* build(deps): bump sigs.k8s.io/controller-runtime from 0.11.2 to 0.12.3
Bumps [sigs.k8s.io/controller-runtime](https://github.com/kubernetes-sigs/controller-runtime) from 0.11.2 to 0.12.3.
- [Release notes](https://github.com/kubernetes-sigs/controller-runtime/releases)
- [Changelog](https://github.com/kubernetes-sigs/controller-runtime/blob/master/RELEASE.md)
- [Commits](https://github.com/kubernetes-sigs/controller-runtime/compare/v0.11.2...v0.12.3)
---
updated-dependencies:
- dependency-name: sigs.k8s.io/controller-runtime
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
* feat: bump kubernetes 1.24
Signed-off-by: Moritz Johner <beller.moritz@googlemail.com>
* fix: backwards-compatible vault implementation
Signed-off-by: Moritz Johner <beller.moritz@googlemail.com>
* feat: add audiences field to serviceAccountRef
This will be used by aws, azure, gcp, kubernetes & vault providers
in combination with TokenRequest API: it will _append_ audience claims
to provider-specific audiences.
Signed-off-by: Moritz Johner <beller.moritz@googlemail.com>
* feat: refactor kubernetes client to match provider/client interfaces
the kubernetes provider mixed up provider and client interfaces which
made it really hard to reason about. This commit separates into two
structs, each implements one interface.
The client struct fields have been renamed and annotated so their use
and scope is clear.
Signed-off-by: Moritz Johner <beller.moritz@googlemail.com>
* fix: deprecate expirationSeconds
expirationSeconds is not needed because we generate a
service account token on the fly for a single use.
There will be no replacement for this.
Signed-off-by: Moritz Johner <beller.moritz@googlemail.com>
* fix: rename token fetch audiences field
Signed-off-by: Moritz Johner <beller.moritz@googlemail.com>
* fix: generate CRDs
Signed-off-by: Moritz Johner <beller.moritz@googlemail.com>
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: Moritz Johner <beller.moritz@googlemail.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Moritz Johner <beller.moritz@googlemail.com>
users of USGovCloud, ChinaCloud, GermanCloud need slightly different
configuration for AADEndpoint and keyvault resource.
This is based on CSI Secret Store Azure KV driver,
Signed-off-by: Moritz Johner <beller.moritz@googlemail.com>
Signed-off-by: Moritz Johner <beller.moritz@googlemail.com>
* fix: add kustomization file to crds folder
This will allow for the CRDs to be installed into a Kubernetes cluster from a Kustomization, for example:
```yaml
---
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- github.com/external-secrets/external-secrets//config/crds/bases?ref=v0.5.6
```
* fix: generate script
* fix: helm.generate
Co-authored-by: Moritz Johner <beller.moritz@googlemail.com>