mirrors/external-secrets
1
0
Fork 0
mirror of https://github.com/external-secrets/external-secrets.git synced 2024-12-14 11:57:59 +00:00
Code Activity
external-secrets/docs/guides/v1beta1.md
Moritz Johner 3d3edcc8af
feat: add support matrix, refactor docs (#1508) 
Signed-off-by: Moritz Johner <Moritz.Johner@form3.tech>
2022-09-01 09:53:22 +02:00

37 lines
No EOL
2 KiB
Markdown
Raw Blame History

# Upgrading CRD versions
From version v0.5.0, `v1alpha1` version is deprecated, and `v1beta1` is in place. This guide will cover the main differences between the two versions, and a procedure on how to safely upgrade it.
## Differences between versions
Versions v1alpha1 and v1beta1 are fully-compatible for SecretStores and ClusterSecretStores. For ExternalSecrets, there is a difference on the `dataFrom` method.
While in v1alpha1, we could define a `dataFrom` with the following format:
```
spec:
dataFrom:
- key: my-key
- key: my-other-key
```
In v1beta1 is possible to use two methods. One of them is `Extract` and has the exact same behavior as `dataFrom` in v1alpha1. The other is `Find`, which allows finding multiple external secrets and map them into a single Kubernetes secret. Here is an example of `Find`:
```
spec:
dataFrom:
- find:
name: #matches any secret name ending in foo-bar
regexp: .*foo-bar$
- find:
tags: #matches any secrets with the following metadata.
env: dev
app: web
```
## Upgrading
If you already have an installation of ESO using `v1alpha1`, we recommend you to upgrade to `v1beta1`. If you do not use `dataFrom` in your ExternalSecrets, or if you deploy the CRDs using the official Helm charts, the upgrade can be done with no risk of losing data.
If you are installing CRDs manually, you will need to deploy the bundle CRD file available at `deploys/crds/bundle.yaml`. This bundle file contains `v1beta1` definition and a conversion webhook configuration. This configuration will ensure that new requests to handle any CRD object will only be valid after the upgrade is successfully complete - so there are no risks of losing data due to an incomplete upgrade. Once the new CRDs are applied, you can proceed to upgrade the controller version.
Once the upgrade is finished, at each reconcile, any `ExternalSecret`, `SecretStore`, and `ClusterSecretStore` stored in `v1alpha1` will be automatically converted to `v1beta1`.
View git blame Copy permalink