feat(helm): update chart external-secrets ( 0.9.13 → 0.12.1 )

[renovate]

This PR contains the following updates:

Package	Update	Change
external-secrets	minor	0.9.13 -> 0.12.1

---

Release Notes

external-secrets/external-secrets (external-secrets)

v0.12.1

Compare Source

Image: ghcr.io/external-secrets/external-secrets:v0.12.1
Image: ghcr.io/external-secrets/external-secrets:v0.12.1-ubi
Image: ghcr.io/external-secrets/external-secrets:v0.12.1-ubi-boringssl

What's Changed

• chore(deps): bump ubi8/ubi from 7287624 to 37cdac4 by @​dependabot in https://github.com/external-secrets/external-secrets/pull/4245
• revert: softprops update failing the release process by @​Skarlso in https://github.com/external-secrets/external-secrets/pull/4248

Full Changelog: external-secrets/external-secrets@v0.12.0...v0.12.1

v0.11.0

Compare Source

Deprecation of OLM Releases

As of 0.11.0 is the last release available for OLM until further notice. Depending on the way this goes, we might still have OLM support (ideally with a properly built operator for that), but for sure in a different support scheme as to not overload maintainers anymore.
Also a valid note - you can still use 0.11.0 OLM release and the newest ESO images, you just need to set image.tag appropriately in your setup.

Kubernetes API load and significant decrease

A new way of reconciling external secrets has been added with pull request #​4086.

This significantly reduces the number of API calls that we make to the kubernetes API server.

1. Memory usage might increase if you are not already using --enable-secrets-caching
   1. If you are using --enable-secrets-caching and want to decrease memory usage at the expense of slightly higher API usage, you can disable it and only enable --enable-managed-secrets-caching (which is the new default)
2. In ALL cases (even when CreationPolicy is Merge), if a data key in the target Secret was created by the ExternalSecret, and it no longer exists in the template (or data/dataFrom), it will be removed from the target secret:
   1. This might cause some peoples secrets to be "cleaned of data keys" when updating to 0.11.
   2. Previously, the behaviour was undefined, and confusing because it was sort of broken when the template feature was added.
   3. The one exception is that ALL the data suddenly becomes empty and the DeletionPolicy is retain, in which case we will not even report and error, just change the SecretSynced message to explain that the secret was retained.
3. When CreationPolicy is Owner, we now will NEVER retain any keys and fully calculate the "desired state" of the target secret each loop:
   1. This means that some peoples secrets might have keys removed when updating to 0.11.

Generators and ClusterGenerator

We added ClusterGenerators and Generator caching as well. This might create some problems in the way generators are defined now.

CRD Admission Restrictions

All of the CRDs now have proper kubebuilder markers for validation. This might surprise someone leaving out some data that was essentially actually required or expected in a certain format. This is now validated in #​4104.

Images

Image: ghcr.io/external-secrets/external-secrets:v0.11.0
Image: ghcr.io/external-secrets/external-secrets:v0.11.0-ubi
Image: ghcr.io/external-secrets/external-secrets:v0.11.0-ubi-boringssl

What's Changed

• chore: bump version v0.10.7 by @​Skarlso in https://github.com/external-secrets/external-secrets/pull/4141
• feat: significantly reduce api calls and introduce partial secret cache by @​thesuperzapper in https://github.com/external-secrets/external-secrets/pull/4086
• chore(deps): bump mkdocs-material from 9.5.44 to 9.5.45 in /hack/api-docs by @​dependabot in https://github.com/external-secrets/external-secrets/pull/4143
• chore(deps): bump tornado from 6.4.1 to 6.4.2 in /hack/api-docs by @​dependabot in https://github.com/external-secrets/external-secrets/pull/4144
• chore(deps): bump codecov/codecov-action from 5.0.2 to 5.0.7 by @​dependabot in https://github.com/external-secrets/external-secrets/pull/4145
• chore(deps): bump aquasecurity/trivy-action from 0.28.0 to 0.29.0 by @​dependabot in https://github.com/external-secrets/external-secrets/pull/4146
• chore(deps): bump github/codeql-action from 3.27.4 to 3.27.5 by @​dependabot in https://github.com/external-secrets/external-secrets/pull/4147
• chore: update dependencies by @​eso-service-account-app in https://github.com/external-secrets/external-secrets/pull/4148
• fix: gitlab empty response by @​Skarlso in https://github.com/external-secrets/external-secrets/pull/4152
• feat: add ability to push expiration date to secret in azure key vault by @​deggja in https://github.com/external-secrets/external-secrets/pull/4149
• feat: implement a cluster-wide generator by @​Skarlso in https://github.com/external-secrets/external-secrets/pull/4140
• feat: Add API key auth support on BeyondTrust provider by @​dtejadav in https://github.com/external-secrets/external-secrets/pull/4101
• Add support for multiple Items fields in DelineSecretServer secrets by @​ronaldosaheki in https://github.com/external-secrets/external-secrets/pull/4051
• chore: deprecation policy and deprecating process by @​gusfcarvalho in https://github.com/external-secrets/external-secrets/pull/4154
• fix: use cache when retrieving generators by @​thesuperzapper in https://github.com/external-secrets/external-secrets/pull/4153
• fix: e2e test for AWS not setting name and namespace by @​Skarlso in https://github.com/external-secrets/external-secrets/pull/4157
• fix: handle managed identity ClientID or ResourceID in acr generator by @​bonddim in https://github.com/external-secrets/external-secrets/pull/4150
• feat: add CRD validation for resource name/key fields by @​thesuperzapper in https://github.com/external-secrets/external-secrets/pull/4104
• fix: issues with generators by @​thesuperzapper in https://github.com/external-secrets/external-secrets/pull/4163

