diff --git a/assets/argo/argo-cd-6.9.1.tgz b/assets/argo/argo-cd-6.9.1.tgz index ddae92db6..d26ae3f8c 100644 Binary files a/assets/argo/argo-cd-6.9.1.tgz and b/assets/argo/argo-cd-6.9.1.tgz differ diff --git a/assets/argo/argo-cd-6.9.2.tgz b/assets/argo/argo-cd-6.9.2.tgz new file mode 100644 index 000000000..40f40fea7 Binary files /dev/null and b/assets/argo/argo-cd-6.9.2.tgz differ diff --git a/assets/external-secrets/external-secrets-0.9.18.tgz b/assets/external-secrets/external-secrets-0.9.18.tgz new file mode 100644 index 000000000..2462e58d4 Binary files /dev/null and b/assets/external-secrets/external-secrets-0.9.18.tgz differ diff --git a/assets/jenkins/jenkins-5.1.13.tgz b/assets/jenkins/jenkins-5.1.13.tgz new file mode 100644 index 000000000..69fb97067 Binary files /dev/null and b/assets/jenkins/jenkins-5.1.13.tgz differ diff --git a/assets/speedscale/speedscale-operator-2.1.359.tgz b/assets/speedscale/speedscale-operator-2.1.359.tgz new file mode 100644 index 000000000..e937ecef0 Binary files /dev/null and b/assets/speedscale/speedscale-operator-2.1.359.tgz differ diff --git a/charts/argo/argo-cd/Chart.yaml b/charts/argo/argo-cd/Chart.yaml index 5a7f2cc89..a2eba3b29 100644 --- a/charts/argo/argo-cd/Chart.yaml +++ b/charts/argo/argo-cd/Chart.yaml @@ -1,11 +1,7 @@ annotations: artifacthub.io/changes: | - - kind: fixed - description: Service option externalIPs is available for all service types - - kind: fixed - description: Service option externalTrafficPolicy is available only for Service types LoadBalancer and NodePort - - kind: fixed - description: Load balancer options are available only for Service type LoadBalancer + - kind: added + description: Support ability to set .Values.namespaceOverride artifacthub.io/signKey: | fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252 url: https://argoproj.github.io/argo-helm/pgp_keys.asc @@ -37,4 +33,4 @@ name: argo-cd sources: - https://github.com/argoproj/argo-helm/tree/main/charts/argo-cd - https://github.com/argoproj/argo-cd -version: 6.9.1 +version: 6.9.2 diff --git a/charts/argo/argo-cd/README.md b/charts/argo/argo-cd/README.md index 596caabde..3f196f82f 100644 --- a/charts/argo/argo-cd/README.md +++ b/charts/argo/argo-cd/README.md @@ -622,6 +622,7 @@ NAME: my-release | fullnameOverride | string | `""` | String to fully override `"argo-cd.fullname"` | | kubeVersionOverride | string | `""` | Override the Kubernetes version, which is used to evaluate certain manifests | | nameOverride | string | `"argocd"` | Provide a name in place of `argocd` | +| namespaceOverride | string | `.Release.Namespace` | Override the namespace | | openshift.enabled | bool | `false` | enables using arbitrary uid for argo repo server | ## Global Configs diff --git a/charts/argo/argo-cd/templates/_helpers.tpl b/charts/argo/argo-cd/templates/_helpers.tpl index 5ec03d900..67af632ca 100644 --- a/charts/argo/argo-cd/templates/_helpers.tpl +++ b/charts/argo/argo-cd/templates/_helpers.tpl @@ -218,3 +218,11 @@ Merge Argo Params Configuration with Preset Configuration {{ $key }}: {{ toString $value | toYaml }} {{- end }} {{- end -}} + +{{/* +Expand the namespace of the release. +Allows overriding it for multi-namespace deployments in combined charts. +*/}} +{{- define "argo-cd.namespace" -}} +{{- default .Release.Namespace .Values.namespaceOverride | trunc 63 | trimSuffix "-" -}} +{{- end }} diff --git a/charts/argo/argo-cd/templates/argocd-application-controller/clusterrolebinding.yaml b/charts/argo/argo-cd/templates/argocd-application-controller/clusterrolebinding.yaml index 7b6df7820..6076c5312 100644 --- a/charts/argo/argo-cd/templates/argocd-application-controller/clusterrolebinding.yaml +++ b/charts/argo/argo-cd/templates/argocd-application-controller/clusterrolebinding.yaml @@ -12,5 +12,5 @@ roleRef: subjects: - kind: ServiceAccount name: {{ include "argo-cd.controller.serviceAccountName" . }} - namespace: {{ .Release.Namespace }} + namespace: {{ include "argo-cd.namespace" . }} {{- end }} diff --git a/charts/argo/argo-cd/templates/argocd-application-controller/deployment.yaml b/charts/argo/argo-cd/templates/argocd-application-controller/deployment.yaml index dc26a8dbe..23d2a7ad5 100644 --- a/charts/argo/argo-cd/templates/argocd-application-controller/deployment.yaml +++ b/charts/argo/argo-cd/templates/argocd-application-controller/deployment.yaml @@ -9,7 +9,7 @@ metadata: {{- end }} {{- end }} name: {{ template "argo-cd.controller.fullname" . }} - namespace: {{ .Release.Namespace | quote }} + namespace: {{ include "argo-cd.namespace" . }} labels: {{- include "argo-cd.labels" (dict "context" . "component" .Values.controller.name "name" .Values.controller.name) | nindent 4 }} spec: diff --git a/charts/argo/argo-cd/templates/argocd-application-controller/metrics.yaml b/charts/argo/argo-cd/templates/argocd-application-controller/metrics.yaml index 01b7a779c..c3ceb047c 100644 --- a/charts/argo/argo-cd/templates/argocd-application-controller/metrics.yaml +++ b/charts/argo/argo-cd/templates/argocd-application-controller/metrics.yaml @@ -3,7 +3,7 @@ apiVersion: v1 kind: Service metadata: name: {{ include "argo-cd.controller.fullname" . }}-metrics - namespace: {{ .Release.Namespace | quote }} + namespace: {{ include "argo-cd.namespace" . }} labels: {{- include "argo-cd.labels" (dict "context" . "component" .Values.controller.name "name" "metrics") | nindent 4 }} {{- with .Values.controller.metrics.service.labels }} diff --git a/charts/argo/argo-cd/templates/argocd-application-controller/networkpolicy.yaml b/charts/argo/argo-cd/templates/argocd-application-controller/networkpolicy.yaml index e7448c52f..db1ee7c24 100644 --- a/charts/argo/argo-cd/templates/argocd-application-controller/networkpolicy.yaml +++ b/charts/argo/argo-cd/templates/argocd-application-controller/networkpolicy.yaml @@ -5,7 +5,7 @@ metadata: labels: {{- include "argo-cd.labels" (dict "context" . "component" .Values.controller.name "name" .Values.controller.name) | nindent 4 }} name: {{ template "argo-cd.controller.fullname" . }} - namespace: {{ .Release.Namespace | quote }} + namespace: {{ include "argo-cd.namespace" . }} spec: ingress: - from: diff --git a/charts/argo/argo-cd/templates/argocd-application-controller/pdb.yaml b/charts/argo/argo-cd/templates/argocd-application-controller/pdb.yaml index 7eaf28e18..bef09799b 100644 --- a/charts/argo/argo-cd/templates/argocd-application-controller/pdb.yaml +++ b/charts/argo/argo-cd/templates/argocd-application-controller/pdb.yaml @@ -3,7 +3,7 @@ apiVersion: policy/v1 kind: PodDisruptionBudget metadata: name: {{ include "argo-cd.controller.fullname" . }} - namespace: {{ .Release.Namespace | quote }} + namespace: {{ include "argo-cd.namespace" . }} labels: {{- include "argo-cd.labels" (dict "context" . "component" .Values.controller.name "name" .Values.controller.name) | nindent 4 }} {{- with .Values.controller.pdb.labels }} diff --git a/charts/argo/argo-cd/templates/argocd-application-controller/role.yaml b/charts/argo/argo-cd/templates/argocd-application-controller/role.yaml index ea550e1fe..f2aa2cfdd 100644 --- a/charts/argo/argo-cd/templates/argocd-application-controller/role.yaml +++ b/charts/argo/argo-cd/templates/argocd-application-controller/role.yaml @@ -2,7 +2,7 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: name: {{ template "argo-cd.controller.fullname" . }} - namespace: {{ .Release.Namespace | quote }} + namespace: {{ include "argo-cd.namespace" . }} labels: {{- include "argo-cd.labels" (dict "context" . "component" .Values.controller.name "name" .Values.controller.name) | nindent 4 }} rules: diff --git a/charts/argo/argo-cd/templates/argocd-application-controller/rolebinding.yaml b/charts/argo/argo-cd/templates/argocd-application-controller/rolebinding.yaml index 9a87f7711..48681637a 100644 --- a/charts/argo/argo-cd/templates/argocd-application-controller/rolebinding.yaml +++ b/charts/argo/argo-cd/templates/argocd-application-controller/rolebinding.yaml @@ -2,7 +2,7 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: name: {{ include "argo-cd.controller.fullname" . }} - namespace: {{ .Release.Namespace | quote }} + namespace: {{ include "argo-cd.namespace" . }} labels: {{- include "argo-cd.labels" (dict "context" . "component" .Values.controller.name "name" .Values.controller.name) | nindent 4 }} roleRef: @@ -10,6 +10,6 @@ roleRef: kind: Role name: {{ include "argo-cd.controller.fullname" . }} subjects: -- kind: ServiceAccount - name: {{ include "argo-cd.controller.serviceAccountName" . }} - namespace: {{ .Release.Namespace }} + - kind: ServiceAccount + name: {{ include "argo-cd.controller.serviceAccountName" . }} + namespace: {{ include "argo-cd.namespace" . }} diff --git a/charts/argo/argo-cd/templates/argocd-application-controller/serviceaccount.yaml b/charts/argo/argo-cd/templates/argocd-application-controller/serviceaccount.yaml index 1b9619d6f..575cbf6d3 100644 --- a/charts/argo/argo-cd/templates/argocd-application-controller/serviceaccount.yaml +++ b/charts/argo/argo-cd/templates/argocd-application-controller/serviceaccount.yaml @@ -4,7 +4,7 @@ kind: ServiceAccount automountServiceAccountToken: {{ .Values.controller.serviceAccount.automountServiceAccountToken }} metadata: name: {{ include "argo-cd.controller.serviceAccountName" . }} - namespace: {{ .Release.Namespace | quote }} + namespace: {{ include "argo-cd.namespace" . }} {{- with .Values.controller.serviceAccount.annotations }} annotations: {{- range $key, $value := . }} diff --git a/charts/argo/argo-cd/templates/argocd-application-controller/servicemonitor.yaml b/charts/argo/argo-cd/templates/argocd-application-controller/servicemonitor.yaml index 342dbc018..4a09daf34 100644 --- a/charts/argo/argo-cd/templates/argocd-application-controller/servicemonitor.yaml +++ b/charts/argo/argo-cd/templates/argocd-application-controller/servicemonitor.yaml @@ -43,7 +43,7 @@ spec: {{- end }} namespaceSelector: matchNames: - - {{ .Release.Namespace }} + - {{ include "argo-cd.namespace" . }} selector: matchLabels: {{- include "argo-cd.selectorLabels" (dict "context" . "component" .Values.controller.name "name" "metrics") | nindent 6 }} diff --git a/charts/argo/argo-cd/templates/argocd-application-controller/statefulset.yaml b/charts/argo/argo-cd/templates/argocd-application-controller/statefulset.yaml index 208f358fe..071913591 100644 --- a/charts/argo/argo-cd/templates/argocd-application-controller/statefulset.yaml +++ b/charts/argo/argo-cd/templates/argocd-application-controller/statefulset.yaml @@ -9,7 +9,7 @@ metadata: {{- end }} {{- end }} name: {{ template "argo-cd.controller.fullname" . }} - namespace: {{ .Release.Namespace | quote }} + namespace: {{ include "argo-cd.namespace" . }} labels: {{- include "argo-cd.labels" (dict "context" . "component" .Values.controller.name "name" .Values.controller.name) | nindent 4 }} spec: diff --git a/charts/argo/argo-cd/templates/argocd-applicationset/certificate.yaml b/charts/argo/argo-cd/templates/argocd-applicationset/certificate.yaml index 3f6236142..c2d2b279c 100644 --- a/charts/argo/argo-cd/templates/argocd-applicationset/certificate.yaml +++ b/charts/argo/argo-cd/templates/argocd-applicationset/certificate.yaml @@ -9,7 +9,7 @@ metadata: {{- end }} {{- end }} name: {{ template "argo-cd.applicationSet.fullname" . }} - namespace: {{ .Release.Namespace | quote }} + namespace: {{ include "argo-cd.namespace" . }} labels: {{- include "argo-cd.labels" (dict "context" . "component" .Values.applicationSet.name "name" .Values.applicationSet.name) | nindent 4 }} spec: diff --git a/charts/argo/argo-cd/templates/argocd-applicationset/clusterrole.yaml b/charts/argo/argo-cd/templates/argocd-applicationset/clusterrole.yaml index 6ac4c1e70..9c9b9193e 100644 --- a/charts/argo/argo-cd/templates/argocd-applicationset/clusterrole.yaml +++ b/charts/argo/argo-cd/templates/argocd-applicationset/clusterrole.yaml @@ -3,7 +3,7 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: name: {{ include "argo-cd.applicationSet.fullname" . }} - namespace: {{ .Release.Namespace | quote }} + namespace: {{ include "argo-cd.namespace" . }} labels: {{- include "argo-cd.labels" (dict "context" . "component" .Values.applicationSet.name "name" .Values.applicationSet.name) | nindent 4 }} rules: diff --git a/charts/argo/argo-cd/templates/argocd-applicationset/clusterrolebinding.yaml b/charts/argo/argo-cd/templates/argocd-applicationset/clusterrolebinding.yaml index 152b31f41..af6d52978 100644 --- a/charts/argo/argo-cd/templates/argocd-applicationset/clusterrolebinding.yaml +++ b/charts/argo/argo-cd/templates/argocd-applicationset/clusterrolebinding.yaml @@ -3,7 +3,7 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: name: {{ template "argo-cd.applicationSet.fullname" . }} - namespace: {{ .Release.Namespace | quote }} + namespace: {{ include "argo-cd.namespace" . }} labels: {{- include "argo-cd.labels" (dict "context" . "component" .Values.applicationSet.name "name" .Values.applicationSet.name) | nindent 4 }} roleRef: @@ -13,5 +13,5 @@ roleRef: subjects: - kind: ServiceAccount name: {{ template "argo-cd.applicationSet.serviceAccountName" . }} - namespace: {{ .Release.Namespace }} + namespace: {{ include "argo-cd.namespace" . }} {{- end }} diff --git a/charts/argo/argo-cd/templates/argocd-applicationset/deployment.yaml b/charts/argo/argo-cd/templates/argocd-applicationset/deployment.yaml index 1c75150d5..060d20c57 100644 --- a/charts/argo/argo-cd/templates/argocd-applicationset/deployment.yaml +++ b/charts/argo/argo-cd/templates/argocd-applicationset/deployment.yaml @@ -8,7 +8,7 @@ metadata: {{- end }} {{- end }} name: {{ include "argo-cd.applicationSet.fullname" . }} - namespace: {{ .Release.Namespace | quote }} + namespace: {{ include "argo-cd.namespace" . }} labels: {{- include "argo-cd.labels" (dict "context" . "component" .Values.applicationSet.name "name" .Values.applicationSet.name) | nindent 4 }} spec: diff --git a/charts/argo/argo-cd/templates/argocd-applicationset/ingress.yaml b/charts/argo/argo-cd/templates/argocd-applicationset/ingress.yaml index f7fb41429..5cdf0cfea 100644 --- a/charts/argo/argo-cd/templates/argocd-applicationset/ingress.yaml +++ b/charts/argo/argo-cd/templates/argocd-applicationset/ingress.yaml @@ -3,7 +3,7 @@ apiVersion: networking.k8s.io/v1 kind: Ingress metadata: name: {{ include "argo-cd.applicationSet.fullname" . }} - namespace: {{ .Release.Namespace | quote }} + namespace: {{ include "argo-cd.namespace" . }} labels: {{- include "argo-cd.labels" (dict "context" . "component" .Values.applicationSet.name "name" .Values.applicationSet.name) | nindent 4 }} {{- with .Values.applicationSet.ingress.labels }} diff --git a/charts/argo/argo-cd/templates/argocd-applicationset/metrics.yaml b/charts/argo/argo-cd/templates/argocd-applicationset/metrics.yaml index 16154c814..06253a81e 100644 --- a/charts/argo/argo-cd/templates/argocd-applicationset/metrics.yaml +++ b/charts/argo/argo-cd/templates/argocd-applicationset/metrics.yaml @@ -3,7 +3,7 @@ apiVersion: v1 kind: Service metadata: name: {{ include "argo-cd.applicationSet.fullname" . }}-metrics - namespace: {{ .Release.Namespace | quote }} + namespace: {{ include "argo-cd.namespace" . }} labels: {{- include "argo-cd.labels" (dict "context" . "component" .Values.applicationSet.name "name" "metrics") | nindent 4 }} {{- with .Values.applicationSet.metrics.service.labels }} diff --git a/charts/argo/argo-cd/templates/argocd-applicationset/networkpolicy.yaml b/charts/argo/argo-cd/templates/argocd-applicationset/networkpolicy.yaml index fee5a80c5..3a295f772 100644 --- a/charts/argo/argo-cd/templates/argocd-applicationset/networkpolicy.yaml +++ b/charts/argo/argo-cd/templates/argocd-applicationset/networkpolicy.yaml @@ -3,7 +3,7 @@ apiVersion: networking.k8s.io/v1 kind: NetworkPolicy metadata: name: {{ template "argo-cd.applicationSet.fullname" . }} - namespace: {{ .Release.Namespace | quote }} + namespace: {{ include "argo-cd.namespace" . }} labels: {{- include "argo-cd.labels" (dict "context" . "component" .Values.applicationSet.name "name" .Values.applicationSet.name) | nindent 4 }} spec: diff --git a/charts/argo/argo-cd/templates/argocd-applicationset/pdb.yaml b/charts/argo/argo-cd/templates/argocd-applicationset/pdb.yaml index 161341603..5d0ebc88d 100644 --- a/charts/argo/argo-cd/templates/argocd-applicationset/pdb.yaml +++ b/charts/argo/argo-cd/templates/argocd-applicationset/pdb.yaml @@ -3,7 +3,7 @@ apiVersion: policy/v1 kind: PodDisruptionBudget metadata: name: {{ include "argo-cd.applicationSet.fullname" . }} - namespace: {{ .Release.Namespace | quote }} + namespace: {{ include "argo-cd.namespace" . }} labels: {{- include "argo-cd.labels" (dict "context" . "component" .Values.applicationSet.name "name" .Values.applicationSet.name) | nindent 4 }} {{- with .Values.applicationSet.pdb.labels }} diff --git a/charts/argo/argo-cd/templates/argocd-applicationset/role.yaml b/charts/argo/argo-cd/templates/argocd-applicationset/role.yaml index f33e776d2..69ebf7ee1 100644 --- a/charts/argo/argo-cd/templates/argocd-applicationset/role.yaml +++ b/charts/argo/argo-cd/templates/argocd-applicationset/role.yaml @@ -2,7 +2,7 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: name: {{ include "argo-cd.applicationSet.fullname" . }} - namespace: {{ .Release.Namespace | quote }} + namespace: {{ include "argo-cd.namespace" . }} labels: {{- include "argo-cd.labels" (dict "context" . "component" .Values.applicationSet.name "name" .Values.applicationSet.name) | nindent 4 }} rules: diff --git a/charts/argo/argo-cd/templates/argocd-applicationset/rolebinding.yaml b/charts/argo/argo-cd/templates/argocd-applicationset/rolebinding.yaml index daf8c7998..5d4f1e4a8 100644 --- a/charts/argo/argo-cd/templates/argocd-applicationset/rolebinding.yaml +++ b/charts/argo/argo-cd/templates/argocd-applicationset/rolebinding.yaml @@ -2,7 +2,7 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: name: {{ include "argo-cd.applicationSet.fullname" . }} - namespace: {{ .Release.Namespace | quote }} + namespace: {{ include "argo-cd.namespace" . }} labels: {{- include "argo-cd.labels" (dict "context" . "component" .Values.applicationSet.name "name" .Values.applicationSet.name) | nindent 4 }} roleRef: @@ -12,4 +12,4 @@ roleRef: subjects: - kind: ServiceAccount name: {{ include "argo-cd.applicationSet.serviceAccountName" . }} - namespace: {{ .Release.Namespace }} + namespace: {{ include "argo-cd.namespace" . }} diff --git a/charts/argo/argo-cd/templates/argocd-applicationset/service.yaml b/charts/argo/argo-cd/templates/argocd-applicationset/service.yaml index 199c83748..91c082aaa 100644 --- a/charts/argo/argo-cd/templates/argocd-applicationset/service.yaml +++ b/charts/argo/argo-cd/templates/argocd-applicationset/service.yaml @@ -8,7 +8,7 @@ metadata: {{- end }} {{- end }} name: {{ template "argo-cd.applicationSet.fullname" . }} - namespace: {{ .Release.Namespace | quote }} + namespace: {{ include "argo-cd.namespace" . }} labels: {{- include "argo-cd.labels" (dict "context" . "component" .Values.applicationSet.name "name" .Values.applicationSet.name) | nindent 4 }} {{- with .Values.applicationSet.service.labels }} diff --git a/charts/argo/argo-cd/templates/argocd-applicationset/serviceaccount.yaml b/charts/argo/argo-cd/templates/argocd-applicationset/serviceaccount.yaml index 07839606e..4869cad05 100644 --- a/charts/argo/argo-cd/templates/argocd-applicationset/serviceaccount.yaml +++ b/charts/argo/argo-cd/templates/argocd-applicationset/serviceaccount.yaml @@ -4,7 +4,7 @@ kind: ServiceAccount automountServiceAccountToken: {{ .Values.applicationSet.serviceAccount.automountServiceAccountToken }} metadata: name: {{ include "argo-cd.applicationSet.serviceAccountName" . }} - namespace: {{ .Release.Namespace | quote }} + namespace: {{ include "argo-cd.namespace" . }} {{- with .Values.applicationSet.serviceAccount.annotations }} annotations: {{- range $key, $value := . }} diff --git a/charts/argo/argo-cd/templates/argocd-applicationset/servicemonitor.yaml b/charts/argo/argo-cd/templates/argocd-applicationset/servicemonitor.yaml index 11ddd5536..9c236c453 100644 --- a/charts/argo/argo-cd/templates/argocd-applicationset/servicemonitor.yaml +++ b/charts/argo/argo-cd/templates/argocd-applicationset/servicemonitor.yaml @@ -43,7 +43,7 @@ spec: {{- end }} namespaceSelector: matchNames: - - {{ .Release.Namespace }} + - {{ include "argo-cd.namespace" . }} selector: matchLabels: {{- include "argo-cd.selectorLabels" (dict "context" . "component" .Values.applicationSet.name "name" "metrics") | nindent 6 }} diff --git a/charts/argo/argo-cd/templates/argocd-configs/argocd-cm.yaml b/charts/argo/argo-cd/templates/argocd-configs/argocd-cm.yaml index c0c8bc86f..6bd19f5ce 100644 --- a/charts/argo/argo-cd/templates/argocd-configs/argocd-cm.yaml +++ b/charts/argo/argo-cd/templates/argocd-configs/argocd-cm.yaml @@ -3,7 +3,7 @@ apiVersion: v1 kind: ConfigMap metadata: name: argocd-cm - namespace: {{ .Release.Namespace | quote }} + namespace: {{ include "argo-cd.namespace" . }} labels: {{- include "argo-cd.labels" (dict "context" . "component" .Values.server.name "name" "cm") | nindent 4 }} {{- with .Values.configs.cm.annotations }} diff --git a/charts/argo/argo-cd/templates/argocd-configs/argocd-cmd-params-cm.yaml b/charts/argo/argo-cd/templates/argocd-configs/argocd-cmd-params-cm.yaml index 9d60d932f..f0c81b244 100644 --- a/charts/argo/argo-cd/templates/argocd-configs/argocd-cmd-params-cm.yaml +++ b/charts/argo/argo-cd/templates/argocd-configs/argocd-cmd-params-cm.yaml @@ -3,7 +3,7 @@ apiVersion: v1 kind: ConfigMap metadata: name: argocd-cmd-params-cm - namespace: {{ .Release.Namespace | quote }} + namespace: {{ include "argo-cd.namespace" . }} labels: {{- include "argo-cd.labels" (dict "context" . "component" .Values.server.name "name" "cmd-params-cm") | nindent 4 }} {{- if .Values.configs.params.annotations }} diff --git a/charts/argo/argo-cd/templates/argocd-configs/argocd-cmp-cm.yaml b/charts/argo/argo-cd/templates/argocd-configs/argocd-cmp-cm.yaml index a3400605e..a5d29f6c5 100644 --- a/charts/argo/argo-cd/templates/argocd-configs/argocd-cmp-cm.yaml +++ b/charts/argo/argo-cd/templates/argocd-configs/argocd-cmp-cm.yaml @@ -3,7 +3,7 @@ apiVersion: v1 kind: ConfigMap metadata: name: argocd-cmp-cm - namespace: {{ .Release.Namespace | quote }} + namespace: {{ include "argo-cd.namespace" . }} labels: {{- include "argo-cd.labels" (dict "context" . "component" .Values.repoServer.name "name" "cmp-cm") | nindent 4 }} {{- with .Values.configs.cmp.annotations }} diff --git a/charts/argo/argo-cd/templates/argocd-configs/argocd-dex-server-tls-secret.yaml b/charts/argo/argo-cd/templates/argocd-configs/argocd-dex-server-tls-secret.yaml index c543e8a74..747fa13c1 100644 --- a/charts/argo/argo-cd/templates/argocd-configs/argocd-dex-server-tls-secret.yaml +++ b/charts/argo/argo-cd/templates/argocd-configs/argocd-dex-server-tls-secret.yaml @@ -3,7 +3,7 @@ apiVersion: v1 kind: Secret metadata: name: argocd-dex-server-tls - namespace: {{ .Release.Namespace | quote }} + namespace: {{ include "argo-cd.namespace" . }} labels: {{- include "argo-cd.labels" (dict "context" . "component" .Values.dex.name "name" "dex-server-tls") | nindent 4 }} {{- with .Values.dex.certificateSecret.labels }} diff --git a/charts/argo/argo-cd/templates/argocd-configs/argocd-gpg-keys-cm.yaml b/charts/argo/argo-cd/templates/argocd-configs/argocd-gpg-keys-cm.yaml index f94113a26..ed299b592 100644 --- a/charts/argo/argo-cd/templates/argocd-configs/argocd-gpg-keys-cm.yaml +++ b/charts/argo/argo-cd/templates/argocd-configs/argocd-gpg-keys-cm.yaml @@ -2,7 +2,7 @@ apiVersion: v1 kind: ConfigMap metadata: name: argocd-gpg-keys-cm - namespace: {{ .Release.Namespace | quote }} + namespace: {{ include "argo-cd.namespace" . }} labels: {{- include "argo-cd.labels" (dict "context" . "name" "gpg-keys-cm") | nindent 4 }} {{- with .Values.configs.gpg.annotations }} diff --git a/charts/argo/argo-cd/templates/argocd-configs/argocd-notifications-cm.yaml b/charts/argo/argo-cd/templates/argocd-configs/argocd-notifications-cm.yaml index 2a18a2fc6..663862e22 100644 --- a/charts/argo/argo-cd/templates/argocd-configs/argocd-notifications-cm.yaml +++ b/charts/argo/argo-cd/templates/argocd-configs/argocd-notifications-cm.yaml @@ -3,7 +3,7 @@ apiVersion: v1 kind: ConfigMap metadata: name: argocd-notifications-cm - namespace: {{ .Release.Namespace | quote }} + namespace: {{ include "argo-cd.namespace" . }} labels: {{- include "argo-cd.labels" (dict "context" . "component" .Values.notifications.name "name" .Values.notifications.name) | nindent 4 }} data: diff --git a/charts/argo/argo-cd/templates/argocd-configs/argocd-notifications-secret.yaml b/charts/argo/argo-cd/templates/argocd-configs/argocd-notifications-secret.yaml index 9c261c6ad..f64a91f55 100644 --- a/charts/argo/argo-cd/templates/argocd-configs/argocd-notifications-secret.yaml +++ b/charts/argo/argo-cd/templates/argocd-configs/argocd-notifications-secret.yaml @@ -3,7 +3,7 @@ apiVersion: v1 kind: Secret metadata: name: {{ .Values.notifications.secret.name }} - namespace: {{ .Release.Namespace | quote }} + namespace: {{ include "argo-cd.namespace" . }} labels: {{- include "argo-cd.labels" (dict "context" . "component" .Values.notifications.name "name" .Values.notifications.name) | nindent 4 }} {{- with .Values.notifications.secret.labels }} diff --git a/charts/argo/argo-cd/templates/argocd-configs/argocd-rbac-cm.yaml b/charts/argo/argo-cd/templates/argocd-configs/argocd-rbac-cm.yaml index f9b62f760..ae48404e5 100644 --- a/charts/argo/argo-cd/templates/argocd-configs/argocd-rbac-cm.yaml +++ b/charts/argo/argo-cd/templates/argocd-configs/argocd-rbac-cm.yaml @@ -3,7 +3,7 @@ apiVersion: v1 kind: ConfigMap metadata: name: argocd-rbac-cm - namespace: {{ .Release.Namespace | quote }} + namespace: {{ include "argo-cd.namespace" . }} labels: {{- include "argo-cd.labels" (dict "context" . "component" .Values.server.name "name" "rbac-cm") | nindent 4 }} {{- with .Values.configs.rbac.annotations }} diff --git a/charts/argo/argo-cd/templates/argocd-configs/argocd-repo-server-tls-secret.yaml b/charts/argo/argo-cd/templates/argocd-configs/argocd-repo-server-tls-secret.yaml index 4e1b3dc90..8635d64ee 100644 --- a/charts/argo/argo-cd/templates/argocd-configs/argocd-repo-server-tls-secret.yaml +++ b/charts/argo/argo-cd/templates/argocd-configs/argocd-repo-server-tls-secret.yaml @@ -3,7 +3,7 @@ apiVersion: v1 kind: Secret metadata: name: argocd-repo-server-tls - namespace: {{ .Release.Namespace | quote }} + namespace: {{ include "argo-cd.namespace" . }} labels: {{- include "argo-cd.labels" (dict "context" . "component" .Values.repoServer.name "name" "repo-server-tls") | nindent 4 }} {{- with .Values.repoServer.certificateSecret.labels }} diff --git a/charts/argo/argo-cd/templates/argocd-configs/argocd-secret.yaml b/charts/argo/argo-cd/templates/argocd-configs/argocd-secret.yaml index 9e25e376e..9462be263 100644 --- a/charts/argo/argo-cd/templates/argocd-configs/argocd-secret.yaml +++ b/charts/argo/argo-cd/templates/argocd-configs/argocd-secret.yaml @@ -3,7 +3,7 @@ apiVersion: v1 kind: Secret metadata: name: argocd-secret - namespace: {{ .Release.Namespace | quote }} + namespace: {{ include "argo-cd.namespace" . }} labels: {{- include "argo-cd.labels" (dict "context" . "component" .Values.server.name "name" "secret") | nindent 4 }} {{- with .Values.configs.secret.labels }} diff --git