternalSecret api example ( #3633 )
...
Signed-off-by: Sverre Boschman <1142569+sboschman@users.noreply.github.com>
2024-06-29 19:21:16 +02:00
Bill Hamilton
a14386b520
added secretserver env vars to e2e.yml ( #3636 )
2024-06-28 11:03:22 -03:00
Gergely Brautigam
87c09c6046
fix: e2e installation of ESO needs to update dependencies first ( #3635 )
...
Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com>
2024-06-28 14:42:17 +02:00
Gergely Brautigam
095537e6ad
feat: add bitwarden secret manager support ( #3603 )
2024-06-28 06:04:25 +02:00
Nathan Ellenfield
907e8ebc82
Fix ACR External Secret example ( #3626 )
...
* Fix ACR External Secret example
Signed-off-by: Nathan Ellenfield <nathan.ellenfield@allscripts.com>
* Fix typos in acr generator docs
Signed-off-by: Nathan Ellenfield <nathan.ellenfield@allscripts.com>
---------
Signed-off-by: Nathan Ellenfield <nathan.ellenfield@allscripts.com>
2024-06-26 19:50:24 +02:00
dependabot[bot]
22c1af40e0
chore(deps): bump softprops/action-gh-release from 2.0.5 to 2.0.6 ( #3614 )
...
Bumps [softprops/action-gh-release](https://github.com/softprops/action-gh-release ) from 2.0.5 to 2.0.6.
- [Release notes](https://github.com/softprops/action-gh-release/releases )
- [Changelog](https://github.com/softprops/action-gh-release/blob/master/CHANGELOG.md )
- [Commits](69320dbe05...a74c6b72af
)
---
updated-dependencies:
- dependency-name: softprops/action-gh-release
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-06-24 13:19:39 +02:00
dependabot[bot]
8a7fb7611c
chore(deps): bump aquasecurity/trivy-action from 0.22.0 to 0.23.0 ( #3615 )
...
Bumps [aquasecurity/trivy-action](https://github.com/aquasecurity/trivy-action ) from 0.22.0 to 0.23.0.
- [Release notes](https://github.com/aquasecurity/trivy-action/releases )
- [Commits](595be6a0f6...7c2007bcb5
)
---
updated-dependencies:
- dependency-name: aquasecurity/trivy-action
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-06-24 13:19:21 +02:00
dependabot[bot]
5aefdec4c7
chore(deps): bump livereload from 2.6.3 to 2.7.0 in /hack/api-docs ( #3616 )
...
Bumps [livereload](https://github.com/lepture/python-livereload ) from 2.6.3 to 2.7.0.
- [Release notes](https://github.com/lepture/python-livereload/releases )
- [Changelog](https://github.com/lepture/python-livereload/blob/master/CHANGES.rst )
- [Commits](https://github.com/lepture/python-livereload/compare/2.6.3...2.7.0 )
---
updated-dependencies:
- dependency-name: livereload
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-06-24 13:19:03 +02:00
dependabot[bot]
d1f91e8c02
chore(deps): bump importlib-metadata in /hack/api-docs ( #3617 )
...
Bumps [importlib-metadata](https://github.com/python/importlib_metadata ) from 7.1.0 to 7.2.1.
- [Release notes](https://github.com/python/importlib_metadata/releases )
- [Changelog](https://github.com/python/importlib_metadata/blob/main/NEWS.rst )
- [Commits](https://github.com/python/importlib_metadata/compare/v7.1.0...v7.2.1 )
---
updated-dependencies:
- dependency-name: importlib-metadata
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-06-24 13:18:49 +02:00
dependabot[bot]
424898f812
chore(deps): bump urllib3 from 2.2.1 to 2.2.2 in /hack/api-docs ( #3618 )
...
Bumps [urllib3](https://github.com/urllib3/urllib3 ) from 2.2.1 to 2.2.2.
- [Release notes](https://github.com/urllib3/urllib3/releases )
- [Changelog](https://github.com/urllib3/urllib3/blob/main/CHANGES.rst )
- [Commits](https://github.com/urllib3/urllib3/compare/2.2.1...2.2.2 )
---
updated-dependencies:
- dependency-name: urllib3
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-06-24 13:18:32 +02:00
dependabot[bot]
88958faf2f
chore(deps): bump golang from 6522f0c
to ace6cc3
( #3620 )
...
Bumps golang from `6522f0c` to `ace6cc3`.
