Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat(helm): update external-secrets ( 0.9.20 → 0.10.2 ) #1290

Merged
merged 1 commit into from
Sep 7, 2024
Merged

feat(helm): update external-secrets ( 0.9.20 → 0.10.2 ) #1290

merged 1 commit into from
Sep 7, 2024

Conversation

bot-akira[bot]
Copy link
Contributor

@bot-akira bot-akira bot commented Aug 3, 2024
edited
Loading

This PR contains the following updates:

Package Update Change
external-secrets minor 0.9.20 -> 0.10.2

Warning

Some dependencies could not be looked up. Check the Dependency Dashboard for more information.

Release Notes

external-secrets/external-secrets (external-secrets)

v0.10.2

Compare Source

Image: ghcr.io/external-secrets/external-secrets:v0.10.2
Image: ghcr.io/external-secrets/external-secrets:v0.10.2-ubi
Image: ghcr.io/external-secrets/external-secrets:v0.10.2-ubi-boringssl

What's Changed

Full Changelog: external-secrets/external-secrets@v0.10.1...v0.10.2

v0.10.1

Compare Source

Image: ghcr.io/external-secrets/external-secrets:v0.10.1
Image: ghcr.io/external-secrets/external-secrets:v0.10.1-ubi
Image: ghcr.io/external-secrets/external-secrets:v0.10.1-ubi-boringssl

What's Changed

New Contributors

Full Changelog: external-secrets/external-secrets@v0.10.0...v0.10.1

v0.10.0

Compare Source

⚠️ :red-alert: BREAKING CHANGE :red-alert: ⚠️

  • Webhook Generator
    Webhook generator labels have changed from generators.external-secrets.io/type: webhook to external-secrets.io/type: webhook.

  • Webhook Provider
    Webhook provider now can only use secrets that are labeled with external-secrets.io/type: webhook. This enforces explicit setup for webhook secrets by users.

Fixing the issue:

add the label for the secret used by the webhook:

apiVersion: v1
kind: Secret
metadata:
  name: your-secret
  labels:
    external-secrets.io/type: webhook ### <<<<<<<<<<<<< ADD THIS
data:
...

Image: ghcr.io/external-secrets/external-secrets:v0.10.0
Image: ghcr.io/external-secrets/external-secrets:v0.10.0-ubi
Image: ghcr.io/external-secrets/external-secrets:v0.10.0-ubi-boringssl

What's Changed

New Contributors

Full Changelog: external-secrets/external-secrets@v0.9.20...v0.10.0

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

  • If you want to rebase/retry this PR, check this box

This PR has been generated by Renovate Bot.

@bot-akira
Copy link
Contributor Author

bot-akira bot commented Aug 3, 2024
edited
Loading 

--- HelmRelease: kube-system/external-secrets ClusterRole: kube-system/external-secrets-cert-controller

+++ HelmRelease: kube-system/external-secrets ClusterRole: kube-system/external-secrets-cert-controller

@@ -20,15 +20,23 @@

   - patch
 - apiGroups:
   - admissionregistration.k8s.io
   resources:
   - validatingwebhookconfigurations
   verbs:
-  - get
   - list
   - watch
+  - get
+- apiGroups:
+  - admissionregistration.k8s.io
+  resources:
+  - validatingwebhookconfigurations
+  resourceNames:
+  - secretstore-validate
+  - externalsecret-validate
+  verbs:
   - update
   - patch
 - apiGroups:
   - ''
   resources:
   - endpoints
--- HelmRelease: kube-system/external-secrets Deployment: kube-system/external-secrets-cert-controller

+++ HelmRelease: kube-system/external-secrets Deployment: kube-system/external-secrets-cert-controller

