From 28d9b499a3aabec99763ba8b8cd19774d5e77c93 Mon Sep 17 00:00:00 2001 From: Michele Baldessari Date: Thu, 30 May 2024 10:26:24 +0200 Subject: [PATCH] Update tests after common rebase --- ...mmon-acm-industrial-edge-hub.expected.yaml | 4 +- ...on-acm-medical-diagnosis-hub.expected.yaml | 4 +- tests/common-acm-normal.expected.yaml | 6 +- ...roup-industrial-edge-factory.expected.yaml | 51 +++++- ...tergroup-industrial-edge-hub.expected.yaml | 63 ++++++- ...rgroup-medical-diagnosis-hub.expected.yaml | 75 +++++++- tests/common-clustergroup-naked.expected.yaml | 49 +++++- .../common-clustergroup-normal.expected.yaml | 53 +++++- ...rets-industrial-edge-factory.expected.yaml | 161 +++++++++++------- ...-secrets-industrial-edge-hub.expected.yaml | 159 ++++++++++------- ...ecrets-medical-diagnosis-hub.expected.yaml | 159 ++++++++++------- ...olang-external-secrets-naked.expected.yaml | 159 ++++++++++------- ...lang-external-secrets-normal.expected.yaml | 159 ++++++++++------- ...ault-industrial-edge-factory.expected.yaml | 4 +- ...rp-vault-industrial-edge-hub.expected.yaml | 4 +- ...-vault-medical-diagnosis-hub.expected.yaml | 4 +- ...common-hashicorp-vault-naked.expected.yaml | 4 +- ...ommon-hashicorp-vault-normal.expected.yaml | 4 +- ...tall-industrial-edge-factory.expected.yaml | 3 - ...-install-industrial-edge-hub.expected.yaml | 3 - ...nstall-medical-diagnosis-hub.expected.yaml | 3 - ...ommon-operator-install-naked.expected.yaml | 3 - ...mmon-operator-install-normal.expected.yaml | 3 - 23 files changed, 813 insertions(+), 324 deletions(-) diff --git a/tests/common-acm-industrial-edge-hub.expected.yaml b/tests/common-acm-industrial-edge-hub.expected.yaml index 453e8a9e..4199ba03 100644 --- a/tests/common-acm-industrial-edge-hub.expected.yaml +++ b/tests/common-acm-industrial-edge-hub.expected.yaml @@ -167,7 +167,7 @@ spec: type: Opaque metadata: name: hub-ca - namespace: imperative + namespace: golang-external-secrets data: hub-kube-root-ca.crt: '{{hub fromConfigMap "" "kube-root-ca.crt" "ca.crt" | base64enc hub}}' hub-openshift-service-ca.crt: '{{hub fromConfigMap "" "openshift-service-ca.crt" "service-ca.crt" | base64enc hub}}' @@ -214,6 +214,8 @@ spec: path: common/clustergroup helm: ignoreMissingValueFiles: true + values: | + extraParametersNested: valueFiles: - "/values-global.yaml" - "/values-factory.yaml" diff --git a/tests/common-acm-medical-diagnosis-hub.expected.yaml b/tests/common-acm-medical-diagnosis-hub.expected.yaml index 8b50de7a..f2a8fdd6 100644 --- a/tests/common-acm-medical-diagnosis-hub.expected.yaml +++ b/tests/common-acm-medical-diagnosis-hub.expected.yaml @@ -158,7 +158,7 @@ spec: type: Opaque metadata: name: hub-ca - namespace: imperative + namespace: golang-external-secrets data: hub-kube-root-ca.crt: '{{hub fromConfigMap "" "kube-root-ca.crt" "ca.crt" | base64enc hub}}' hub-openshift-service-ca.crt: '{{hub fromConfigMap "" "openshift-service-ca.crt" "service-ca.crt" | base64enc hub}}' @@ -205,6 +205,8 @@ spec: path: common/clustergroup helm: ignoreMissingValueFiles: true + values: | + extraParametersNested: valueFiles: - "/values-global.yaml" - "/values-region-one.yaml" diff --git a/tests/common-acm-normal.expected.yaml b/tests/common-acm-normal.expected.yaml index 66f1c590..143de18b 100644 --- a/tests/common-acm-normal.expected.yaml +++ b/tests/common-acm-normal.expected.yaml @@ -561,7 +561,7 @@ spec: type: Opaque metadata: name: hub-ca - namespace: imperative + namespace: golang-external-secrets data: hub-kube-root-ca.crt: '{{hub fromConfigMap "" "kube-root-ca.crt" "ca.crt" | base64enc hub}}' hub-openshift-service-ca.crt: '{{hub fromConfigMap "" "openshift-service-ca.crt" "service-ca.crt" | base64enc hub}}' @@ -608,6 +608,8 @@ spec: path: common/clustergroup helm: ignoreMissingValueFiles: true + values: | + extraParametersNested: valueFiles: - "/values-global.yaml" - "/values-acm-edge.yaml" @@ -704,6 +706,8 @@ spec: path: common/clustergroup helm: ignoreMissingValueFiles: true + values: | + extraParametersNested: valueFiles: - "/values-global.yaml" - "/values-acm-provision-edge.yaml" diff --git a/tests/common-clustergroup-industrial-edge-factory.expected.yaml b/tests/common-clustergroup-industrial-edge-factory.expected.yaml index 5de901a2..1826e750 100644 --- a/tests/common-clustergroup-industrial-edge-factory.expected.yaml +++ b/tests/common-clustergroup-industrial-edge-factory.expected.yaml @@ -64,6 +64,13 @@ metadata: name: imperative-sa namespace: imperative --- +# Source: clustergroup/templates/imperative/serviceaccount.yaml +apiVersion: v1 +kind: ServiceAccount +metadata: + name: imperative-admin-sa + namespace: imperative +--- # Source: clustergroup/templates/imperative/configmap.yaml apiVersion: v1 kind: ConfigMap @@ -116,6 +123,9 @@ data: initContainers: [] imperative: activeDeadlineSeconds: 3600 + adminClusterRoleName: imperative-admin-cluster-role + adminServiceAccountCreate: true + adminServiceAccountName: imperative-admin-sa clusterRoleName: imperative-cluster-role clusterRoleYaml: "" cronJobName: imperative-cronjob @@ -279,11 +289,24 @@ rules: - list - watch --- +# Source: clustergroup/templates/imperative/clusterrole.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: imperative-admin-cluster-role +rules: + - apiGroups: + - '*' + resources: + - '*' + verbs: + - '*' +--- # Source: clustergroup/templates/imperative/rbac.yaml apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: - name: imperative-cluster-admin-rolebinding + name: imperative-cluster-rolebinding roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole @@ -293,12 +316,30 @@ subjects: name: imperative-sa namespace: imperative --- +# Source: clustergroup/templates/imperative/rbac.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: imperative-admin-clusterrolebinding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: imperative-admin-cluster-role +subjects: + - kind: ServiceAccount + name: imperative-admin-sa + namespace: imperative +--- # Source: clustergroup/templates/plumbing/argocd-super-role.yaml # WARNING: ONLY USE THIS FOR MANAGING CLUSTERS NOT FOR REGULAR USERS apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: name: openshift-gitops-cluster-admin-rolebinding + # We need to have this before anything else or the sync might get stuck forever + # due to permission issues + annotations: + argocd.argoproj.io/sync-wave: "-100" roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole @@ -318,6 +359,10 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: name: mypattern-factory-cluster-admin-rolebinding + # We need to have this before anything else or the sync might get stuck forever + # due to permission issues + annotations: + argocd.argoproj.io/sync-wave: "-100" roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole @@ -355,7 +400,7 @@ rules: apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: - name: imperative-admin-rolebinding + name: imperative-rolebinding namespace: imperative roleRef: apiGroup: rbac.authorization.k8s.io @@ -537,6 +582,8 @@ spec: path: charts/datacenter/opendatahub helm: ignoreMissingValueFiles: true + values: | + extraParametersNested: valueFiles: - "/values-global.yaml" - "/values-factory.yaml" diff --git a/tests/common-clustergroup-industrial-edge-hub.expected.yaml b/tests/common-clustergroup-industrial-edge-hub.expected.yaml index c7777554..b81b7cef 100644 --- a/tests/common-clustergroup-industrial-edge-hub.expected.yaml +++ b/tests/common-clustergroup-industrial-edge-hub.expected.yaml @@ -109,6 +109,13 @@ metadata: name: imperative-sa namespace: imperative --- +# Source: clustergroup/templates/imperative/serviceaccount.yaml +apiVersion: v1 +kind: ServiceAccount +metadata: + name: imperative-admin-sa + namespace: imperative +--- # Source: clustergroup/templates/imperative/configmap.yaml apiVersion: v1 kind: ConfigMap @@ -237,6 +244,9 @@ data: initContainers: [] imperative: activeDeadlineSeconds: 3600 + adminClusterRoleName: imperative-admin-cluster-role + adminServiceAccountCreate: true + adminServiceAccountName: imperative-admin-sa clusterRoleName: imperative-cluster-role clusterRoleYaml: "" cronJobName: imperative-cronjob @@ -440,11 +450,24 @@ rules: - list - watch --- +# Source: clustergroup/templates/imperative/clusterrole.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: imperative-admin-cluster-role +rules: + - apiGroups: + - '*' + resources: + - '*' + verbs: + - '*' +--- # Source: clustergroup/templates/imperative/rbac.yaml apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: - name: imperative-cluster-admin-rolebinding + name: imperative-cluster-rolebinding roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole @@ -454,12 +477,30 @@ subjects: name: imperative-sa namespace: imperative --- +# Source: clustergroup/templates/imperative/rbac.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: imperative-admin-clusterrolebinding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: imperative-admin-cluster-role +subjects: + - kind: ServiceAccount + name: imperative-admin-sa + namespace: imperative +--- # Source: clustergroup/templates/plumbing/argocd-super-role.yaml # WARNING: ONLY USE THIS FOR MANAGING CLUSTERS NOT FOR REGULAR USERS apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: name: openshift-gitops-cluster-admin-rolebinding + # We need to have this before anything else or the sync might get stuck forever + # due to permission issues + annotations: + argocd.argoproj.io/sync-wave: "-100" roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole @@ -479,6 +520,10 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: name: mypattern-datacenter-cluster-admin-rolebinding + # We need to have this before anything else or the sync might get stuck forever + # due to permission issues + annotations: + argocd.argoproj.io/sync-wave: "-100" roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole @@ -516,7 +561,7 @@ rules: apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: - name: imperative-admin-rolebinding + name: imperative-rolebinding namespace: imperative roleRef: apiGroup: rbac.authorization.k8s.io @@ -835,6 +880,8 @@ spec: path: common/acm helm: ignoreMissingValueFiles: true + values: | + extraParametersNested: valueFiles: - "/values-global.yaml" - "/values-datacenter.yaml" @@ -900,6 +947,8 @@ spec: path: charts/datacenter/opendatahub helm: ignoreMissingValueFiles: true + values: | + extraParametersNested: valueFiles: - "/values-global.yaml" - "/values-datacenter.yaml" @@ -956,6 +1005,8 @@ spec: path: charts/datacenter/pipelines helm: ignoreMissingValueFiles: true + values: | + extraParametersNested: valueFiles: - "/values-global.yaml" - "/values-datacenter.yaml" @@ -1012,6 +1063,8 @@ spec: path: charts/datacenter/manuela-data-lake helm: ignoreMissingValueFiles: true + values: | + extraParametersNested: valueFiles: - "/values-global.yaml" - "/values-datacenter.yaml" @@ -1098,6 +1151,8 @@ spec: path: charts/datacenter/external-secrets helm: ignoreMissingValueFiles: true + values: | + extraParametersNested: valueFiles: - "/values-global.yaml" - "/values-datacenter.yaml" @@ -1154,6 +1209,8 @@ spec: path: common/golang-external-secrets helm: ignoreMissingValueFiles: true + values: | + extraParametersNested: valueFiles: - "/values-global.yaml" - "/values-datacenter.yaml" @@ -1237,6 +1294,8 @@ spec: chart: vault helm: ignoreMissingValueFiles: true + values: | + extraParametersNested: valueFiles: - "/values-global.yaml" - "/values-datacenter.yaml" diff --git a/tests/common-clustergroup-medical-diagnosis-hub.expected.yaml b/tests/common-clustergroup-medical-diagnosis-hub.expected.yaml index bcf7c6b0..d6496a85 100644 --- a/tests/common-clustergroup-medical-diagnosis-hub.expected.yaml +++ b/tests/common-clustergroup-medical-diagnosis-hub.expected.yaml @@ -109,6 +109,13 @@ metadata: name: imperative-sa namespace: imperative --- +# Source: clustergroup/templates/imperative/serviceaccount.yaml +apiVersion: v1 +kind: ServiceAccount +metadata: + name: imperative-admin-sa + namespace: imperative +--- # Source: clustergroup/templates/imperative/configmap.yaml apiVersion: v1 kind: ConfigMap @@ -220,6 +227,9 @@ data: initContainers: [] imperative: activeDeadlineSeconds: 3600 + adminClusterRoleName: imperative-admin-cluster-role + adminServiceAccountCreate: true + adminServiceAccountName: imperative-admin-sa clusterRoleName: imperative-cluster-role clusterRoleYaml: "" cronJobName: imperative-cronjob @@ -367,11 +377,24 @@ rules: - list - watch --- +# Source: clustergroup/templates/imperative/clusterrole.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: imperative-admin-cluster-role +rules: + - apiGroups: + - '*' + resources: + - '*' + verbs: + - '*' +--- # Source: clustergroup/templates/imperative/rbac.yaml apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: - name: imperative-cluster-admin-rolebinding + name: imperative-cluster-rolebinding roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole @@ -381,12 +404,30 @@ subjects: name: imperative-sa namespace: imperative --- +# Source: clustergroup/templates/imperative/rbac.