---
updated-dependencies:
- dependency-name: golang
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-06-24 13:18:13 +02:00
dependabot[bot]
976ab9f112
chore(deps): bump alpine from 77726ef
to b89d9c9
in /hack/api-docs ( #3621 )
...
Bumps alpine from `77726ef` to `b89d9c9`.
---
updated-dependencies:
- dependency-name: alpine
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-06-24 13:17:54 +02:00
dependabot[bot]
f6cf8d5ee7
chore(deps): bump alpine from 3.20.0 to 3.20.1 in /e2e ( #3622 )
...
Bumps alpine from 3.20.0 to 3.20.1.
---
updated-dependencies:
- dependency-name: alpine
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-06-24 13:17:36 +02:00
eso-service-account-app[bot]
0a4f5102ae
update dependencies ( #3624 )
...
Signed-off-by: External Secrets Operator <ExternalSecretsOperator@users.noreply.github.com>
Co-authored-by: External Secrets Operator <ExternalSecretsOperator@users.noreply.github.com>
2024-06-24 13:17:12 +02:00
Timofei Larkin
490eeacca2
Adds codepath for removing finalizers ( #3610 )
...
* Adds codepath for removing finalizers
See #3609 .
Signed-off-by: Timofei Larkin <lllamnyp@gmail.com>
* Add test case for #3609
Signed-off-by: Timofei Larkin <lllamnyp@gmail.com>
---------
Signed-off-by: Timofei Larkin <lllamnyp@gmail.com>
2024-06-21 21:57:04 +02:00
Moritz Johner
f1ab7ef89d
fix: explicitly fetch status subresource due to inconsistencies ( #3608 )
...
* fix: explicitly fetch status subresource due to inconsistencies
Signed-off-by: Moritz Johner <beller.moritz@googlemail.com>
* fix: bump go
Signed-off-by: Moritz Johner <beller.moritz@googlemail.com>
* fix: add rbac to get status
Signed-off-by: Moritz Johner <beller.moritz@googlemail.com>
---------
Signed-off-by: Moritz Johner <beller.moritz@googlemail.com>
2024-06-21 12:59:25 +02:00
Idan Adar
9a6ffcd844
Make UBI more tolerable from OS vulnerabilities ( #3607 )
...
* Make UBI safer from OS vulnerabilities
* Add missing files
* Use correct packages
* Fix CVEs
2024-06-20 17:50:49 +02:00
Eric Fang
ebae16beb3
Remove the use of "golang.org/x/crypto/pkcs12" ( #3601 )
...
Switch to software.sslmate.com/src/go-pkcs12 instead
Signed-off-by: yihuaf <yihuaf@unkies.org>
2024-06-18 19:21:48 +02:00
Andrew Gunnerson
c7fc730019
fix(vault): Fix crash when caching is enabled and a token expires ( #3598 )
...
In the vault client library, LookupSelfWithContext calls ParseSecret,
which has a few places where it returns `nil, nil` instead of returning
a proper error. The most common scenario is when the token expires and
the Vault server returns:
{
"errors": [
"permission denied"
]
}
This commit adds an additional check to ensure that a nil response won't
be dereferenced in checkToken().
Signed-off-by: Andrew Gunnerson <andrew.gunnerson@elastic.co>
2024-06-18 09:28:41 +02:00
Bude8
23f2829ec1
Add logic to skip multiple stores. Add tests for multiple un/managed stores ( #3123 )
...
Signed-off-by: Bude8 <henryblee8@gmail.com>
2024-06-18 07:56:20 +02:00
Tsubasa Nagasawa
8ef07f515d
feat(chart): Enable partial cache for certcontroller when installCRDs=true ( #3589 )
...
* chore(chart): Remove unnecessary line breaks to format the list of args
Signed-off-by: Tsubasa Nagasawa <toversus2357@gmail.com>
* feat(chart): Enable partial cache for certcontroller when installCRDs=true
If CRDs are managed by a Helm chart, the addition of the label to the CRDs
required for the partial cache feature is reflected in the update.
Therefore, if installCRDs=true, the partial cache feature is automatically enabled.