@@ -34,13 +34,13 @@

             - ALL
           readOnlyRootFilesystem: true
           runAsNonRoot: true
           runAsUser: 1000
           seccompProfile:
             type: RuntimeDefault
-        image: ghcr.io/external-secrets/external-secrets:v0.9.20
+        image: ghcr.io/external-secrets/external-secrets:v0.10.2
         imagePullPolicy: IfNotPresent
         args:
         - certcontroller
         - --crd-requeue-interval=5m
         - --service-name=external-secrets-webhook
         - --service-namespace=kube-system
--- HelmRelease: kube-system/external-secrets Deployment: kube-system/external-secrets

+++ HelmRelease: kube-system/external-secrets Deployment: kube-system/external-secrets

@@ -34,13 +34,13 @@

             - ALL
           readOnlyRootFilesystem: true
           runAsNonRoot: true
           runAsUser: 1000
           seccompProfile:
             type: RuntimeDefault
-        image: ghcr.io/external-secrets/external-secrets:v0.9.20
+        image: ghcr.io/external-secrets/external-secrets:v0.10.2
         imagePullPolicy: IfNotPresent
         args:
         - --enable-leader-election=true
         - --concurrent=1
         - --metrics-addr=:8080
         - --loglevel=info
--- HelmRelease: kube-system/external-secrets Deployment: kube-system/external-secrets-webhook

+++ HelmRelease: kube-system/external-secrets Deployment: kube-system/external-secrets-webhook

@@ -34,13 +34,13 @@

             - ALL
           readOnlyRootFilesystem: true
           runAsNonRoot: true
           runAsUser: 1000
           seccompProfile:
             type: RuntimeDefault
-        image: ghcr.io/external-secrets/external-secrets:v0.9.20
+        image: ghcr.io/external-secrets/external-secrets:v0.10.2
         imagePullPolicy: IfNotPresent
         args:
         - webhook
         - --port=10250
         - --dns-name=external-secrets-webhook.kube-system.svc
         - --cert-dir=/tmp/certs

@bot-akira
Copy link
Contributor Author

bot-akira bot commented Aug 3, 2024
edited
Loading 

--- kubernetes/apps/kube-system/external-secrets/app Kustomization: flux-system/cluster-apps-external-secrets HelmRelease: kube-system/external-secrets

+++ kubernetes/apps/kube-system/external-secrets/app Kustomization: flux-system/cluster-apps-external-secrets HelmRelease: kube-system/external-secrets

@@ -13,13 +13,13 @@

       chart: external-secrets
       interval: 15m
       sourceRef:
         kind: HelmRepository
         name: external-secrets
         namespace: flux-system
-      version: 0.9.20
+      version: 0.10.2
   install:
     createNamespace: true
     remediation:
       retries: 3
   interval: 15m
   maxHistory: 3

@axeII
Copy link
Owner

axeII commented Aug 3, 2024
edited
Loading

🦙 MegaLinter status: ✅ SUCCESS

Descriptor Linter Files Fixed Errors Elapsed time

See detailed report in MegaLinter reports
Set VALIDATE_ALL_CODEBASE: true in mega-linter.yml to validate all sources, not only the diff

MegaLinter is graciously provided by OX Security

@bot-akira bot-akira bot force-pushed the renovate/external-secrets-0.x branch from ba15fc7 to 33b01c9 Compare August 28, 2024 08:16
@bot-akira bot-akira bot changed the title feat(helm): update external-secrets ( 0.9.20 → 0.10.0 ) feat(helm): update external-secrets ( 0.9.20 → 0.10.1 ) Aug 28, 2024
@bot-akira bot-akira bot force-pushed the renovate/external-secrets-0.x branch from 33b01c9 to 6d544bf Compare August 28, 2024 16:14
@bot-akira bot-akira bot changed the title feat(helm): update external-secrets ( 0.9.20 → 0.10.1 ) feat(helm): update external-secrets ( 0.9.20 → 0.10.2 ) Aug 28, 2024
@axeII axeII merged commit 2d00fae into main Sep 7, 2024
9 checks passed
@bot-akira bot-akira bot deleted the renovate/external-secrets-0.x branch September 7, 2024 17:08
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
area/kubernetes renovate/helm type/minor
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@axeII