New Contributors

• @​thesuperzapper made their first contribution in https://github.com/external-secrets/external-secrets/pull/4086
• @​deggja made their first contribution in https://github.com/external-secrets/external-secrets/pull/4149
• @​dtejadav made their first contribution in https://github.com/external-secrets/external-secrets/pull/4101
• @​ronaldosaheki made their first contribution in https://github.com/external-secrets/external-secrets/pull/4051
• @​bonddim made their first contribution in https://github.com/external-secrets/external-secrets/pull/4150

Full Changelog: external-secrets/external-secrets@v0.10.7...v0.11.0

v0.10.7

Compare Source

Image: ghcr.io/external-secrets/external-secrets:v0.10.7
Image: ghcr.io/external-secrets/external-secrets:v0.10.7-ubi
Image: ghcr.io/external-secrets/external-secrets:v0.10.7-ubi-boringssl

What's Changed

• Release v0.10.6 helm chart docs by @​Skarlso in https://github.com/external-secrets/external-secrets/pull/4133
• fix: permissions on steps is not a thing by @​Skarlso in https://github.com/external-secrets/external-secrets/pull/4134
• fix(azure-keyvault): remove incorrect suffix from provider URL to fix OpenID discovery call by @​weisdd in https://github.com/external-secrets/external-secrets/pull/4136
• chore: add blog by @​gusfcarvalho in https://github.com/external-secrets/external-secrets/pull/4137
• feat: add yaml based encoding for get secrets as map by @​Skarlso in https://github.com/external-secrets/external-secrets/pull/4001

New Contributors

• @​weisdd made their first contribution in https://github.com/external-secrets/external-secrets/pull/4136

Full Changelog: external-secrets/external-secrets@v0.10.6...v0.10.7

v0.10.6

Compare Source

Image: ghcr.io/external-secrets/external-secrets:v0.10.6
Image: ghcr.io/external-secrets/external-secrets:v0.10.6-ubi
Image: ghcr.io/external-secrets/external-secrets:v0.10.6-ubi-boringssl