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: imperative-admin-clusterrolebinding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: imperative-admin-cluster-role +subjects: + - kind: ServiceAccount + name: imperative-admin-sa + namespace: imperative +--- # Source: clustergroup/templates/plumbing/argocd-super-role.yaml # WARNING: ONLY USE THIS FOR MANAGING CLUSTERS NOT FOR REGULAR USERS apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: name: openshift-gitops-cluster-admin-rolebinding + # We need to have this before anything else or the sync might get stuck forever + # due to permission issues + annotations: + argocd.argoproj.io/sync-wave: "-100" roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole @@ -406,6 +447,10 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: name: mypattern-hub-cluster-admin-rolebinding + # We need to have this before anything else or the sync might get stuck forever + # due to permission issues + annotations: + argocd.argoproj.io/sync-wave: "-100" roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole @@ -443,7 +488,7 @@ rules: apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: - name: imperative-admin-rolebinding + name: imperative-rolebinding namespace: imperative roleRef: apiGroup: rbac.authorization.k8s.io @@ -720,6 +765,8 @@ spec: path: common/golang-external-secrets helm: ignoreMissingValueFiles: true + values: | + extraParametersNested: valueFiles: - "/values-global.yaml" - "/values-hub.yaml" @@ -776,6 +823,8 @@ spec: path: charts/all/kafdrop helm: ignoreMissingValueFiles: true + values: | + extraParametersNested: valueFiles: - "/values-global.yaml" - "/values-hub.yaml" @@ -832,6 +881,8 @@ spec: path: charts/all/kafka helm: ignoreMissingValueFiles: true + values: | + extraParametersNested: valueFiles: - "/values-global.yaml" - "/values-hub.yaml" @@ -888,6 +939,8 @@ spec: path: charts/all/opendatahub helm: ignoreMissingValueFiles: true + values: | + extraParametersNested: valueFiles: - "/values-global.yaml" - "/values-hub.yaml" @@ -944,6 +997,8 @@ spec: path: charts/all/openshift-data-foundations helm: ignoreMissingValueFiles: true + values: | + extraParametersNested: valueFiles: - "/values-global.yaml" - "/values-hub.yaml" @@ -1000,6 +1055,8 @@ spec: path: charts/all/openshift-serverless helm: ignoreMissingValueFiles: true + values: | + extraParametersNested: valueFiles: - "/values-global.yaml" - "/values-hub.yaml" @@ -1056,6 +1113,8 @@ spec: path: charts/all/medical-diagnosis/service-account helm: ignoreMissingValueFiles: true + values: | + extraParametersNested: valueFiles: - "/values-global.yaml" - "/values-hub.yaml" @@ -1112,6 +1171,8 @@ spec: chart: vault helm: ignoreMissingValueFiles: true + values: | + extraParametersNested: valueFiles: - "/values-global.yaml" - "/values-hub.yaml" @@ -1186,6 +1247,8 @@ spec: path: charts/all/medical-diagnosis/database helm: ignoreMissingValueFiles: true + values: | + extraParametersNested: valueFiles: - "/values-global.yaml" - "/values-hub.yaml" @@ -1242,6 +1305,8 @@ spec: path: charts/all/medical-diagnosis/grafana helm: ignoreMissingValueFiles: true + values: | + extraParametersNested: valueFiles: - "/values-global.yaml" - "/values-hub.yaml" @@ -1298,6 +1363,8 @@ spec: path: charts/all/medical-diagnosis/image-generator helm: ignoreMissingValueFiles: true + values: | + extraParametersNested: valueFiles: - "/values-global.yaml" - "/values-hub.yaml" @@ -1363,6 +1430,8 @@ spec: path: charts/all/medical-diagnosis/image-server helm: ignoreMissingValueFiles: true + values: | + extraParametersNested: valueFiles: - "/values-global.yaml" - "/values-hub.yaml" @@ -1428,6 +1497,8 @@ spec: path: charts/all/medical-diagnosis/xray-init helm: ignoreMissingValueFiles: true + values: | + extraParametersNested: valueFiles: - "/values-global.yaml" - "/values-hub.yaml" diff --git a/tests/common-clustergroup-naked.expected.yaml b/tests/common-clustergroup-naked.expected.yaml index fdaf4293..a7fee415 100644 --- a/tests/common-clustergroup-naked.expected.yaml +++ b/tests/common-clustergroup-naked.expected.yaml @@ -28,6 +28,13 @@ metadata: name: imperative-sa namespace: imperative --- +# Source: clustergroup/templates/imperative/serviceaccount.yaml +apiVersion: v1 +kind: ServiceAccount +metadata: + name: imperative-admin-sa + namespace: imperative +--- # Source: clustergroup/templates/imperative/configmap.yaml apiVersion: v1 kind: ConfigMap @@ -43,6 +50,9 @@ data: initContainers: [] imperative: activeDeadlineSeconds: 3600 + adminClusterRoleName: imperative-admin-cluster-role + adminServiceAccountCreate: true + adminServiceAccountName: imperative-admin-sa clusterRoleName: imperative-cluster-role clusterRoleYaml: "" cronJobName: imperative-cronjob @@ -117,11 +127,24 @@ rules: - list - watch --- +# Source: clustergroup/templates/imperative/clusterrole.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: imperative-admin-cluster-role +rules: + - apiGroups: + - '*' + resources: + - '*' + verbs: + - '*' +--- # Source: clustergroup/templates/imperative/rbac.yaml apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: - name: imperative-cluster-admin-rolebinding + name: imperative-cluster-rolebinding roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole @@ -131,12 +154,30 @@ subjects: name: imperative-sa namespace: imperative --- +# Source: clustergroup/templates/imperative/rbac.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: imperative-admin-clusterrolebinding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: imperative-admin-cluster-role +subjects: + - kind: ServiceAccount + name: imperative-admin-sa + namespace: imperative +--- # Source: clustergroup/templates/plumbing/argocd-super-role.yaml # WARNING: ONLY USE THIS FOR MANAGING CLUSTERS NOT FOR REGULAR USERS apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: name: openshift-gitops-cluster-admin-rolebinding + # We need to have this before anything else or the sync might get stuck forever + # due to permission issues + annotations: + argocd.argoproj.io/sync-wave: "-100" roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole @@ -156,6 +197,10 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: name: common-example-cluster-admin-rolebinding + # We need to have this before anything else or the sync might get stuck forever + # due to permission issues + annotations: + argocd.argoproj.io/sync-wave: "-100" roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole @@ -193,7 +238,7 @@ rules: apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: - name: imperative-admin-rolebinding + name: imperative-rolebinding namespace: imperative roleRef: apiGroup: rbac.authorization.k8s.io diff --git a/tests/common-clustergroup-normal.expected.yaml b/tests/common-clustergroup-normal.expected.yaml index 816269ed..2fca5174 100644 --- a/tests/common-clustergroup-normal.expected.yaml +++ b/tests/common-clustergroup-normal.expected.yaml @@ -96,6 +96,13 @@ metadata: name: imperative-sa namespace: imperative --- +# Source: clustergroup/templates/imperative/serviceaccount.yaml +apiVersion: v1 +kind: ServiceAccount +metadata: + name: imperative-admin-sa + namespace: imperative +--- # Source: clustergroup/templates/imperative/configmap.yaml apiVersion: v1 kind: ConfigMap @@ -128,6 +135,9 @@ data: initContainers: [] imperative: activeDeadlineSeconds: 3600 + adminClusterRoleName: imperative-admin-cluster-role + adminServiceAccountCreate: true + adminServiceAccountName: imperative-admin-sa clusterRoleName: imperative-cluster-role clusterRoleYaml: "" cronJobName: imperative-cronjob @@ -329,11 +339,24 @@ rules: - list - watch --- +# Source: clustergroup/templates/imperative/clusterrole.