mirrors/external-secrets
1
0
Fork 0
mirror of https://github.com/external-secrets/external-secrets.git synced 2024-12-14 11:57:59 +00:00
Code Activity
3108 commits 135 branches 173 tags 201 MiB
Commit graph

41 commits

Author SHA1 Message Date
Andreas Lindhé
bf4a1a1ad9
Update docs for ExternalSecrets's refreshInterval (#4097) 
Fixes #4079

Signed-off-by: Andreas Lindhé <7773090+lindhe@users.noreply.github.com>
 2024-11-12 21:36:58 +00:00
eso-service-account-app[bot]
db64df2f0c
chore: update dependencies (#4050) 
* update dependencies

Signed-off-by: External Secrets Operator <ExternalSecretsOperator@users.noreply.github.com>

* add check-diff output for controller-gen update

Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com>

---------

Signed-off-by: External Secrets Operator <ExternalSecretsOperator@users.noreply.github.com>
Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com>
Co-authored-by: External Secrets Operator <ExternalSecretsOperator@users.noreply.github.com>
Co-authored-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com>
 2024-10-29 10:54:27 +01:00
Gabi Davar
7f5e8fa9ce
Make CRD categories useful (#3929) 
* Make CRD categories useful

* one category for all ES objects.
* one only for generators
* add missing controller label on CRDs
* fix UUID description (was referring to password)

Signed-off-by: Gabi Davar <grizzly.nyo@gmail.com>

* missing update

Signed-off-by: Gabi Davar <grizzly.nyo@gmail.com>

---------

Signed-off-by: Gabi Davar <grizzly.nyo@gmail.com>
 2024-09-25 09:45:07 +02:00
eso-service-account-app[bot]
f76be9fa78
chore: update dependencies (#3915) 
* update dependencies

Signed-off-by: External Secrets Operator <ExternalSecretsOperator@users.noreply.github.com>

* revert pulumi update

Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com>

* updated controller runtime

Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com>

---------

Signed-off-by: External Secrets Operator <ExternalSecretsOperator@users.noreply.github.com>
Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com>
Co-authored-by: External Secrets Operator <ExternalSecretsOperator@users.noreply.github.com>
Co-authored-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com>
 2024-09-16 16:23:11 +02:00
eso-service-account-app[bot]
21f1dca82e
chore: update dependencies (#3862) 
* update dependencies

Signed-off-by: External Secrets Operator <ExternalSecretsOperator@users.noreply.github.com>

* fix alibaba breaking things again

Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com>

* commit modified templates because of version increase

Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com>

---------

Signed-off-by: External Secrets Operator <ExternalSecretsOperator@users.noreply.github.com>
Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com>
Co-authored-by: External Secrets Operator <ExternalSecretsOperator@users.noreply.github.com>
Co-authored-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com>
 2024-09-02 18:30:34 +02:00
eso-service-account-app[bot]
3414bd6428
chore: update dependencies (#3815) 2024-08-19 17:07:20 +02:00
Tsubasa Nagasawa
199c9103db
feat(certcontroller): Allow restricting CRDs and Webhook configs in Informer cache (#3588) 
* feat: Add component labels to custom resource definitions

Prerequisite for restricting the CRDs cached by Informer

Signed-off-by: Tsubasa Nagasawa <toversus2357@gmail.com>

* feat(certcontroller): Allow restricting CRDs and Webhook configs in Informer cache

The certcontroller watches CRDs and Webhook configurations, and
manages CA certificates for conversion webhooks of CRDs and Webhook
configurations. Some clusters have a large number of CRDs and Webhook
configurations installed. Additionally, some CRDs have large object sizes.
Currently, the certcontroller holds all CRDs and Webhook configurations
in the Informer cache. Since this includes CRDs not managed by the
certcontroller for CA certificates, memory usage tends to be high.
This PR adds a label to the CRDs and configures the Informer cache to hold
only the CRDs and Webhook configurations restricted by the label selector.
It assumes that the CRDs have a label. Depending on how the External Secrets
Operator is managed, it may be possible to update the External Secrets
Operator without updating the CRDs, so as a precaution, it can be turned
on/off via a startup option. It is disabled by default.