What's Changed

• docs: release helm charts for v0.10.5 by @​Skarlso in https://github.com/external-secrets/external-secrets/pull/4038
• feat: Support repositories and permissions in GitHub generator by @​konradasb in https://github.com/external-secrets/external-secrets/pull/4039
• chore: Add Hostinger to ADOPTERS.md by @​konradasb in https://github.com/external-secrets/external-secrets/pull/4053
• chore(deps): bump distroless/static from 69830f2 to cc226ca by @​dependabot in https://github.com/external-secrets/external-secrets/pull/4043
• chore(deps): bump mkdocs-macros-plugin from 1.3.6 to 1.3.7 in /hack/api-docs by @​dependabot in https://github.com/external-secrets/external-secrets/pull/4044
• chore(deps): bump actions/checkout from 4.2.1 to 4.2.2 by @​dependabot in https://github.com/external-secrets/external-secrets/pull/4045
• chore(deps): bump actions/cache from 4.1.1 to 4.1.2 by @​dependabot in https://github.com/external-secrets/external-secrets/pull/4046
• chore(deps): bump actions/setup-python from 5.2.0 to 5.3.0 by @​dependabot in https://github.com/external-secrets/external-secrets/pull/4047
• chore(deps): bump actions/setup-go from 5.0.2 to 5.1.0 by @​dependabot in https://github.com/external-secrets/external-secrets/pull/4049
• chore(deps): bump github/codeql-action from 3.26.13 to 3.27.0 by @​dependabot in https://github.com/external-secrets/external-secrets/pull/4048
• chore: update dependencies by @​eso-service-account-app in https://github.com/external-secrets/external-secrets/pull/4050
• fix: improve SecretExists in Bitwarden provider by @​logaritmisk in https://github.com/external-secrets/external-secrets/pull/4058
• Adding Pulumi ESC to intro page by @​aaronkao in https://github.com/external-secrets/external-secrets/pull/4062
• Updated stability and supported features for Akeyless by @​eitan-kr in https://github.com/external-secrets/external-secrets/pull/4061
• chore(deps): bump watchdog from 5.0.3 to 6.0.0 in /hack/api-docs by @​dependabot in https://github.com/external-secrets/external-secrets/pull/4067
• chore(deps): bump pymdown-extensions from 10.11.2 to 10.12 in /hack/api-docs by @​dependabot in https://github.com/external-secrets/external-secrets/pull/4068
• chore(deps): bump mkdocs-material from 9.5.42 to 9.5.43 in /hack/api-docs by @​dependabot in https://github.com/external-secrets/external-secrets/pull/4069
• chore(deps): bump softprops/action-gh-release from 2.0.8 to 2.0.9 by @​dependabot in https://github.com/external-secrets/external-secrets/pull/4070
• chore: move inactive maintainers to emeritus by @​Skarlso in https://github.com/external-secrets/external-secrets/pull/4073
• chore: update dependencies by @​eso-service-account-app in https://github.com/external-secrets/external-secrets/pull/4071
• Update VaultAppRole documentation to show/use roleRef in its examples by @​mtougeron in https://github.com/external-secrets/external-secrets/pull/4035
• feat: add option to configure topic information for GCM by @​Skarlso in https://github.com/external-secrets/external-secrets/pull/4055
• feat: add AWS STS Session token generator by @​Skarlso in https://github.com/external-secrets/external-secrets/pull/4041
• chore(helm): Add extra labels to the validating webhooks by @​tete17 in https://github.com/external-secrets/external-secrets/pull/4074
• Reduce refreshInterval example for ACR by @​lindhe in https://github.com/external-secrets/external-secrets/pull/4078
• Fix PushSecret lookup in keepersecurity provider by @​idimov-keeper in https://github.com/external-secrets/external-secrets/pull/4077
• Add ability to use RetrySettings in the VaultDynamicSecret generator by @​samm-git in https://github.com/external-secrets/external-secrets/pull/4076
• chore(deps): bump golang from 1.23.2 to 1.23.3 by @​dependabot in https://github.com/external-secrets/external-secrets/pull/4089
• chore(deps): bump packaging from 24.1 to 24.2 in /hack/api-docs by @​dependabot in https://github.com/external-secrets/external-secrets/pull/4090
• chore(deps): bump mkdocs-material from 9.5.43 to 9.5.44 in /hack/api-docs by @​dependabot in https://github.com/external-secrets/external-secrets/pull/4091
• Update docs for ExternalSecrets's refreshInterval by @​lindhe in https://github.com/external-secrets/external-secrets/pull/4097
• chore(deps): bump zipp from 3.20.2 to 3.21.0 in /hack/api-docs by @​dependabot in https://github.com/external-secrets/external-secrets/pull/4092
• chore(deps): bump regex from 2024.9.11 to 2024.11.6 in /hack/api-docs by @​dependabot in https://github.com/external-secrets/external-secrets/pull/4093
• chore(deps): bump golang from 1.23.2-bookworm to 1.23.3-bookworm in /e2e by @​dependabot in https://github.com/external-secrets/external-secrets/pull/4094
• chore: update dependencies by @​eso-service-account-app in https://github.com/external-secrets/external-secrets/pull/4096
• chore(deps): bump github/codeql-action from 3.27.0 to 3.27.1 by @​dependabot in https://github.com/external-secrets/external-secrets/pull/4088
• fix: typo in webhook.md by @​salekseev in https://github.com/external-secrets/external-secrets/pull/4100
• docs: reformat pushsecrets documentation to be a list by @​twobiers in https://github.com/external-secrets/external-secrets/pull/4102
• fix: refresh interval values by @​gusfcarvalho in https://github.com/external-secrets/external-secrets/pull/4111
• Sign helm chart artifact in ghcr.io by @​aruuunn in https://github.com/external-secrets/external-secrets/pull/4098
• chore(deps): bump distroless/static from cc226ca to f4a57e8 by @​dependabot in https://github.com/external-secrets/external-secrets/pull/4112
• chore(deps): bump golang from 0974259 to c694a4d by @​dependabot in https://github.com/external-secrets/external-secrets/pull/4113
• chore(deps): bump alpine from beefdbd to 1e42bbe by @​dependabot in https://github.com/external-secrets/external-secrets/pull/4114
• chore(deps): bump github/codeql-action from 3.27.1 to 3.27.4 by @​dependabot in https://github.com/external-secrets/external-secrets/pull/4115
• chore(deps): bump codecov/codecov-action from 4.6.0 to 5.0.2 by @​dependabot in https://github.com/external-secrets/external-secrets/pull/4116
• chore(deps): bump softprops/action-gh-release from 2.0.9 to 2.1.0 by @​dependabot in https://github.com/external-secrets/external-secrets/pull/4117
• chore(deps): bump alpine from beefdbd to 1e42bbe in /hack/api-docs by @​dependabot in https://github.com/external-secrets/external-secrets/pull/4118
• chore(deps): bump alpine from beefdbd to 1e42bbe in /e2e by @​dependabot in https://github.com/external-secrets/external-secrets/pull/4119
• chore(deps): bump golang from 0e3377d to 3f3b9da in /e2e by @​dependabot in https://github.com/external-secrets/external-secrets/pull/4120
• fix: re-enable signing helm release by @​moolen in https://github.com/external-secrets/external-secrets/pull/4109
• chore: update dependencies by @​eso-service-account-app in https://github.com/external-secrets/external-secrets/pull/4122
• feat: enable concurrent reconciling for push secret reconciler by @​Skarlso in https://github.com/external-secrets/external-secrets/pull/4124
• feat: supporting pushing entire secret for bitwarden provider by @​Skarlso in https://github.com/external-secrets/external-secrets/pull/4106
• fix: do not import gpg key from forked repo by @​moolen in https://github.com/external-secrets/external-secrets/pull/4126
• feat: implement SecretExists function for gcp secretsmanager by @​Skarlso in https://github.com/external-secrets/external-secrets/pull/4127
• fix: restrict the token permission update to the push chart step by @​Skarlso in https://github.com/external-secrets/external-secrets/pull/4128
• fix: further restrict token permissions on helm action steps by @​Skarlso in https://github.com/external-secrets/external-secrets/pull/4129
• Change wrong YAML TLS keys in documentation by @​ilovelinux in https://github.com/external-secrets/external-secrets/pull/4131