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: imperative-admin-cluster-role +rules: + - apiGroups: + - '*' + resources: + - '*' + verbs: + - '*' +--- # Source: clustergroup/templates/imperative/rbac.yaml apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: - name: imperative-cluster-admin-rolebinding + name: imperative-cluster-rolebinding roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole @@ -343,12 +366,30 @@ subjects: name: imperative-sa namespace: imperative --- +# Source: clustergroup/templates/imperative/rbac.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: imperative-admin-clusterrolebinding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: imperative-admin-cluster-role +subjects: + - kind: ServiceAccount + name: imperative-admin-sa + namespace: imperative +--- # Source: clustergroup/templates/plumbing/argocd-super-role.yaml # WARNING: ONLY USE THIS FOR MANAGING CLUSTERS NOT FOR REGULAR USERS apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: name: openshift-gitops-cluster-admin-rolebinding + # We need to have this before anything else or the sync might get stuck forever + # due to permission issues + annotations: + argocd.argoproj.io/sync-wave: "-100" roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole @@ -368,6 +409,10 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: name: mypattern-example-cluster-admin-rolebinding + # We need to have this before anything else or the sync might get stuck forever + # due to permission issues + annotations: + argocd.argoproj.io/sync-wave: "-100" roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole @@ -405,7 +450,7 @@ rules: apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: - name: imperative-admin-rolebinding + name: imperative-rolebinding namespace: imperative roleRef: apiGroup: rbac.authorization.k8s.io @@ -685,6 +730,8 @@ spec: path: common/acm helm: ignoreMissingValueFiles: true + values: | + extraParametersNested: valueFiles: - "/values-global.yaml" - "/values-example.yaml" @@ -752,6 +799,8 @@ spec: path: charts/datacenter/pipelines helm: ignoreMissingValueFiles: true + values: | + extraParametersNested: valueFiles: - "/values-global.yaml" - "/values-example.yaml" diff --git a/tests/common-golang-external-secrets-industrial-edge-factory.expected.yaml b/tests/common-golang-external-secrets-industrial-edge-factory.expected.yaml index dde550fd..2a9621a7 100644 --- a/tests/common-golang-external-secrets-industrial-edge-factory.expected.yaml +++ b/tests/common-golang-external-secrets-industrial-edge-factory.expected.yaml @@ -6,10 +6,10 @@ metadata: name: external-secrets-cert-controller namespace: default labels: - helm.sh/chart: external-secrets-0.9.16 + helm.sh/chart: external-secrets-0.9.18 app.kubernetes.io/name: external-secrets-cert-controller app.kubernetes.io/instance: common-golang-external-secrets - app.kubernetes.io/version: "v0.9.16" + app.kubernetes.io/version: "v0.9.18" app.kubernetes.io/managed-by: Helm --- # Source: golang-external-secrets/charts/external-secrets/templates/serviceaccount.yaml @@ -19,10 +19,10 @@ metadata: name: common-golang-external-secrets namespace: default labels: - helm.sh/chart: external-secrets-0.9.16 + helm.sh/chart: external-secrets-0.9.18 app.kubernetes.io/name: external-secrets app.kubernetes.io/instance: common-golang-external-secrets - app.kubernetes.io/version: "v0.9.16" + app.kubernetes.io/version: "v0.9.18" app.kubernetes.io/managed-by: Helm --- # Source: golang-external-secrets/charts/external-secrets/templates/webhook-serviceaccount.yaml @@ -32,10 +32,10 @@ metadata: name: external-secrets-webhook namespace: default labels: - helm.sh/chart: external-secrets-0.9.16 + helm.sh/chart: external-secrets-0.9.18 app.kubernetes.io/name: external-secrets-webhook app.kubernetes.io/instance: common-golang-external-secrets - app.kubernetes.io/version: "v0.9.16" + app.kubernetes.io/version: "v0.9.18" app.kubernetes.io/managed-by: Helm --- # Source: golang-external-secrets/charts/external-secrets/templates/webhook-secret.yaml @@ -45,10 +45,10 @@ metadata: name: common-golang-external-secrets-webhook namespace: default labels: - helm.sh/chart: external-secrets-0.9.16 + helm.sh/chart: external-secrets-0.9.18 app.kubernetes.io/name: external-secrets-webhook app.kubernetes.io/instance: common-golang-external-secrets - app.kubernetes.io/version: "v0.9.16" + app.kubernetes.io/version: "v0.9.18" app.kubernetes.io/managed-by: Helm external-secrets.io/component: webhook --- @@ -67,7 +67,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.14.0 + controller-gen.kubebuilder.io/version: v0.15.0 name: acraccesstokens.generators.external-secrets.io spec: group: generators.external-secrets.io @@ -263,7 +263,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.14.0 + controller-gen.kubebuilder.io/version: v0.15.0 name: clusterexternalsecrets.external-secrets.io spec: group: external-secrets.io @@ -780,11 +780,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string @@ -827,11 +829,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string @@ -844,7 +848,7 @@ spec: x-kubernetes-map-type: atomic type: array namespaces: - description: Choose namespaces by name. This field is ORed with anything that NamespaceSelector ends up choosing. + description: Choose namespaces by name. This field is ORed with anything that NamespaceSelectors ends up choosing. items: type: string type: array @@ -916,7 +920,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.14.0 + controller-gen.kubebuilder.io/version: v0.15.0 name: clustersecretstores.external-secrets.io spec: group: external-secrets.io @@ -2484,11 +2488,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string @@ -2921,6 +2927,23 @@ spec: authSecretRef: description: Auth configures how the operator authenticates with Azure. Required for ServicePrincipal auth type. Optional for WorkloadIdentity. properties: + clientCertificate: + description: The Azure ClientCertificate of the service principle used for authentication. + properties: + key: + description: |- + The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be + defaulted, in others it may be required. + type: string + name: + description: The name of the Secret resource being referred to. + type: string + namespace: + description: |- + Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults + to the namespace of the referent. + type: string + type: object clientId: description: The Azure clientId of the service principle or managed identity used for authentication. properties: @@ -5079,7 +5102,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.14.0 + controller-gen.kubebuilder.io/version: v0.15.0 name: ecrauthorizationtokens.generators.external-secrets.io spec: group: generators.external-secrets.io @@ -5246,7 +5269,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.14.0 + controller-gen.kubebuilder.io/version: v0.15.0 name: externalsecrets.external-secrets.io spec: group: external-secrets.io @@ -6051,7 +6074,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.14.0 + controller-gen.kubebuilder.io/version: v0.15.0 name: fakes.generators.external-secrets.io spec: group: generators.external-secrets.io @@ -6127,7 +6150,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.14.0 + controller-gen.kubebuilder.io/version: v0.15.0 name: gcraccesstokens.generators.external-secrets.io spec: group: generators.external-secrets.io @@ -6255,7 +6278,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.14.0 + controller-gen.kubebuilder.io/version: v0.15.0 name: githubaccesstokens.generators.external-secrets.io spec: group: generators.external-secrets.io @@ -6357,7 +6380,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.14.0 + controller-gen.kubebuilder.io/version: v0.15.0 name: passwords.generators.external-secrets.io spec: group: generators.external-secrets.io @@ -6455,7 +6478,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.14.0 + controller-gen.kubebuilder.io/version: v0.15.0 name: pushsecrets.external-secrets.io spec: group: external-secrets.io @@ -6586,11 +6609,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string @@ -6831,7 +6856,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.14.0 + controller-gen.kubebuilder.io/version: v0.15.0 name: secretstores.external-secrets.io spec: group: external-secrets.io @@ -8399,11 +8424,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string @@ -8836,6 +8863,23 @@ spec: authSecretRef: description: Auth configures how the operator authenticates with Azure. Required for ServicePrincipal auth type. Optional for WorkloadIdentity. properties: + clientCertificate: + description: The Azure ClientCertificate of the service principle used for authentication. + properties: + key: + description: |- + The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be + defaulted, in others it may be required. + type: string + name: + description: The name of the Secret resource being referred to. + type: string + namespace: + description: |- + Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults + to the namespace of the referent. + type: string + type: object clientId: description: The Azure clientId of the service principle or managed identity used for authentication. properties: @@ -10994,7 +11038,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.14.0 + controller-gen.kubebuilder.io/version: v0.15.0 name: vaultdynamicsecrets.generators.external-secrets.io spec: group: generators.external-secrets.io @@ -11686,7 +11730,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.14.0 + controller-gen.kubebuilder.io/version: v0.15.0 name: webhooks.generators.external-secrets.io spec: group: generators.external-secrets.io @@ -11834,10 +11878,10 @@ kind: ClusterRole metadata: name: common-golang-external-secrets-cert-controller labels: - helm.sh/chart: external-secrets-0.9.16 + helm.sh/chart: external-secrets-0.9.18 app.kubernetes.io/name: external-secrets-cert-controller app.kubernetes.io/instance: common-golang-external-secrets - app.kubernetes.io/version: "v0.9.16" + app.kubernetes.io/version: "v0.9.18" app.kubernetes.io/managed-by: Helm rules: - apiGroups: @@ -11901,10 +11945,10 @@ kind: ClusterRole metadata: name: common-golang-external-secrets-controller labels: - helm.sh/chart: external-secrets-0.9.16 + helm.sh/chart: external-secrets-0.9.18 app.kubernetes.io/name: external-secrets app.kubernetes.io/instance: common-golang-external-secrets - app.kubernetes.io/version: "v0.9.16" + app.kubernetes.io/version: "v0.9.18" app.kubernetes.io/managed-by: Helm rules: - apiGroups: @@ -12012,10 +12056,10 @@ kind: ClusterRole metadata: name: common-golang-external-secrets-view labels: - helm.sh/chart: external-secrets-0.9.16 + helm.sh/chart: external-secrets-0.9.18 app.kubernetes.io/name: external-secrets app.kubernetes.io/instance: common-golang-external-secrets - app.kubernetes.io/version: "v0.9.16" + app.kubernetes.io/version: "v0.9.18" app.kubernetes.io/managed-by: Helm rbac.authorization.k8s.io/aggregate-to-view: "true" rbac.authorization.k8s.io/aggregate-to-edit: "true" @@ -12054,10 +12098,10 @@ kind: ClusterRole metadata: name: common-golang-external-secrets-edit labels: - helm.sh/chart: external-secrets-0.9.16 + helm.sh/chart: external-secrets-0.9.18 app.kubernetes.io/name: external-secrets app.kubernetes.io/instance: common-golang-external-secrets - app.kubernetes.io/version: "v0.9.16" + app.kubernetes.io/version: "v0.9.18" app.kubernetes.io/managed-by: Helm rbac.authorization.k8s.io/aggregate-to-edit: "true" rbac.authorization.k8s.io/aggregate-to-admin: "true" @@ -12100,10 +12144,10 @@ metadata: name: common-golang-external-secrets-servicebindings labels: servicebinding.io/controller: "true" - helm.sh/chart: external-secrets-0.9.16 + helm.sh/chart: external-secrets-0.9.18 app.kubernetes.io/name: external-secrets app.kubernetes.io/instance: common-golang-external-secrets - app.kubernetes.io/version: "v0.9.16" + app.kubernetes.io/version: "v0.9.18" app.kubernetes.io/managed-by: Helm rules: - apiGroups: @@ -12121,10 +12165,10 @@ kind: ClusterRoleBinding metadata: name: common-golang-external-secrets-cert-controller labels: - helm.sh/chart: external-secrets-0.9.16 + helm.sh/chart: external-secrets-0.9.18 app.kubernetes.io/name: external-secrets-cert-controller app.kubernetes.io/instance: common-golang-external-secrets - app.kubernetes.io/version: "v0.9.16" + app.kubernetes.io/version: "v0.9.18" app.kubernetes.io/managed-by: Helm roleRef: apiGroup: rbac.authorization.k8s.io @@ -12141,10 +12185,10 @@ kind: ClusterRoleBinding metadata: name: common-golang-external-secrets-controller labels: - helm.sh/chart: external-secrets-0.9.16 + helm.sh/chart: external-secrets-0.9.18 app.kubernetes.io/name: external-secrets app.kubernetes.io/instance: common-golang-external-secrets - app.kubernetes.io/version: "v0.9.16" + app.kubernetes.io/version: "v0.9.18" app.kubernetes.io/managed-by: Helm roleRef: apiGroup: rbac.authorization.k8s.io @@ -12177,10 +12221,10 @@ metadata: name: common-golang-external-secrets-leaderelection namespace: default labels: - helm.sh/chart: external-secrets-0.9.16 + helm.sh/chart: external-secrets-0.9.18 app.kubernetes.io/name: external-secrets app.kubernetes.io/instance: common-golang-external-secrets - app.kubernetes.io/version: "v0.9.16" + app.kubernetes.io/version: "v0.9.18" app.kubernetes.io/managed-by: Helm rules: - apiGroups: @@ -12216,10 +12260,10 @@ metadata: name: common-golang-external-secrets-leaderelection namespace: default labels: - helm.sh/chart: external-secrets-0.9.16 + helm.sh/chart: external-secrets-0.9.18 app.kubernetes.io/name: external-secrets app.kubernetes.io/instance: common-golang-external-secrets - app.kubernetes.io/version: "v0.9.16" + app.kubernetes.io/version: "v0.9.18" app.kubernetes.io/managed-by: Helm roleRef: apiGroup: rbac.authorization.k8s.io @@ -12237,10 +12281,10 @@ metadata: name: common-golang-external-secrets-webhook namespace: default labels: - helm.sh/chart: external-secrets-0.9.16 + helm.sh/chart: external-secrets-0.9.18 app.kubernetes.io/name: external-secrets-webhook app.kubernetes.io/instance: common-golang-external-secrets - app.kubernetes.io/version: "v0.9.16" + app.kubernetes.io/version: "v0.9.18" app.kubernetes.io/managed-by: Helm external-secrets.io/component: webhook spec: @@ -12261,10 +12305,10 @@ metadata: name: common-golang-external-secrets-cert-controller namespace: default labels: - helm.sh/chart: external-secrets-0.9.16 + helm.sh/chart: external-secrets-0.9.18 app.kubernetes.io/name: external-secrets-cert-controller app.kubernetes.io/instance: common-golang-external-secrets - app.kubernetes.io/version: "v0.9.16" + app.kubernetes.io/version: "v0.9.18" app.kubernetes.io/managed-by: Helm spec: replicas: 1 @@ -12276,10 +12320,10 @@ spec: template: metadata: labels: - helm.sh/chart: external-secrets-0.9.16 + helm.sh/chart: external-secrets-0.9.18 app.kubernetes.io/name: external-secrets-cert-controller app.kubernetes.io/instance: common-golang-external-secrets - app.kubernetes.io/version: "v0.9.16" + app.kubernetes.io/version: "v0.9.18" app.kubernetes.io/managed-by: Helm spec: serviceAccountName: external-secrets-cert-controller @@ -12294,7 +12338,7 @@ spec: - ALL readOnlyRootFilesystem: true runAsNonRoot: true - image: ghcr.io/external-secrets/external-secrets:v0.9.16-ubi + image: ghcr.io/external-secrets/external-secrets:v0.9.18-ubi imagePullPolicy: IfNotPresent args: - certcontroller @@ -12324,10 +12368,10 @@ metadata: name: common-golang-external-secrets namespace: default labels: - helm.sh/chart: external-secrets-0.9.16 + helm.sh/chart: external-secrets-0.9.18 app.kubernetes.io/name: external-secrets app.kubernetes.io/instance: common-golang-external-secrets - app.kubernetes.io/version: "v0.9.16" + app.kubernetes.io/version: "v0.9.18" app.kubernetes.io/managed-by: Helm spec: replicas: 1 @@ -12339,10 +12383,10 @@ spec: template: metadata: labels: - helm.sh/chart: external-secrets-0.9.16 + helm.sh/chart: external-secrets-0.9.18 app.kubernetes.io/name: external-secrets app.kubernetes.io/instance: common-golang-external-secrets - app.kubernetes.io/version: "v0.9.16" + app.kubernetes.io/version: "v0.9.18" app.kubernetes.io/managed-by: Helm spec: serviceAccountName: common-golang-external-secrets @@ -12357,7 +12401,7 @@ spec: - ALL readOnlyRootFilesystem: true runAsNonRoot: true - image: ghcr.io/external-secrets/external-secrets:v0.9.16-ubi + image: ghcr.io/external-secrets/external-secrets:v0.9.18-ubi imagePullPolicy: IfNotPresent args: - --concurrent=1 @@ -12366,6 +12410,7 @@ spec: - containerPort: 8080 protocol: TCP name: metrics + dnsPolicy: ClusterFirst --- # Source: golang-external-secrets/charts/external-secrets/templates/webhook-deployment.yaml apiVersion: apps/v1 @@ -12374,10 +12419,10 @@ metadata: name: common-golang-external-secrets-webhook namespace: default labels: - helm.sh/chart: external-secrets-0.9.16 + helm.sh/chart: external-secrets-0.9.18 app.kubernetes.io/name: external-secrets-webhook app.kubernetes.io/instance: common-golang-external-secrets - app.kubernetes.io/version: "v0.9.16" + app.kubernetes.io/version: "v0.9.18" app.kubernetes.io/managed-by: Helm spec: replicas: 1 @@ -12389,10 +12434,10 @@ spec: template: metadata: labels: - helm.sh/chart: external-secrets-0.9.16 + helm.sh/chart: external-secrets-0.9.18 app.kubernetes.io/name: external-secrets-webhook app.kubernetes.io/instance: common-golang-external-secrets - app.kubernetes.io/version: "v0.9.16" + app.kubernetes.io/version: "v0.9.18" app.kubernetes.io/managed-by: Helm spec: hostNetwork: false @@ -12407,7 +12452,7 @@ spec: - ALL readOnlyRootFilesystem: true runAsNonRoot: true - image: ghcr.io/external-secrets/external-secrets:v0.9.16-ubi + image: ghcr.io/external-secrets/external-secrets:v0.9.18-ubi imagePullPolicy: IfNotPresent args: - webhook @@ -12457,7 +12502,7 @@ spec: type: Secret name: hub-ca key: hub-kube-root-ca.crt - namespace: imperative + namespace: golang-external-secrets auth: kubernetes: diff --git a/tests/common-golang-external-secrets-industrial-edge-hub.expected.yaml b/tests/common-golang-external-secrets-industrial-edge-hub.expected.yaml index a0ad351a..2f0b9ac3 100644 --- a/tests/common-golang-external-secrets-industrial-edge-hub.expected.yaml +++ b/tests/common-golang-external-secrets-industrial-edge-hub.expected.yaml @@ -6,10 +6,10 @@ metadata: name: external-secrets-cert-controller namespace: default labels: - helm.sh/chart: external-secrets-0.9.16 + helm.sh/chart: external-secrets-0.9.18 app.kubernetes.io/name: external-secrets-cert-controller app.kubernetes.io/instance: common-golang-external-secrets - app.kubernetes.io/version: "v0.9.16" + app.kubernetes.io/version: "v0.9.18" app.kubernetes.io/managed-by: Helm --- # Source: golang-external-secrets/charts/external-secrets/templates/serviceaccount.yaml @@ -19,10 +19,10 @@ metadata: name: common-golang-external-secrets namespace: default labels: - helm.sh/chart: external-secrets-0.9.16 + helm.sh/chart: external-secrets-0.9.18 app.kubernetes.io/name: external-secrets app.kubernetes.io/instance: common-golang-external-secrets - app.kubernetes.io/version: "v0.9.16" + app.kubernetes.io/version: "v0.9.18" app.kubernetes.io/managed-by: Helm --- # Source: golang-external-secrets/charts/external-secrets/templates/webhook-serviceaccount.yaml @@ -32,10 +32,10 @@ metadata: name: external-secrets-webhook namespace: default labels: - helm.sh/chart: external-secrets-0.9.16 + helm.sh/chart: external-secrets-0.9.18 app.kubernetes.io/name: external-secrets-webhook app.kubernetes.io/instance: common-golang-external-secrets - app.kubernetes.io/version: "v0.9.16" + app.kubernetes.io/version: "v0.9.18" app.kubernetes.io/managed-by: Helm --- # Source: golang-external-secrets/charts/external-secrets/templates/webhook-secret.yaml @@ -45,10 +45,10 @@ metadata: name: common-golang-external-secrets-webhook namespace: default labels: - helm.sh/chart: external-secrets-0.9.16 + helm.sh/chart: external-secrets-0.9.18 app.kubernetes.io/name: external-secrets-webhook app.kubernetes.io/instance: common-golang-external-secrets - app.kubernetes.io/version: "v0.9.16" + app.kubernetes.io/version: "v0.9.18" app.kubernetes.io/managed-by: Helm external-secrets.io/component: webhook --- @@ -67,7 +67,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.14.0 + controller-gen.kubebuilder.io/version: v0.15.0 name: acraccesstokens.generators.external-secrets.io spec: group: generators.external-secrets.io @@ -263,7 +263,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.14.0 + controller-gen.kubebuilder.io/version: v0.15.0 name: clusterexternalsecrets.external-secrets.io spec: group: external-secrets.io @@ -780,11 +780,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string @@ -827,11 +829,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string @@ -844,7 +848,7 @@ spec: x-kubernetes-map-type: atomic type: array namespaces: - description: Choose namespaces by name. This field is ORed with anything that NamespaceSelector ends up choosing. + description: Choose namespaces by name. This field is ORed with anything that NamespaceSelectors ends up choosing. items: type: string type: array @@ -916,7 +920,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.14.0 + controller-gen.kubebuilder.io/version: v0.15.0 name: clustersecretstores.external-secrets.io spec: group: external-secrets.io @@ -2484,11 +2488,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string @@ -2921,6 +2927,23 @@ spec: authSecretRef: description: Auth configures how the operator authenticates with Azure. Required for ServicePrincipal auth type. Optional for WorkloadIdentity. properties: + clientCertificate: + description: The Azure ClientCertificate of the service principle used for authentication. + properties: + key: + description: |- + The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be + defaulted, in others it may be required. + type: string + name: + description: The name of the Secret resource being referred to. + type: string + namespace: + description: |- + Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults + to the namespace of the referent. + type: string + type: object clientId: description: The Azure clientId of the service principle or managed identity used for authentication. properties: @@ -5079,7 +5102,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.14.0 + controller-gen.kubebuilder.io/version: v0.15.0 name: ecrauthorizationtokens.generators.external-secrets.io spec: group: generators.external-secrets.io @@ -5246,7 +5269,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.14.0 + controller-gen.kubebuilder.io/version: v0.15.0 name: externalsecrets.external-secrets.io spec: group: external-secrets.io @@ -6051,7 +6074,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.14.0 + controller-gen.kubebuilder.io/version: v0.15.0 name: fakes.generators.external-secrets.io spec: group: generators.external-secrets.io @@ -6127,7 +6150,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.14.0 + controller-gen.kubebuilder.io/version: v0.15.0 name: gcraccesstokens.generators.external-secrets.io spec: group: generators.external-secrets.io @@ -6255,7 +6278,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.14.0 + controller-gen.kubebuilder.io/version: v0.15.0 name: githubaccesstokens.generators.external-secrets.io spec: group: generators.external-secrets.io @@ -6357,7 +6380,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.14.0 + controller-gen.kubebuilder.io/version: v0.15.0 name: passwords.generators.external-secrets.io spec: group: generators.external-secrets.io @@ -6455,7 +6478,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.14.0 + controller-gen.kubebuilder.io/version: v0.15.0 name: pushsecrets.external-secrets.io spec: group: external-secrets.io @@ -6586,11 +6609,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string @@ -6831,7 +6856,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.14.0 + controller-gen.kubebuilder.io/version: v0.15.0 name: secretstores.external-secrets.io spec: group: external-secrets.io @@ -8399,11 +8424,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string @@ -8836,6 +8863,23 @@ spec: authSecretRef: description: Auth configures how the operator authenticates with Azure. Required for ServicePrincipal auth type. Optional for WorkloadIdentity. properties: + clientCertificate: + description: The Azure ClientCertificate of the service principle used for authentication. + properties: + key: + description: |- + The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be + defaulted, in others it may be required. + type: string + name: + description: The name of the Secret resource being referred to. + type: string + namespace: + description: |- + Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults + to the namespace of the referent. + type: string + type: object clientId: description: The Azure clientId of the service principle or managed identity used for authentication. properties: @@ -10994,7 +11038,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.14.0 + controller-gen.kubebuilder.io/version: v0.15.0 name: vaultdynamicsecrets.generators.external-secrets.io spec: group: generators.external-secrets.io @@ -11686,7 +11730,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.14.0 + controller-gen.kubebuilder.io/version: v0.15.0 name: webhooks.generators.external-secrets.io spec: group: generators.external-secrets.io @@ -11834,10 +11878,10 @@ kind: ClusterRole metadata: name: common-golang-external-secrets-cert-controller labels: - helm.sh/chart: external-secrets-0.9.16 + helm.sh/chart: external-secrets-0.9.18 app.kubernetes.io/name: external-secrets-cert-controller app.kubernetes.io/instance: common-golang-external-secrets - app.kubernetes.io/version: "v0.9.16" + app.kubernetes.io/version: "v0.9.18" app.kubernetes.io/managed-by: Helm rules: - apiGroups: @@ -11901,10 +11945,10 @@ kind: ClusterRole metadata: name: common-golang-external-secrets-controller labels: - helm.sh/chart: external-secrets-0.9.16 + helm.sh/chart: external-secrets-0.9.18 app.kubernetes.io/name: external-secrets app.kubernetes.io/instance: common-golang-external-secrets - app.kubernetes.io/version: "v0.9.16" + app.kubernetes.io/version: "v0.9.18" app.kubernetes.io/managed-by: Helm rules: - apiGroups: @@ -12012,10 +12056,10 @@ kind: ClusterRole metadata: name: common-golang-external-secrets-view labels: - helm.sh/chart: external-secrets-0.9.16 + helm.sh/chart: external-secrets-0.9.18 app.kubernetes.io/name: external-secrets app.kubernetes.io/instance: common-golang-external-secrets - app.kubernetes.io/version: "v0.9.16" + app.kubernetes.io/version: "v0.9.18" app.kubernetes.io/managed-by: Helm rbac.authorization.k8s.io/aggregate-to-view: "true" rbac.authorization.k8s.io/aggregate-to-edit: "true" @@ -12054,10 +12098,10 @@ kind: ClusterRole metadata: name: common-golang-external-secrets-edit labels: - helm.sh/chart: external-secrets-0.9.16 + helm.sh/chart: external-secrets-0.9.18 app.kubernetes.io/name: external-secrets app.kubernetes.io/instance: common-golang-external-secrets - app.kubernetes.io/version: "v0.9.16" + app.kubernetes.io/version: "v0.9.18" app.kubernetes.io/managed-by: Helm rbac.authorization.k8s.io/aggregate-to-edit: "true" rbac.authorization.k8s.io/aggregate-to-admin: "true" @@ -12100,10 +12144,10 @@ metadata: name: common-golang-external-secrets-servicebindings