Signed-off-by: Tsubasa Nagasawa <toversus2357@gmail.com>

---------

Signed-off-by: Tsubasa Nagasawa <toversus2357@gmail.com>
 2024-06-16 12:52:10 +02:00
eso-service-account-app[bot]
41057acaf2
chore: update dependencies (#3513) 
* update dependencies

Signed-off-by: External Secrets Operator <ExternalSecretsOperator@users.noreply.github.com>

* fix: bump CRDs

Signed-off-by: Moritz Johner <beller.moritz@googlemail.com>

---------

Signed-off-by: External Secrets Operator <ExternalSecretsOperator@users.noreply.github.com>
Signed-off-by: Moritz Johner <beller.moritz@googlemail.com>
Co-authored-by: External Secrets Operator <ExternalSecretsOperator@users.noreply.github.com>
Co-authored-by: Moritz Johner <beller.moritz@googlemail.com>
 2024-05-25 21:42:52 +02:00
eso-service-account-app[bot]
34b4ff10da
chore: update dependencies (#3433) 
* update dependencies

Signed-off-by: External Secrets Operator <ExternalSecretsOperator@users.noreply.github.com>

* bump alibaba

Signed-off-by: Gustavo Carvalho <gusfcarvalho@gmail.com>

* bump kube to 0.30

Signed-off-by: Gustavo Carvalho <gusfcarvalho@gmail.com>

---------

Signed-off-by: External Secrets Operator <ExternalSecretsOperator@users.noreply.github.com>
Signed-off-by: Gustavo Carvalho <gusfcarvalho@gmail.com>
Co-authored-by: External Secrets Operator <ExternalSecretsOperator@users.noreply.github.com>
Co-authored-by: Gustavo Carvalho <gusfcarvalho@gmail.com>
 2024-04-30 14:52:59 -03:00
eso-service-account-app[bot]
41cd1d36a4
chore: update dependencies (#3065) 
* update dependencies

Signed-off-by: External Secrets Operator <ExternalSecretsOperator@users.noreply.github.com>

* fix: re-generate CRDs with new controller-runtime version

Signed-off-by: Moritz Johner <beller.moritz@googlemail.com>

---------

Signed-off-by: External Secrets Operator <ExternalSecretsOperator@users.noreply.github.com>
Signed-off-by: Moritz Johner <beller.moritz@googlemail.com>
Co-authored-by: External Secrets Operator <ExternalSecretsOperator@users.noreply.github.com>
Co-authored-by: Moritz Johner <beller.moritz@googlemail.com>
 2024-01-22 20:56:06 +01:00
Moritz Johner
9ff86eab51
fix: remove sourceRef.generatorRef from .data[] (#2735) 
fix: deprecate sourceRef.generatorRef from .data[]

A generator is supposed to be used via .dataFrom[]. Usage in .data[]
is not implemented and doesn't make sense, see #2720.

This commit splits the SourceRef into two types:
- one that only defines a secretStoreRef
- one that allows to define either secretStoreRef or generatorRef

The former is used in .data[] and the latter is used in .dataFrom[].

The Deprecated field is going to be removed with v1.

Signed-off-by: Moritz Johner <beller.moritz@googlemail.com>
 2023-11-02 14:37:59 +01:00
Shuhei Kitagawa
ff0ef2e6d9
Add validations for the enum values (#2819) 
Signed-off-by: shuheiktgw <s-kitagawa@mercari.com>
 2023-10-30 13:30:04 +01:00
Sonny Alves Dias
0a0fd050c0
add directive to apply template on secret names (#2802) 
Signed-off-by: Sonny Alves Dias <sonny.dias@superevilmegacorp.com>
 2023-10-25 13:45:38 +02:00
Moritz Johner
97df83b518
chore: bump dependencies (#2654) 
Signed-off-by: Moritz Johner <beller.moritz@googlemail.com>
 2023-08-28 11:50:46 +02:00
Moritz Johner
416deb3303
chore: bump dependencies (#2568) 
Signed-off-by: Moritz Johner <beller.moritz@googlemail.com>
 2023-08-02 21:42:03 +02:00
Moritz Johner
54664b43b1
chore: update dependencies (#2348) 
* chore: update dependencies

Signed-off-by: Moritz Johner <beller.moritz@googlemail.com>

* chore: get rid of argo dependency to be independent of their k8s
versioning

Signed-off-by: Moritz Johner <beller.moritz@googlemail.com>

---------

Signed-off-by: Moritz Johner <beller.moritz@googlemail.com>
 2023-05-31 09:36:22 +02:00
Scott Andrews
2174a67575
Make ExternalSecret a provisioned service (#2263) 
The Service Binding for Kubernetes project (servicebinding.io) is a spec
to make it easier for workloads to consume services. At runtime, the
ServiceBinding resource references a service resources and workload
resource to connect to the service. The Secret for a service is
projected into a workload resource at a well known path.