New Contributors

• @​konradasb made their first contribution in https://github.com/external-secrets/external-secrets/pull/4039
• @​logaritmisk made their first contribution in https://github.com/external-secrets/external-secrets/pull/4058
• @​aaronkao made their first contribution in https://github.com/external-secrets/external-secrets/pull/4062
• @​eitan-kr made their first contribution in https://github.com/external-secrets/external-secrets/pull/4061
• @​tete17 made their first contribution in https://github.com/external-secrets/external-secrets/pull/4074
• @​idimov-keeper made their first contribution in https://github.com/external-secrets/external-secrets/pull/4077
• @​samm-git made their first contribution in https://github.com/external-secrets/external-secrets/pull/4076
• @​salekseev made their first contribution in https://github.com/external-secrets/external-secrets/pull/4100
• @​twobiers made their first contribution in https://github.com/external-secrets/external-secrets/pull/4102
• @​aruuunn made their first contribution in https://github.com/external-secrets/external-secrets/pull/4098
• @​ilovelinux made their first contribution in https://github.com/external-secrets/external-secrets/pull/4131

Full Changelog: external-secrets/external-secrets@v0.10.5...v0.10.6

v0.10.5

Compare Source

Image: ghcr.io/external-secrets/external-secrets:v0.10.5
Image: ghcr.io/external-secrets/external-secrets:v0.10.5-ubi
Image: ghcr.io/external-secrets/external-secrets:v0.10.5-ubi-boringssl