a/charts/argo/argo-cd/templates/argocd-configs/argocd-server-tls-secret.yaml b/charts/argo/argo-cd/templates/argocd-configs/argocd-server-tls-secret.yaml index c612a62c7..97116472a 100644 --- a/charts/argo/argo-cd/templates/argocd-configs/argocd-server-tls-secret.yaml +++ b/charts/argo/argo-cd/templates/argocd-configs/argocd-server-tls-secret.yaml @@ -3,7 +3,7 @@ apiVersion: v1 kind: Secret metadata: name: argocd-server-tls - namespace: {{ .Release.Namespace | quote }} + namespace: {{ include "argo-cd.namespace" . }} labels: {{- include "argo-cd.labels" (dict "context" . "component" .Values.server.name "name" "server-tls") | nindent 4 }} {{- with .Values.server.certificateSecret.labels }} diff --git a/charts/argo/argo-cd/templates/argocd-configs/argocd-ssh-known-hosts-cm.yaml b/charts/argo/argo-cd/templates/argocd-configs/argocd-ssh-known-hosts-cm.yaml index 845d219db..b0695ed3d 100644 --- a/charts/argo/argo-cd/templates/argocd-configs/argocd-ssh-known-hosts-cm.yaml +++ b/charts/argo/argo-cd/templates/argocd-configs/argocd-ssh-known-hosts-cm.yaml @@ -2,7 +2,7 @@ apiVersion: v1 kind: ConfigMap metadata: name: argocd-ssh-known-hosts-cm - namespace: {{ .Release.Namespace | quote }} + namespace: {{ include "argo-cd.namespace" . }} labels: {{- include "argo-cd.labels" (dict "context" . "name" "ssh-known-hosts-cm") | nindent 4 }} {{- with .Values.configs.ssh.annotations }} diff --git a/charts/argo/argo-cd/templates/argocd-configs/argocd-styles-cm.yaml b/charts/argo/argo-cd/templates/argocd-configs/argocd-styles-cm.yaml index b98e40df2..77421542a 100644 --- a/charts/argo/argo-cd/templates/argocd-configs/argocd-styles-cm.yaml +++ b/charts/argo/argo-cd/templates/argocd-configs/argocd-styles-cm.yaml @@ -3,7 +3,7 @@ apiVersion: v1 kind: ConfigMap metadata: name: argocd-styles-cm - namespace: {{ .Release.Namespace | quote }} + namespace: {{ include "argo-cd.namespace" . }} labels: {{- include "argo-cd.labels" (dict "context" . "component" .Values.repoServer.name "name" .Values.repoServer.name) | nindent 4 }} data: diff --git a/charts/argo/argo-cd/templates/argocd-configs/argocd-tls-certs-cm.yaml b/charts/argo/argo-cd/templates/argocd-configs/argocd-tls-certs-cm.yaml index fa6e74330..db582e6d2 100644 --- a/charts/argo/argo-cd/templates/argocd-configs/argocd-tls-certs-cm.yaml +++ b/charts/argo/argo-cd/templates/argocd-configs/argocd-tls-certs-cm.yaml @@ -2,7 +2,7 @@ apiVersion: v1 kind: ConfigMap metadata: name: argocd-tls-certs-cm - namespace: {{ .Release.Namespace | quote }} + namespace: {{ include "argo-cd.namespace" . }} labels: {{- include "argo-cd.labels" (dict "context" . "name" "tls-certs-cm") | nindent 4 }} {{- with .Values.configs.tls.annotations }} diff --git a/charts/argo/argo-cd/templates/argocd-configs/externalredis-secret.yaml b/charts/argo/argo-cd/templates/argocd-configs/externalredis-secret.yaml index 9bfcd9836..c4166d1b0 100644 --- a/charts/argo/argo-cd/templates/argocd-configs/externalredis-secret.yaml +++ b/charts/argo/argo-cd/templates/argocd-configs/externalredis-secret.yaml @@ -3,7 +3,7 @@ apiVersion: v1 kind: Secret metadata: name: {{ include "argo-cd.redis.fullname" . }} - namespace: {{ .Release.Namespace | quote }} + namespace: {{ include "argo-cd.namespace" . }} labels: {{- include "argo-cd.labels" (dict "context" $) | nindent 4 }} {{- with .Values.externalRedis.secretAnnotations }} diff --git a/charts/argo/argo-cd/templates/argocd-notifications/clusterrolebinding.yaml b/charts/argo/argo-cd/templates/argocd-notifications/clusterrolebinding.yaml index cfdba38a9..9a6fa7c56 100644 --- a/charts/argo/argo-cd/templates/argocd-notifications/clusterrolebinding.yaml +++ b/charts/argo/argo-cd/templates/argocd-notifications/clusterrolebinding.yaml @@ -12,5 +12,5 @@ roleRef: subjects: - kind: ServiceAccount name: {{ include "argo-cd.notifications.serviceAccountName" . }} - namespace: {{ .Release.Namespace }} + namespace: {{ include "argo-cd.namespace" . }} {{- end }} diff --git a/charts/argo/argo-cd/templates/argocd-notifications/deployment.yaml b/charts/argo/argo-cd/templates/argocd-notifications/deployment.yaml index eaf35623a..4bdb24f68 100644 --- a/charts/argo/argo-cd/templates/argocd-notifications/deployment.yaml +++ b/charts/argo/argo-cd/templates/argocd-notifications/deployment.yaml @@ -9,7 +9,7 @@ metadata: {{- end }} {{- end }} name: {{ include "argo-cd.notifications.fullname" . }} - namespace: {{ .Release.Namespace | quote }} + namespace: {{ include "argo-cd.namespace" . }} labels: {{- include "argo-cd.labels" (dict "context" . "component" .Values.notifications.name "name" .Values.notifications.name) | nindent 4 }} spec: @@ -65,7 +65,7 @@ spec: - --metrics-port={{ .Values.notifications.containerPorts.metrics }} - --loglevel={{ default .Values.global.logging.level .Values.notifications.logLevel }} - --logformat={{ default .Values.global.logging.format .Values.notifications.logFormat }} - - --namespace={{ .Release.Namespace }} + - --namespace={{ include "argo-cd.namespace" . }} - --argocd-repo-server={{ template "argo-cd.repoServer.fullname" . }}:{{ .Values.repoServer.service.port }} - --secret-name={{ .Values.notifications.secret.name }} {{- range .Values.notifications.extraArgs }} diff --git a/charts/argo/argo-cd/templates/argocd-notifications/metrics.yaml b/charts/argo/argo-cd/templates/argocd-notifications/metrics.yaml index b5ce611da..b7dcfe6a1 100644 --- a/charts/argo/argo-cd/templates/argocd-notifications/metrics.yaml +++ b/charts/argo/argo-cd/templates/argocd-notifications/metrics.yaml @@ -3,7 +3,7 @@ apiVersion: v1 kind: Service metadata: name: {{ include "argo-cd.notifications.fullname" . }}-metrics - namespace: {{ .Release.Namespace | quote }} + namespace: {{ include "argo-cd.namespace" . }} labels: {{- include "argo-cd.labels" (dict "context" . "component" .Values.notifications.name "name" "metrics") | nindent 4 }} {{- with .Values.notifications.metrics.service.labels }} diff --git a/charts/argo/argo-cd/templates/argocd-notifications/networkpolicy.yaml b/charts/argo/argo-cd/templates/argocd-notifications/networkpolicy.yaml index 011a7c337..b03c26ca4 100644 --- a/charts/argo/argo-cd/templates/argocd-notifications/networkpolicy.yaml +++ b/charts/argo/argo-cd/templates/argocd-notifications/networkpolicy.yaml @@ -3,7 +3,7 @@ apiVersion: networking.k8s.io/v1 kind: NetworkPolicy metadata: name: {{ template "argo-cd.notifications.fullname" . }} - namespace: {{ .Release.Namespace | quote }} + namespace: {{ include "argo-cd.namespace" . }} labels: {{- include "argo-cd.labels" (dict "context" . "component" .Values.notifications.name "name" .Values.notifications.name) | nindent 4 }} spec: diff --git a/charts/argo/argo-cd/templates/argocd-notifications/pdb.yaml b/charts/argo/argo-cd/templates/argocd-notifications/pdb.yaml index 716195479..4bdf211a1 100644 --- a/charts/argo/argo-cd/templates/argocd-notifications/pdb.yaml +++ b/charts/argo/argo-cd/templates/argocd-notifications/pdb.yaml @@ -3,7 +3,7 @@ apiVersion: policy/v1 kind: PodDisruptionBudget metadata: name: {{ include "argo-cd.notifications.fullname" . }} - namespace: {{ .Release.Namespace | quote }} + namespace: {{ include "argo-cd.namespace" . }} labels: {{- include "argo-cd.labels" (dict "context" . "component" .Values.notifications.name "name" .Values.notifications.name) | nindent 4 }} {{- with .Values.notifications.pdb.labels }} diff --git a/charts/argo/argo-cd/templates/argocd-notifications/role.yaml b/charts/argo/argo-cd/templates/argocd-notifications/role.yaml index 22eaa473e..800a937ad 100644 --- a/charts/argo/argo-cd/templates/argocd-notifications/role.yaml +++ b/charts/argo/argo-cd/templates/argocd-notifications/role.yaml @@ -3,7 +3,7 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: name: {{ template "argo-cd.notifications.fullname" . }} - namespace: {{ .Release.Namespace | quote }} + namespace: {{ include "argo-cd.namespace" . }} labels: {{- include "argo-cd.labels" (dict "context" . "component" .Values.notifications.name "name" .Values.notifications.name) | nindent 4 }} rules: diff --git a/charts/argo/argo-cd/templates/argocd-notifications/rolebinding.yaml b/charts/argo/argo-cd/templates/argocd-notifications/rolebinding.yaml index 323241905..e22596215 100644 --- a/charts/argo/argo-cd/templates/argocd-notifications/rolebinding.yaml +++ b/charts/argo/argo-cd/templates/argocd-notifications/rolebinding.yaml @@ -3,7 +3,7 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: name: {{ include "argo-cd.notifications.fullname" . }} - namespace: {{ .Release.Namespace | quote }} + namespace: {{ include "argo-cd.namespace" . }} labels: {{- include "argo-cd.labels" (dict "context" . "component" .Values.notifications.name "name" .Values.notifications.name) | nindent 4 }} roleRef: @@ -13,5 +13,5 @@ roleRef: subjects: - kind: ServiceAccount name: {{ include "argo-cd.notifications.serviceAccountName" . }} - namespace: {{ .Release.Namespace }} + namespace: {{ include "argo-cd.namespace" . }} {{- end }} diff --git a/charts/argo/argo-cd/templates/argocd-notifications/serviceaccount.yaml b/charts/argo/argo-cd/templates/argocd-notifications/serviceaccount.yaml index 8f58ff8d1..3da8f27c4 100644 --- a/charts/argo/argo-cd/templates/argocd-notifications/serviceaccount.yaml +++ b/charts/argo/argo-cd/templates/argocd-notifications/serviceaccount.yaml @@ -4,7 +4,7 @@ kind: ServiceAccount automountServiceAccountToken: {{ .Values.notifications.serviceAccount.automountServiceAccountToken }} metadata: name: {{ include "argo-cd.notifications.serviceAccountName" . }} - namespace: {{ .Release.Namespace | quote }} + namespace: {{ include "argo-cd.namespace" . }} {{- with .Values.notifications.serviceAccount.annotations }} annotations: {{- range $key, $value := . }} diff --git a/charts/argo/argo-cd/templates/argocd-notifications/servicemonitor.yaml b/charts/argo/argo-cd/templates/argocd-notifications/servicemonitor.yaml index 18849886b..03599a6d9 100644 --- a/charts/argo/argo-cd/templates/argocd-notifications/servicemonitor.yaml +++ b/charts/argo/argo-cd/templates/argocd-notifications/servicemonitor.yaml @@ -43,7 +43,7 @@ spec: {{- end }} namespaceSelector: matchNames: - - {{ .Release.Namespace }} + - {{ include "argo-cd.namespace" . }} selector: matchLabels: {{- include "argo-cd.selectorLabels" (dict "context" . "component" .Values.notifications.name "name" "metrics") | nindent 6 }} diff --git a/charts/argo/argo-cd/templates/argocd-repo-server/clusterrolebinding.yaml b/charts/argo/argo-cd/templates/argocd-repo-server/clusterrolebinding.yaml index 8531520cb..d8bd88aad 100644 --- a/charts/argo/argo-cd/templates/argocd-repo-server/clusterrolebinding.yaml +++ b/charts/argo/argo-cd/templates/argocd-repo-server/clusterrolebinding.yaml @@ -12,5 +12,5 @@ roleRef: subjects: - kind: ServiceAccount name: {{ include "argo-cd.repoServer.serviceAccountName" . }} - namespace: {{ .Release.Namespace }} + namespace: {{ include "argo-cd.namespace" . }} {{- end }} diff --git a/charts/argo/argo-cd/templates/argocd-repo-server/deployment.yaml b/charts/argo/argo-cd/templates/argocd-repo-server/deployment.yaml index dca274268..745150e7a 100644 --- a/charts/argo/argo-cd/templates/argocd-repo-server/deployment.yaml +++ b/charts/argo/argo-cd/templates/argocd-repo-server/deployment.yaml @@ -8,7 +8,7 @@ metadata: {{- end }} {{- end }} name: {{ template "argo-cd.repoServer.fullname" . }} - namespace: {{ .Release.Namespace | quote }} + namespace: {{ include "argo-cd.namespace" . }} labels: {{- include "argo-cd.labels" (dict "context" . "component" .Values.repoServer.name "name" .Values.repoServer.name) | nindent 4 }} spec: diff --git a/charts/argo/argo-cd/templates/argocd-repo-server/hpa.yaml b/charts/argo/argo-cd/templates/argocd-repo-server/hpa.yaml index ce6ed371d..7615a4128 100644 --- a/charts/argo/argo-cd/templates/argocd-repo-server/hpa.yaml +++ b/charts/argo/argo-cd/templates/argocd-repo-server/hpa.yaml @@ -3,7 +3,7 @@ apiVersion: autoscaling/v2 kind: HorizontalPodAutoscaler metadata: name: {{ include "argo-cd.repoServer.fullname" . }} - namespace: {{ .Release.Namespace | quote }} + namespace: {{ include "argo-cd.namespace" . }} labels: {{- include "argo-cd.labels" (dict "context" . "component" .Values.repoServer.name "name" .Values.repoServer.name) | nindent 4 }} spec: diff --git a/charts/argo/argo-cd/templates/argocd-repo-server/metrics.yaml b/charts/argo/argo-cd/templates/argocd-repo-server/metrics.yaml index 514595a24..6b82796c1 100644 --- a/charts/argo/argo-cd/templates/argocd-repo-server/metrics.yaml +++ b/charts/argo/argo-cd/templates/argocd-repo-server/metrics.yaml @@ -3,7 +3,7 @@ apiVersion: v1 kind: Service metadata: name: {{ include "argo-cd.repoServer.fullname" . }}-metrics - namespace: {{ .Release.Namespace | quote }} + namespace: {{ include "argo-cd.namespace" . }} labels: {{- include "argo-cd.labels" (dict "context" . "component" .Values.repoServer.name "name" (printf "%s-metrics" .Values.repoServer.name)) | nindent 4 }} {{- with .Values.repoServer.metrics.service.labels }} diff --git a/charts/argo/argo-cd/templates/argocd-repo-server/networkpolicy.yaml b/charts/argo/argo-cd/templates/argocd-repo-server/networkpolicy.yaml index 8d2b66b53..c11ab1296 100644 --- a/charts/argo/argo-cd/templates/argocd-repo-server/networkpolicy.yaml +++ b/charts/argo/argo-cd/templates/argocd-repo-server/networkpolicy.yaml @@ -5,7 +5,7 @@ metadata: labels: {{- include "argo-cd.labels" (dict "context" . "component" .Values.repoServer.name "name" .Values.repoServer.name) | nindent 4 }} name: {{ template "argo-cd.repoServer.fullname" . }} - namespace: {{ .Release.Namespace | quote }} + namespace: {{ include "argo-cd.namespace" . }} spec: ingress: - from: diff --git a/charts/argo/argo-cd/templates/argocd-repo-server/pdb.yaml b/charts/argo/argo-cd/templates/argocd-repo-server/pdb.yaml index 658a1fe36..f79af3d7f 100644 --- a/charts/argo/argo-cd/templates/argocd-repo-server/pdb.yaml +++ b/charts/argo/argo-cd/templates/argocd-repo-server/pdb.yaml @@ -3,7 +3,7 @@ apiVersion: policy/v1 kind: PodDisruptionBudget metadata: name: {{ include "argo-cd.repoServer.fullname" . }} - namespace: {{ .Release.Namespace | quote }} + namespace: {{ include "argo-cd.namespace" . }} labels: {{- include "argo-cd.labels" (dict "context" . "component" .Values.repoServer.name "name" .Values.repoServer.name) | nindent 4 }} {{- with .Values.repoServer.pdb.labels }} diff --git a/charts/argo/argo-cd/templates/argocd-repo-server/role.yaml b/charts/argo/argo-cd/templates/argocd-repo-server/role.yaml index 5f9324d51..596874d49 100644 --- a/charts/argo/argo-cd/templates/argocd-repo-server/role.yaml +++ b/charts/argo/argo-cd/templates/argocd-repo-server/role.yaml @@ -3,7 +3,7 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: name: {{ template "argo-cd.repoServer.fullname" . }} - namespace: {{ .Release.Namespace | quote }} + namespace: {{ include "argo-cd.namespace" . }} labels: {{- include "argo-cd.labels" (dict "context" . "component" .Values.repoServer.name "name" .Values.repoServer.name) | nindent 4 }} rules: diff --git a/charts/argo/argo-cd/templates/argocd-repo-server/rolebinding.yaml b/charts/argo/argo-cd/templates/argocd-repo-server/rolebinding.yaml index ea4baded7..2bc88b662 100644 --- a/charts/argo/argo-cd/templates/argocd-repo-server/rolebinding.yaml +++ b/charts/argo/argo-cd/templates/argocd-repo-server/rolebinding.yaml @@ -3,7 +3,7 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: name: {{ include "argo-cd.repoServer.fullname" . }} - namespace: {{ .Release.Namespace | quote }} + namespace: {{ include "argo-cd.namespace" . }} labels: {{- include "argo-cd.labels" (dict "context" . "component" .Values.repoServer.name "name" .Values.repoServer.name) | nindent 4 }} roleRef: @@ -13,5 +13,5 @@ roleRef: subjects: - kind: ServiceAccount name: {{ include "argo-cd.repoServer.serviceAccountName" . }} - namespace: {{ .Release.Namespace }} + namespace: {{ include "argo-cd.namespace" . }} {{- end }} diff --git a/charts/argo/argo-cd/templates/argocd-repo-server/service.yaml b/charts/argo/argo-cd/templates/argocd-repo-server/service.yaml index c2c434639..4412a8c9a 100644 --- a/charts/argo/argo-cd/templates/argocd-repo-server/service.yaml +++ b/charts/argo/argo-cd/templates/argocd-repo-server/service.yaml @@ -13,7 +13,7 @@ metadata: {{- toYaml . | nindent 4 }} {{- end }} name: {{ template "argo-cd.repoServer.fullname" . }} - namespace: {{ .Release.Namespace | quote }} + namespace: {{ include "argo-cd.namespace" . }} spec: ports: - name: {{ .Values.repoServer.service.portName }} @@ -21,4 +21,4 @@ spec: port: {{ .Values.repoServer.service.port }} targetPort: repo-server selector: - {{- include "argo-cd.selectorLabels" (dict "context" . "name" .Values.repoServer.name) | nindent 4 }} \ No newline at end of file + {{- include "argo-cd.selectorLabels" (dict "context" . "name" .Values.repoServer.name) | nindent 4 }} diff --git a/charts/argo/argo-cd/templates/argocd-repo-server/serviceaccount.yaml b/charts/argo/argo-cd/templates/argocd-repo-server/serviceaccount.yaml index 2facd9af1..9b5777f19 100644 --- a/charts/argo/argo-cd/templates/argocd-repo-server/serviceaccount.yaml +++ b/charts/argo/argo-cd/templates/argocd-repo-server/serviceaccount.yaml @@ -4,7 +4,7 @@ kind: ServiceAccount automountServiceAccountToken: {{ .Values.repoServer.serviceAccount.automountServiceAccountToken }} metadata: name: {{ include "argo-cd.repoServer.serviceAccountName" . }} - namespace: {{ .Release.Namespace | quote }} + namespace: {{ include "argo-cd.namespace" . }} {{- with .Values.repoServer.serviceAccount.annotations }} annotations: {{- range $key, $value := . }} diff --git a/charts/argo/argo-cd/templates/argocd-repo-server/servicemonitor.yaml b/charts/argo/argo-cd/templates/argocd-repo-server/servicemonitor.yaml index 9ca16e74b..38041de34 100644 --- a/charts/argo/argo-cd/templates/argocd-repo-server/servicemonitor.yaml +++ b/charts/argo/argo-cd/templates/argocd-repo-server/servicemonitor.yaml @@ -43,7 +43,7 @@ spec: {{- end }} namespaceSelector: matchNames: - - {{ .Release.Namespace }} + - {{ include "argo-cd.namespace" . }} selector: matchLabels: {{- include "argo-cd.selectorLabels" (dict "context" . "component" .Values.repoServer.name "name" (printf "%s-metrics" .Values.repoServer.name)) | nindent 6 }} diff --git a/charts/argo/argo-cd/templates/argocd-server/aws/ingress.yaml b/charts/argo/argo-cd/templates/argocd-server/aws/ingress.yaml index ffe0b79b7..46d24d3c3 100644 --- a/charts/argo/argo-cd/templates/argocd-server/aws/ingress.yaml +++ b/charts/argo/argo-cd/templates/argocd-server/aws/ingress.yaml @@ -5,7 +5,7 @@ apiVersion: networking.k8s.io/v1 kind: Ingress metadata: name: {{ include "argo-cd.server.fullname" . }} - namespace: {{ .Release.Namespace | quote }} + namespace: {{ include "argo-cd.namespace" . }} labels: {{- include "argo-cd.labels" (dict "context" . "component" .Values.server.name "name" .Values.server.name) | nindent 4 }} {{- with .Values.server.ingress.labels }} diff --git a/charts/argo/argo-cd/templates/argocd-server/aws/service.yaml b/charts/argo/argo-cd/templates/argocd-server/aws/service.yaml index 376699e38..a98ddfa21 100644 --- a/charts/argo/argo-cd/templates/argocd-server/aws/service.yaml +++ b/charts/argo/argo-cd/templates/argocd-server/aws/service.yaml @@ -7,7 +7,7 @@ metadata: labels: {{- include "argo-cd.labels" (dict "context" . "component" (print .Values.server.name "-gprc") "name" (print .Values.server.name "-grpc")) | nindent 4 }} name: {{ template "argo-cd.server.fullname" . }}-grpc - namespace: {{ .Release.Namespace | quote }} + namespace: {{ include "argo-cd.namespace" . }} spec: ports: - name: {{ .Values.server.service.servicePortHttpName }} diff --git a/charts/argo/argo-cd/templates/argocd-server/certificate.yaml b/charts/argo/argo-cd/templates/argocd-server/certificate.yaml index 84a0e62cf..629d0e95c 100644 --- a/charts/argo/argo-cd/templates/argocd-server/certificate.yaml +++ b/charts/argo/argo-cd/templates/argocd-server/certificate.yaml @@ -9,7 +9,7 @@ metadata: {{- end }} {{- end }} name: {{ include "argo-cd.server.fullname" . }} - namespace: {{ .Release.Namespace | quote }} + namespace: {{ include "argo-cd.namespace" . }} labels: {{- include "argo-cd.labels" (dict "context" . "component" .Values.server.name "name" .Values.server.name) | nindent 4 }} spec: diff --git a/charts/argo/argo-cd/templates/argocd-server/clusterrolebinding.yaml b/charts/argo/argo-cd/templates/argocd-server/clusterrolebinding.yaml index 1e5a98fa7..ce4a4d70f 100644 --- a/charts/argo/argo-cd/templates/argocd-server/clusterrolebinding.yaml +++ b/charts/argo/argo-cd/templates/argocd-server/clusterrolebinding.yaml @@ -12,5 +12,5 @@ roleRef: subjects: - kind: ServiceAccount name: {{ include "argo-cd.server.serviceAccountName" . }} - namespace: {{ .Release.Namespace }} + namespace: {{ include "argo-cd.namespace" . }} {{- end }} diff --git a/charts/argo/argo-cd/templates/argocd-server/deployment.yaml b/charts/argo/argo-cd/templates/argocd-server/deployment.yaml index dee9cf43f..8c02805a9 100644 --- a/charts/argo/argo-cd/templates/argocd-server/deployment.yaml +++ b/charts/argo/argo-cd/templates/argocd-server/deployment.yaml @@ -8,7 +8,7 @@ metadata: {{- end }} {{- end }} name: {{ template "argo-cd.server.fullname" . }} - namespace: {{ .Release.Namespace | quote }} + namespace: {{ include "argo-cd.namespace" . }} labels: {{- include "argo-cd.labels" (dict "context" . "component" .Values.server.name "name" .Values.server.name) | nindent 4 }} spec: diff --git a/charts/argo/argo-cd/templates/argocd-server/gke/backendconfig.yaml b/charts/argo/argo-cd/templates/argocd-server/gke/backendconfig.yaml index cd040c906..515e6d74f 100644 --- a/charts/argo/argo-cd/templates/argocd-server/gke/backendconfig.yaml +++ b/charts/argo/argo-cd/templates/argocd-server/gke/backendconfig.yaml @@ -3,7 +3,7 @@ apiVersion: cloud.google.com/v1 kind: BackendConfig metadata: name: {{ include "argo-cd.server.fullname" . }} - namespace: {{ .Release.Namespace | quote }} + namespace: {{ include "argo-cd.namespace" . }} labels: {{- include "argo-cd.labels" (dict "context" . "component" .Values.server.name "name" .Values.server.name) | nindent 4 }} {{- with .Values.server.ingress.gke.backendConfig }} diff --git a/charts/argo/argo-cd/templates/argocd-server/gke/frontendconfig.yaml b/charts/argo/argo-cd/templates/argocd-server/gke/frontendconfig.yaml index d8b3b1ea1..ae460a38a 100644 --- a/charts/argo/argo-cd/templates/argocd-server/gke/frontendconfig.yaml +++ b/charts/argo/argo-cd/templates/argocd-server/gke/frontendconfig.yaml @@ -3,7 +3,7 @@ apiVersion: networking.gke.io/v1beta1 kind: FrontendConfig metadata: name: {{ include "argo-cd.server.fullname" . }} - namespace: {{ .Release.Namespace | quote }} + namespace: {{ include "argo-cd.namespace" . }} labels: {{- include "argo-cd.labels" (dict "context" . "component" .Values.server.name "name" .Values.server.name) | nindent 4 }} {{- with .Values.server.ingress.gke.frontendConfig }} diff --git a/charts/argo/argo-cd/templates/argocd-server/gke/ingress.yaml b/charts/argo/argo-cd/templates/argocd-server/gke/ingress.yaml index 160308bd9..b030435b0 100644 --- a/charts/argo/argo-cd/templates/argocd-server/gke/ingress.yaml +++ b/charts/argo/argo-cd/templates/argocd-server/gke/ingress.yaml @@ -5,7 +5,7 @@ apiVersion: networking.k8s.io/v1 kind: Ingress metadata: name: {{ include "argo-cd.server.fullname" . }} - namespace: {{ .Release.Namespace | quote }} + namespace: {{ include "argo-cd.namespace" . }} labels: {{- include "argo-cd.labels" (dict "context" . "component" .Values.server.name "name" .Values.server.name) | nindent 4 }} {{- with .Values.server.ingress.labels }} diff --git a/charts/argo/argo-cd/templates/argocd-server/gke/managedcertificate.yaml b/charts/argo/argo-cd/templates/argocd-server/gke/managedcertificate.yaml index 63c089b85..2dd6f5e9e 100644 --- a/charts/argo/argo-cd/templates/argocd-server/gke/managedcertificate.yaml +++ b/charts/argo/argo-cd/templates/argocd-server/gke/managedcertificate.yaml @@ -3,7 +3,7 @@ apiVersion: networking.gke.io/v1 kind: ManagedCertificate metadata: name: {{ include "argo-cd.server.fullname" . }} - namespace: {{ .Release.Namespace | quote }} + namespace: {{ include "argo-cd.namespace" . }} labels: {{- include "argo-cd.labels" (dict "context" . "component" .Values.server.name "name" .Values.server.name) | nindent 4 }} spec: diff --git a/charts/argo/argo-cd/templates/argocd-server/hpa.yaml b/charts/argo/argo-cd/templates/argocd-server/hpa.yaml index a509e5694..51fe559d9 100644 --- a/charts/argo/argo-cd/templates/argocd-server/hpa.yaml +++ b/charts/argo/argo-cd/templates/argocd-server/hpa.yaml @@ -3,7 +3,7 @@ apiVersion: autoscaling/v2 kind: HorizontalPodAutoscaler metadata: name: {{ include "argo-cd.server.fullname" . }} - namespace: {{ .Release.Namespace | quote }} + namespace: {{ include "argo-cd.namespace" . }} labels: {{- include "argo-cd.labels" (dict "context" . "component" .Values.server.name "name" .Values.server.name) | nindent 4 }} spec: diff --git a/charts/argo/argo-cd/templates/argocd-server/ingress-grpc.yaml b/charts/argo/argo-cd/templates/argocd-server/ingress-grpc.yaml index 2d15b9d72..3ad5a5197 100644 --- a/charts/argo/argo-cd/templates/argocd-server/ingress-grpc.yaml +++ b/charts/argo/argo-cd/templates/argocd-server/ingress-grpc.yaml @@ -4,7 +4,7 @@ apiVersion: networking.k8s.io/v1 kind: Ingress metadata: name: {{ include "argo-cd.server.fullname" . }}-grpc - namespace: {{ .Release.Namespace | quote }} + namespace: {{ include "argo-cd.namespace" . }} labels: {{- include "argo-cd.labels" (dict "context" . "component" .Values.server.name "name" .Values.server.name) | nindent 4 }} {{- with .Values.server.ingressGrpc.labels }} diff --git a/charts/argo/argo-cd/templates/argocd-server/ingress.yaml b/charts/argo/argo-cd/templates/argocd-server/ingress.yaml index cfd0696da..846683732 100644 --- a/charts/argo/argo-cd/templates/argocd-server/ingress.yaml +++ b/charts/argo/argo-cd/templates/argocd-server/ingress.yaml @@ -5,7 +5,7 @@ apiVersion: networking.k8s.io/v1 kind: Ingress metadata: name: {{ include "argo-cd.server.fullname" . }} - namespace: {{ .Release.Namespace | quote }} + namespace: {{ include "argo-cd.namespace" . }} labels: {{- include "argo-cd.labels" (dict "context" . "component" .Values.server.name "name" .Values.server.name) | nindent 4 }} {{- with .Values.server.ingress.labels }} diff --git a/charts/argo/argo-cd/templates/argocd-server/metrics.yaml b/charts/argo/argo-cd/templates/argocd-server/metrics.yaml index 3844820e6..f0797552c 100644 --- a/charts/argo/argo-cd/templates/argocd-server/metrics.yaml +++ b/charts/argo/argo-cd/templates/argocd-server/metrics.yaml @@ -3,7 +3,7 @@ apiVersion: v1 kind: Service metadata: name: {{ include "argo-cd.server.fullname" . }}-metrics - namespace: {{ .Release.Namespace | quote }} + namespace: {{ include "argo-cd.namespace" . }} labels: {{- include "argo-cd.labels" (dict "context" . "component" .Values.server.name "name" (printf "%s-metrics" .Values.server.name)) | nindent 4 }} {{- with .Values.server.metrics.service.labels }} diff --git a/charts/argo/argo-cd/templates/argocd-server/networkpolicy.yaml b/charts/argo/argo-cd/templates/argocd-server/networkpolicy.yaml index 443ff3599..4621e24fe 100644 --- a/charts/argo/argo-cd/templates/argocd-server/networkpolicy.yaml +++ b/charts/argo/argo-cd/templates/argocd-server/networkpolicy.yaml @@ -5,7 +5,7 @@ metadata: labels: {{- include "argo-cd.labels" (dict "context" . "component" .Values.server.name "name" .Values.server.name) | nindent 4 }} name: {{ template "argo-cd.server.fullname" . }} - namespace: {{ .Release.Namespace | quote }} + namespace: {{ include "argo-cd.namespace" . }} spec: ingress: - {} diff --git a/charts/argo/argo-cd/templates/argocd-server/openshift/route.yaml b/charts/argo/argo-cd/templates/argocd-server/openshift/route.yaml index 01cb6aed3..b018f724b 100644 --- a/charts/argo/argo-cd/templates/argocd-server/openshift/route.yaml +++ b/charts/argo/argo-cd/templates/argocd-server/openshift/route.yaml @@ -3,7 +3,7 @@ apiVersion: route.openshift.io/v1 kind: Route metadata: name: {{ template "argo-cd.server.fullname" . }} - namespace: {{ .Release.Namespace | quote }} + namespace: {{ include "argo-cd.namespace" . }} labels: {{- include "argo-cd.labels" (dict "context" . "component" .Values.server.name "name" .Values.server.name) | nindent 4 }} {{- with .Values.server.route.annotations }} diff --git a/charts/argo/argo-cd/templates/argocd-server/pdb.yaml b/charts/argo/argo-cd/templates/argocd-server/pdb.yaml index adc47aeca..6bc933053 100644 --- a/charts/argo/argo-cd/templates/argocd-server/pdb.yaml +++ b/charts/argo/argo-cd/templates/argocd-server/pdb.yaml @@ -3,7 +3,7 @@ apiVersion: policy/v1 kind: PodDisruptionBudget metadata: name: {{ include "argo-cd.server.fullname" . }} - namespace: {{ .Release.Namespace | quote }} + namespace: {{ include "argo-cd.namespace" . }} labels: {{- include "argo-cd.labels" (dict "context" . "component" .Values.server.name "name" .Values.server.name) | nindent 4 }} {{- with .Values.server.pdb.labels }} diff --git a/charts/argo/argo-cd/templates/argocd-server/role.yaml b/charts/argo/argo-cd/templates/argocd-server/role.yaml index 570d07fd7..8d12e30d1 100644 --- a/charts/argo/argo-cd/templates/argocd-server/role.yaml +++ b/charts/argo/argo-cd/templates/argocd-server/role.yaml @@ -2,7 +2,7 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: name: {{ include "argo-cd.server.fullname" . }} - namespace: {{ .Release.Namespace | quote }} + namespace: {{ include "argo-cd.namespace" . }} labels: {{- include "argo-cd.labels" (dict "context" . "component" .Values.server.name "name" .Values.server.name) | nindent 4 }} rules: diff --git a/charts/argo/argo-cd/templates/argocd-server/rolebinding.yaml b/charts/argo/argo-cd/templates/argocd-server/rolebinding.yaml index 61276d603..4d635aa99 100644 --- a/charts/argo/argo-cd/templates/argocd-server/rolebinding.yaml +++ b/charts/argo/argo-cd/templates/argocd-server/rolebinding.yaml @@ -2,7 +2,7 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: name: {{ include "argo-cd.server.fullname" . }} - namespace: {{ .Release.Namespace | quote }} + namespace: {{ include "argo-cd.namespace" . }} labels: {{- include "argo-cd.labels" (dict "context" . "component" .Values.server.name "name" .Values.server.name) | nindent 4 }} roleRef: @@ -12,4 +12,4 @@ roleRef: subjects: - kind: ServiceAccount name: {{ include "argo-cd.server.serviceAccountName" . }} - namespace: {{ .Release.Namespace }} + namespace: {{ include "argo-cd.namespace" . }} diff --git a/charts/argo/argo-cd/templates/argocd-server/service.yaml b/charts/argo/argo-cd/templates/argocd-server/service.yaml index 61ad81d03..2b9872be6 100644 --- a/charts/argo/argo-cd/templates/argocd-server/service.yaml +++ b/charts/argo/argo-cd/templates/argocd-server/service.yaml @@ -2,7 +2,7 @@ apiVersion: v1 kind: Service metadata: name: {{ template "argo-cd.server.fullname" . }} - namespace: {{ .Release.Namespace | quote }} + namespace: {{ include "argo-cd.namespace" . }} labels: {{- include "argo-cd.labels" (dict "context" . "component" .Values.server.name "name" .Values.server.name) | nindent 4 }} {{- with .Values.server.service.labels }} diff --git a/charts/argo/argo-cd/templates/argocd-server/serviceaccount.yaml b/charts/argo/argo-cd/templates/argocd-server/serviceaccount.yaml index a8efe1e5a..9789e1d08 100644 --- a/charts/argo/argo-cd/templates/argocd-server/serviceaccount.yaml +++ b/charts/argo/argo-cd/templates/argocd-server/serviceaccount.yaml @@ -4,7 +4,7 @@ kind: ServiceAccount automountServiceAccountToken: {{ .Values.server.serviceAccount.automountServiceAccountToken }} metadata: name: {{ include "argo-cd.server.serviceAccountName" . }} - namespace: {{ .Release.Namespace | quote }} + namespace: {{ include "argo-cd.namespace" . }} {{- with .Values.server.serviceAccount.annotations }} annotations: {{- range $key, $value := . }} diff --git a/charts/argo/argo-cd/templates/argocd-server/servicemonitor.yaml b/charts/argo/argo-cd/templates/argocd-server/servicemonitor.yaml index e88207689..2f96ca0ac 100644 --- a/charts/argo/argo-cd/templates/argocd-server/servicemonitor.yaml +++ b/charts/argo/argo-cd/templates/argocd-server/servicemonitor.yaml @@ -43,7 +43,7 @@ spec: {{- end }} namespaceSelector: matchNames: - - {{ .Release.Namespace }} + - {{ include "argo-cd.namespace" . }} selector: matchLabels: {{- include "argo-cd.selectorLabels" (dict "context" . "component" .Values.server.name "name" (printf "%s-metrics" .Values.server.name)) | nindent 6 }} diff --git a/charts/argo/argo-cd/templates/dex/deployment.yaml b/charts/argo/argo-cd/templates/dex/deployment.yaml index b6c94f90d..007e0ee11 100644 --- a/charts/argo/argo-cd/templates/dex/deployment.yaml +++ b/charts/argo/argo-cd/templates/dex/deployment.yaml @@ -9,7 +9,7 @@ metadata: {{- end }} {{- end }} name: {{ template "argo-cd.dex.fullname" . }} - namespace: {{ .Release.Namespace | quote }} + namespace: {{ include "argo-cd.namespace" . }} labels: {{- include "argo-cd.labels" (dict "context" . "component" .Values.dex.name "name" .Values.dex.name) | nindent 4 }} spec: diff --git a/charts/argo/argo-cd/templates/dex/networkpolicy.yaml b/charts/argo/argo-cd/templates/dex/networkpolicy.yaml index cb0fcc55e..6d0c97896 100644 --- a/charts/argo/argo-cd/templates/dex/networkpolicy.yaml +++ b/charts/argo/argo-cd/templates/dex/networkpolicy.yaml @@ -5,7 +5,7 @@ metadata: labels: {{- include "argo-cd.labels" (dict "context" . "component" .Values.dex.name "name" .Values.dex.name) | nindent 4 }} name: {{ template "argo-cd.dex.fullname" . }} - namespace: {{ .Release.Namespace | quote }} + namespace: {{ include "argo-cd.namespace" . }} spec: ingress: - from: diff --git a/charts/argo/argo-cd/templates/dex/pdb.yaml b/charts/argo/argo-cd/templates/dex/pdb.yaml index c0adc73f0..12161024c 100644 --- a/charts/argo/argo-cd/templates/dex/pdb.yaml +++ b/charts/argo/argo-cd/templates/dex/pdb.yaml @@ -3,7 +3,7 @@ apiVersion: policy/v1 kind: PodDisruptionBudget metadata: name: {{ include "argo-cd.dex.fullname" . }} - namespace: {{ .Release.Namespace | quote }} + namespace: {{ include "argo-cd.namespace" . }} labels: {{- include "argo-cd.labels" (dict "context" . "component" .Values.dex.name "name" .Values.dex.name) | nindent 4 }} {{- with .Values.dex.pdb.labels }} diff --git a/charts/argo/argo-cd/templates/dex/role.yaml b/charts/argo/argo-cd/templates/dex/role.yaml index 49d40891f..e79b3cf7b 100644 --- a/charts/argo/argo-cd/templates/dex/role.yaml +++ b/charts/argo/argo-cd/templates/dex/role.yaml @@ -3,7 +3,7 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: name: {{ template "argo-cd.dex.fullname" . }} - namespace: {{ .Release.Namespace | quote }} + namespace: {{ include "argo-cd.namespace" . }} labels: {{- include "argo-cd.labels" (dict "context" . "component" .Values.dex.name "name" .Values.dex.name) | nindent 4 }} rules: @@ -16,4 +16,4 @@ rules: - get - list - watch -{{- end }} \ No newline at end of file +{{- end }} diff --git a/charts/argo/argo-cd/templates/dex/rolebinding.yaml b/charts/argo/argo-cd/templates/dex/rolebinding.yaml index 30b92c06e..792a465a7 100644 --- a/charts/argo/argo-cd/templates/dex/rolebinding.yaml +++ b/charts/argo/argo-cd/templates/dex/rolebinding.yaml @@ -3,7 +3,7 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: name: {{ include "argo-cd.dex.fullname" . }} - namespace: {{ .Release.Namespace | quote }} + namespace: {{ include "argo-cd.namespace" . }} labels: {{- include "argo-cd.labels" (dict "context" . "component" .Values.dex.name "name" .Values.dex.name) | nindent 4 }} roleRef: @@ -13,5 +13,5 @@ roleRef: subjects: - kind: ServiceAccount name: {{ include "argo-cd.dex.serviceAccountName" . }} - namespace: {{ .Release.Namespace }} + namespace: {{ include "argo-cd.namespace" . }} {{- end }} diff --git a/charts/argo/argo-cd/templates/dex/service.yaml b/charts/argo/argo-cd/templates/dex/service.yaml index 73c984832..8825a7eaf 100644 --- a/charts/argo/argo-cd/templates/dex/service.yaml +++ b/charts/argo/argo-cd/templates/dex/service.yaml @@ -3,7 +3,7 @@ apiVersion: v1 kind: Service metadata: name: {{ template "argo-cd.dex.fullname" . }} - namespace: {{ .Release.Namespace | quote }} + namespace: {{ include "argo-cd.namespace" . }} {{- if .Values.dex.metrics.service.annotations }} annotations: {{- range $key, $value := .Values.dex.metrics.service.annotations }} diff --git a/charts/argo/argo-cd/templates/dex/serviceaccount.yaml b/charts/argo/argo-cd/templates/dex/serviceaccount.yaml index 66bf30768..aeff24410 100644 --- a/charts/argo/argo-cd/templates/dex/serviceaccount.yaml +++ b/charts/argo/argo-cd/templates/dex/serviceaccount.yaml @@ -4,7 +4,7 @@ kind: ServiceAccount automountServiceAccountToken: {{ .Values.dex.serviceAccount.automountServiceAccountToken }} metadata: name: {{ include "argo-cd.dex.serviceAccountName" . }} - namespace: {{ .Release.Namespace | quote }} + namespace: {{ include "argo-cd.namespace" . }} {{- with .Values.dex.serviceAccount.annotations }} annotations: {{- range $key, $value := . }} diff --git a/charts/argo/argo-cd/templates/dex/servicemonitor.yaml b/charts/argo/argo-cd/templates/dex/servicemonitor.yaml index 00f2a238d..3faa667a0 100644 --- a/charts/argo/argo-cd/templates/dex/servicemonitor.yaml +++ b/charts/argo/argo-cd/templates/dex/servicemonitor.yaml @@ -40,7 +40,7 @@ spec: {{- end }} namespaceSelector: matchNames: - - {{ .Release.Namespace }} + - {{ include "argo-cd.namespace" . }} selector: matchLabels: {{- include "argo-cd.selectorLabels" (dict "context" . "component" .Values.dex.name "name" .Values.dex.name) | nindent 6 }} diff --git a/charts/argo/argo-cd/templates/networkpolicy-default-deny.yaml b/charts/argo/argo-cd/templates/networkpolicy-default-deny.yaml index b499ab035..06d1979a8 100644 --- a/charts/argo/argo-cd/templates/networkpolicy-default-deny.yaml +++ b/charts/argo/argo-cd/templates/networkpolicy-default-deny.yaml @@ -5,7 +5,7 @@ metadata: labels: {{- include "argo-cd.labels" (dict "context" .) | nindent 4 }} name: {{ template "argo-cd.fullname" . }}-default-deny - namespace: {{ .Release.Namespace | quote }} + namespace: {{ include "argo-cd.namespace" . }} spec: podSelector: {} policyTypes: diff --git a/charts/argo/argo-cd/templates/redis/deployment.yaml b/charts/argo/argo-cd/templates/redis/deployment.yaml index 56ceae93f..de9c29b1c 100644 --- a/charts/argo/argo-cd/templates/redis/deployment.yaml +++ b/charts/argo/argo-cd/templates/redis/deployment.yaml @@ -10,7 +10,7 @@ metadata: {{- end }} {{- end }} name: {{ include "argo-cd.redis.fullname" . }} - namespace: {{ .Release.Namespace | quote }} + namespace: {{ include "argo-cd.namespace" . }} labels: {{- include "argo-cd.labels" (dict "context" . "component" .Values.redis.name "name" .Values.redis.name) | nindent 4 }} spec: diff --git a/charts/argo/argo-cd/templates/redis/health-configmap.yaml b/charts/argo/argo-cd/templates/redis/health-configmap.yaml index fd0ecff7d..0d4005d62 100644 --- a/charts/argo/argo-cd/templates/redis/health-configmap.yaml +++ b/charts/argo/argo-cd/templates/redis/health-configmap.yaml @@ -4,7 +4,7 @@ apiVersion: v1 kind: ConfigMap metadata: name: {{ include "argo-cd.redis.fullname" . }}-health-configmap - namespace: {{ .Release.Namespace | quote }} + namespace: {{ include "argo-cd.namespace" . }} labels: {{- include "argo-cd.labels" (dict "context" . "component" .Values.redis.name "name" .Values.redis.name) | nindent 4 }} data: diff --git a/charts/argo/argo-cd/templates/redis/metrics.yaml b/charts/argo/argo-cd/templates/redis/metrics.yaml index 67b4c3ac4..040f5ebfe 100644 --- a/charts/argo/argo-cd/templates/redis/metrics.yaml +++ b/charts/argo/argo-cd/templates/redis/metrics.yaml @@ -4,7 +4,7 @@ apiVersion: v1 kind: Service metadata: name: {{ include "argo-cd.redis.fullname" . }}-metrics - namespace: {{ .Release.Namespace | quote }} + namespace: {{ include "argo-cd.namespace" . }} labels: {{- include "argo-cd.labels" (dict "context" . "component" .Values.redis.name "name" .Values.redis.name) | nindent 4 }} {{- with .Values.redis.metrics.service.labels }} diff --git a/charts/argo/argo-cd/templates/redis/networkpolicy.yaml b/charts/argo/argo-cd/templates/redis/networkpolicy.yaml index cd8150e14..d602a9318 100644 --- a/charts/argo/argo-cd/templates/redis/networkpolicy.yaml +++ b/charts/argo/argo-cd/templates/redis/networkpolicy.yaml @@ -6,7 +6,7 @@ metadata: labels: {{- include "argo-cd.labels" (dict "context" . "component" .Values.redis.name "name" .Values.redis.name) | nindent 4 }} name: {{ template "argo-cd.redis.fullname" . }} - namespace: {{ .Release.Namespace | quote }} + namespace: {{ include "argo-cd.namespace" . }} spec: ingress: - from: diff --git a/charts/argo/argo-cd/templates/redis/pdb.yaml b/charts/argo/argo-cd/templates/redis/pdb.yaml index 59423b475..c614144db 100644 --- a/charts/argo/argo-cd/templates/redis/pdb.yaml +++ b/charts/argo/argo-cd/templates/redis/pdb.yaml @@ -4,7 +4,7 @@ apiVersion: policy/v1 kind: PodDisruptionBudget metadata: name: {{ include "argo-cd.redis.fullname" . }} - namespace: {{ .Release.Namespace | quote }} + namespace: {{ include "argo-cd.namespace" . }} labels: {{- include "argo-cd.labels" (dict "context" . "component" .Values.redis.name "name" .Values.redis.name) | nindent 4 }} {{- with .Values.redis.pdb.labels }} diff --git a/charts/argo/argo-cd/templates/redis/service.yaml b/charts/argo/argo-cd/templates/redis/service.yaml index 31f497d72..a4a94140f 100644 --- a/charts/argo/argo-cd/templates/redis/service.yaml +++ b/charts/argo/argo-cd/templates/redis/service.yaml @@ -4,7 +4,7 @@ apiVersion: v1 kind: Service metadata: name: {{ template "argo-cd.redis.fullname" . }} - namespace: {{ .Release.Namespace | quote }} + namespace: {{ include "argo-cd.namespace" . }} labels: {{- include "argo-cd.labels" (dict "context" . "component" .Values.redis.name "name" .Values.redis.name) | nindent 4 }} {{- with .Values.redis.service.labels }} diff --git a/charts/argo/argo-cd/templates/redis/serviceaccount.yaml b/charts/argo/argo-cd/templates/redis/serviceaccount.yaml index f45ece132..bc942e222 100644 --- a/charts/argo/argo-cd/templates/redis/serviceaccount.yaml +++ b/charts/argo/argo-cd/templates/redis/serviceaccount.yaml @@ -4,7 +4,7 @@ kind: ServiceAccount automountServiceAccountToken: {{ .Values.redis.serviceAccount.automountServiceAccountToken }} metadata: name: {{ include "argo-cd.redis.serviceAccountName" . }} - namespace: {{ .Release.Namespace | quote }} + namespace: {{ include "argo-cd.namespace" . }} {{- with .Values.redis.serviceAccount.annotations }} annotations: {{- range $key, $value := . }} diff --git a/charts/argo/argo-cd/templates/redis/servicemonitor.yaml b/charts/argo/argo-cd/templates/redis/servicemonitor.yaml index 6f036a804..2126bafbf 100644 --- a/charts/argo/argo-cd/templates/redis/servicemonitor.yaml +++ b/charts/argo/argo-cd/templates/redis/servicemonitor.yaml @@ -41,7 +41,7 @@ spec: {{- end }} namespaceSelector: matchNames: - - {{ .Release.Namespace }} + - {{ include "argo-cd.namespace" . }} selector: matchLabels: {{- include "argo-cd.selectorLabels" (dict "context" . "component" .Values.redis.name "name" .Values.redis.name) | nindent 6 }} diff --git a/charts/argo/argo-cd/values.yaml b/charts/argo/argo-cd/values.yaml index 5df19e891..151716562 100644 --- a/charts/argo/argo-cd/values.yaml +++ b/charts/argo/argo-cd/values.yaml @@ -6,6 +6,9 @@ nameOverride: argocd # -- String to fully override `"argo-cd.fullname"` fullnameOverride: "" +# -- Override the namespace +# @default -- `.Release.Namespace` +namespaceOverride: "" # -- Override the Kubernetes version, which is used to evaluate certain manifests kubeVersionOverride: "" # Override APIVersions diff --git a/charts/external-secrets/external-secrets/.helmignore b/charts/external-secrets/external-secrets/.helmignore deleted file mode 100644 index 855edc3fb..000000000 --- a/charts/external-secrets/external-secrets/.helmignore +++ /dev/null @@ -1,26 +0,0 @@ -# Patterns to ignore when building packages. -# This supports shell glob matching, relative path matching, and -# negation (prefixed with !). Only one pattern per line. -.DS_Store -# Common VCS dirs -.git/ -.gitignore -.bzr/ -.bzrignore -.hg/ -.hgignore -.svn/ -# Common backup files -*.swp -*.bak -*.tmp -*.orig -*~ -# Various IDEs -.project -.idea/ -*.tmproj -.vscode/ - -# CRD README.md -templates/crds/README.md diff --git a/charts/external-secrets/external-secrets/Chart.yaml b/charts/external-secrets/external-secrets/Chart.yaml index 80fecba78..ea935a283 100644 --- a/charts/external-secrets/external-secrets/Chart.yaml +++ b/charts/external-secrets/external-secrets/Chart.yaml @@ -4,7 +4,7 @@ annotations: catalog.cattle.io/kube-version: '>= 1.19.0-0' catalog.cattle.io/release-name: external-secrets apiVersion: v2 -appVersion: v0.9.17 +appVersion: v0.9.18 description: External secret management for Kubernetes home: https://github.com/external-secrets/external-secrets icon: https://raw.githubusercontent.com/external-secrets/external-secrets/main/assets/eso-logo-large.png @@ -17,4 +17,4 @@ maintainers: name: mcavoyk name: external-secrets type: application -version: 0.9.17 +version: 0.9.18 diff --git a/charts/external-secrets/external-secrets/README.md b/charts/external-secrets/external-secrets/README.md index 13c67a966..29917cdea 100644 --- a/charts/external-secrets/external-secrets/README.md +++ b/charts/external-secrets/external-secrets/README.md @@ -4,7 +4,7 @@ [//]: # (README.md generated by gotmpl. DO NOT EDIT.) -![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![Version: 0.9.17](https://img.shields.io/badge/Version-0.9.17-informational?style=flat-square) +![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![Version: 0.9.18](https://img.shields.io/badge/Version-0.9.18-informational?style=flat-square) External secret management for Kubernetes @@ -92,6 +92,7 @@ The command removes all the Kubernetes components associated with the chart and | createOperator | bool | `true` | Specifies whether an external secret operator deployment be created. | | deploymentAnnotations | object | `{}` | Annotations to add to Deployment | | dnsConfig | object | `{}` | Specifies `dnsOptions` to deployment | +| dnsPolicy | string | `"ClusterFirst"` | Specifies `dnsPolicy` to deployment | | extendedMetricLabels | bool | `false` | If true external secrets will use recommended kubernetes annotations as prometheus metric labels. | | extraArgs | object | `{}` | | | extraContainers | list | `[]` | | diff --git a/charts/external-secrets/external-secrets/README.md.gotmpl b/charts/external-secrets/external-secrets/README.md.gotmpl deleted file mode 100644 index 75a583c33..000000000 --- a/charts/external-secrets/external-secrets/README.md.gotmpl +++ /dev/null @@ -1,35 +0,0 @@ -{{- $chartRepo := "https://charts.external-secrets.io" -}} -{{- $org := "external-secrets" -}} -# External Secrets - -

external-secrets

- -[//]: # (README.md generated by gotmpl. DO NOT EDIT.) - -{{ template "chart.typeBadge" . }}{{ template "chart.versionBadge" . }} - -{{ template "chart.description" . }} - -## TL;DR -```bash -helm repo add {{ $org }} {{ $chartRepo }} -helm install external-secrets {{ $org }}/{{ template "chart.name" . }} -``` - -## Installing the Chart -To install the chart with the release name `{{ template "chart.name" . }}`: -```bash -helm install {{ template "chart.name" . }} {{ $org }}/{{ template "chart.name" . }} -``` - -### Custom Resources -By default, the chart will install external-secrets CRDs, this can be controlled with `installCRDs` value. - -## Uninstalling the Chart -To uninstall the `{{ template "chart.name" . }}` deployment: -```bash -helm uninstall {{ template "chart.name" . }} -``` -The command removes all the Kubernetes components associated with the chart and deletes the release. - -{{ template "chart.valuesSection" . }} diff --git a/charts/external-secrets/external-secrets/ci/main-values.yaml b/charts/external-secrets/external-secrets/ci/main-values.yaml deleted file mode 100644 index 75eb234e3..000000000 --- a/charts/external-secrets/external-secrets/ci/main-values.yaml +++ /dev/null @@ -1,2 +0,0 @@ -image: - tag: main diff --git a/charts/external-secrets/external-secrets/templates/_helpers.tpl b/charts/external-secrets/external-secrets/templates/_helpers.tpl index 2475b1145..d5eea0759 100644 --- a/charts/external-secrets/external-secrets/templates/_helpers.tpl +++ b/charts/external-secrets/external-secrets/templates/_helpers.tpl @@ -155,8 +155,6 @@ Determine the image to use, including if using a flavour. {{- end }} {{- end }} -<<<<<<< HEAD - {{/* Renders a complete tree, even values that contains template. */}} @@ -167,8 +165,8 @@ Renders a complete tree, even values that contains template. {{- tpl (.value | toYaml) .context }} {{- end }} {{- end -}} -======= -{{/* + +{{/* Return true if the OpenShift is the detected platform Usage: {{- include "external-secrets.isOpenShift" . -}} @@ -198,4 +196,3 @@ Render the securityContext based on the provided securityContext {{- end -}} {{- omit $adaptedContext "enabled" | toYaml -}} {{- end -}} ->>>>>>> 2218c78b (Methods for managing securityContext and OpenShift support) diff --git a/charts/external-secrets/external-secrets/templates/crds/clustersecretstore.yaml b/charts/external-secrets/external-secrets/templates/crds/clustersecretstore.yaml index b0732a9e2..c4c8f1ee3 100644 --- a/charts/external-secrets/external-secrets/templates/crds/clustersecretstore.yaml +++ b/charts/external-secrets/external-secrets/templates/crds/clustersecretstore.yaml @@ -2016,6 +2016,23 @@ spec: authSecretRef: description: Auth configures how the operator authenticates with Azure. Required for ServicePrincipal auth type. Optional for WorkloadIdentity. properties: + clientCertificate: + description: The Azure ClientCertificate of the service principle used for authentication. + properties: + key: + description: |- + The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be + defaulted, in others it may be required. + type: string + name: + description: The name of the Secret resource being referred to. + type: string + namespace: + description: |- + Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults + to the namespace of the referent. + type: string + type: object clientId: description: The Azure clientId of the service principle or managed identity used for authentication. properties: diff --git a/charts/external-secrets/external-secrets/templates/crds/secretstore.yaml b/charts/external-secrets/external-secrets/templates/crds/secretstore.yaml index aa80a1292..d09c80d49 100644 --- a/charts/external-secrets/external-secrets/templates/crds/secretstore.yaml +++ b/charts/external-secrets/external-secrets/templates/crds/secretstore.yaml @@ -2016,6 +2016,23 @@ spec: authSecretRef: description: Auth configures how the operator authenticates with Azure. Required for ServicePrincipal auth type. Optional for WorkloadIdentity. properties: + clientCertificate: + description: The Azure ClientCertificate of the service principle used for authentication. + properties: + key: + description: |- + The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be + defaulted, in others it may be required. + type: string + name: + description: The name of the Secret resource being referred to. + type: string + namespace: + description: |- + Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults + to the namespace of the referent. + type: string + type: object clientId: description: The Azure clientId of the service principle or managed identity used for authentication. properties: diff --git a/charts/external-secrets/external-secrets/templates/deployment.yaml b/charts/external-secrets/external-secrets/templates/deployment.yaml index 5c71d96db..7aed1670e 100644 --- a/charts/external-secrets/external-secrets/templates/deployment.yaml +++ b/charts/external-secrets/external-secrets/templates/deployment.yaml @@ -110,6 +110,7 @@ spec: {{- if .Values.extraContainers }} {{ toYaml .Values.extraContainers | nindent 8}} {{- end }} + dnsPolicy: {{ .Values.dnsPolicy }} {{- if .Values.dnsConfig }} dnsConfig: {{- toYaml .Values.dnsConfig | nindent 8 }} diff --git a/charts/external-secrets/external-secrets/tests/__snapshot__/cert_controller_test.yaml.snap b/charts/external-secrets/external-secrets/tests/__snapshot__/cert_controller_test.yaml.snap deleted file mode 100644 index 07121053f..000000000 --- a/charts/external-secrets/external-secrets/tests/__snapshot__/cert_controller_test.yaml.snap +++ /dev/null @@ -1,65 +0,0 @@ -should match snapshot of default values: - 1: | - apiVersion: apps/v1 - kind: Deployment - metadata: - labels: - app.kubernetes.io/instance: RELEASE-NAME - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: external-secrets-cert-controller - app.kubernetes.io/version: v0.9.17 - helm.sh/chart: external-secrets-0.9.17 - name: RELEASE-NAME-external-secrets-cert-controller - namespace: NAMESPACE - spec: - replicas: 1 - revisionHistoryLimit: 10 - selector: - matchLabels: - app.kubernetes.io/instance: RELEASE-NAME - app.kubernetes.io/name: external-secrets-cert-controller - template: - metadata: - labels: - app.kubernetes.io/instance: RELEASE-NAME - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: external-secrets-cert-controller - app.kubernetes.io/version: v0.9.17 - helm.sh/chart: external-secrets-0.9.17 - spec: - automountServiceAccountToken: true - containers: - - args: - - certcontroller - - --crd-requeue-interval=5m - - --service-name=RELEASE-NAME-external-secrets-webhook - - --service-namespace=NAMESPACE - - --secret-name=RELEASE-NAME-external-secrets-webhook - - --secret-namespace=NAMESPACE - - --metrics-addr=:8080 - - --healthz-addr=:8081 - image: ghcr.io/external-secrets/external-secrets:v0.9.17 - imagePullPolicy: IfNotPresent - name: cert-controller - ports: - - containerPort: 8080 - name: metrics - protocol: TCP - readinessProbe: - httpGet: - path: /readyz - port: 8081 - initialDelaySeconds: 20 - periodSeconds: 5 - securityContext: - allowPrivilegeEscalation: false - capabilities: - drop: - - ALL - readOnlyRootFilesystem: true - runAsNonRoot: true - runAsUser: 1000 - seccompProfile: - type: RuntimeDefault - hostNetwork: false - serviceAccountName: external-secrets-cert-controller diff --git a/charts/external-secrets/external-secrets/tests/__snapshot__/controller_test.yaml.snap b/charts/external-secrets/external-secrets/tests/__snapshot__/controller_test.yaml.snap deleted file mode 100644 index b24963649..000000000 --- a/charts/external-secrets/external-secrets/tests/__snapshot__/controller_test.yaml.snap +++ /dev/null @@ -1,53 +0,0 @@ -should match snapshot of default values: - 1: | - apiVersion: apps/v1 - kind: Deployment - metadata: - labels: - app.kubernetes.io/instance: RELEASE-NAME - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: external-secrets - app.kubernetes.io/version: v0.9.17 - helm.sh/chart: external-secrets-0.9.17 - name: RELEASE-NAME-external-secrets - namespace: NAMESPACE - spec: - replicas: 1 - revisionHistoryLimit: 10 - selector: - matchLabels: - app.kubernetes.io/instance: RELEASE-NAME - app.kubernetes.io/name: external-secrets - template: - metadata: - labels: - app.kubernetes.io/instance: RELEASE-NAME - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: external-secrets - app.kubernetes.io/version: v0.9.17 - helm.sh/chart: external-secrets-0.9.17 - spec: - automountServiceAccountToken: true - containers: - - args: - - --concurrent=1 - - --metrics-addr=:8080 - image: ghcr.io/external-secrets/external-secrets:v0.9.17 - imagePullPolicy: IfNotPresent - name: external-secrets - ports: - - containerPort: 8080 - name: metrics - protocol: TCP - securityContext: - allowPrivilegeEscalation: false - capabilities: - drop: - - ALL - readOnlyRootFilesystem: true - runAsNonRoot: true - runAsUser: 1000 - seccompProfile: - type: RuntimeDefault - hostNetwork: false - serviceAccountName: RELEASE-NAME-external-secrets diff --git a/charts/external-secrets/external-secrets/tests/__snapshot__/crds_test.yaml.snap b/charts/external-secrets/external-secrets/tests/__snapshot__/crds_test.yaml.snap deleted file mode 100644 index 36800fe36..000000000 --- a/charts/external-secrets/external-secrets/tests/__snapshot__/crds_test.yaml.snap +++ /dev/null @@ -1,4165 +0,0 @@ -should match snapshot of default values: - 1: | - apiVersion: apiextensions.k8s.io/v1 - kind: CustomResourceDefinition - metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.15.0 - name: secretstores.external-secrets.io - spec: - conversion: - strategy: Webhook - webhook: - clientConfig: - service: - name: RELEASE-NAME-external-secrets-webhook - namespace: NAMESPACE - path: /convert - conversionReviewVersions: - - v1 - group: external-secrets.io - names: - categories: - - externalsecrets - kind: SecretStore - listKind: SecretStoreList - plural: secretstores - shortNames: - - ss - singular: secretstore - scope: Namespaced - versions: - - additionalPrinterColumns: - - jsonPath: .metadata.creationTimestamp - name: AGE - type: date - - jsonPath: .status.conditions[?