Services can advertise the name of the Secret representing the service
on it's status at `.status.binding.name`. Hosting the name of a Secret
at this location is the Provisioned Service duck type. It has the effect
of decoupling the logical consumption of a service from the physical
Secret holding state.

Using ServiceBindings with ExternalSecrets today requires the user to
directly know and reference the Secret created by the ExternalSecret as
the service reference. This PR adds the name of the Secret to the status
of the ExternalSecret at a well known location where it is be discovered
by a ServiceBinding. With this change, user can reference an
ExternalSecret from a ServiceBinding.

A ClusterRole is also added with a well known label for the
ServiceBinding controller to have permission to watch ExternalSecrets
and read the binding Secret.

ClusterExternalSecret was not modified as ServiceBindings are limited to
the scope of a single namespace.

Signed-off-by: Scott Andrews <andrewssc@vmware.com>
 2023-05-16 22:06:55 +02:00
Moritz Johner
06cc4bfc39
chore: bump dependencies (#2314) 2023-05-15 11:11:10 +02:00
Gustavo Fernandes de Carvalho
ad67363751
Implements template MergePolicy. Fixes a few template merging bugs (#2115) 
Signed-off-by: Gustavo Carvalho <gusfcarvalho@gmail.com>
 2023-03-20 19:22:30 -03:00
Moritz Johner
731da81162
🧹 bump dependencies & regenerate CRDs (#1990) 
Signed-off-by: Moritz Johner <beller.moritz@googlemail.com>
 2023-02-07 14:08:01 +01:00
Gustavo Fernandes de Carvalho
b36e027ad7
🧹 chore: bumps (#1925) 
Signed-off-by: Gustavo Carvalho <gusfcarvalho@gmail.com>
 2023-01-16 08:35:34 -03:00
Gustavo Fernandes de Carvalho
a7d6224bda
🧹 chore: bumps (#1923) 
Signed-off-by: Gustavo Carvalho <gusfcarvalho@gmail.com>
 2023-01-16 07:07:03 -03:00
Gustavo Fernandes de Carvalho
0bd9ea4dbd
Templates from string (#1748) 
* Adds templates from string

Signed-off-by: Gustavo Carvalho <gusfcarvalho@gmail.com>
 2023-01-03 19:02:43 -03:00
Moritz Johner
dabfa5a589
Feature: initial generator implementation + Github Actions OIDC/AWS (#1539) 
Signed-off-by: Moritz Johner <beller.moritz@googlemail.com>
Co-authored-by: Gustavo Fernandes de Carvalho <gusfcarvalho@gmail.com>
 2022-10-29 20:15:50 +02:00
dependabot[bot]
e9cc6b3d79
chore(deps): bump sigs.k8s.io/controller-tools from 0.9.2 to 0.10.0 (#1581) 
* chore(deps): bump sigs.k8s.io/controller-tools from 0.9.2 to 0.10.0

Bumps [sigs.k8s.io/controller-tools](https://github.com/kubernetes-sigs/controller-tools) from 0.9.2 to 0.10.0.
- [Release notes](https://github.com/kubernetes-sigs/controller-tools/releases)
- [Changelog](https://github.com/kubernetes-sigs/controller-tools/blob/master/RELEASE.md)
- [Commits](https://github.com/kubernetes-sigs/controller-tools/compare/v0.9.2...v0.10.0)

---
updated-dependencies:
- dependency-name: sigs.k8s.io/controller-tools
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

* fix: re-generate CRDs

Signed-off-by: Moritz Johner <beller.moritz@googlemail.com>

Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: Moritz Johner <beller.moritz@googlemail.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Moritz Johner <beller.moritz@googlemail.com>
 2022-09-27 22:09:21 +02:00
Helena Steck
2b5710d8d5
add missing default values for spec.target (#1431) 
Add missing default values for ExternalSecretTarget on CRD definition
Fixes #1233

Signed-off-by: Helena Steck <steckhelena@gmail.com>
 2022-08-08 21:27:13 +02:00
Gustavo Fernandes de Carvalho
b4e7acfaa9
Implements dataFrom key rewrite (#1381) 
* Implements dataFrom key rewrite

Co-authored-by: Moritz Johner <moolen@users.noreply.github.com>
Signed-off-by: Gustavo Carvalho <gusfcarvalho@gmail.com>