What's Changed

• release: update helm charts to version v0.10.4 by @​Skarlso in https://github.com/external-secrets/external-secrets/pull/3957
• Webhook bugfix: ClusterSecretStore with caProvider type Secret does not pass the secret's namespace by @​samwambach in https://github.com/external-secrets/external-secrets/pull/3960
• chore(deps): bump actions/checkout from 4.1.7 to 4.2.0 by @​dependabot in https://github.com/external-secrets/external-secrets/pull/3966
• chore(deps): bump github/codeql-action from 3.26.8 to 3.26.9 by @​dependabot in https://github.com/external-secrets/external-secrets/pull/3967
• chore(deps): bump watchdog from 5.0.2 to 5.0.3 in /hack/api-docs by @​dependabot in https://github.com/external-secrets/external-secrets/pull/3971
• chore(deps): bump pymdown-extensions from 10.9 to 10.11.1 in /hack/api-docs by @​dependabot in https://github.com/external-secrets/external-secrets/pull/3972
• chore(deps): bump mkdocs-material from 9.5.36 to 9.5.39 in /hack/api-docs by @​dependabot in https://github.com/external-secrets/external-secrets/pull/3973
• chore(deps): bump golang from 1a5326b to dba79eb in /e2e by @​dependabot in https://github.com/external-secrets/external-secrets/pull/3968
• fix: fix slice init length by @​cuishuang in https://github.com/external-secrets/external-secrets/pull/3964
• chore(deps): bump golang from ac67716 to ac67716 by @​dependabot in https://github.com/external-secrets/external-secrets/pull/3969
• chore(deps): bump distroless/static from b033683 to 69830f2 by @​dependabot in https://github.com/external-secrets/external-secrets/pull/3970
• chore: update dependencies by @​eso-service-account-app in https://github.com/external-secrets/external-secrets/pull/3974
• feat: allow generators to be referenced from a PushSecret by @​moolen in https://github.com/external-secrets/external-secrets/pull/3965
• chore(deps): bump golang from 1.23.1 to 1.23.2 by @​dependabot in https://github.com/external-secrets/external-secrets/pull/3984
• chore(deps): bump docker/setup-buildx-action from 3.6.1 to 3.7.1 by @​dependabot in https://github.com/external-secrets/external-secrets/pull/3985
• docs: add blog post about Pulumi ESC and ESO by @​dirien in https://github.com/external-secrets/external-secrets/pull/3996
• chore(deps): bump golangci/golangci-lint-action from 6.1.0 to 6.1.1 by @​dependabot in https://github.com/external-secrets/external-secrets/pull/3986
• chore(deps): bump actions/cache from 4.0.2 to 4.1.0 by @​dependabot in https://github.com/external-secrets/external-secrets/pull/3987
• chore(deps): bump codecov/codecov-action from 4.5.0 to 4.6.0 by @​dependabot in https://github.com/external-secrets/external-secrets/pull/3989
• chore(deps): bump termcolor from 2.4.0 to 2.5.0 in /hack/api-docs by @​dependabot in https://github.com/external-secrets/external-secrets/pull/3990
• chore(deps): bump pymdown-extensions from 10.11.1 to 10.11.2 in /hack/api-docs by @​dependabot in https://github.com/external-secrets/external-secrets/pull/3991
• fix cert auth without token fixed #​3926 by @​kaedwen in https://github.com/external-secrets/external-secrets/pull/3952
• chore(deps): bump github/codeql-action from 3.26.9 to 3.26.12 by @​dependabot in https://github.com/external-secrets/external-secrets/pull/3997
• chore: update dependencies by @​eso-service-account-app in https://github.com/external-secrets/external-secrets/pull/3993
• chore(deps): bump golang from 1.23.1-bookworm to 1.23.2-bookworm in /e2e by @​dependabot in https://github.com/external-secrets/external-secrets/pull/3992
• Implement Kubernetes PushSecret metadata by @​moolen in https://github.com/external-secrets/external-secrets/pull/3600
• feat: edit all required changes for recursive option by @​Tchoupinax in https://github.com/external-secrets/external-secrets/pull/3939
• chore(deps): bump charset-normalizer from 3.3.2 to 3.4.0 in /hack/api-docs by @​dependabot in https://github.com/external-secrets/external-secrets/pull/4003
• chore(deps): bump mkdocs-macros-plugin from 1.2.0 to 1.3.5 in /hack/api-docs by @​dependabot in https://github.com/external-secrets/external-secrets/pull/4004
• chore(deps): bump markupsafe from 2.1.5 to 3.0.1 in /hack/api-docs by @​dependabot in https://github.com/external-secrets/external-secrets/pull/4005
• chore(deps): bump mkdocs-material from 9.5.39 to 9.5.40 in /hack/api-docs by @​dependabot in https://github.com/external-secrets/external-secrets/pull/4006
• chore(deps): bump golang from 9dd2625 to 9dd2625 by @​dependabot in https://github.com/external-secrets/external-secrets/pull/4007
• chore(deps): bump aquasecurity/trivy-action from 0.24.0 to 0.27.0 by @​dependabot in https://github.com/external-secrets/external-secrets/pull/4008
• chore(deps): bump actions/checkout from 4.2.0 to 4.2.1 by @​dependabot in https://github.com/external-secrets/external-secrets/pull/4009
• chore(deps): bump actions/cache from 4.1.0 to 4.1.1 by @​dependabot in https://github.com/external-secrets/external-secrets/pull/4010
• chore(deps): bump aquasecurity/trivy-action from 0.27.0 to 0.28.0 by @​dependabot in https://github.com/external-secrets/external-secrets/pull/4019
• chore(deps): bump github/codeql-action from 3.26.12 to 3.26.13 by @​dependabot in https://github.com/external-secrets/external-secrets/pull/4020
• chore(deps): bump mkdocs-material from 9.5.40 to 9.5.42 in /hack/api-docs by @​dependabot in https://github.com/external-secrets/external-secrets/pull/4021
• chore(deps): bump markupsafe from 3.0.1 to 3.0.2 in /hack/api-docs by @​dependabot in https://github.com/external-secrets/external-secrets/pull/4022
• chore(deps): bump mkdocs-macros-plugin from 1.3.5 to 1.3.6 in /hack/api-docs by @​dependabot in https://github.com/external-secrets/external-secrets/pull/4023
• chore(deps): bump golang from 18d2f94 to 2341ddf in /e2e by @​dependabot in https://github.com/external-secrets/external-secrets/pull/4024
• chore(deps): bump golang from 9dd2625 to 9dd2625 by @​dependabot in https://github.com/external-secrets/external-secrets/pull/4025
• chore: upgrade beyondtrust go client library by @​btfhernandez in https://github.com/external-secrets/external-secrets/pull/4027

New Contributors

• @​samwambach made their first contribution in https://github.com/external-secrets/external-secrets/pull/3960
• @​cuishuang made their first contribution in https://github.com/external-secrets/external-secrets/pull/3964
• @​Tchoupinax made their first contribution in https://github.com/external-secrets/external-secrets/pull/3939

Full Changelog: external-secrets/external-secrets@v0.10.4...v0.10.5

v0.10.4

Compare Source

WARNING: With this update, Pulumi has added projectID to it's required properties.

Image: oci.external-secrets.io/external-secrets/external-secrets:v0.10.4
Image: oci.external-secrets.io/external-secrets/external-secrets:v0.10.4-ubi
Image: oci.external-secrets.io/external-secrets/external-secrets:v0.10.4-ubi-boringssl

Default image registry change

From this version onwards, the default image registry name will be oci.external-secrets.io. While GHCR.io will keep on working for the foreseeable future, this change is to allow an eventual migration away from GHCR.

deprecation of GHCR - if performed, will be announced previous to its implementation and switch.