Signed-off-by: Tsubasa Nagasawa <toversus2357@gmail.com>
* fix: run ct using main images
Signed-off-by: Moritz Johner <beller.moritz@googlemail.com>
* fix: set helm test values
Signed-off-by: Moritz Johner <beller.moritz@googlemail.com>
* chore: bump CRDs in helm tests
Signed-off-by: Moritz Johner <beller.moritz@googlemail.com>
---------
Signed-off-by: Tsubasa Nagasawa <toversus2357@gmail.com>
Signed-off-by: Moritz Johner <beller.moritz@googlemail.com>
Co-authored-by: Moritz Johner <beller.moritz@googlemail.com>
2024-06-18 00:50:45 +02:00
dependabot[bot]
cc00e7a7ff
chore(deps): bump golang from 9bdd569
to 6522f0c
( #3594 )
...
Bumps golang from `9bdd569` to `6522f0c`.
---
updated-dependencies:
- dependency-name: golang
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-06-17 22:49:38 +02:00
dependabot[bot]
95b354bc97
chore(deps): bump golang from aec4784
to 9678844
in /e2e ( #3593 )
...
Bumps golang from `aec4784` to `9678844`.
---
updated-dependencies:
- dependency-name: golang
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-06-17 22:49:13 +02:00
eso-service-account-app[bot]
e459722f89
update dependencies ( #3596 )
...
Signed-off-by: External Secrets Operator <ExternalSecretsOperator@users.noreply.github.com>
Co-authored-by: External Secrets Operator <ExternalSecretsOperator@users.noreply.github.com>
2024-06-17 18:30:10 +02:00
dependabot[bot]
73229ac460
chore(deps): bump actions/checkout from 4.1.6 to 4.1.7 ( #3590 )
...
Bumps [actions/checkout](https://github.com/actions/checkout ) from 4.1.6 to 4.1.7.
- [Release notes](https://github.com/actions/checkout/releases )
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md )
- [Commits](a5ac7e51b4...692973e3d9
)
---
updated-dependencies:
- dependency-name: actions/checkout
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-06-17 17:53:09 +02:00
dependabot[bot]
564882e852
chore(deps): bump codecov/codecov-action from 4.4.1 to 4.5.0 ( #3592 )
...
Bumps [codecov/codecov-action](https://github.com/codecov/codecov-action ) from 4.4.1 to 4.5.0.
- [Release notes](https://github.com/codecov/codecov-action/releases )
- [Changelog](https://github.com/codecov/codecov-action/blob/main/CHANGELOG.md )
- [Commits](125fc84a9a...e28ff129e5
)
---
updated-dependencies:
- dependency-name: codecov/codecov-action
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-06-17 17:53:03 +02:00
dependabot[bot]
c1b0b78959
chore(deps): bump github/codeql-action from 3.25.8 to 3.25.10 ( #3591 )
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 3.25.8 to 3.25.10.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](2e230e8fe0...23acc5c183
)
---
updated-dependencies:
- dependency-name: github/codeql-action
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-06-17 17:52:55 +02:00
dependabot[bot]
543a37c110
chore(deps): bump mkdocs-material in /hack/api-docs ( #3595 )
...
Bumps [mkdocs-material](https://github.com/squidfunk/mkdocs-material ) from 9.5.26 to 9.5.27.
- [Release notes](https://github.com/squidfunk/mkdocs-material/releases )
- [Changelog](https://github.com/squidfunk/mkdocs-material/blob/master/CHANGELOG )
- [Commits](https://github.com/squidfunk/mkdocs-material/compare/9.5.26...9.5.27 )
---
updated-dependencies:
- dependency-name: mkdocs-material
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-06-17 17:52:48 +02:00
Idan Adar
e13e09413e
Fix typo privatKey in multiple files ( #3578 )
...
* Update generators.external-secrets.io_githubaccesstokens.yaml
Fixes https://github.com/external-secrets/external-secrets/issues/3556
Signed-off-by: Idan Adar <iadar@il.ibm.com>
* Update generator_github.go
Signed-off-by: Idan Adar <iadar@il.ibm.com>
* Update github.go
Signed-off-by: Idan Adar <iadar@il.ibm.com>
* Update generator-github.yaml
Signed-off-by: Idan Adar <iadar@il.ibm.com>
* Update github_test.go
Signed-off-by: Idan Adar <iadar@il.ibm.com>
* fix: rename property
Signed-off-by: Moritz Johner <beller.moritz@googlemail.com>
---------
Signed-off-by: Idan Adar <iadar@il.ibm.com>
Signed-off-by: Moritz Johner <beller.moritz@googlemail.com>
Co-authored-by: Moritz Johner <beller.moritz@googlemail.com>
2024-06-17 11:12:03 +02:00
Geoffrey MUSELLI
f74e08546c
Support glob for namespaces condition in ClusterSecretStore ( #2920 )
...