(@.type=="Ready")].reason - name: Status - type: string - deprecated: true - name: v1alpha1 - schema: - openAPIV3Schema: - description: SecretStore represents a secure external location for storing secrets, which can be referenced as part of `storeRef` fields. - properties: - apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - type: string - kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - metadata: - type: object - spec: - description: SecretStoreSpec defines the desired state of SecretStore. - properties: - controller: - description: |- - Used to select the correct ESO controller (think: ingress.ingressClassName) - The ESO controller is instantiated with a specific controller name and filters ES based on this property - type: string - provider: - description: Used to configure the provider. Only one provider may be set - maxProperties: 1 - minProperties: 1 - properties: - akeyless: - description: Akeyless configures this store to sync secrets using Akeyless Vault provider - properties: - akeylessGWApiURL: - description: Akeyless GW API Url from which the secrets to be fetched from. - type: string - authSecretRef: - description: Auth configures how the operator authenticates with Akeyless. - properties: - kubernetesAuth: - description: |- - Kubernetes authenticates with Akeyless by passing the ServiceAccount - token stored in the named Secret resource. - properties: - accessID: - description: the Akeyless Kubernetes auth-method access-id - type: string - k8sConfName: - description: Kubernetes-auth configuration name in Akeyless-Gateway - type: string - secretRef: - description: |- - Optional secret field containing a Kubernetes ServiceAccount JWT used - for authenticating with Akeyless. If a name is specified without a key, - `token` is the default. If one is not specified, the one bound to - the controller will be used. - properties: - key: - description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. - type: string - name: - description: The name of the Secret resource being referred to. - type: string - namespace: - description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. - type: string - type: object - serviceAccountRef: - description: |- - Optional service account field containing the name of a kubernetes ServiceAccount. - If the service account is specified, the service account secret token JWT will be used - for authenticating with Akeyless. If the service account selector is not supplied, - the secretRef will be used instead. - properties: - audiences: - description: |- - Audience specifies the `aud` claim for the service account token - If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity - then this audiences will be appended to the list - items: - type: string - type: array - name: - description: The name of the ServiceAccount resource being referred to. - type: string - namespace: - description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. - type: string - required: - - name - type: object - required: - - accessID - - k8sConfName - type: object - secretRef: - description: |- - Reference to a Secret that contains the details - to authenticate with Akeyless. - properties: - accessID: - description: The SecretAccessID is used for authentication - properties: - key: - description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. - type: string - name: - description: The name of the Secret resource being referred to. - type: string - namespace: - description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. - type: string - type: object - accessType: - description: |- - A reference to a specific 'key' within a Secret resource, - In some instances, `key` is a required field. - properties: - key: - description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. - type: string - name: - description: The name of the Secret resource being referred to. - type: string - namespace: - description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. - type: string - type: object - accessTypeParam: - description: |- - A reference to a specific 'key' within a Secret resource, - In some instances, `key` is a required field. - properties: - key: - description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. - type: string - name: - description: The name of the Secret resource being referred to. - type: string - namespace: - description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. - type: string - type: object - type: object - type: object - caBundle: - description: |- - PEM/base64 encoded CA bundle used to validate Akeyless Gateway certificate. Only used - if the AkeylessGWApiURL URL is using HTTPS protocol. If not set the system root certificates - are used to validate the TLS connection. - format: byte - type: string - caProvider: - description: The provider for the CA bundle to use to validate Akeyless Gateway certificate. - properties: - key: - description: The key the value inside of the provider type to use, only used with "Secret" type - type: string - name: - description: The name of the object located at the provider type. - type: string - namespace: - description: The namespace the Provider type is in. - type: string - type: - description: The type of provider to use such as "Secret", or "ConfigMap". - enum: - - Secret - - ConfigMap - type: string - required: - - name - - type - type: object - required: - - akeylessGWApiURL - - authSecretRef - type: object - alibaba: - description: Alibaba configures this store to sync secrets using Alibaba Cloud provider - properties: - auth: - description: AlibabaAuth contains a secretRef for credentials. - properties: - rrsa: - description: Authenticate against Alibaba using RRSA. - properties: - oidcProviderArn: - type: string - oidcTokenFilePath: - type: string - roleArn: - type: string - sessionName: - type: string - required: - - oidcProviderArn - - oidcTokenFilePath - - roleArn - - sessionName - type: object - secretRef: - description: AlibabaAuthSecretRef holds secret references for Alibaba credentials. - properties: - accessKeyIDSecretRef: - description: The AccessKeyID is used for authentication - properties: - key: - description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. - type: string - name: - description: The name of the Secret resource being referred to. - type: string - namespace: - description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. - type: string - type: object - accessKeySecretSecretRef: - description: The AccessKeySecret is used for authentication - properties: - key: - description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. - type: string - name: - description: The name of the Secret resource being referred to. - type: string - namespace: - description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. - type: string - type: object - required: - - accessKeyIDSecretRef - - accessKeySecretSecretRef - type: object - type: object - regionID: - description: Alibaba Region to be used for the provider - type: string - required: - - auth - - regionID - type: object - aws: - description: AWS configures this store to sync secrets using AWS Secret Manager provider - properties: - auth: - description: |- - Auth defines the information necessary to authenticate against AWS - if not set aws sdk will infer credentials from your environment - see: https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials - properties: - jwt: - description: Authenticate against AWS using service account tokens. - properties: - serviceAccountRef: - description: A reference to a ServiceAccount resource. - properties: - audiences: - description: |- - Audience specifies the `aud` claim for the service account token - If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity - then this audiences will be appended to the list - items: - type: string - type: array - name: - description: The name of the ServiceAccount resource being referred to. - type: string - namespace: - description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. - type: string - required: - - name - type: object - type: object - secretRef: - description: |- - AWSAuthSecretRef holds secret references for AWS credentials - both AccessKeyID and SecretAccessKey must be defined in order to properly authenticate. - properties: - accessKeyIDSecretRef: - description: The AccessKeyID is used for authentication - properties: - key: - description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. - type: string - name: - description: The name of the Secret resource being referred to. - type: string - namespace: - description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. - type: string - type: object - secretAccessKeySecretRef: - description: The SecretAccessKey is used for authentication - properties: - key: - description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. - type: string - name: - description: The name of the Secret resource being referred to. - type: string - namespace: - description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. - type: string - type: object - type: object - type: object - region: - description: AWS Region to be used for the provider - type: string - role: - description: Role is a Role ARN which the SecretManager provider will assume - type: string - service: - description: Service defines which service should be used to fetch the secrets - enum: - - SecretsManager - - ParameterStore - type: string - required: - - region - - service - type: object - azurekv: - description: AzureKV configures this store to sync secrets using Azure Key Vault provider - properties: - authSecretRef: - description: Auth configures how the operator authenticates with Azure. Required for ServicePrincipal auth type. - properties: - clientId: - description: The Azure clientId of the service principle used for authentication. - properties: - key: - description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. - type: string - name: - description: The name of the Secret resource being referred to. - type: string - namespace: - description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. - type: string - type: object - clientSecret: - description: The Azure ClientSecret of the service principle used for authentication. - properties: - key: - description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. - type: string - name: - description: The name of the Secret resource being referred to. - type: string - namespace: - description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. - type: string - type: object - type: object - authType: - default: ServicePrincipal - description: |- - Auth type defines how to authenticate to the keyvault service. - Valid values are: - - "ServicePrincipal" (default): Using a service principal (tenantId, clientId, clientSecret) - - "ManagedIdentity": Using Managed Identity assigned to the pod (see aad-pod-identity) - enum: - - ServicePrincipal - - ManagedIdentity - - WorkloadIdentity - type: string - identityId: - description: If multiple Managed Identity is assigned to the pod, you can select the one to be used - type: string - serviceAccountRef: - description: |- - ServiceAccountRef specified the service account - that should be used when authenticating with WorkloadIdentity. - properties: - audiences: - description: |- - Audience specifies the `aud` claim for the service account token - If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity - then this audiences will be appended to the list - items: - type: string - type: array - name: - description: The name of the ServiceAccount resource being referred to. - type: string - namespace: - description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. - type: string - required: - - name - type: object - tenantId: - description: TenantID configures the Azure Tenant to send requests to. Required for ServicePrincipal auth type. - type: string - vaultUrl: - description: Vault Url from which the secrets to be fetched from. - type: string - required: - - vaultUrl - type: object - fake: - description: Fake configures a store with static key/value pairs - properties: - data: - items: - properties: - key: - type: string - value: - type: string - valueMap: - additionalProperties: - type: string - type: object - version: - type: string - required: - - key - type: object - type: array - required: - - data - type: object - gcpsm: - description: GCPSM configures this store to sync secrets using Google Cloud Platform Secret Manager provider - properties: - auth: - description: Auth defines the information necessary to authenticate against GCP - properties: - secretRef: - properties: - secretAccessKeySecretRef: - description: The SecretAccessKey is used for authentication - properties: - key: - description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. - type: string - name: - description: The name of the Secret resource being referred to. - type: string - namespace: - description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. - type: string - type: object - type: object - workloadIdentity: - properties: - clusterLocation: - type: string - clusterName: - type: string - clusterProjectID: - type: string - serviceAccountRef: - description: A reference to a ServiceAccount resource. - properties: - audiences: - description: |- - Audience specifies the `aud` claim for the service account token - If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity - then this audiences will be appended to the list - items: - type: string - type: array - name: - description: The name of the ServiceAccount resource being referred to. - type: string - namespace: - description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. - type: string - required: - - name - type: object - required: - - clusterLocation - - clusterName - - serviceAccountRef - type: object - type: object - projectID: - description: ProjectID project where secret is located - type: string - type: object - gitlab: - description: GitLab configures this store to sync secrets using GitLab Variables provider - properties: - auth: - description: Auth configures how secret-manager authenticates with a GitLab instance. - properties: - SecretRef: - properties: - accessToken: - description: AccessToken is used for authentication. - properties: - key: - description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. - type: string - name: - description: The name of the Secret resource being referred to. - type: string - namespace: - description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. - type: string - type: object - type: object - required: - - SecretRef - type: object - projectID: - description: ProjectID specifies a project where secrets are located. - type: string - url: - description: URL configures the GitLab instance URL. Defaults to https://gitlab.com/. - type: string - required: - - auth - type: object - ibm: - description: IBM configures this store to sync secrets using IBM Cloud provider - properties: - auth: - description: Auth configures how secret-manager authenticates with the IBM secrets manager. - properties: - secretRef: - properties: - secretApiKeySecretRef: - description: The SecretAccessKey is used for authentication - properties: - key: - description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. - type: string - name: - description: The name of the Secret resource being referred to. - type: string - namespace: - description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. - type: string - type: object - type: object - required: - - secretRef - type: object - serviceUrl: - description: ServiceURL is the Endpoint URL that is specific to the Secrets Manager service instance - type: string - required: - - auth - type: object - kubernetes: - description: Kubernetes configures this store to sync secrets using a Kubernetes cluster provider - properties: - auth: - description: Auth configures how secret-manager authenticates with a Kubernetes instance. - maxProperties: 1 - minProperties: 1 - properties: - cert: - description: has both clientCert and clientKey as secretKeySelector - properties: - clientCert: - description: |- - A reference to a specific 'key' within a Secret resource, - In some instances, `key` is a required field. - properties: - key: - description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. - type: string - name: - description: The name of the Secret resource being referred to. - type: string - namespace: - description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. - type: string - type: object - clientKey: - description: |- - A reference to a specific 'key' within a Secret resource, - In some instances, `key` is a required field. - properties: - key: - description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. - type: string - name: - description: The name of the Secret resource being referred to. - type: string - namespace: - description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. - type: string - type: object - type: object - serviceAccount: - description: points to a service account that should be used for authentication - properties: - serviceAccount: - description: A reference to a ServiceAccount resource. - properties: - audiences: - description: |- - Audience specifies the `aud` claim for the service account token - If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity - then this audiences will be appended to the list - items: - type: string - type: array - name: - description: The name of the ServiceAccount resource being referred to. - type: string - namespace: - description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. - type: string - required: - - name - type: object - type: object - token: - description: use static token to authenticate with - properties: - bearerToken: - description: |- - A reference to a specific 'key' within a Secret resource, - In some instances, `key` is a required field. - properties: - key: - description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. - type: string - name: - description: The name of the Secret resource being referred to. - type: string - namespace: - description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. - type: string - type: object - type: object - type: object - remoteNamespace: - default: default - description: Remote namespace to fetch the secrets from - type: string - server: - description: configures the Kubernetes server Address. - properties: - caBundle: - description: CABundle is a base64-encoded CA certificate - format: byte - type: string - caProvider: - description: 'see: https://external-secrets.io/v0.4.1/spec/#external-secrets.io/v1alpha1.CAProvider' - properties: - key: - description: The key the value inside of the provider type to use, only used with "Secret" type - type: string - name: - description: The name of the object located at the provider type. - type: string - namespace: - description: The namespace the Provider type is in. - type: string - type: - description: The type of provider to use such as "Secret", or "ConfigMap". - enum: - - Secret - - ConfigMap - type: string - required: - - name - - type - type: object - url: - default: kubernetes.default - description: configures the Kubernetes server Address. - type: string - type: object - required: - - auth - type: object - oracle: - description: Oracle configures this store to sync secrets using Oracle Vault provider - properties: - auth: - description: |- - Auth configures how secret-manager authenticates with the Oracle Vault. - If empty, instance principal is used. Optionally, the authenticating principal type - and/or user data may be supplied for the use of workload identity and user principal. - properties: - secretRef: - description: SecretRef to pass through sensitive information. - properties: - fingerprint: - description: Fingerprint is the fingerprint of the API private key. - properties: - key: - description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. - type: string - name: - description: The name of the Secret resource being referred to. - type: string - namespace: - description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. - type: string - type: object - privatekey: - description: PrivateKey is the user's API Signing Key in PEM format, used for authentication. - properties: - key: - description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. - type: string - name: - description: The name of the Secret resource being referred to. - type: string - namespace: - description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. - type: string - type: object - required: - - fingerprint - - privatekey - type: object - tenancy: - description: Tenancy is the tenancy OCID where user is located. - type: string - user: - description: User is an access OCID specific to the account. - type: string - required: - - secretRef - - tenancy - - user - type: object - compartment: - description: |- - Compartment is the vault compartment OCID. - Required for PushSecret - type: string - encryptionKey: - description: |- - EncryptionKey is the OCID of the encryption key within the vault. - Required for PushSecret - type: string - principalType: - description: |- - The type of principal to use for authentication. If left blank, the Auth struct will - determine the principal type. This optional field must be specified if using - workload identity. - enum: - - "" - - UserPrincipal - - InstancePrincipal - - Workload - type: string - region: - description: Region is the region where vault is located. - type: string - serviceAccountRef: - description: |- - ServiceAccountRef specified the service account - that should be used when authenticating with WorkloadIdentity. - properties: - audiences: - description: |- - Audience specifies the `aud` claim for the service account token - If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity - then this audiences will be appended to the list - items: - type: string - type: array - name: - description: The name of the ServiceAccount resource being referred to. - type: string - namespace: - description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. - type: string - required: - - name - type: object - vault: - description: Vault is the vault's OCID of the specific vault where secret is located. - type: string - required: - - region - - vault - type: object - passworddepot: - description: Configures a store to sync secrets with a Password Depot instance. - properties: - auth: - description: Auth configures how secret-manager authenticates with a Password Depot instance. - properties: - secretRef: - properties: - credentials: - description: Username / Password is used for authentication. - properties: - key: - description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. - type: string - name: - description: The name of the Secret resource being referred to. - type: string - namespace: - description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. - type: string - type: object - type: object - required: - - secretRef - type: object - database: - description: Database to use as source - type: string - host: - description: URL configures the Password Depot instance URL. - type: string - required: - - auth - - database - - host - type: object - vault: - description: Vault configures this store to sync secrets using Hashi provider - properties: - auth: - description: Auth configures how secret-manager authenticates with the Vault server. - properties: - appRole: - description: |- - AppRole authenticates with Vault using the App Role auth mechanism, - with the role and secret stored in a Kubernetes Secret resource. - properties: - path: - default: approle - description: |- - Path where the App Role authentication backend is mounted - in Vault, e.g: "approle" - type: string - roleId: - description: |- - RoleID configured in the App Role authentication backend when setting - up the authentication backend in Vault. - type: string - secretRef: - description: |- - Reference to a key in a Secret that contains the App Role secret used - to authenticate with Vault. - The `key` field must be specified and denotes which entry within the Secret - resource is used as the app role secret. - properties: - key: - description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. - type: string - name: - description: The name of the Secret resource being referred to. - type: string - namespace: - description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. - type: string - type: object - required: - - path - - roleId - - secretRef - type: object - cert: - description: |- - Cert authenticates with TLS Certificates by passing client certificate, private key and ca certificate - Cert authentication method - properties: - clientCert: - description: |- - ClientCert is a certificate to authenticate using the Cert Vault - authentication method - properties: - key: - description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. - type: string - name: - description: The name of the Secret resource being referred to. - type: string - namespace: - description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. - type: string - type: object - secretRef: - description: |- - SecretRef to a key in a Secret resource containing client private key to - authenticate with Vault using the Cert authentication method - properties: - key: - description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. - type: string - name: - description: The name of the Secret resource being referred to. - type: string - namespace: - description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. - type: string - type: object - type: object - jwt: - description: |- - Jwt authenticates with Vault by passing role and JWT token using the - JWT/OIDC authentication method - properties: - kubernetesServiceAccountToken: - description: |- - Optional ServiceAccountToken specifies the Kubernetes service account for which to request - a token for with the `TokenRequest` API. - properties: - audiences: - description: |- - Optional audiences field that will be used to request a temporary Kubernetes service - account token for the service account referenced by `serviceAccountRef`. - Defaults to a single audience `vault` it not specified. - items: - type: string - type: array - expirationSeconds: - description: |- - Optional expiration time in seconds that will be used to request a temporary - Kubernetes service account token for the service account referenced by - `serviceAccountRef`. - Defaults to 10 minutes. - format: int64 - type: integer - serviceAccountRef: - description: Service account field containing the name of a kubernetes ServiceAccount. - properties: - audiences: - description: |- - Audience specifies the `aud` claim for the service account token - If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity - then this audiences will be appended to the list - items: - type: string - type: array - name: - description: The name of the ServiceAccount resource being referred to. - type: string - namespace: - description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. - type: string - required: - - name - type: object - required: - - serviceAccountRef - type: object - path: - default: jwt - description: |- - Path where the JWT authentication backend is mounted - in Vault, e.g: "jwt" - type: string - role: - description: |- - Role is a JWT role to authenticate using the JWT/OIDC Vault - authentication method - type: string - secretRef: - description: |- - Optional SecretRef that refers to a key in a Secret resource containing JWT token to - authenticate with Vault using the JWT/OIDC authentication method. - properties: - key: - description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. - type: string - name: - description: The name of the Secret resource being referred to. - type: string - namespace: - description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. - type: string - type: object - required: - - path - type: object - kubernetes: - description: |- - Kubernetes authenticates with Vault by passing the ServiceAccount - token stored in the named Secret resource to the Vault server. - properties: - mountPath: - default: kubernetes - description: |- - Path where the Kubernetes authentication backend is mounted in Vault, e.g: - "kubernetes" - type: string - role: - description: |- - A required field containing the Vault Role to assume. A Role binds a - Kubernetes ServiceAccount with a set of Vault policies. - type: string - secretRef: - description: |- - Optional secret field containing a Kubernetes ServiceAccount JWT used - for authenticating with Vault. If a name is specified without a key, - `token` is the default. If one is not specified, the one bound to - the controller will be used. - properties: - key: - description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. - type: string - name: - description: The name of the Secret resource being referred to. - type: string - namespace: - description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. - type: string - type: object - serviceAccountRef: - description: |- - Optional service account field containing the name of a kubernetes ServiceAccount. - If the service account is specified, the service account secret token JWT will be used - for authenticating with Vault. If the service account selector is not supplied, - the secretRef will be used instead. - properties: - audiences: - description: |- - Audience specifies the `aud` claim for the service account token - If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity - then this audiences will be appended to the list - items: - type: string - type: array - name: - description: The name of the ServiceAccount resource being referred to. - type: string - namespace: - description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. - type: string - required: - - name - type: object - required: - - mountPath - - role - type: object - ldap: - description: |- - Ldap authenticates with Vault by passing username/password pair using - the LDAP authentication method - properties: - path: - default: ldap - description: |- - Path where the LDAP authentication backend is mounted - in Vault, e.g: "ldap" - type: string - secretRef: - description: |- - SecretRef to a key in a Secret resource containing password for the LDAP - user used to authenticate with Vault using the LDAP authentication - method - properties: - key: - description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. - type: string - name: - description: The name of the Secret resource being referred to. - type: string - namespace: - description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. - type: string - type: object - username: - description: |- - Username is a LDAP user name used to authenticate using the LDAP Vault - authentication method - type: string - required: - - path - - username - type: object - tokenSecretRef: - description: TokenSecretRef authenticates with Vault by presenting a token. - properties: - key: - description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. - type: string - name: - description: The name of the Secret resource being referred to. - type: string - namespace: - description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. - type: string - type: object - type: object - caBundle: - description: |- - PEM encoded CA bundle used to validate Vault server certificate. Only used - if the Server URL is using HTTPS protocol. This parameter is ignored for - plain HTTP protocol connection. If not set the system root certificates - are used to validate the TLS connection. - format: byte - type: string - caProvider: - description: The provider for the CA bundle to use to validate Vault server certificate. - properties: - key: - description: The key the value inside of the provider type to use, only used with "Secret" type - type: string - name: - description: The name of the object located at the provider type. - type: string - namespace: - description: The namespace the Provider type is in. - type: string - type: - description: The type of provider to use such as "Secret", or "ConfigMap". - enum: - - Secret - - ConfigMap - type: string - required: - - name - - type - type: object - forwardInconsistent: - description: |- - ForwardInconsistent tells Vault to forward read-after-write requests to the Vault - leader instead of simply retrying within a loop. This can increase performance if - the option is enabled serverside. - https://www.vaultproject.io/docs/configuration/replication#allow_forwarding_via_header - type: boolean - namespace: - description: |- - Name of the vault namespace. Namespaces is a set of features within Vault Enterprise that allows - Vault environments to support Secure Multi-tenancy. e.g: "ns1". - More about namespaces can be found here https://www.vaultproject.io/docs/enterprise/namespaces - type: string - path: - description: |- - Path is the mount path of the Vault KV backend endpoint, e.g: - "secret". The v2 KV secret engine version specific "/data" path suffix - for fetching secrets from Vault is optional and will be appended - if not present in specified path. - type: string - readYourWrites: - description: |- - ReadYourWrites ensures isolated read-after-write semantics by - providing discovered cluster replication states in each request. - More information about eventual consistency in Vault can be found here - https://www.vaultproject.io/docs/enterprise/consistency - type: boolean - server: - description: 'Server is the connection address for the Vault server, e.g: "https://vault.example.com:8200".' - type: string - version: - default: v2 - description: |- - Version is the Vault KV secret engine version. This can be either "v1" or - "v2". Version defaults to "v2". - enum: - - v1 - - v2 - type: string - required: - - auth - - server - type: object - webhook: - description: Webhook configures this store to sync secrets using a generic templated webhook - properties: - body: - description: Body - type: string - caBundle: - description: |- - PEM encoded CA bundle used to validate webhook server certificate. Only used - if the Server URL is using HTTPS protocol. This parameter is ignored for - plain HTTP protocol connection. If not set the system root certificates - are used to validate the TLS connection. - format: byte - type: string - caProvider: - description: The provider for the CA bundle to use to validate webhook server certificate. - properties: - key: - description: The key the value inside of the provider type to use, only used with "Secret" type - type: string - name: - description: The name of the object located at the provider type. - type: string - namespace: - description: The namespace the Provider type is in. - type: string - type: - description: The type of provider to use such as "Secret", or "ConfigMap". - enum: - - Secret - - ConfigMap - type: string - required: - - name - - type - type: object - headers: - additionalProperties: - type: string - description: Headers - type: object - method: - description: Webhook Method - type: string - result: - description: Result formatting - properties: - jsonPath: - description: Json path of return value - type: string - type: object - secrets: - description: |- - Secrets to fill in templates - These secrets will be passed to the templating function as key value pairs under the given name - items: - properties: - name: - description: Name of this secret in templates - type: string - secretRef: - description: Secret ref to fill in credentials - properties: - key: - description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. - type: string - name: - description: The name of the Secret resource being referred to. - type: string - namespace: - description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. - type: string - type: object - required: - - name - - secretRef - type: object - type: array - timeout: - description: Timeout - type: string - url: - description: Webhook url to call - type: string - required: - - result - - url - type: object - yandexlockbox: - description: YandexLockbox configures this store to sync secrets using Yandex Lockbox provider - properties: - apiEndpoint: - description: Yandex.Cloud API endpoint (e.g. 'api.cloud.yandex.net:443') - type: string - auth: - description: Auth defines the information necessary to authenticate against Yandex Lockbox - properties: - authorizedKeySecretRef: - description: The authorized key used for authentication - properties: - key: - description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. - type: string - name: - description: The name of the Secret resource being referred to. - type: string - namespace: - description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. - type: string - type: object - type: object - caProvider: - description: The provider for the CA bundle to use to validate Yandex.Cloud server certificate. - properties: - certSecretRef: - description: |- - A reference to a specific 'key' within a Secret resource, - In some instances, `key` is a required field. - properties: - key: - description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. - type: string - name: - description: The name of the Secret resource being referred to. - type: string - namespace: - description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. - type: string - type: object - type: object - required: - - auth - type: object - type: object - retrySettings: - description: Used to configure http retries if failed - properties: - maxRetries: - format: int32 - type: integer - retryInterval: - type: string - type: object - required: - - provider - type: object - status: - description: SecretStoreStatus defines the observed state of the SecretStore. - properties: - conditions: - items: - properties: - lastTransitionTime: - format: date-time - type: string - message: - type: string - reason: - type: string - status: - type: string - type: - type: string - required: - - status - - type - type: object - type: array - type: object - type: object - served: true - storage: false - subresources: - status: {} - - additionalPrinterColumns: - - jsonPath: .metadata.creationTimestamp - name: AGE - type: date - - jsonPath: .status.conditions[?(@.type=="Ready")].reason - name: Status - type: string - - jsonPath: .status.capabilities - name: Capabilities - type: string - - jsonPath: .status.conditions[?(@.type=="Ready")].status - name: Ready - type: string - name: v1beta1 - schema: - openAPIV3Schema: - description: SecretStore represents a secure external location for storing secrets, which can be referenced as part of `storeRef` fields. - properties: - apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - type: string - kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - metadata: - type: object - spec: - description: SecretStoreSpec defines the desired state of SecretStore. - properties: - conditions: - description: Used to constraint a ClusterSecretStore to specific namespaces. Relevant only to ClusterSecretStore - items: - description: |- - ClusterSecretStoreCondition describes a condition by which to choose namespaces to process ExternalSecrets in - for a ClusterSecretStore instance. - properties: - namespaceSelector: - description: Choose namespace using a labelSelector - properties: - matchExpressions: - description: matchExpressions is a list of label selector requirements. The requirements are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label key that the selector applies to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - namespaces: - description: Choose namespaces by name - items: - type: string - type: array - type: object - type: array - controller: - description: |- - Used to select the correct ESO controller (think: ingress.ingressClassName) - The ESO controller is instantiated with a specific controller name and filters ES based on this property - type: string - provider: - description: Used to configure the provider. Only one provider may be set - maxProperties: 1 - minProperties: 1 - properties: - akeyless: - description: Akeyless configures this store to sync secrets using Akeyless Vault provider - properties: - akeylessGWApiURL: - description: Akeyless GW API Url from which the secrets to be fetched from. - type: string - authSecretRef: - description: Auth configures how the operator authenticates with Akeyless. - properties: - kubernetesAuth: - description: |- - Kubernetes authenticates with Akeyless by passing the ServiceAccount - token stored in the named Secret resource. - properties: - accessID: - description: the Akeyless Kubernetes auth-method access-id - type: string - k8sConfName: - description: Kubernetes-auth configuration name in Akeyless-Gateway - type: string - secretRef: - description: |- - Optional secret field containing a Kubernetes ServiceAccount JWT used - for authenticating with Akeyless. If a name is specified without a key, - `token` is the default. If one is not specified, the one bound to - the controller will be used. - properties: - key: - description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. - type: string - name: - description: The name of the Secret resource being referred to. - type: string - namespace: - description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. - type: string - type: object - serviceAccountRef: - description: |- - Optional service account field containing the name of a kubernetes ServiceAccount. - If the service account is specified, the service account secret token JWT will be used - for authenticating with Akeyless. If the service account selector is not supplied, - the secretRef will be used instead. - properties: - audiences: - description: |- - Audience specifies the `aud` claim for the service account token - If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity - then this audiences will be appended to the list - items: - type: string - type: array - name: - description: The name of the ServiceAccount resource being referred to. - type: string - namespace: - description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. - type: string - required: - - name - type: object - required: - - accessID - - k8sConfName - type: object - secretRef: - description: |- - Reference to a Secret that contains the details - to authenticate with Akeyless. - properties: - accessID: - description: The SecretAccessID is used for authentication - properties: - key: - description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. - type: string - name: - description: The name of the Secret resource being referred to. - type: string - namespace: - description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. - type: string - type: object - accessType: - description: |- - A reference to a specific 'key' within a Secret resource, - In some instances, `key` is a required field. - properties: - key: - description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. - type: string - name: - description: The name of the Secret resource being referred to. - type: string - namespace: - description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. - type: string - type: object - accessTypeParam: - description: |- - A reference to a specific 'key' within a Secret resource, - In some instances, `key` is a required field. - properties: - key: - description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. - type: string - name: - description: The name of the Secret resource being referred to. - type: string - namespace: - description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. - type: string - type: object - type: object - type: object - caBundle: - description: |- - PEM/base64 encoded CA bundle used to validate Akeyless Gateway certificate. Only used - if the AkeylessGWApiURL URL is using HTTPS protocol. If not set the system root certificates - are used to validate the TLS connection. - format: byte - type: string - caProvider: - description: The provider for the CA bundle to use to validate Akeyless Gateway certificate. - properties: - key: - description: The key where the CA certificate can be found in the Secret or ConfigMap. - type: string - name: - description: The name of the object located at the provider type. - type: string - namespace: - description: |- - The namespace the Provider type is in. - Can only be defined when used in a ClusterSecretStore. - type: string - type: - description: The type of provider to use such as "Secret", or "ConfigMap". - enum: - - Secret - - ConfigMap - type: string - required: - - name - - type - type: object - required: - - akeylessGWApiURL - - authSecretRef - type: object - alibaba: - description: Alibaba configures this store to sync secrets using Alibaba Cloud provider - properties: - auth: - description: AlibabaAuth contains a secretRef for credentials. - properties: - rrsa: - description: Authenticate against Alibaba using RRSA. - properties: - oidcProviderArn: - type: string - oidcTokenFilePath: - type: string - roleArn: - type: string - sessionName: - type: string - required: - - oidcProviderArn - - oidcTokenFilePath - - roleArn - - sessionName - type: object - secretRef: - description: AlibabaAuthSecretRef holds secret references for Alibaba credentials. - properties: - accessKeyIDSecretRef: - description: The AccessKeyID is used for authentication - properties: - key: - description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. - type: string - name: - description: The name of the Secret resource being referred to. - type: string - namespace: - description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. - type: string - type: object - accessKeySecretSecretRef: - description: The AccessKeySecret is used for authentication - properties: - key: - description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. - type: string - name: - description: The name of the Secret resource being referred to. - type: string - namespace: - description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. - type: string - type: object - required: - - accessKeyIDSecretRef - - accessKeySecretSecretRef - type: object - type: object - regionID: - description: Alibaba Region to be used for the provider - type: string - required: - - auth - - regionID - type: object - aws: - description: AWS configures this store to sync secrets using AWS Secret Manager provider - properties: - additionalRoles: - description: AdditionalRoles is a chained list of Role ARNs which the provider will sequentially assume before assuming the Role - items: - type: string - type: array - auth: - description: |- - Auth defines the information necessary to authenticate against AWS - if not set aws sdk will infer credentials from your environment - see: https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials - properties: - jwt: - description: Authenticate against AWS using service account tokens. - properties: - serviceAccountRef: - description: A reference to a ServiceAccount resource. - properties: - audiences: - description: |- - Audience specifies the `aud` claim for the service account token - If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity - then this audiences will be appended to the list - items: - type: string - type: array - name: - description: The name of the ServiceAccount resource being referred to. - type: string - namespace: - description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. - type: string - required: - - name - type: object - type: object - secretRef: - description: |- - AWSAuthSecretRef holds secret references for AWS credentials - both AccessKeyID and SecretAccessKey must be defined in order to properly authenticate. - properties: - accessKeyIDSecretRef: - description: The AccessKeyID is used for authentication - properties: - key: - description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. - type: string - name: - description: The name of the Secret resource being referred to. - type: string - namespace: - description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. - type: string - type: object - secretAccessKeySecretRef: - description: The SecretAccessKey is used for authentication - properties: - key: - description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. - type: string - name: - description: The name of the Secret resource being referred to. - type: string - namespace: - description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. - type: string - type: object - sessionTokenSecretRef: - description: |- - The SessionToken used for authentication - This must be defined if AccessKeyID and SecretAccessKey are temporary credentials - see: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_use-resources.html - properties: - key: - description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. - type: string - name: - description: The name of the Secret resource being referred to. - type: string - namespace: - description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. - type: string - type: object - type: object - type: object - externalID: - description: AWS External ID set on assumed IAM roles - type: string - region: - description: AWS Region to be used for the provider - type: string - role: - description: Role is a Role ARN which the provider will assume - type: string - secretsManager: - description: SecretsManager defines how the provider behaves when interacting with AWS SecretsManager - properties: - forceDeleteWithoutRecovery: - description: |- - Specifies whether to delete the secret without any recovery window. You - can't use both this parameter and RecoveryWindowInDays in the same call. - If you don't use either, then by default Secrets Manager uses a 30 day - recovery window. - see: https://docs.aws.amazon.com/secretsmanager/latest/apireference/API_DeleteSecret.html#SecretsManager-DeleteSecret-request-ForceDeleteWithoutRecovery - type: boolean - recoveryWindowInDays: - description: |- - The number of days from 7 to 30 that Secrets Manager waits before - permanently deleting the secret. You can't use both this parameter and - ForceDeleteWithoutRecovery in the same call. If you don't use either, - then by default Secrets Manager uses a 30 day recovery window. - see: https://docs.aws.amazon.com/secretsmanager/latest/apireference/API_DeleteSecret.html#SecretsManager-DeleteSecret-request-RecoveryWindowInDays - format: int64 - type: integer - type: object - service: - description: Service defines which service should be used to fetch the secrets - enum: - - SecretsManager - - ParameterStore - type: string - sessionTags: - description: AWS STS assume role session tags - items: - properties: - key: - type: string - value: - type: string - required: - - key - - value - type: object - type: array - transitiveTagKeys: - description: AWS STS assume role transitive session tags. Required when multiple rules are used with the provider - items: - type: string - type: array - required: - - region - - service - type: object - azurekv: - description: AzureKV configures this store to sync secrets using Azure Key Vault provider - properties: - authSecretRef: - description: Auth configures how the operator authenticates with Azure. Required for ServicePrincipal auth type. Optional for WorkloadIdentity. - properties: - clientId: - description: The Azure clientId of the service principle or managed identity used for authentication. - properties: - key: - description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. - type: string - name: - description: The name of the Secret resource being referred to. - type: string - namespace: - description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. - type: string - type: object - clientSecret: - description: The Azure ClientSecret of the service principle used for authentication. - properties: - key: - description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. - type: string - name: - description: The name of the Secret resource being referred to. - type: string - namespace: - description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. - type: string - type: object - tenantId: - description: The Azure tenantId of the managed identity used for authentication. - properties: - key: - description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. - type: string - name: - description: The name of the Secret resource being referred to. - type: string - namespace: - description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. - type: string - type: object - type: object - authType: - default: ServicePrincipal - description: |- - Auth type defines how to authenticate to the keyvault service. - Valid values are: - - "ServicePrincipal" (default): Using a service principal (tenantId, clientId, clientSecret) - - "ManagedIdentity": Using Managed Identity assigned to the pod (see aad-pod-identity) - enum: - - ServicePrincipal - - ManagedIdentity - - WorkloadIdentity - type: string - environmentType: - default: PublicCloud - description: |- - EnvironmentType specifies the Azure cloud environment endpoints to use for - connecting and authenticating with Azure. By default it points to the public cloud AAD endpoint. - The following endpoints are available, also see here: https://github.com/Azure/go-autorest/blob/main/autorest/azure/environments.go#L152 - PublicCloud, USGovernmentCloud, ChinaCloud, GermanCloud - enum: - - PublicCloud - - USGovernmentCloud - - ChinaCloud - - GermanCloud - type: string - identityId: - description: If multiple Managed Identity is assigned to the pod, you can select the one to be used - type: string - serviceAccountRef: - description: |- - ServiceAccountRef specified the service account - that should be used when authenticating with WorkloadIdentity. - properties: - audiences: - description: |- - Audience specifies the `aud` claim for the service account token - If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity - then this audiences will be appended to the list - items: - type: string - type: array - name: - description: The name of the ServiceAccount resource being referred to. - type: string - namespace: - description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. - type: string - required: - - name - type: object - tenantId: - description: TenantID configures the Azure Tenant to send requests to. Required for ServicePrincipal auth type. Optional for WorkloadIdentity. - type: string - vaultUrl: - description: Vault Url from which the secrets to be fetched from. - type: string - required: - - vaultUrl - type: object - chef: - description: Chef configures this store to sync secrets with chef server - properties: - auth: - description: Auth defines the information necessary to authenticate against chef Server - properties: - secretRef: - description: ChefAuthSecretRef holds secret references for chef server login credentials. - properties: - privateKeySecretRef: - description: SecretKey is the Signing Key in PEM format, used for authentication. - properties: - key: - description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. - type: string - name: - description: The name of the Secret resource being referred to. - type: string - namespace: - description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. - type: string - type: object - required: - - privateKeySecretRef - type: object - required: - - secretRef - type: object - serverUrl: - description: ServerURL is the chef server URL used to connect to. If using orgs you should include your org in the url and terminate the url with a "/" - type: string - username: - description: UserName should be the user ID on the chef server - type: string - required: - - auth - - serverUrl - - username - type: object - conjur: - description: Conjur configures this store to sync secrets using conjur provider - properties: - auth: - properties: - apikey: - properties: - account: - type: string - apiKeyRef: - description: |- - A reference to a specific 'key' within a Secret resource, - In some instances, `key` is a required field. - properties: - key: - description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. - type: string - name: - description: The name of the Secret resource being referred to. - type: string - namespace: - description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. - type: string - type: object - userRef: - description: |- - A reference to a specific 'key' within a Secret resource, - In some instances, `key` is a required field. - properties: - key: - description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. - type: string - name: - description: The name of the Secret resource being referred to. - type: string - namespace: - description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. - type: string - type: object - required: - - account - - apiKeyRef - - userRef - type: object - jwt: - properties: - account: - type: string - hostId: - description: |- - Optional HostID for JWT authentication. This may be used depending - on how the Conjur JWT authenticator policy is configured. - type: string - secretRef: - description: |- - Optional SecretRef that refers to a key in a Secret resource containing JWT token to - authenticate with Conjur using the JWT authentication method. - properties: - key: - description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. - type: string - name: - description: The name of the Secret resource being referred to. - type: string - namespace: - description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. - type: string - type: object - serviceAccountRef: - description: |- - Optional ServiceAccountRef specifies the Kubernetes service account for which to request - a token for with the `TokenRequest` API. - properties: - audiences: - description: |- - Audience specifies the `aud` claim for the service account token - If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity - then this audiences will be appended to the list - items: - type: string - type: array - name: - description: The name of the ServiceAccount resource being referred to. - type: string - namespace: - description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. - type: string - required: - - name - type: object - serviceID: - description: The conjur authn jwt webservice id - type: string - required: - - account - - serviceID - type: object - type: object - caBundle: - type: string - caProvider: - description: |- - Used to provide custom certificate authority (CA) certificates - for a secret store. The CAProvider points to a Secret or ConfigMap resource - that contains a PEM-encoded certificate. - properties: - key: - description: The key where the CA certificate can be found in the Secret or ConfigMap. - type: string - name: - description: The name of the object located at the provider type. - type: string - namespace: - description: |- - The namespace the Provider type is in. - Can only be defined when used in a ClusterSecretStore. - type: string - type: - description: The type of provider to use such as "Secret", or "ConfigMap". - enum: - - Secret - - ConfigMap - type: string - required: - - name - - type - type: object - url: - type: string - required: - - auth - - url - type: object - delinea: - description: |- - Delinea DevOps Secrets Vault - https://docs.delinea.com/online-help/products/devops-secrets-vault/current - properties: - clientId: - description: ClientID is the non-secret part of the credential. - properties: - secretRef: - description: SecretRef references a key in a secret that will be used as value. - properties: - key: - description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. - type: string - name: - description: The name of the Secret resource being referred to. - type: string - namespace: - description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. - type: string - type: object - value: - description: Value can be specified directly to set a value without using a secret. - type: string - type: object - clientSecret: - description: ClientSecret is the secret part of the credential. - properties: - secretRef: - description: SecretRef references a key in a secret that will be used as value. - properties: - key: - description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. - type: string - name: - description: The name of the Secret resource being referred to. - type: string - namespace: - description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. - type: string - type: object - value: - description: Value can be specified directly to set a value without using a secret. - type: string - type: object - tenant: - description: Tenant is the chosen hostname / site name. - type: string - tld: - description: |- - TLD is based on the server location that was chosen during provisioning. - If unset, defaults to "com". - type: string - urlTemplate: - description: |- - URLTemplate - If unset, defaults to "https://%s.secretsvaultcloud.%s/v1/%s%s". - type: string - required: - - clientId - - clientSecret - - tenant - type: object - doppler: - description: Doppler configures this store to sync secrets using the Doppler provider - properties: - auth: - description: Auth configures how the Operator authenticates with the Doppler API - properties: - secretRef: - properties: - dopplerToken: - description: |- - The DopplerToken is used for authentication. - See https://docs.doppler.com/reference/api#authentication for auth token types. - The Key attribute defaults to dopplerToken if not specified. - properties: - key: - description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. - type: string - name: - description: The name of the Secret resource being referred to. - type: string - namespace: - description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. - type: string - type: object - required: - - dopplerToken - type: object - required: - - secretRef - type: object - config: - description: Doppler config (required if not using a Service Token) - type: string - format: - description: Format enables the downloading of secrets as a file (string) - enum: - - json - - dotnet-json - - env - - yaml - - docker - type: string - nameTransformer: - description: Environment variable compatible name transforms that change secret names to a different format - enum: - - upper-camel - - camel - - lower-snake - - tf-var - - dotnet-env - - lower-kebab - type: string - project: - description: Doppler project (required if not using a Service Token) - type: string - required: - - auth - type: object - fake: - description: Fake configures a store with static key/value pairs - properties: - data: - items: - properties: - key: - type: string - value: - type: string - valueMap: - additionalProperties: - type: string - description: 'Deprecated: ValueMap is deprecated and is intended to be removed in the future, use the `value` field instead.' - type: object - version: - type: string - required: - - key - type: object - type: array - required: - - data - type: object - fortanix: - description: Fortanix configures this store to sync secrets using the Fortanix provider - properties: - apiKey: - description: APIKey is the API token to access SDKMS Applications. - properties: - secretRef: - description: SecretRef is a reference to a secret containing the SDKMS API Key. - properties: - key: - description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. - type: string - name: - description: The name of the Secret resource being referred to. - type: string - namespace: - description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. - type: string - type: object - type: object - apiUrl: - description: APIURL is the URL of SDKMS API. Defaults to `sdkms.fortanix.com`. - type: string - type: object - gcpsm: - description: GCPSM configures this store to sync secrets using Google Cloud Platform Secret Manager provider - properties: - auth: - description: Auth defines the information necessary to authenticate against GCP - properties: - secretRef: - properties: - secretAccessKeySecretRef: - description: The SecretAccessKey is used for authentication - properties: - key: - description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. - type: string - name: - description: The name of the Secret resource being referred to. - type: string - namespace: - description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. - type: string - type: object - type: object - workloadIdentity: - properties: - clusterLocation: - type: string - clusterName: - type: string - clusterProjectID: - type: string - serviceAccountRef: - description: A reference to a ServiceAccount resource. - properties: - audiences: - description: |- - Audience specifies the `aud` claim for the service account token - If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity - then this audiences will be appended to the list - items: - type: string - type: array - name: - description: The name of the ServiceAccount resource being referred to. - type: string - namespace: - description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. - type: string - required: - - name - type: object - required: - - clusterLocation - - clusterName - - serviceAccountRef - type: object - type: object - projectID: - description: ProjectID project where secret is located - type: string - type: object - gitlab: - description: GitLab configures this store to sync secrets using GitLab Variables provider - properties: - auth: - description: Auth configures how secret-manager authenticates with a GitLab instance. - properties: - SecretRef: - properties: - accessToken: - description: AccessToken is used for authentication. - properties: - key: - description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. - type: string - name: - description: The name of the Secret resource being referred to. - type: string - namespace: - description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. - type: string - type: object - type: object - required: - - SecretRef - type: object - environment: - description: Environment environment_scope of gitlab CI/CD variables (Please see https://docs.gitlab.com/ee/ci/environments/#create-a-static-environment on how to create environments) - type: string - groupIDs: - description: GroupIDs specify, which gitlab groups to pull secrets from. Group secrets are read from left to right followed by the project variables. - items: - type: string - type: array - inheritFromGroups: - description: InheritFromGroups specifies whether parent groups should be discovered and checked for secrets. - type: boolean - projectID: - description: ProjectID specifies a project where secrets are located. - type: string - url: - description: URL configures the GitLab instance URL. Defaults to https://gitlab.com/. - type: string - required: - - auth - type: object - ibm: - description: IBM configures this store to sync secrets using IBM Cloud provider - properties: - auth: - description: Auth configures how secret-manager authenticates with the IBM secrets manager. - maxProperties: 1 - minProperties: 1 - properties: - containerAuth: - description: IBM Container-based auth with IAM Trusted Profile. - properties: - iamEndpoint: - type: string - profile: - description: the IBM Trusted Profile - type: string - tokenLocation: - description: Location the token is mounted on the pod - type: string - required: - - profile - type: object - secretRef: - properties: - secretApiKeySecretRef: - description: The SecretAccessKey is used for authentication - properties: - key: - description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. - type: string - name: - description: The name of the Secret resource being referred to. - type: string - namespace: - description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. - type: string - type: object - type: object - type: object - serviceUrl: - description: ServiceURL is the Endpoint URL that is specific to the Secrets Manager service instance - type: string - required: - - auth - type: object - keepersecurity: - description: KeeperSecurity configures this store to sync secrets using the KeeperSecurity provider - properties: - authRef: - description: |- - A reference to a specific 'key' within a Secret resource, - In some instances, `key` is a required field. - properties: - key: - description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. - type: string - name: - description: The name of the Secret resource being referred to. - type: string - namespace: - description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. - type: string - type: object - folderID: - type: string - required: - - authRef - - folderID - type: object - kubernetes: - description: Kubernetes configures this store to sync secrets using a Kubernetes cluster provider - properties: - auth: - description: Auth configures how secret-manager authenticates with a Kubernetes instance. - maxProperties: 1 - minProperties: 1 - properties: - cert: - description: has both clientCert and clientKey as secretKeySelector - properties: - clientCert: - description: |- - A reference to a specific 'key' within a Secret resource, - In some instances, `key` is a required field. - properties: - key: - description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. - type: string - name: - description: The name of the Secret resource being referred to. - type: string - namespace: - description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. - type: string - type: object - clientKey: - description: |- - A reference to a specific 'key' within a Secret resource, - In some instances, `key` is a required field. - properties: - key: - description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. - type: string - name: - description: The name of the Secret resource being referred to. - type: string - namespace: - description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. - type: string - type: object - type: object - serviceAccount: - description: points to a service account that should be used for authentication - properties: - audiences: - description: |- - Audience specifies the `aud` claim for the service account token - If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity - then this audiences will be appended to the list - items: - type: string - type: array - name: - description: The name of the ServiceAccount resource being referred to. - type: string - namespace: - description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. - type: string - required: - - name - type: object - token: - description: use static token to authenticate with - properties: - bearerToken: - description: |- - A reference to a specific 'key' within a Secret resource, - In some instances, `key` is a required field. - properties: - key: - description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. - type: string - name: - description: The name of the Secret resource being referred to. - type: string - namespace: - description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. - type: string - type: object - type: object - type: object - remoteNamespace: - default: default - description: Remote namespace to fetch the secrets from - type: string - server: - description: configures the Kubernetes server Address. - properties: - caBundle: - description: CABundle is a base64-encoded CA certificate - format: byte - type: string - caProvider: - description: 'see: https://external-secrets.io/v0.4.1/spec/#external-secrets.io/v1alpha1.CAProvider' - properties: - key: - description: The key where the CA certificate can be found in the Secret or ConfigMap. - type: string - name: - description: The name of the object located at the provider type. - type: string - namespace: - description: |- - The namespace the Provider type is in. - Can only be defined when used in a ClusterSecretStore. - type: string - type: - description: The type of provider to use such as "Secret", or "ConfigMap". - enum: - - Secret - - ConfigMap - type: string - required: - - name - - type - type: object - url: - default: kubernetes.default - description: configures the Kubernetes server Address. - type: string - type: object - required: - - auth - type: object - onboardbase: - description: Onboardbase configures this store to sync secrets using the Onboardbase provider - properties: - apiHost: - default: https://public.onboardbase.com/api/v1/ - description: APIHost use this to configure the host url for the API for selfhosted installation, default is https://public.onboardbase.com/api/v1/ - type: string - auth: - description: Auth configures how the Operator authenticates with the Onboardbase API - properties: - apiKeyRef: - description: |- - OnboardbaseAPIKey is the APIKey generated by an admin account. - It is used to recognize and authorize access to a project and environment within onboardbase - properties: - key: - description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. - type: string - name: - description: The name of the Secret resource being referred to. - type: string - namespace: - description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. - type: string - type: object - passcodeRef: - description: OnboardbasePasscode is the passcode attached to the API Key - properties: - key: - description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. - type: string - name: - description: The name of the Secret resource being referred to. - type: string - namespace: - description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. - type: string - type: object - required: - - apiKeyRef - - passcodeRef - type: object - environment: - default: development - description: Environment is the name of an environmnent within a project to pull the secrets from - type: string - project: - default: development - description: Project is an onboardbase project that the secrets should be pulled from - type: string - required: - - apiHost - - auth - - environment - - project - type: object - onepassword: - description: OnePassword configures this store to sync secrets using the 1Password Cloud provider - properties: - auth: - description: Auth defines the information necessary to authenticate against OnePassword Connect Server - properties: - secretRef: - description: OnePasswordAuthSecretRef holds secret references for 1Password credentials. - properties: - connectTokenSecretRef: - description: The ConnectToken is used for authentication to a 1Password Connect Server. - properties: - key: - description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. - type: string - name: - description: The name of the Secret resource being referred to. - type: string - namespace: - description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. - type: string - type: object - required: - - connectTokenSecretRef - type: object - required: - - secretRef - type: object - connectHost: - description: ConnectHost defines the OnePassword Connect Server to connect to - type: string - vaults: - additionalProperties: - type: integer - description: Vaults defines which OnePassword vaults to search in which order - type: object - required: - - auth - - connectHost - - vaults - type: object - oracle: - description: Oracle configures this store to sync secrets using Oracle Vault provider - properties: - auth: - description: |- - Auth configures how secret-manager authenticates with the Oracle Vault. - If empty, use the instance principal, otherwise the user credentials specified in Auth. - properties: - secretRef: - description: SecretRef to pass through sensitive information. - properties: - fingerprint: - description: Fingerprint is the fingerprint of the API private key. - properties: - key: - description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. - type: string - name: - description: The name of the Secret resource being referred to. - type: string - namespace: - description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. - type: string - type: object - privatekey: - description: PrivateKey is the user's API Signing Key in PEM format, used for authentication. - properties: - key: - description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. - type: string - name: - description: The name of the Secret resource being referred to. - type: string - namespace: - description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. - type: string - type: object - required: - - fingerprint - - privatekey - type: object - tenancy: - description: Tenancy is the tenancy OCID where user is located. - type: string - user: - description: User is an access OCID specific to the account. - type: string - required: - - secretRef - - tenancy - - user - type: object - compartment: - description: |- - Compartment is the vault compartment OCID. - Required for PushSecret - type: string - encryptionKey: - description: |- - EncryptionKey is the OCID of the encryption key within the vault. - Required for PushSecret - type: string - principalType: - description: |- - The type of principal to use for authentication. If left blank, the Auth struct will - determine the principal type. This optional field must be specified if using - workload identity. - enum: - - "" - - UserPrincipal - - InstancePrincipal - - Workload - type: string - region: - description: Region is the region where vault is located. - type: string - serviceAccountRef: - description: |- - ServiceAccountRef specified the service account - that should be used when authenticating with WorkloadIdentity. - properties: - audiences: - description: |- - Audience specifies the `aud` claim for the service account token - If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity - then this audiences will be appended to the list - items: - type: string - type: array - name: - description: The name of the ServiceAccount resource being referred to. - type: string - namespace: - description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. - type: string - required: - - name - type: object - vault: - description: Vault is the vault's OCID of the specific vault where secret is located. - type: string - required: - - region - - vault - type: object - passbolt: - properties: - auth: - description: Auth defines the information necessary to authenticate against Passbolt Server - properties: - passwordSecretRef: - description: |- - A reference to a specific 'key' within a Secret resource, - In some instances, `key` is a required field. - properties: - key: - description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. - type: string - name: - description: The name of the Secret resource being referred to. - type: string - namespace: - description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. - type: string - type: object - privateKeySecretRef: - description: |- - A reference to a specific 'key' within a Secret resource, - In some instances, `key` is a required field. - properties: - key: - description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. - type: string - name: - description: The name of the Secret resource being referred to. - type: string - namespace: - description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. - type: string - type: object - required: - - passwordSecretRef - - privateKeySecretRef - type: object - host: - description: Host defines the Passbolt Server to connect to - type: string - required: - - auth - - host - type: object - passworddepot: - description: Configures a store to sync secrets with a Password Depot instance. - properties: - auth: - description: Auth configures how secret-manager authenticates with a Password Depot instance. - properties: - secretRef: - properties: - credentials: - description: Username / Password is used for authentication. - properties: - key: - description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. - type: string - name: - description: The name of the Secret resource being referred to. - type: string - namespace: - description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. - type: string - type: object - type: object - required: - - secretRef - type: object - database: - description: Database to use as source - type: string - host: - description: URL configures the Password Depot instance URL. - type: string - required: - - auth - - database - - host - type: object - pulumi: - description: Pulumi configures this store to sync secrets using the Pulumi provider - properties: - accessToken: - description: AccessToken is the access tokens to sign in to the Pulumi Cloud Console. - properties: - secretRef: - description: SecretRef is a reference to a secret containing the Pulumi API token. - properties: - key: - description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. - type: string - name: - description: The name of the Secret resource being referred to. - type: string - namespace: - description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. - type: string - type: object - type: object - apiUrl: - default: https://api.pulumi.com - description: APIURL is the URL of the Pulumi API. - type: string - environment: - description: |- - Environment are YAML documents composed of static key-value pairs, programmatic expressions, - dynamically retrieved values from supported providers including all major clouds, - and other Pulumi ESC environments. - To create a new environment, visit https://www.pulumi.com/docs/esc/environments/ for more information. - type: string - organization: - description: |- - Organization are a space to collaborate on shared projects and stacks. - To create a new organization, visit https://app.pulumi.com/ and click "New Organization". - type: string - required: - - accessToken - - environment - - organization - type: object - scaleway: - description: Scaleway - properties: - accessKey: - description: AccessKey is the non-secret part of the api key. - properties: - secretRef: - description: SecretRef references a key in a secret that will be used as value. - properties: - key: - description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. - type: string - name: - description: The name of the Secret resource being referred to. - type: string - namespace: - description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. - type: string - type: object - value: - description: Value can be specified directly to set a value without using a secret. - type: string - type: object - apiUrl: - description: APIURL is the url of the api to use. Defaults to https://api.scaleway.com - type: string - projectId: - description: 'ProjectID is the id of your project, which you can find in the console: https://console.scaleway.com/project/settings' - type: string - region: - description: 'Region where your secrets are located: https://developers.scaleway.com/en/quickstart/#region-and-zone' - type: string - secretKey: - description: SecretKey is the non-secret part of the api key. - properties: - secretRef: - description: SecretRef references a key in a secret that will be used as value. - properties: - key: - description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. - type: string - name: - description: The name of the Secret resource being referred to. - type: string - namespace: - description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. - type: string - type: object - value: - description: Value can be specified directly to set a value without using a secret. - type: string - type: object - required: - - accessKey - - projectId - - region - - secretKey - type: object - senhasegura: - description: Senhasegura configures this store to sync secrets using senhasegura provider - properties: - auth: - description: Auth defines parameters to authenticate in senhasegura - properties: - clientId: - type: string - clientSecretSecretRef: - description: |- - A reference to a specific 'key' within a Secret resource, - In some instances, `key` is a required field. - properties: - key: - description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. - type: string - name: - description: The name of the Secret resource being referred to. - type: string - namespace: - description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. - type: string - type: object - required: - - clientId - - clientSecretSecretRef - type: object - ignoreSslCertificate: - default: false - description: IgnoreSslCertificate defines if SSL certificate must be ignored - type: boolean - module: - description: Module defines which senhasegura module should be used to get secrets - type: string - url: - description: URL of senhasegura - type: string - required: - - auth - - module - - url - type: object - vault: - description: Vault configures this store to sync secrets using Hashi provider - properties: - auth: - description: Auth configures how secret-manager authenticates with the Vault server. - properties: - appRole: - description: |- - AppRole authenticates with Vault using the App Role auth mechanism, - with the role and secret stored in a Kubernetes Secret resource. - properties: - path: - default: approle - description: |- - Path where the App Role authentication backend is mounted - in Vault, e.g: "approle" - type: string - roleId: - description: |- - RoleID configured in the App Role authentication backend when setting - up the authentication backend in Vault. - type: string - roleRef: - description: |- - Reference to a key in a Secret that contains the App Role ID used - to authenticate with Vault. - The `key` field must be specified and denotes which entry within the Secret - resource is used as the app role id. - properties: - key: - description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. - type: string - name: - description: The name of the Secret resource being referred to. - type: string - namespace: - description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. - type: string - type: object - secretRef: - description: |- - Reference to a key in a Secret that contains the App Role secret used - to authenticate with Vault. - The `key` field must be specified and denotes which entry within the Secret - resource is used as the app role secret. - properties: - key: - description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. - type: string - name: - description: The name of the Secret resource being referred to. - type: string - namespace: - description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. - type: string - type: object - required: - - path - - secretRef - type: object - cert: - description: |- - Cert authenticates with TLS Certificates by passing client certificate, private key and ca certificate - Cert authentication method - properties: - clientCert: - description: |- - ClientCert is a certificate to authenticate using the Cert Vault - authentication method - properties: - key: - description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. - type: string - name: - description: The name of the Secret resource being referred to. - type: string - namespace: - description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. - type: string - type: object - secretRef: - description: |- - SecretRef to a key in a Secret resource containing client private key to - authenticate with Vault using the Cert authentication method - properties: - key: - description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. - type: string - name: - description: The name of the Secret resource being referred to. - type: string - namespace: - description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. - type: string - type: object - type: object - iam: - description: |- - Iam authenticates with vault by passing a special AWS request signed with AWS IAM credentials - AWS IAM authentication method - properties: - externalID: - description: AWS External ID set on assumed IAM roles - type: string - jwt: - description: Specify a service account with IRSA enabled - properties: - serviceAccountRef: - description: A reference to a ServiceAccount resource. - properties: - audiences: - description: |- - Audience specifies the `aud` claim for the service account token - If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity - then this audiences will be appended to the list - items: - type: string - type: array - name: - description: The name of the ServiceAccount resource being referred to. - type: string - namespace: - description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. - type: string - required: - - name - type: object - type: object - path: - description: 'Path where the AWS auth method is enabled in Vault, e.g: "aws"' - type: string - region: - description: AWS region - type: string - role: - description: This is the AWS role to be assumed before talking to vault - type: string - secretRef: - description: Specify credentials in a Secret object - properties: - accessKeyIDSecretRef: - description: The AccessKeyID is used for authentication - properties: - key: - description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. - type: string - name: - description: The name of the Secret resource being referred to. - type: string - namespace: - description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. - type: string - type: object - secretAccessKeySecretRef: - description: The SecretAccessKey is used for authentication - properties: - key: - description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. - type: string - name: - description: The name of the Secret resource being referred to. - type: string - namespace: - description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. - type: string - type: object - sessionTokenSecretRef: - description: |- - The SessionToken used for authentication - This must be defined if AccessKeyID and SecretAccessKey are temporary credentials - see: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_use-resources.html - properties: - key: - description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. - type: string - name: - description: The name of the Secret resource being referred to. - type: string - namespace: - description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. - type: string - type: object - type: object - vaultAwsIamServerID: - description: 'X-Vault-AWS-IAM-Server-ID is an additional header used by Vault IAM auth method to mitigate against different types of replay attacks. More details here: https://developer.hashicorp.com/vault/docs/auth/aws' - type: string - vaultRole: - description: Vault Role. In vault, a role describes an identity with a set of permissions, groups, or policies you want to attach a user of the secrets engine - type: string - required: - - vaultRole - type: object - jwt: - description: |- - Jwt authenticates with Vault by passing role and JWT token using the - JWT/OIDC authentication method - properties: - kubernetesServiceAccountToken: - description: |- - Optional ServiceAccountToken specifies the Kubernetes service account for which to request - a token for with the `TokenRequest` API. - properties: - audiences: - description: |- - Optional audiences field that will be used to request a temporary Kubernetes service - account token for the service account referenced by `serviceAccountRef`. - Defaults to a single audience `vault` it not specified. - Deprecated: use serviceAccountRef.Audiences instead - items: - type: string - type: array - expirationSeconds: - description: |- - Optional expiration time in seconds that will be used to request a temporary - Kubernetes service account token for the service account referenced by - `serviceAccountRef`. - Deprecated: this will be removed in the future. - Defaults to 10 minutes. - format: int64 - type: integer - serviceAccountRef: - description: Service account field containing the name of a kubernetes ServiceAccount. - properties: - audiences: - description: |- - Audience specifies the `aud` claim for the service account token - If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity - then this audiences will be appended to the list - items: - type: string - type: array - name: - description: The name of the ServiceAccount resource being referred to. - type: string - namespace: - description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. - type: string - required: - - name - type: object - required: - - serviceAccountRef - type: object - path: - default: jwt - description: |- - Path where the JWT authentication backend is mounted - in Vault, e.g: "jwt" - type: string - role: - description: |- - Role is a JWT role to authenticate using the JWT/OIDC Vault - authentication method - type: string - secretRef: - description: |- - Optional SecretRef that refers to a key in a Secret resource containing JWT token to - authenticate with Vault using the JWT/OIDC authentication method. - properties: - key: - description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. - type: string - name: - description: The name of the Secret resource being referred to. - type: string - namespace: - description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. - type: string - type: object - required: - - path - type: object - kubernetes: - description: |- - Kubernetes authenticates with Vault by passing the ServiceAccount - token stored in the named Secret resource to the Vault server. - properties: - mountPath: - default: kubernetes - description: |- - Path where the Kubernetes authentication backend is mounted in Vault, e.g: - "kubernetes" - type: string - role: - description: |- - A required field containing the Vault Role to assume. A Role binds a - Kubernetes ServiceAccount with a set of Vault policies. - type: string - secretRef: - description: |- - Optional secret field containing a Kubernetes ServiceAccount JWT used - for authenticating with Vault. If a name is specified without a key, - `token` is the default. If one is not specified, the one bound to - the controller will be used. - properties: - key: - description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. - type: string - name: - description: The name of the Secret resource being referred to. - type: string - namespace: - description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. - type: string - type: object - serviceAccountRef: - description: |- - Optional service account field containing the name of a kubernetes ServiceAccount. - If the service account is specified, the service account secret token JWT will be used - for authenticating with Vault. If the service account selector is not supplied, - the secretRef will be used instead. - properties: - audiences: - description: |- - Audience specifies the `aud` claim for the service account token - If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity - then this audiences will be appended to the list - items: - type: string - type: array - name: - description: The name of the ServiceAccount resource being referred to. - type: string - namespace: - description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. - type: string - required: - - name - type: object - required: - - mountPath - - role - type: object - ldap: - description: |- - Ldap authenticates with Vault by passing username/password pair using - the LDAP authentication method - properties: - path: - default: ldap - description: |- - Path where the LDAP authentication backend is mounted - in Vault, e.g: "ldap" - type: string - secretRef: - description: |- - SecretRef to a key in a Secret resource containing password for the LDAP - user used to authenticate with Vault using the LDAP authentication - method - properties: - key: - description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. - type: string - name: - description: The name of the Secret resource being referred to. - type: string - namespace: - description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. - type: string - type: object - username: - description: |- - Username is a LDAP user name used to authenticate using the LDAP Vault - authentication method - type: string - required: - - path - - username - type: object - namespace: - description: |- - Name of the vault namespace to authenticate to. This can be different than the namespace your secret is in. - Namespaces is a set of features within Vault Enterprise that allows - Vault environments to support Secure Multi-tenancy. e.g: "ns1". - More about namespaces can be found here https://www.vaultproject.io/docs/enterprise/namespaces - This will default to Vault.Namespace field if set, or empty otherwise - type: string - tokenSecretRef: - description: TokenSecretRef authenticates with Vault by presenting a token. - properties: - key: - description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. - type: string - name: - description: The name of the Secret resource being referred to. - type: string - namespace: - description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. - type: string - type: object - userPass: - description: UserPass authenticates with Vault by passing username/password pair - properties: - path: - default: user - description: |- - Path where the UserPassword authentication backend is mounted - in Vault, e.g: "user" - type: string - secretRef: - description: |- - SecretRef to a key in a Secret resource containing password for the - user used to authenticate with Vault using the UserPass authentication - method - properties: - key: - description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. - type: string - name: - description: The name of the Secret resource being referred to. - type: string - namespace: - description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. - type: string - type: object - username: - description: |- - Username is a user name used to authenticate using the UserPass Vault - authentication method - type: string - required: - - path - - username - type: object - type: object - caBundle: - description: |- - PEM encoded CA bundle used to validate Vault server certificate. Only used - if the Server URL is using HTTPS protocol. This parameter is ignored for - plain HTTP protocol connection. If not set the system root certificates - are used to validate the TLS connection. - format: byte - type: string - caProvider: - description: The provider for the CA bundle to use to validate Vault server certificate. - properties: - key: - description: The key where the CA certificate can be found in the Secret or ConfigMap. - type: string - name: - description: The name of the object located at the provider type. - type: string - namespace: - description: |- - The namespace the Provider type is in. - Can only be defined when used in a ClusterSecretStore. - type: string - type: - description: The type of provider to use such as "Secret", or "ConfigMap". - enum: - - Secret - - ConfigMap - type: string - required: - - name - - type - type: object - forwardInconsistent: - description: |- - ForwardInconsistent tells Vault to forward read-after-write requests to the Vault - leader instead of simply retrying within a loop. This can increase performance if - the option is enabled serverside. - https://www.vaultproject.io/docs/configuration/replication#allow_forwarding_via_header - type: boolean - namespace: - description: |- - Name of the vault namespace. Namespaces is a set of features within Vault Enterprise that allows - Vault environments to support Secure Multi-tenancy. e.g: "ns1". - More about namespaces can be found here https://www.vaultproject.io/docs/enterprise/namespaces - type: string - path: - description: |- - Path is the mount path of the Vault KV backend endpoint, e.g: - "secret". The v2 KV secret engine version specific "/data" path suffix - for fetching secrets from Vault is optional and will be appended - if not present in specified path. - type: string - readYourWrites: - description: |- - ReadYourWrites ensures isolated read-after-write semantics by - providing discovered cluster replication states in each request. - More information about eventual consistency in Vault can be found here - https://www.vaultproject.io/docs/enterprise/consistency - type: boolean - server: - description: 'Server is the connection address for the Vault server, e.g: "https://vault.example.com:8200".' - type: string - tls: - description: |- - The configuration used for client side related TLS communication, when the Vault server - requires mutual authentication. Only used if the Server URL is using HTTPS protocol. - This parameter is ignored for plain HTTP protocol connection. - It's worth noting this configuration is different from the "TLS certificates auth method", - which is available under the `auth.cert` section. - properties: - certSecretRef: - description: |- - CertSecretRef is a certificate added to the transport layer - when communicating with the Vault server. - If no key for the Secret is specified, external-secret will default to 'tls.crt'. - properties: - key: - description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. - type: string - name: - description: The name of the Secret resource being referred to. - type: string - namespace: - description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. - type: string - type: object - keySecretRef: - description: |- - KeySecretRef to a key in a Secret resource containing client private key - added to the transport layer when communicating with the Vault server. - If no key for the Secret is specified, external-secret will default to 'tls.key'. - properties: - key: - description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. - type: string - name: - description: The name of the Secret resource being referred to. - type: string - namespace: - description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. - type: string - type: object - type: object - version: - default: v2 - description: |- - Version is the Vault KV secret engine version. This can be either "v1" or - "v2". Version defaults to "v2". - enum: - - v1 - - v2 - type: string - required: - - auth - - server - type: object - webhook: - description: Webhook configures this store to sync secrets using a generic templated webhook - properties: - body: - description: Body - type: string - caBundle: - description: |- - PEM encoded CA bundle used to validate webhook server certificate. Only used - if the Server URL is using HTTPS protocol. This parameter is ignored for - plain HTTP protocol connection. If not set the system root certificates - are used to validate the TLS connection. - format: byte - type: string - caProvider: - description: The provider for the CA bundle to use to validate webhook server certificate. - properties: - key: - description: The key the value inside of the provider type to use, only used with "Secret" type - type: string - name: - description: The name of the object located at the provider type. - type: string - namespace: - description: The namespace the Provider type is in. - type: string - type: - description: The type of provider to use such as "Secret", or "ConfigMap". - enum: - - Secret - - ConfigMap - type: string - required: - - name - - type - type: object - headers: - additionalProperties: - type: string - description: Headers - type: object - method: - description: Webhook Method - type: string - result: - description: Result formatting - properties: - jsonPath: - description: Json path of return value - type: string - type: object - secrets: - description: |- - Secrets to fill in templates - These secrets will be passed to the templating function as key value pairs under the given name - items: - properties: - name: - description: Name of this secret in templates - type: string - secretRef: - description: Secret ref to fill in credentials - properties: - key: - description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. - type: string - name: - description: The name of the Secret resource being referred to. - type: string - namespace: - description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. - type: string - type: object - required: - - name - - secretRef - type: object - type: array - timeout: - description: Timeout - type: string - url: - description: Webhook url to call - type: string - required: - - result - - url - type: object - yandexcertificatemanager: - description: YandexCertificateManager configures this store to sync secrets using Yandex Certificate Manager provider - properties: - apiEndpoint: - description: Yandex.Cloud API endpoint (e.g. 'api.cloud.yandex.net:443') - type: string - auth: - description: Auth defines the information necessary to authenticate against Yandex Certificate Manager - properties: - authorizedKeySecretRef: - description: The authorized key used for authentication - properties: - key: - description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. - type: string - name: - description: The name of the Secret resource being referred to. - type: string - namespace: - description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. - type: string - type: object - type: object - caProvider: - description: The provider for the CA bundle to use to validate Yandex.Cloud server certificate. - properties: - certSecretRef: - description: |- - A reference to a specific 'key' within a Secret resource, - In some instances, `key` is a required field. - properties: - key: - description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. - type: string - name: - description: The name of the Secret resource being referred to. - type: string - namespace: - description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. - type: string - type: object - type: object - required: - - auth - type: object - yandexlockbox: - description: YandexLockbox configures this store to sync secrets using Yandex Lockbox provider - properties: - apiEndpoint: - description: Yandex.Cloud API endpoint (e.g. 