Skip to content

clusters/aaa: upgrade kubernetes-external-secrets to v8.1.2 #2226

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
k8s-ci-robot merged 2 commits into from
Jun 16, 2021
Merged

clusters/aaa: upgrade kubernetes-external-secrets to v8.1.2 #2226

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
d233969
kubernetes-external-secrets: mv to match filenames in prow
spiffxp Jun 15, 2021
bd32c9e
kubernetes-external-secrets: upgrade to v8.1.2
spiffxp Jun 15, 2021
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
141 changes: 0 additions & 141 deletions kubernetes-external-secrets/kubernetes-client.io_externalsecrets_crd.yaml
View file
Open in desktop

This file was deleted.

8 changes: 8 additions & 0 deletions kubernetes-external-secrets/kubernetes-external-secrets-serviceaccounts.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,8 @@
---
apiVersion: v1
kind: ServiceAccount
metadata:
annotations:
iam.gke.io/gcp-service-account: kubernetes-external-secrets@kubernetes-public.iam.gserviceaccount.com
name: kubernetes-external-secrets
namespace: kubernetes-external-secrets
10 changes: 5 additions & 5 deletions kubernetes-external-secrets/deployment.yaml → ...-secrets/kubernetes-external-secrets.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,9 +1,8 @@

---
apiVersion: v1
kind: Service
metadata:
name: kubernetes-external-secrets
name: kubernetes-external-secrets-metrics
namespace: kubernetes-external-secrets
labels:
app: kubernetes-external-secrets
Expand Down Expand Up @@ -36,14 +35,14 @@ spec:
serviceAccountName: kubernetes-external-secrets
containers:
- name: kubernetes-external-secrets
image: "ghcr.io/external-secrets/kubernetes-external-secrets:7.0.1"
imagePullPolicy: Always
image: "ghcr.io/external-secrets/kubernetes-external-secrets:8.1.2"
imagePullPolicy: IfNotPresent
ports:
- name: prometheus
containerPort: 3001
env:
- name: "LOG_LEVEL"
value: "debug" # TODO(ameukam): switch to info
value: "debug"
- name: "LOG_MESSAGE_KEY"
value: "msg"
- name: "METRICS_PORT"
Expand All @@ -55,3 +54,4 @@ spec:
# Params for env vars populated from k8s secrets
securityContext:
runAsNonRoot: true

206 changes: 206 additions & 0 deletions kubernetes-external-secrets/kubernetes-external-secrets_crd.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,206 @@
# From https://github.com/external-secrets/kubernetes-external-secrets/blob/8.1.2/charts/kubernetes-external-secrets/crds/kubernetes-client.io_externalsecrets_crd.yaml
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
name: externalsecrets.kubernetes-client.io
annotations:
# used in e2e testing
app.kubernetes.io/managed-by: helm
spec:
group: kubernetes-client.io
scope: Namespaced

preserveUnknownFields: false

versions:
- name: v1
served: true
storage: true
subresources:
status: {}
schema:
openAPIV3Schema:
required:
- spec
type: object
properties:
spec:
type: object
properties:
controllerId:
description: The ID of controller instance that manages this ExternalSecret.
This is needed in case there is more than a KES controller instances within the cluster.
type: string
type:
type: string
description: >-
DEPRECATED: Use spec.template.type
template:
description: Template which will be deep merged without mutating
any existing fields. into generated secret, can be used to
set for example annotations or type on the generated secret
type: object
x-kubernetes-preserve-unknown-fields: true
backendType:
description: >-
Determines which backend to use for fetching secrets
type: string
enum:
- secretsManager
- systemManager
- vault
- azureKeyVault
- gcpSecretsManager
- alicloudSecretsManager
- ibmcloudSecretsManager
- akeyless
vaultRole:
description: >-
Used by: vault
type: string
vaultMountPoint:
description: >-
Used by: vault
type: string
kvVersion:
description: Vault K/V version either 1 or 2, default = 2
type: integer
minimum: 1
maximum: 2
keyVaultName:
description: >-
Used by: azureKeyVault
type: string
dataFrom:
type: array
items:
type: string
data:
type: array
items:
type: object
properties:
key:
description: Secret key in backend
type: string
name:
description: Name set for this key in the generated secret
type: string
property:
description: Property to extract if secret in backend is a JSON object
type: string
isBinary:
description: >-
Whether the backend secret shall be treated as binary data
represented by a base64-encoded string. You must set this to true
for any base64-encoded binary data in the backend - to ensure it
is not encoded in base64 again. Default is false.
type: boolean
path:
description: >-
Path from SSM to scrape secrets
This will fetch all secrets and use the key from the secret as variable name
type: string
recursive:
description: Allow to recurse thru all child keys on a given path, default false
type: boolean
secretType:
description: >-
Used by: ibmcloudSecretsManager
Type of secret - one of username_password, iam_credentials or arbitrary
type: string
version:
description: >-
Used by: gcpSecretsManager
type: string
x-kubernetes-int-or-string: true
versionStage:
description: >-
Used by: alicloudSecretsManager, secretsManager
type: string
versionId:
description: >-
Used by: secretsManager
type: string
oneOf:
- required:
- key
- name
- required:
- path
roleArn:
type: string
description: >-
Used by: alicloudSecretsManager, secretsManager, systemManager
region:
type: string
description: >-
Used by: secretsManager, systemManager
projectId:
type: string
description: >-
Used by: gcpSecretsManager
oneOf:
- properties:
backendType:
enum:
- secretsManager
- systemManager
- properties:
backendType:
enum:
- vault
- properties:
backendType:
enum:
- azureKeyVault
required:
- keyVaultName
- properties:
backendType:
enum:
- gcpSecretsManager
- properties:
backendType:
enum:
- alicloudSecretsManager
- properties:
backendType:
enum:
- ibmcloudSecretsManager
- properties:
backendType:
enum:
- akeyless
anyOf:
- required:
- data
- required:
- dataFrom
status:
type: object
properties:
lastSync:
type: string
status:
type: string
observedGeneration:
type: number
additionalPrinterColumns:
- jsonPath: .status.lastSync
name: Last Sync
type: date
- jsonPath: .status.status
name: status
type: string
- jsonPath: .metadata.creationTimestamp
name: Age
type: date

names:
shortNames:
- es
kind: ExternalSecret
plural: externalsecrets
singular: externalsecret
Loading