* feat(ClusterSecretStore): Support glob for conditions.namespaces
Signed-off-by: gmuselli <geoffrey.muselli@gmail.com>
* feat(ClusterSecretStore): Fix diff
Signed-off-by: gmuselli <geoffrey.muselli@gmail.com>
* feat(ClusterSecretStore): Fix code smell
Signed-off-by: gmuselli <geoffrey.muselli@gmail.com>
* feat(ClusterSecretStore): First code review
Signed-off-by: gmuselli <geoffrey.muselli@gmail.com>
* feat(ClusterSecretStore): Second code review
Signed-off-by: gmuselli <geoffrey.muselli@gmail.com>
* feat(ClusterSecretStore): Generate
Signed-off-by: gmuselli <geoffrey.muselli@gmail.com>
* feat(ClusterSecretStore): Fix Sonar method complexity
Signed-off-by: gmuselli <geoffrey.muselli@gmail.com>
* addressed comments
Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com>
* renamed namedspacesregexes because it sounded funny
Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com>
---------
Signed-off-by: gmuselli <geoffrey.muselli@gmail.com>
Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com>
Co-authored-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com>
2024-06-17 08:36:05 +02:00
Tsubasa Nagasawa
199c9103db
feat(certcontroller): Allow restricting CRDs and Webhook configs in Informer cache ( #3588 )
...
* feat: Add component labels to custom resource definitions
Prerequisite for restricting the CRDs cached by Informer
Signed-off-by: Tsubasa Nagasawa <toversus2357@gmail.com>
* feat(certcontroller): Allow restricting CRDs and Webhook configs in Informer cache
The certcontroller watches CRDs and Webhook configurations, and
manages CA certificates for conversion webhooks of CRDs and Webhook
configurations. Some clusters have a large number of CRDs and Webhook
configurations installed. Additionally, some CRDs have large object sizes.
Currently, the certcontroller holds all CRDs and Webhook configurations
in the Informer cache. Since this includes CRDs not managed by the
certcontroller for CA certificates, memory usage tends to be high.
This PR adds a label to the CRDs and configures the Informer cache to hold
only the CRDs and Webhook configurations restricted by the label selector.
It assumes that the CRDs have a label. Depending on how the External Secrets
Operator is managed, it may be possible to update the External Secrets
Operator without updating the CRDs, so as a precaution, it can be turned
on/off via a startup option. It is disabled by default.
Signed-off-by: Tsubasa Nagasawa <toversus2357@gmail.com>
---------
Signed-off-by: Tsubasa Nagasawa <toversus2357@gmail.com>
2024-06-16 12:52:10 +02:00
eso-service-account-app[bot]
8ac205c0a2
chore: update dependencies ( #3570 )
...
* update dependencies
Signed-off-by: External Secrets Operator <ExternalSecretsOperator@users.noreply.github.com>
* fix: fork sprig to bump pulumi
Signed-off-by: Moritz Johner <beller.moritz@googlemail.com>
---------
Signed-off-by: External Secrets Operator <ExternalSecretsOperator@users.noreply.github.com>
Signed-off-by: Moritz Johner <beller.moritz@googlemail.com>
Co-authored-by: External Secrets Operator <ExternalSecretsOperator@users.noreply.github.com>
Co-authored-by: Idan Adar <iadar@il.ibm.com>
Co-authored-by: Moritz Johner <beller.moritz@googlemail.com>
2024-06-15 14:49:30 +02:00
Gergely Brautigam
ac0eaedf16
fix: parameter store should be called only once ( #3584 )
2024-06-15 12:02:08 +02:00
smcavallo
d29c001d37
Add device42 provider ( #3571 )
2024-06-14 06:04:19 +02:00
Shuhei Kitagawa
e01fc82ac2
Remove shuheiktgw from maintainers ( #3573 )
...
Signed-off-by: shuheiktgw <s-kitagawa@mercari.com>
2024-06-12 16:59:08 +03:00
Victor Santos
dd8c004f47
feat: add support to set Type for AWS parameter store ( #3576 )
...
Signed-off-by: Victor Santos <vsantos.py@gmail.com>
2024-06-12 10:24:52 +02:00