'api.cloud.yandex.net:443') - type: string - auth: - description: Auth defines the information necessary to authenticate against Yandex Lockbox - properties: - authorizedKeySecretRef: - description: The authorized key used for authentication - properties: - key: - description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. - type: string - name: - description: The name of the Secret resource being referred to. - type: string - namespace: - description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. - type: string - type: object - type: object - caProvider: - description: The provider for the CA bundle to use to validate Yandex.Cloud server certificate. - properties: - certSecretRef: - description: |- - A reference to a specific 'key' within a Secret resource, - In some instances, `key` is a required field. - properties: - key: - description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. - type: string - name: - description: The name of the Secret resource being referred to. - type: string - namespace: - description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. - type: string - type: object - type: object - required: - - auth - type: object - type: object - refreshInterval: - description: Used to configure store refresh interval in seconds. Empty or 0 will default to the controller config. - type: integer - retrySettings: - description: Used to configure http retries if failed - properties: - maxRetries: - format: int32 - type: integer - retryInterval: - type: string - type: object - required: - - provider - type: object - status: - description: SecretStoreStatus defines the observed state of the SecretStore. - properties: - capabilities: - description: SecretStoreCapabilities defines the possible operations a SecretStore can do. - type: string - conditions: - items: - properties: - lastTransitionTime: - format: date-time - type: string - message: - type: string - reason: - type: string - status: - type: string - type: - type: string - required: - - status - - type - type: object - type: array - type: object - type: object - served: true - storage: true - subresources: - status: {} diff --git a/charts/external-secrets/external-secrets/tests/__snapshot__/webhook_test.yaml.snap b/charts/external-secrets/external-secrets/tests/__snapshot__/webhook_test.yaml.snap deleted file mode 100644 index 53eb6fb0a..000000000 --- a/charts/external-secrets/external-secrets/tests/__snapshot__/webhook_test.yaml.snap +++ /dev/null @@ -1,88 +0,0 @@ -should match snapshot of default values: - 1: | - apiVersion: apps/v1 - kind: Deployment - metadata: - labels: - app.kubernetes.io/instance: RELEASE-NAME - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: external-secrets-webhook - app.kubernetes.io/version: v0.9.17 - helm.sh/chart: external-secrets-0.9.17 - name: RELEASE-NAME-external-secrets-webhook - namespace: NAMESPACE - spec: - replicas: 1 - revisionHistoryLimit: 10 - selector: - matchLabels: - app.kubernetes.io/instance: RELEASE-NAME - app.kubernetes.io/name: external-secrets-webhook - template: - metadata: - labels: - app.kubernetes.io/instance: RELEASE-NAME - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: external-secrets-webhook - app.kubernetes.io/version: v0.9.17 - helm.sh/chart: external-secrets-0.9.17 - spec: - automountServiceAccountToken: true - containers: - - args: - - webhook - - --port=10250 - - --dns-name=RELEASE-NAME-external-secrets-webhook.NAMESPACE.svc - - --cert-dir=/tmp/certs - - --check-interval=5m - - --metrics-addr=:8080 - - --healthz-addr=:8081 - image: ghcr.io/external-secrets/external-secrets:v0.9.17 - imagePullPolicy: IfNotPresent - name: webhook - ports: - - containerPort: 8080 - name: metrics - protocol: TCP - - containerPort: 10250 - name: webhook - protocol: TCP - readinessProbe: - httpGet: - path: /readyz - port: 8081 - initialDelaySeconds: 20 - periodSeconds: 5 - securityContext: - allowPrivilegeEscalation: false - capabilities: - drop: - - ALL - readOnlyRootFilesystem: true - runAsNonRoot: true - runAsUser: 1000 - seccompProfile: - type: RuntimeDefault - volumeMounts: - - mountPath: /tmp/certs - name: certs - readOnly: true - hostNetwork: false - serviceAccountName: external-secrets-webhook - volumes: - - name: certs - secret: - secretName: RELEASE-NAME-external-secrets-webhook - 2: | - apiVersion: v1 - kind: Secret - metadata: - labels: - app.kubernetes.io/instance: RELEASE-NAME - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: external-secrets-webhook - app.kubernetes.io/version: v0.9.17 - external-secrets.io/component: webhook - helm.sh/chart: external-secrets-0.9.17 - name: RELEASE-NAME-external-secrets-webhook - namespace: NAMESPACE diff --git a/charts/external-secrets/external-secrets/tests/cert_controller_test.yaml b/charts/external-secrets/external-secrets/tests/cert_controller_test.yaml deleted file mode 100644 index 8f2769d62..000000000 --- a/charts/external-secrets/external-secrets/tests/cert_controller_test.yaml +++ /dev/null @@ -1,80 +0,0 @@ -suite: test cert controller deployment -templates: - - cert-controller-deployment.yaml -tests: - - it: should match snapshot of default values - asserts: - - matchSnapshot: {} - - it: should set imagePullPolicy to Always - set: - certController.image.pullPolicy: Always - asserts: - - equal: - path: spec.template.spec.containers[0].imagePullPolicy - value: Always - - it: should imagePullPolicy to be default value IfNotPresent - asserts: - - equal: - path: spec.template.spec.containers[0].imagePullPolicy - value: IfNotPresent - - it: should override securityContext - set: - certController.podSecurityContext: - runAsUser: 2000 - certController.securityContext: - runAsUser: 3000 - asserts: - - equal: - path: spec.template.spec.securityContext - value: - runAsUser: 2000 - - equal: - path: spec.template.spec.containers[0].securityContext - value: - allowPrivilegeEscalation: false - capabilities: - drop: - - ALL - readOnlyRootFilesystem: true - runAsNonRoot: true - runAsUser: 3000 - seccompProfile: - type: RuntimeDefault - - it: should override hostNetwork - set: - certController.hostNetwork: true - asserts: - - equal: - path: spec.template.spec.hostNetwork - value: true - - it: should override readinessProbe port - set: - certController.readinessProbe.port: 8082 - asserts: - - equal: - path: spec.template.spec.containers[0].args[7] - value: "--healthz-addr=:8082" - - it: should override metrics port - set: - certController.metrics.listen.port: 8888 - asserts: - - equal: - path: spec.template.spec.containers[0].args[6] - value: "--metrics-addr=:8888" - - it: should override image flavour - set: - certController.image.repository: ghcr.io/external-secrets/external-secrets - certController.image.tag: v0.9.8 - certController.image.flavour: ubi-boringssl - asserts: - - equal: - path: spec.template.spec.containers[0].image - value: ghcr.io/external-secrets/external-secrets:v0.9.8-ubi-boringssl - - it: should override image flavour - set: - certController.image.repository: example.com/external-secrets/external-secrets - certController.image.tag: v0.9.9-ubi - asserts: - - equal: - path: spec.template.spec.containers[0].image - value: example.com/external-secrets/external-secrets:v0.9.9-ubi diff --git a/charts/external-secrets/external-secrets/tests/controller_test.yaml b/charts/external-secrets/external-secrets/tests/controller_test.yaml deleted file mode 100644 index c437d64fc..000000000 --- a/charts/external-secrets/external-secrets/tests/controller_test.yaml +++ /dev/null @@ -1,73 +0,0 @@ -suite: test controller deployment -templates: - - deployment.yaml -tests: - - it: should match snapshot of default values - asserts: - - matchSnapshot: {} - - it: should set imagePullPolicy to Always - set: - image.pullPolicy: Always - asserts: - - equal: - path: spec.template.spec.containers[0].imagePullPolicy - value: Always - - it: should imagePullPolicy to be default value IfNotPresent - asserts: - - equal: - path: spec.template.spec.containers[0].imagePullPolicy - value: IfNotPresent - - it: should override securityContext - set: - podSecurityContext: - runAsUser: 2000 - securityContext: - runAsUser: 3000 - asserts: - - equal: - path: spec.template.spec.securityContext - value: - runAsUser: 2000 - - equal: - path: spec.template.spec.containers[0].securityContext - value: - allowPrivilegeEscalation: false - capabilities: - drop: - - ALL - readOnlyRootFilesystem: true - runAsNonRoot: true - runAsUser: 3000 - seccompProfile: - type: RuntimeDefault - - it: should override hostNetwork - set: - hostNetwork: true - asserts: - - equal: - path: spec.template.spec.hostNetwork - value: true - - it: should override metrics port - set: - metrics.listen.port: 8888 - asserts: - - equal: - path: spec.template.spec.containers[0].args[1] - value: "--metrics-addr=:8888" - - it: should override image flavour - set: - image.repository: ghcr.io/external-secrets/external-secrets - image.tag: v0.9.8 - image.flavour: ubi-boringssl - asserts: - - equal: - path: spec.template.spec.containers[0].image - value: ghcr.io/external-secrets/external-secrets:v0.9.8-ubi-boringssl - - it: should override image flavour - set: - image.repository: example.com/external-secrets/external-secrets - image.tag: v0.9.9-ubi - asserts: - - equal: - path: spec.template.spec.containers[0].image - value: example.com/external-secrets/external-secrets:v0.9.9-ubi diff --git a/charts/external-secrets/external-secrets/tests/crds_test.yaml b/charts/external-secrets/external-secrets/tests/crds_test.yaml deleted file mode 100644 index 25a18c78a..000000000 --- a/charts/external-secrets/external-secrets/tests/crds_test.yaml +++ /dev/null @@ -1,27 +0,0 @@ -suite: test crds -templates: - - crds/secretstore.yaml -tests: - - it: should match snapshot of default values - asserts: - - matchSnapshot: {} - - it: should disable conversion webhook - set: - crds.conversion.enabled: false - asserts: - - isNull: - path: spec.conversion - - - it: should add annotations - set: - crds: - annotations: - foo: bar - baz: bang - asserts: - - equal: - path: metadata.annotations.foo - value: bar - - equal: - path: metadata.annotations.baz - value: bang diff --git a/charts/external-secrets/external-secrets/tests/extra_manifests_test.yaml b/charts/external-secrets/external-secrets/tests/extra_manifests_test.yaml deleted file mode 100644 index 8cae8f5f0..000000000 --- a/charts/external-secrets/external-secrets/tests/extra_manifests_test.yaml +++ /dev/null @@ -1,15 +0,0 @@ -suite: test adding extra kubernetes objects -templates: - - extra-manifests.yaml -tests: - - it: should load extra manifests - set: - extraObjects: - - apiVersion: v1 - kind: ServiceAccount - metadata: - name: random - asserts: - - equal: - path: kind - value: ServiceAccount diff --git a/charts/external-secrets/external-secrets/tests/service_monitor_test.yaml b/charts/external-secrets/external-secrets/tests/service_monitor_test.yaml deleted file mode 100644 index 327f9b083..000000000 --- a/charts/external-secrets/external-secrets/tests/service_monitor_test.yaml +++ /dev/null @@ -1,34 +0,0 @@ -suite: test service monitor -templates: - - servicemonitor.yaml -tests: - - it: should render service monitor when APIVersions is present and serviceMonitor is enabled - set: - serviceMonitor.enabled: true - capabilities: - apiVersions: - - "monitoring.coreos.com/v1" - asserts: - - hasDocuments: - count: 6 - - it: should not render service monitor when APIVersions is not present but serviceMonitor is enabled - set: - serviceMonitor.enabled: true - asserts: - - hasDocuments: - count: 0 - - it: should not render service monitor when APIVersions is present and serviceMonitor is disabled - set: - serviceMonitor.enabled: false - capabilities: - apiVersions: - - "monitoring.coreos.com/v1" - asserts: - - hasDocuments: - count: 0 - - it: should not render service monitor when APIVersions is not present and serviceMonitor is disabled - set: - serviceMonitor.enabled: false - asserts: - - hasDocuments: - count: 0 \ No newline at end of file diff --git a/charts/external-secrets/external-secrets/tests/webhook_test.yaml b/charts/external-secrets/external-secrets/tests/webhook_test.yaml deleted file mode 100644 index 8c6f761b0..000000000 --- a/charts/external-secrets/external-secrets/tests/webhook_test.yaml +++ /dev/null @@ -1,193 +0,0 @@ -suite: test webhook deployment -templates: - - webhook-deployment.yaml - - webhook-secret.yaml - - webhook-certificate.yaml - - validatingwebhook.yaml - - crds/externalsecret.yaml -tests: - - it: should match snapshot of default values - asserts: - - matchSnapshot: {} - templates: - - webhook-deployment.yaml - - webhook-secret.yaml - # webhook-certificate.yaml is not rendered by default - - it: should set imagePullPolicy to Always - set: - webhook.image.pullPolicy: Always - asserts: - - equal: - path: spec.template.spec.containers[0].imagePullPolicy - value: Always - template: webhook-deployment.yaml - - it: should imagePullPolicy to be default value IfNotPresent - asserts: - - equal: - path: spec.template.spec.containers[0].imagePullPolicy - value: IfNotPresent - template: webhook-deployment.yaml - - it: should override securityContext - set: - webhook.podSecurityContext: - runAsUser: 2000 - webhook.securityContext: - runAsUser: 3000 - asserts: - - equal: - path: spec.template.spec.securityContext - value: - runAsUser: 2000 - - equal: - path: spec.template.spec.containers[0].securityContext - value: - allowPrivilegeEscalation: false - capabilities: - drop: - - ALL - readOnlyRootFilesystem: true - runAsNonRoot: true - runAsUser: 3000 - seccompProfile: - type: RuntimeDefault - template: webhook-deployment.yaml - - it: should override hostNetwork - set: - webhook.hostNetwork: true - asserts: - - equal: - path: spec.template.spec.hostNetwork - value: true - template: webhook-deployment.yaml - - it: should create a certificate CRD - set: - webhook.certManager.enabled: true - webhook.certManager.cert.duration: "10d" - webhook.certManager.cert.renewBefore: "5d" - asserts: - - equal: - path: metadata.name - value: "RELEASE-NAME-external-secrets-webhook" - - equal: - path: spec.secretName - value: "RELEASE-NAME-external-secrets-webhook" - - equal: - path: spec.commonName - value: "RELEASE-NAME-external-secrets-webhook" - - equal: - path: spec.dnsNames[0] - value: "RELEASE-NAME-external-secrets-webhook" - - equal: - path: spec.issuerRef.group - value: "cert-manager.io" - - equal: - path: spec.issuerRef.kind - value: "Issuer" - - equal: - path: spec.issuerRef.name - value: "my-issuer" - - equal: - path: spec.duration - value: "10d" - - equal: - path: spec.renewBefore - value: "5d" - - hasDocuments: - count: 1 - templates: - - webhook-certificate.yaml - - it: should not create the webhook secret - set: - webhook.certManager.enabled: true - asserts: - - hasDocuments: - count: 0 - template: webhook-secret.yaml - - it: should not create the secret nor the certificate - set: - webhook.certManager.enabled: true - webhook.certManager.cert.create: false - asserts: - - hasDocuments: - count: 0 - templates: - - webhook-secret.yaml - - webhook-certificate.yaml - - it: should - set: - webhook.certManager.enabled: true - asserts: - - equal: - path: metadata.name - value: "RELEASE-NAME-external-secrets-webhook" - - hasDocuments: - count: 1 - template: webhook-certificate.yaml - - it: should allow using a cluster issuer - set: - webhook.certManager.enabled: true - webhook.certManager.cert.issuerRef.kind: ClusterIssuer - webhook.certManager.cert.issuerRef.name: my-other-issuer - asserts: - - equal: - path: spec.issuerRef.kind - value: "ClusterIssuer" - - equal: - path: spec.issuerRef.name - value: "my-other-issuer" - templates: - - webhook-certificate.yaml - - it: should add annotations to the webhook - set: - webhook.create: true - webhook.certManager.enabled: true - webhook.certManager.addInjectorAnnotations: true - asserts: - - equal: - path: metadata.annotations["cert-manager.io/inject-ca-from"] - value: "NAMESPACE/RELEASE-NAME-external-secrets-webhook" - templates: - - validatingwebhook.yaml - - crds/externalsecret.yaml - - it: should not add annotations to the webhook - set: - webhook.create: true - webhook.certManager.enabled: true - webhook.certManager.addInjectorAnnotations: false - asserts: - - isNull: - path: metadata.annotations["cert-manager.io/inject-ca-from"] - # value: "NAMESPACE/RELEASE-NAME-external-secrets-webhook" - templates: - - validatingwebhook.yaml - - crds/externalsecret.yaml - - it: should override metrics port - set: - webhook.metrics.listen.port: 8888 - templates: - - webhook-deployment.yaml - asserts: - - equal: - path: spec.template.spec.containers[0].args[5] - value: "--metrics-addr=:8888" - - it: should override image flavour - set: - webhook.image.repository: ghcr.io/external-secrets/external-secrets - webhook.image.tag: v0.9.8 - webhook.image.flavour: ubi-boringssl - templates: - - webhook-deployment.yaml - asserts: - - equal: - path: spec.template.spec.containers[0].image - value: ghcr.io/external-secrets/external-secrets:v0.9.8-ubi-boringssl - - it: should override image flavour - set: - webhook.image.repository: example.com/external-secrets/external-secrets - webhook.image.tag: v0.9.9-ubi - templates: - - webhook-deployment.yaml - asserts: - - equal: - path: spec.template.spec.containers[0].image - value: example.com/external-secrets/external-secrets:v0.9.9-ubi diff --git a/charts/external-secrets/external-secrets/values.yaml b/charts/external-secrets/external-secrets/values.yaml index bc795ceb5..f456ea48a 100644 --- a/charts/external-secrets/external-secrets/values.yaml +++ b/charts/external-secrets/external-secrets/values.yaml @@ -510,6 +510,9 @@ certController: # cpu: 10m # memory: 32Mi +# -- Specifies `dnsPolicy` to deployment +dnsPolicy: ClusterFirst + # -- Specifies `dnsOptions` to deployment dnsConfig: {} diff --git a/charts/jenkins/jenkins/CHANGELOG.md b/charts/jenkins/jenkins/CHANGELOG.md index a3ccd3a2c..eed14aa8b 100644 --- a/charts/jenkins/jenkins/CHANGELOG.md +++ b/charts/jenkins/jenkins/CHANGELOG.md @@ -12,6 +12,10 @@ Use the following links to reference issues, PRs, and commits prior to v2.6.0. The changelog until v1.5.7 was auto-generated based on git commits. Those entries include a reference to the git commit to be able to get more details. +## 5.1.13 + +Update `docker.io/kiwigrid/k8s-sidecar` to version `1.27.1` + ## 5.1.12 Update `git` to version `5.2.2` diff --git a/charts/jenkins/jenkins/Chart.yaml b/charts/jenkins/jenkins/Chart.yaml index 6dc4fa030..0ddc11cd5 100644 --- a/charts/jenkins/jenkins/Chart.yaml +++ b/charts/jenkins/jenkins/Chart.yaml @@ -1,12 +1,12 @@ annotations: artifacthub.io/category: integration-delivery artifacthub.io/changes: | - - Update `git` to version `5.2.2` + - Update `docker.io/kiwigrid/k8s-sidecar` to version `1.27.1` artifacthub.io/images: | - name: jenkins image: docker.io/jenkins/jenkins:2.440.3-jdk17 - name: k8s-sidecar - image: docker.io/kiwigrid/k8s-sidecar:1.26.2 + image: docker.io/kiwigrid/k8s-sidecar:1.27.1 - name: inbound-agent image: jenkins/inbound-agent:3206.vb_15dcf73f6a_9-3 artifacthub.io/license: Apache-2.0 @@ -50,4 +50,4 @@ sources: - https://github.com/maorfr/kube-tasks - https://github.com/jenkinsci/configuration-as-code-plugin type: application -version: 5.1.12 +version: 5.1.13 diff --git a/charts/jenkins/jenkins/VALUES.md b/charts/jenkins/jenkins/VALUES.md index f37f6a54b..e7fcc8be2 100644 --- a/charts/jenkins/jenkins/VALUES.md +++ b/charts/jenkins/jenkins/VALUES.md @@ -244,7 +244,7 @@ The following tables list the configurable parameters of the Jenkins chart and t | [controller.sidecars.configAutoReload.folder](./values.yaml#L591) | string | | `"/var/jenkins_home/casc_configs"` | | [controller.sidecars.configAutoReload.image.registry](./values.yaml#L553) | string | Registry for the image that triggers the reload | `"docker.io"` | | [controller.sidecars.configAutoReload.image.repository](./values.yaml#L555) | string | Repository of the image that triggers the reload | `"kiwigrid/k8s-sidecar"` | -| [controller.sidecars.configAutoReload.image.tag](./values.yaml#L557) | string | Tag for the image that triggers the reload | `"1.26.2"` | +| [controller.sidecars.configAutoReload.image.tag](./values.yaml#L557) | string | Tag for the image that triggers the reload | `"1.27.1"` | | [controller.sidecars.configAutoReload.imagePullPolicy](./values.yaml#L558) | string | | `"IfNotPresent"` | | [controller.sidecars.configAutoReload.reqRetryConnect](./values.yaml#L573) | int | How many connection-related errors to retry on | `10` | | [controller.sidecars.configAutoReload.resources](./values.yaml#L559) | object | | `{}` | diff --git a/charts/jenkins/jenkins/values.yaml b/charts/jenkins/jenkins/values.yaml index f48581ad7..e694aedb9 100644 --- a/charts/jenkins/jenkins/values.yaml +++ b/charts/jenkins/jenkins/values.yaml @@ -554,7 +554,7 @@ controller: # -- Repository of the image that triggers the reload repository: kiwigrid/k8s-sidecar # -- Tag for the image that triggers the reload - tag: 1.26.2 + tag: 1.27.1 imagePullPolicy: IfNotPresent resources: {} # limits: diff --git a/charts/speedscale/speedscale-operator/Chart.yaml b/charts/speedscale/speedscale-operator/Chart.yaml index 5f0782011..f0c564361 100644 --- a/charts/speedscale/speedscale-operator/Chart.yaml +++ b/charts/speedscale/speedscale-operator/Chart.yaml @@ -4,7 +4,7 @@ annotations: catalog.cattle.io/kube-version: '>= 1.17.0-0' catalog.cattle.io/release-name: speedscale-operator apiVersion: v1 -appVersion: 2.1.344 +appVersion: 2.1.359 description: Stress test your APIs with real world scenarios. Collect and replay traffic without scripting. home: https://speedscale.com @@ -24,4 +24,4 @@ maintainers: - email: support@speedscale.com name: Speedscale Support name: speedscale-operator -version: 2.1.344 +version: 2.1.359 diff --git a/charts/speedscale/speedscale-operator/values.yaml b/charts/speedscale/speedscale-operator/values.yaml index 7c2bdca3a..b4fa17dad 100644 --- a/charts/speedscale/speedscale-operator/values.yaml +++ b/charts/speedscale/speedscale-operator/values.yaml @@ -20,7 +20,7 @@ clusterName: "my-cluster" # Speedscale components image settings. image: registry: gcr.io/speedscale - tag: v2.1.344 + tag: v2.1.359 pullPolicy: Always # Log level for Speedscale components. diff --git a/index.yaml b/index.yaml index 9e8bdf96a..3ff337cee 100644 --- a/index.yaml +++ b/index.yaml @@ -241,6 +241,46 @@ entries: - assets/amd/amd-gpu-0.9.0.tgz version: 0.9.0 argo-cd: + - annotations: + artifacthub.io/changes: | + - kind: added + description: Support ability to set .Values.namespaceOverride + artifacthub.io/signKey: | + fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252 + url: https://argoproj.github.io/argo-helm/pgp_keys.asc + catalog.cattle.io/certified: partner + catalog.cattle.io/display-name: Argo CD + catalog.cattle.io/featured: "2" + catalog.cattle.io/kube-version: '>=1.23.0-0' + catalog.cattle.io/release-name: argo-cd + apiVersion: v2 + appVersion: v2.11.0 + created: "2024-05-15T00:58:09.798497479Z" + dependencies: + - condition: redis-ha.enabled + name: redis-ha + repository: file://./charts/redis-ha + version: 4.26.1 + description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery + tool for Kubernetes. + digest: 37a7b5f782f8080650a06b7fff1adc849c32e432e983eadaa54a1918e0b0ce56 + home: https://github.com/argoproj/argo-helm + icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png + keywords: + - argoproj + - argocd + - gitops + kubeVersion: '>=1.23.0-0' + maintainers: + - name: argoproj + url: https://argoproj.github.io/ + name: argo-cd + sources: + - https://github.com/argoproj/argo-helm/tree/main/charts/argo-cd + - https://github.com/argoproj/argo-cd + urls: + - assets/argo/argo-cd-6.9.2.tgz + version: 6.9.2 - annotations: artifacthub.io/changes: | - kind: fixed @@ -254,12 +294,11 @@ entries: url: https://argoproj.github.io/argo-helm/pgp_keys.asc catalog.cattle.io/certified: partner catalog.cattle.io/display-name: Argo CD - catalog.cattle.io/featured: "2" catalog.cattle.io/kube-version: '>=1.23.0-0' catalog.cattle.io/release-name: argo-cd apiVersion: v2 appVersion: v2.11.0 - created: "2024-05-14T00:54:35.105340647Z" + created: "2024-05-15T00:58:01.261694366Z" dependencies: - condition: redis-ha.enabled name: redis-ha @@ -267,7 +306,7 @@ entries: version: 4.26.1 description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes. - digest: 4cceb1f0a4496d370adca0bcee500825eb913f9aa500540f7f30d202a99b00de + digest: f8332090caf70eea100111d7cfac6a1090e413c228d179effd89e97548b05a74 home: https://github.com/argoproj/argo-helm icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png keywords: @@ -18467,6 +18506,30 @@ entries: - assets/dynatrace/dynatrace-operator-0.7.2.tgz version: 0.7.2 external-secrets: + - annotations: + catalog.cattle.io/certified: partner + catalog.cattle.io/display-name: External Secrets Operator + catalog.cattle.io/kube-version: '>= 1.19.0-0' + catalog.cattle.io/release-name: external-secrets + apiVersion: v2 + appVersion: v0.9.18 + created: "2024-05-15T00:58:10.855528445Z" + description: External secret management for Kubernetes + digest: 8dded12d75cbf8ce624511acc81b16df84b0b71c438bb096688c73d2b30f9820 + home: https://github.com/external-secrets/external-secrets + icon: https://raw.githubusercontent.com/external-secrets/external-secrets/main/assets/eso-logo-large.png + keywords: + - kubernetes-external-secrets + - secrets + kubeVersion: '>= 1.19.0-0' + maintainers: + - email: kellinmcavoy@gmail.com + name: mcavoyk + name: external-secrets + type: application + urls: + - assets/external-secrets/external-secrets-0.9.18.tgz + version: 0.9.18 - annotations: catalog.cattle.io/certified: partner catalog.cattle.io/display-name: External Secrets Operator @@ -26446,6 +26509,63 @@ entries: - assets/jaeger/jaeger-operator-2.36.0.tgz version: 2.36.0 jenkins: + - annotations: + artifacthub.io/category: integration-delivery + artifacthub.io/changes: | + - Update `docker.io/kiwigrid/k8s-sidecar` to version `1.27.1` + artifacthub.io/images: | + - name: jenkins + image: docker.io/jenkins/jenkins:2.440.3-jdk17 + - name: k8s-sidecar + image: docker.io/kiwigrid/k8s-sidecar:1.27.1 + - name: inbound-agent + image: jenkins/inbound-agent:3206.vb_15dcf73f6a_9-3 + artifacthub.io/license: Apache-2.0 + artifacthub.io/links: | + - name: Chart Source + url: https://github.com/jenkinsci/helm-charts/tree/main/charts/jenkins + - name: Jenkins + url: https://www.jenkins.io/ + - name: support + url: https://github.com/jenkinsci/helm-charts/issues + catalog.cattle.io/certified: partner + catalog.cattle.io/display-name: Jenkins + catalog.cattle.io/kube-version: '>=1.14-0' + catalog.cattle.io/release-name: jenkins + apiVersion: v2 + appVersion: 2.440.3 + created: "2024-05-15T00:58:11.595825391Z" + description: 'Jenkins - Build great things at any scale! As the leading open source + automation server, Jenkins provides over 1800 plugins to support building, deploying + and automating any project. ' + digest: 4a4072d113b7e35a0549e8586246397b56e173bb17816dde34ffbeca55f58522 + home: https://www.jenkins.io/ + icon: https://get.jenkins.io/art/jenkins-logo/logo.svg + keywords: + - jenkins + - ci + - devops + maintainers: + - email: maor.friedman@redhat.com + name: maorfr + - email: mail@torstenwalter.de + name: torstenwalter + - email: garridomota@gmail.com + name: mogaal + - email: wmcdona89@gmail.com + name: wmcdona89 + - email: timjacomb1@gmail.com + name: timja + name: jenkins + sources: + - https://github.com/jenkinsci/jenkins + - https://github.com/jenkinsci/docker-inbound-agent + - https://github.com/maorfr/kube-tasks + - https://github.com/jenkinsci/configuration-as-code-plugin + type: application + urls: + - assets/jenkins/jenkins-5.1.13.tgz + version: 5.1.13 - annotations: artifacthub.io/category: integration-delivery artifacthub.io/changes: | @@ -50221,6 +50341,37 @@ entries: - assets/shipa/shipa-1.4.0.tgz version: 1.4.0 speedscale-operator: + - annotations: + catalog.cattle.io/certified: partner + catalog.cattle.io/display-name: Speedscale Operator + catalog.cattle.io/kube-version: '>= 1.17.0-0' + catalog.cattle.io/release-name: speedscale-operator + apiVersion: v1 + appVersion: 2.1.359 + created: "2024-05-15T00:58:15.284189586Z" + description: Stress test your APIs with real world scenarios. Collect and replay + traffic without scripting. + digest: 694eb594b2f1250b715906472b5c3c474972b651eb3d17d4d1b6621313dca8a5 + home: https://speedscale.com + icon: https://raw.githubusercontent.com/speedscale/assets/main/logo/gold_logo_only.png + keywords: + - speedscale + - test + - testing + - regression + - reliability + - load + - replay + - network + - traffic + kubeVersion: '>= 1.17.0-0' + maintainers: + - email: support@speedscale.com + name: Speedscale Support + name: speedscale-operator + urls: + - assets/speedscale/speedscale-operator-2.1.359.tgz + version: 2.1.359 - annotations: catalog.cattle.io/certified: partner catalog.cattle.io/display-name: Speedscale Operator