What's Changed

• chore: bump helm chart version v0.10.3 by @​Skarlso in https://github.com/external-secrets/external-secrets/pull/3896
• fix: remove unnecessary err check by @​Skarlso in https://github.com/external-secrets/external-secrets/pull/3899
• chore: updates default oci by @​gusfcarvalho in https://github.com/external-secrets/external-secrets/pull/3903
• fix: fix typo in provider name by @​btfhernandez in https://github.com/external-secrets/external-secrets/pull/3900
• chore(deps): bump regex from 2024.7.24 to 2024.9.11 in /hack/api-docs by @​dependabot in https://github.com/external-secrets/external-secrets/pull/3908
• chore(deps): bump urllib3 from 2.2.2 to 2.2.3 in /hack/api-docs by @​dependabot in https://github.com/external-secrets/external-secrets/pull/3909
• chore(deps): bump zipp from 3.20.1 to 3.20.2 in /hack/api-docs by @​dependabot in https://github.com/external-secrets/external-secrets/pull/3910
• chore(deps): bump idna from 3.8 to 3.10 in /hack/api-docs by @​dependabot in https://github.com/external-secrets/external-secrets/pull/3911
• chore(deps): bump platformdirs from 4.3.2 to 4.3.3 in /hack/api-docs by @​dependabot in https://github.com/external-secrets/external-secrets/pull/3912
• chore(deps): bump github/codeql-action from 3.26.6 to 3.26.7 by @​dependabot in https://github.com/external-secrets/external-secrets/pull/3913
• chore(deps): bump golang from ac67716 to ac67716 by @​dependabot in https://github.com/external-secrets/external-secrets/pull/3914
• Fix: Update Label for Documentation by @​KAZYPinkSaurus in https://github.com/external-secrets/external-secrets/pull/3898
• chore: update dependencies by @​eso-service-account-app in https://github.com/external-secrets/external-secrets/pull/3915
• Add support for Vault kvv1 by @​nick-knowlson-alayacare in https://github.com/external-secrets/external-secrets/pull/3790
• enable dark theme by @​andylim0221 in https://github.com/external-secrets/external-secrets/pull/3061
• RELEASE BLOCKER: fix: flux and e2e tests not using the right image names for caching on local kind cluster by @​Skarlso in https://github.com/external-secrets/external-secrets/pull/3923
• fix: build a second image to fix the flux managed and unmanaged test by @​Skarlso in https://github.com/external-secrets/external-secrets/pull/3931
• Add attached file support to all onepassword secrets by @​titilambert in https://github.com/external-secrets/external-secrets/pull/3901
• Feature/asm 11630 akeyless push secret by @​dan-akeyless in https://github.com/external-secrets/external-secrets/pull/3907
• feat: update Pulumi provider for GA by @​dirien in https://github.com/external-secrets/external-secrets/pull/3917
• Implements Previder provider for Previder Secret Vault implementation by @​gkwmiddelkamp in https://github.com/external-secrets/external-secrets/pull/3916
• chore(deps): bump mkdocs-material from 9.5.34 to 9.5.36 in /hack/api-docs by @​dependabot in https://github.com/external-secrets/external-secrets/pull/3941
• chore(deps): bump importlib-metadata from 8.4.0 to 8.5.0 in /hack/api-docs by @​dependabot in https://github.com/external-secrets/external-secrets/pull/3943
• chore(deps): bump importlib-resources from 6.4.4 to 6.4.5 in /hack/api-docs by @​dependabot in https://github.com/external-secrets/external-secrets/pull/3945
• chore(deps): bump github/codeql-action from 3.26.7 to 3.26.8 by @​dependabot in https://github.com/external-secrets/external-secrets/pull/3946
• chore(deps): bump distroless/static from 95eb83a to b033683 by @​dependabot in https://github.com/external-secrets/external-secrets/pull/3947
• docs(beyondtrust): fix provider indentation, smaller fixes by @​dmpe in https://github.com/external-secrets/external-secrets/pull/3924
• chore: update dependencies by @​eso-service-account-app in https://github.com/external-secrets/external-secrets/pull/3948
• chore(deps): bump platformdirs from 4.3.3 to 4.3.6 in /hack/api-docs by @​dependabot in https://github.com/external-secrets/external-secrets/pull/3942
• chore(deps): bump mkdocs-macros-plugin from 1.0.5 to 1.2.0 in /hack/api-docs by @​dependabot in https://github.com/external-secrets/external-secrets/pull/3944
• fix: pin to the right version for azure keyvault by @​Skarlso in https://github.com/external-secrets/external-secrets/pull/3949
• docs: pin CRDs version in FluxCD example, bump api versions by @​malovme in https://github.com/external-secrets/external-secrets/pull/3940
• Make CRD categories useful by @​mindw in https://github.com/external-secrets/external-secrets/pull/3929
• fix: uuid generator doc example links by @​Skarlso in https://github.com/external-secrets/external-secrets/pull/3955

New Contributors

• @​KAZYPinkSaurus made their first contribution in https://github.com/external-secrets/external-secrets/pull/3898
• @​nick-knowlson-alayacare made their first contribution in https://github.com/external-secrets/external-secrets/pull/3790
• @​andylim0221 made their first contribution in https://github.com/external-secrets/external-secrets/pull/3061
• @​dan-akeyless made their first contribution in https://github.com/external-secrets/external-secrets/pull/3907
• @​gkwmiddelkamp made their first contribution in https://github.com/external-secrets/external-secrets/pull/3916
• @​dmpe made their first contribution in https://github.com/external-secrets/external-secrets/pull/3924
• @​malovme made their first contribution in https://github.com/external-secrets/external-secrets/pull/3940
• @​mindw made their first contribution in https://github.com/external-secrets/external-secrets/pull/3929

Full Changelog: external-secrets/external-secrets@v0.10.3...v0.10.4

v0.10.3

Compare Source

Image: ghcr.io/external-secrets/external-secrets:v0.10.3
Image: ghcr.io/external-secrets/external-secrets:v0.10.3-ubi
Image: ghcr.io/external-secrets/external-secrets:v0.10.3-ubi-boringssl