* docs: add example to remove invalid characters

Signed-off-by: Moritz Johner <beller.moritz@googlemail.com>

Co-authored-by: Moritz Johner <moolen@users.noreply.github.com>
Co-authored-by: Moritz Johner <beller.moritz@googlemail.com>
 2022-08-04 15:24:02 -03:00
dependabot[bot]
9c09b936b1
build(deps): bump sigs.k8s.io/controller-tools from 0.9.0 to 0.9.2 (#1322) 
* build(deps): bump sigs.k8s.io/controller-tools from 0.9.0 to 0.9.2

Bumps [sigs.k8s.io/controller-tools](https://github.com/kubernetes-sigs/controller-tools) from 0.9.0 to 0.9.2.
- [Release notes](https://github.com/kubernetes-sigs/controller-tools/releases)
- [Changelog](https://github.com/kubernetes-sigs/controller-tools/blob/master/RELEASE.md)
- [Commits](https://github.com/kubernetes-sigs/controller-tools/compare/v0.9.0...v0.9.2)

---
updated-dependencies:
- dependency-name: sigs.k8s.io/controller-tools
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

* fix: re-gen CRDs

Signed-off-by: Moritz Johner <beller.moritz@googlemail.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Moritz Johner <beller.moritz@googlemail.com>
 2022-07-28 22:39:24 +02:00
Gareth Evans
7eff8db532
feat: additional columns for kubectl output (#1359) 2022-07-19 20:48:37 +02:00
Gustavo Fernandes de Carvalho
fa91ba0f6c
Adds DecodingStrategy to ExternalSecrets (#1294) 
Fixes #920

Signed-off-by: Gustavo Carvalho <gustavo.carvalho@container-solutions.com>
 2022-07-12 09:18:00 -03:00
Gustavo Carvalho
e3e7acb153 bump controller-tools,google-golang-api,google-golang-grpc versions 
Signed-off-by: Gustavo Carvalho <gustavo.carvalho@container-solutions.com>
 2022-05-25 07:39:22 -03:00
Cristina DE DIOS GONZÁLEZ
3256bc4b82 azkv tag feature 2022-05-16 16:49:34 +02:00
Gustavo Carvalho
3bd0d2d04f Making spec.target optional 
fixes #996

Signed-off-by: Gustavo Carvalho <gustavo.carvalho@container-solutions.com>
 2022-04-20 13:27:13 -03:00
Moritz Johner
c2bcceb057
feat: implement deletionPolicy (#900) 
* feat: implement deletionPolicy

Signed-off-by: Moritz Johner <beller.moritz@googlemail.com>
Co-authored-by: Gustavo Fernandes de Carvalho <gustavo.carvalho@container-solutions.com>
 2022-04-05 13:38:06 +02:00
Gustavo Carvalho
c779ef59e7 Marking v1alpha1 as deprecated. 
Improving docs and menu order.
Signed-off-by: Gustavo Carvalho <gustavo.carvalho@container-solutions.com>
 2022-03-29 11:21:32 -03:00
Gustavo Carvalho
164e8776ec Adding docs and implementing ConversionStrategy 
Signed-off-by: Gustavo Carvalho <gustavo.carvalho@container-solutions.com>
 2022-03-09 06:59:54 -03:00
Gustavo Carvalho
2f23fd28ed Adding GetAllSecrets for Hashicorp Vault 
Signed-off-by: Gustavo Carvalho <gustavo.carvalho@container-solutions.com>
 2022-03-09 05:40:09 -03:00
Moritz Johner
8fc4484cc6 feat: implement validating webhook 
Signed-off-by: Moritz Johner <beller.moritz@googlemail.com>
 2022-03-01 21:25:15 +01:00
Gustavo Carvalho
40ec693479 Merge branch 'main' into feature/conversion-webhook 
Fixed conflicts and implemented necessary changes for v1beta1
 2022-02-16 16:00:32 -03:00
Gustavo Carvalho
1d8cfc4a12 Changed logic of Webhook check for certs. 
Signed-off-by: Gustavo Carvalho <gustavo.carvalho@container-solutions.com>
 2022-02-14 15:46:10 -03:00
Gustavo Carvalho
fd9e09a1ee WIP: Structured reconciliation loops for CRDs 
Signed-off-by: Gustavo Carvalho <gustavo.carvalho@container-solutions.com>
 2022-02-10 14:12:13 -03:00
Renamed from deploy/crds/external-secrets.io_externalsecrets.yaml (Browse further)