mirrors/external-secrets
1
0
Fork 0
mirror of https://github.com/external-secrets/external-secrets.git synced 2024-12-14 11:57:59 +00:00
Code Activity
1979 commits 135 branches 173 tags 201 MiB
Commit graph

16 commits

Author SHA1 Message Date
Nic Eggert
773956f5d3
Add optional caching for Vault clients, including token re-use. (#1537) 
The new functionality is controlled using the newly-introduced
--experimental-enable-vault-token-cache and
--experimental-vault-token-cache-size command-line flags.

Signed-off-by: NicEggert <nicholas.eggert@target.com>
 2022-09-30 20:41:36 +02:00
Moritz Johner
ed0ceb8d84
fix: aws parameter store json decode, bump go 1.19 (#1525) 
* fix: parameter store should decode complex json values

Signed-off-by: Moritz Johner <beller.moritz@googlemail.com>
 2022-09-06 19:46:36 +02:00
João Silva
744309abfa
Add webhook tls options (#1466) 
During our internal security scan, the webhook for external-secrets was
flagged because it supports protocol vulnerable to Sweet32
(https://sweet32.info/). In order to avoid the webhook from being
flagged, we need to restrict the TLS ciphers on controller runtime.

To do this I needed to update the dependency to 0.12.3 and some other
conflicting dependencies.

Signed-off-by: Joao Pedro Silva <jp.silva15@gmail.com>
 2022-08-31 18:18:45 +02:00
Gustavo Fernandes de Carvalho
4369b507e3
🐛Configure cache and throttle options (#1380) 
* Adding configuration of Secrtets/Configmap caching behavior

Signed-off-by: Gustavo Carvalho <gustavo.carvalho@container-solutions.com>

* Adding client-sided qps/burst configuration

Signed-off-by: Gustavo Carvalho <gustavo.carvalho@container-solutions.com>
 2022-07-23 19:56:02 -03:00
Gustavo Fernandes de Carvalho
ccea3d532f
🐛 Adds ability to configure cert lookahead interval for webhook pod. (#1304) 
Fixes #1249

Signed-off-by: Gustavo Carvalho <gustavo.carvalho@container-solutions.com>
 2022-07-12 06:25:16 -03:00
Alberto Llamas
5ec222dfd0 update 2022-06-21 11:52:01 +02:00
Merlin
4820cc9165 Ignore ExternalSecret processing if the store is not usuable (e.g. 
NotReady).
 2022-04-13 23:24:39 +02:00
Gustavo Carvalho
26a824fb2a Updated default ports to 10250 
Signed-off-by: Gustavo Carvalho <gustavo.carvalho@container-solutions.com>
 2022-04-12 07:27:16 -03:00
Gustavo Carvalho
b5220fa618 Adding some options for webhook deployment: 
* hostNetwork for webhook pod
 * FailurePolicy for validatingwebhook definition
 * Changed webhook port to a configurable value
 * Defined default value as 9443
Fixes #944

Signed-off-by: Gustavo Carvalho <gustavo.carvalho@container-solutions.com>
 2022-04-11 15:16:20 -03:00
Eric Chan
8dd8ca4d92 add new flags to control both cluster store and cluster external secret reconciler 2022-03-24 23:55:08 +10:00
Eric Chan
da6e457b50 skip processing cluster secret store 2022-03-24 23:55:00 +10:00
Eric Chan
553d99a456 Add the ability to support scoped RBAC with a scoped namespace 2022-03-24 23:54:46 +10:00
Daniel Hix
324c7def06
feat: implement ClusterExternalSecret (#542) 
Co-authored-by: Gustavo Fernandes de Carvalho <gusfcarvalho@gmail.com>
 2022-03-20 09:32:27 +01:00
Moritz Johner
8fc4484cc6 feat: implement validating webhook 
Signed-off-by: Moritz Johner <beller.moritz@googlemail.com>
 2022-03-01 21:25:15 +01:00
Gustavo Carvalho
847b95e4fd Merge branch 'main' into feature/conversion-webhook 
Disabled secrets cache for cert controller.

Signed-off-by: Gustavo Carvalho <gustavo.carvalho@container-solutions.com>
 2022-02-17 09:35:20 -03:00
Gustavo Carvalho
2e6017dd4b Using cobra commands instead of several binaries 
Signed-off-by: Gustavo Carvalho <gustavo.carvalho@container-solutions.com>
 2022-02-15 08:52:52 -03:00