What's Changed

• release: update helm charts to version v0.10.2 by @​Skarlso in https://github.com/external-secrets/external-secrets/pull/3846
• Use Conjur API's built in JWT functions by @​szh in https://github.com/external-secrets/external-secrets/pull/3771
• fix: set grpc resolver explicitly in yandex by @​stek29 in https://github.com/external-secrets/external-secrets/pull/3838
• Add values.schema.json generation to Helm chart by @​PrateekKumar1709 in https://github.com/external-secrets/external-secrets/pull/3774
• fix: only replace data if it is in the middle of the path by @​Skarlso in https://github.com/external-secrets/external-secrets/pull/3852
• fix: bitwarden API url to point to the correct default location by @​Skarlso in https://github.com/external-secrets/external-secrets/pull/3848
• feat: update bitwarden server sdk chart version by @​Skarlso in https://github.com/external-secrets/external-secrets/pull/3850
• chore(deps): bump github/codeql-action from 3.26.5 to 3.26.6 by @​dependabot in https://github.com/external-secrets/external-secrets/pull/3855
• chore(deps): bump actions/setup-python from 5.1.1 to 5.2.0 by @​dependabot in https://github.com/external-secrets/external-secrets/pull/3856
• chore(deps): bump mkdocs-material from 9.5.33 to 9.5.34 in /hack/api-docs by @​dependabot in https://github.com/external-secrets/external-secrets/pull/3857
• chore(deps): bump mkdocs from 1.6.0 to 1.6.1 in /hack/api-docs by @​dependabot in https://github.com/external-secrets/external-secrets/pull/3858
• chore(deps): bump watchdog from 4.0.2 to 5.0.0 in /hack/api-docs b

---

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[carpenike-bot]

--- kubernetes/nas-1/apps/kube-system/external-secrets/app Kustomization: flux-system/cluster-apps-external-secrets HelmRelease: kube-system/external-secrets

+++ kubernetes/nas-1/apps/kube-system/external-secrets/app Kustomization: flux-system/cluster-apps-external-secrets HelmRelease: kube-system/external-secrets

@@ -12,13 +12,13 @@

     spec:
       chart: external-secrets
       sourceRef:
         kind: HelmRepository
         name: external-secrets
         namespace: flux-system
-      version: 0.9.13
+      version: 0.10.7
   install:
     createNamespace: true
     remediation:
       retries: 3
   interval: 15m
   maxHistory: 2

[carpenike-bot]

--- HelmRelease: kube-system/external-secrets ClusterRole: kube-system/external-secrets-cert-controller

+++ HelmRelease: kube-system/external-secrets ClusterRole: kube-system/external-secrets-cert-controller

@@ -20,15 +20,23 @@

   - patch
 - apiGroups:
   - admissionregistration.k8s.io
   resources:
   - validatingwebhookconfigurations
   verbs:
-  - get
   - list
   - watch
+  - get
+- apiGroups:
+  - admissionregistration.k8s.io
+  resources:
+  - validatingwebhookconfigurations
+  resourceNames:
+  - secretstore-validate
+  - externalsecret-validate
+  verbs:
   - update
   - patch
 - apiGroups:
   - ''
   resources:
   - endpoints
--- HelmRelease: kube-system/external-secrets ClusterRole: kube-system/external-secrets-controller

+++ HelmRelease: kube-system/external-secrets ClusterRole: kube-system/external-secrets-controller

@@ -36,23 +36,26 @@

   - clusterexternalsecrets/status
   - clusterexternalsecrets/finalizers
   - pushsecrets
   - pushsecrets/status
   - pushsecrets/finalizers
   verbs:
+  - get
   - update
   - patch
 - apiGroups:
   - generators.external-secrets.io
   resources:
   - acraccesstokens
   - ecrauthorizationtokens
   - fakes
   - gcraccesstokens
+  - githubaccesstokens
   - passwords
   - vaultdynamicsecrets
+  - webhooks
   verbs:
   - get
   - list
   - watch
 - apiGroups:
   - ''
--- HelmRelease: kube-system/external-secrets ClusterRole: kube-system/external-secrets-view

+++ HelmRelease: kube-system/external-secrets ClusterRole: kube-system/external-secrets-view

@@ -26,13 +26,15 @@

   - generators.external-secrets.io
   resources:
   - acraccesstokens
   - ecrauthorizationtokens
   - fakes
   - gcraccesstokens
+  - githubaccesstokens
   - passwords
   - vaultdynamicsecrets
+  - webhooks
   verbs:
   - get
   - watch
   - list
 
--- HelmRelease: kube-system/external-secrets ClusterRole: kube-system/external-secrets-edit

+++ HelmRelease: kube-system/external-secrets ClusterRole: kube-system/external-secrets-edit

@@ -27,14 +27,16 @@

   - generators.external-secrets.io
   resources:
   - acraccesstokens
   - ecrauthorizationtokens
   - fakes
   - gcraccesstokens
+  - githubaccesstokens
   - passwords
   - vaultdynamicsecrets
+  - webhooks
   verbs:
   - create
   - delete
   - deletecollection
   - patch
   - update
--- HelmRelease: kube-system/external-secrets Deployment: kube-system/external-secrets-cert-controller

+++ HelmRelease: kube-system/external-secrets Deployment: kube-system/external-secrets-cert-controller

@@ -34,23 +34,26 @@

             - ALL
           readOnlyRootFilesystem: true
           runAsNonRoot: true
           runAsUser: 1000
           seccompProfile:
             type: RuntimeDefault
-        image: ghcr.io/external-secrets/external-secrets:v0.9.13
+        image: oci.external-secrets.io/external-secrets/external-secrets:v0.10.7
         imagePullPolicy: IfNotPresent
         args:
         - certcontroller
         - --crd-requeue-interval=5m
         - --service-name=external-secrets-webhook
         - --service-namespace=kube-system
         - --secret-name=external-secrets-webhook
         - --secret-namespace=kube-system
         - --metrics-addr=:8080
         - --healthz-addr=:8081
+        - --loglevel=info
+        - --zap-time-encoding=epoch
+        - --enable-partial-cache=true
         ports:
         - containerPort: 8080
           protocol: TCP
           name: metrics
         readinessProbe:
           httpGet:
--- HelmRelease: kube-system/external-secrets Deployment: kube-system/external-secrets

+++ HelmRelease: kube-system/external-secrets Deployment: kube-system/external-secrets

@@ -34,16 +34,19 @@

             - ALL
           readOnlyRootFilesystem: true
           runAsNonRoot: true
           runAsUser: 1000
           seccompProfile:
             type: RuntimeDefault
-        image: ghcr.io/external-secrets/external-secrets:v0.9.13
+        image: oci.external-secrets.io/external-secrets/external-secrets:v0.10.7
         imagePullPolicy: IfNotPresent
         args:
         - --concurrent=1
         - --metrics-addr=:8080
+        - --loglevel=info
+        - --zap-time-encoding=epoch
         ports:
         - containerPort: 8080
           protocol: TCP
           name: metrics
+      dnsPolicy: ClusterFirst
 
--- HelmRelease: kube-system/external-secrets Deployment: kube-system/external-secrets-webhook

+++ HelmRelease: kube-system/external-secrets Deployment: kube-system/external-secrets-webhook

@@ -34,22 +34,24 @@

             - ALL
           readOnlyRootFilesystem: true
           runAsNonRoot: true
           runAsUser: 1000
           seccompProfile:
             type: RuntimeDefault
-        image: ghcr.io/external-secrets/external-secrets:v0.9.13
+        image: oci.external-secrets.io/external-secrets/external-secrets:v0.10.7
         imagePullPolicy: IfNotPresent
         args:
         - webhook
         - --port=10250
         - --dns-name=external-secrets-webhook.kube-system.svc
         - --cert-dir=/tmp/certs
         - --check-interval=5m
         - --metrics-addr=:8080
         - --healthz-addr=:8081
+        - --loglevel=info
+        - --zap-time-encoding=epoch
         ports:
         - containerPort: 8080
           protocol: TCP
           name: metrics
         - containerPort: 10250
           protocol: TCP
--- HelmRelease: kube-system/external-secrets ValidatingWebhookConfiguration: kube-system/secretstore-validate

+++ HelmRelease: kube-system/external-secrets ValidatingWebhookConfiguration: kube-system/secretstore-validate

@@ -1,12 +1,15 @@

 ---
 apiVersion: admissionregistration.k8s.io/v1
 kind: ValidatingWebhookConfiguration
 metadata:
   name: secretstore-validate
   labels:
+    app.kubernetes.io/name: external-secrets-webhook
+    app.kubernetes.io/instance: external-secrets
+    app.kubernetes.io/managed-by: Helm
     external-secrets.io/component: webhook
 webhooks:
 - name: validate.secretstore.external-secrets.io
   rules:
   - apiGroups:
     - external-secrets.io
--- HelmRelease: kube-system/external-secrets ValidatingWebhookConfiguration: kube-system/externalsecret-validate

+++ HelmRelease: kube-system/external-secrets ValidatingWebhookConfiguration: kube-system/externalsecret-validate

@@ -1,12 +1,15 @@

 ---
 apiVersion: admissionregistration.k8s.io/v1
 kind: ValidatingWebhookConfiguration
 metadata:
   name: externalsecret-validate
   labels:
+    app.kubernetes.io/name: external-secrets-webhook
+    app.kubernetes.io/instance: external-secrets
+    app.kubernetes.io/managed-by: Helm
     external-secrets.io/component: webhook
 webhooks:
 - name: validate.externalsecret.external-secrets.io
   rules:
   - apiGroups:
     - external-secrets.io

[carpenike-bot]

🦙 MegaLinter status: ❌ ERROR

Descriptor	Linter	Files	Fixed	Errors	Elapsed time
❌ COPYPASTE	jscpd	yes		2	1.14s
✅ REPOSITORY	git_diff	yes		no	0.02s
✅ REPOSITORY	secretlint	yes		no	3.23s
✅ YAML	prettier	1		0	0.36s
✅ YAML	yamllint	1		0	0.35s

See detailed report in MegaLinter reports
Set VALIDATE_ALL_CODEBASE: true in mega-linter.yml to validate all sources, not only the diff

MegaLinter is graciously provided by