labels: servicebinding.io/controller: "true" - helm.sh/chart: external-secrets-0.9.16 + helm.sh/chart: external-secrets-0.9.18 app.kubernetes.io/name: external-secrets app.kubernetes.io/instance: common-golang-external-secrets - app.kubernetes.io/version: "v0.9.16" + app.kubernetes.io/version: "v0.9.18" app.kubernetes.io/managed-by: Helm rules: - apiGroups: @@ -12121,10 +12165,10 @@ kind: ClusterRoleBinding metadata: name: common-golang-external-secrets-cert-controller labels: - helm.sh/chart: external-secrets-0.9.16 + helm.sh/chart: external-secrets-0.9.18 app.kubernetes.io/name: external-secrets-cert-controller app.kubernetes.io/instance: common-golang-external-secrets - app.kubernetes.io/version: "v0.9.16" + app.kubernetes.io/version: "v0.9.18" app.kubernetes.io/managed-by: Helm roleRef: apiGroup: rbac.authorization.k8s.io @@ -12141,10 +12185,10 @@ kind: ClusterRoleBinding metadata: name: common-golang-external-secrets-controller labels: - helm.sh/chart: external-secrets-0.9.16 + helm.sh/chart: external-secrets-0.9.18 app.kubernetes.io/name: external-secrets app.kubernetes.io/instance: common-golang-external-secrets - app.kubernetes.io/version: "v0.9.16" + app.kubernetes.io/version: "v0.9.18" app.kubernetes.io/managed-by: Helm roleRef: apiGroup: rbac.authorization.k8s.io @@ -12177,10 +12221,10 @@ metadata: name: common-golang-external-secrets-leaderelection namespace: default labels: - helm.sh/chart: external-secrets-0.9.16 + helm.sh/chart: external-secrets-0.9.18 app.kubernetes.io/name: external-secrets app.kubernetes.io/instance: common-golang-external-secrets - app.kubernetes.io/version: "v0.9.16" + app.kubernetes.io/version: "v0.9.18" app.kubernetes.io/managed-by: Helm rules: - apiGroups: @@ -12216,10 +12260,10 @@ metadata: name: common-golang-external-secrets-leaderelection namespace: default labels: - helm.sh/chart: external-secrets-0.9.16 + helm.sh/chart: external-secrets-0.9.18 app.kubernetes.io/name: external-secrets app.kubernetes.io/instance: common-golang-external-secrets - app.kubernetes.io/version: "v0.9.16" + app.kubernetes.io/version: "v0.9.18" app.kubernetes.io/managed-by: Helm roleRef: apiGroup: rbac.authorization.k8s.io @@ -12237,10 +12281,10 @@ metadata: name: common-golang-external-secrets-webhook namespace: default labels: - helm.sh/chart: external-secrets-0.9.16 + helm.sh/chart: external-secrets-0.9.18 app.kubernetes.io/name: external-secrets-webhook app.kubernetes.io/instance: common-golang-external-secrets - app.kubernetes.io/version: "v0.9.16" + app.kubernetes.io/version: "v0.9.18" app.kubernetes.io/managed-by: Helm external-secrets.io/component: webhook spec: @@ -12261,10 +12305,10 @@ metadata: name: common-golang-external-secrets-cert-controller namespace: default labels: - helm.sh/chart: external-secrets-0.9.16 + helm.sh/chart: external-secrets-0.9.18 app.kubernetes.io/name: external-secrets-cert-controller app.kubernetes.io/instance: common-golang-external-secrets - app.kubernetes.io/version: "v0.9.16" + app.kubernetes.io/version: "v0.9.18" app.kubernetes.io/managed-by: Helm spec: replicas: 1 @@ -12276,10 +12320,10 @@ spec: template: metadata: labels: - helm.sh/chart: external-secrets-0.9.16 + helm.sh/chart: external-secrets-0.9.18 app.kubernetes.io/name: external-secrets-cert-controller app.kubernetes.io/instance: common-golang-external-secrets - app.kubernetes.io/version: "v0.9.16" + app.kubernetes.io/version: "v0.9.18" app.kubernetes.io/managed-by: Helm spec: serviceAccountName: external-secrets-cert-controller @@ -12294,7 +12338,7 @@ spec: - ALL readOnlyRootFilesystem: true runAsNonRoot: true - image: ghcr.io/external-secrets/external-secrets:v0.9.16-ubi + image: ghcr.io/external-secrets/external-secrets:v0.9.18-ubi imagePullPolicy: IfNotPresent args: - certcontroller @@ -12324,10 +12368,10 @@ metadata: name: common-golang-external-secrets namespace: default labels: - helm.sh/chart: external-secrets-0.9.16 + helm.sh/chart: external-secrets-0.9.18 app.kubernetes.io/name: external-secrets app.kubernetes.io/instance: common-golang-external-secrets - app.kubernetes.io/version: "v0.9.16" + app.kubernetes.io/version: "v0.9.18" app.kubernetes.io/managed-by: Helm spec: replicas: 1 @@ -12339,10 +12383,10 @@ spec: template: metadata: labels: - helm.sh/chart: external-secrets-0.9.16 + helm.sh/chart: external-secrets-0.9.18 app.kubernetes.io/name: external-secrets app.kubernetes.io/instance: common-golang-external-secrets - app.kubernetes.io/version: "v0.9.16" + app.kubernetes.io/version: "v0.9.18" app.kubernetes.io/managed-by: Helm spec: serviceAccountName: common-golang-external-secrets @@ -12357,7 +12401,7 @@ spec: - ALL readOnlyRootFilesystem: true runAsNonRoot: true - image: ghcr.io/external-secrets/external-secrets:v0.9.16-ubi + image: ghcr.io/external-secrets/external-secrets:v0.9.18-ubi imagePullPolicy: IfNotPresent args: - --concurrent=1 @@ -12366,6 +12410,7 @@ spec: - containerPort: 8080 protocol: TCP name: metrics + dnsPolicy: ClusterFirst --- # Source: golang-external-secrets/charts/external-secrets/templates/webhook-deployment.yaml apiVersion: apps/v1 @@ -12374,10 +12419,10 @@ metadata: name: common-golang-external-secrets-webhook namespace: default labels: - helm.sh/chart: external-secrets-0.9.16 + helm.sh/chart: external-secrets-0.9.18 app.kubernetes.io/name: external-secrets-webhook app.kubernetes.io/instance: common-golang-external-secrets - app.kubernetes.io/version: "v0.9.16" + app.kubernetes.io/version: "v0.9.18" app.kubernetes.io/managed-by: Helm spec: replicas: 1 @@ -12389,10 +12434,10 @@ spec: template: metadata: labels: - helm.sh/chart: external-secrets-0.9.16 + helm.sh/chart: external-secrets-0.9.18 app.kubernetes.io/name: external-secrets-webhook app.kubernetes.io/instance: common-golang-external-secrets - app.kubernetes.io/version: "v0.9.16" + app.kubernetes.io/version: "v0.9.18" app.kubernetes.io/managed-by: Helm spec: hostNetwork: false @@ -12407,7 +12452,7 @@ spec: - ALL readOnlyRootFilesystem: true runAsNonRoot: true - image: ghcr.io/external-secrets/external-secrets:v0.9.16-ubi + image: ghcr.io/external-secrets/external-secrets:v0.9.18-ubi imagePullPolicy: IfNotPresent args: - webhook diff --git a/tests/common-golang-external-secrets-medical-diagnosis-hub.expected.yaml b/tests/common-golang-external-secrets-medical-diagnosis-hub.expected.yaml index a0ad351a..2f0b9ac3 100644 --- a/tests/common-golang-external-secrets-medical-diagnosis-hub.expected.yaml +++ b/tests/common-golang-external-secrets-medical-diagnosis-hub.expected.yaml @@ -6,10 +6,10 @@ metadata: name: external-secrets-cert-controller namespace: default labels: - helm.sh/chart: external-secrets-0.9.16 + helm.sh/chart: external-secrets-0.9.18 app.kubernetes.io/name: external-secrets-cert-controller app.kubernetes.io/instance: common-golang-external-secrets - app.kubernetes.io/version: "v0.9.16" + app.kubernetes.io/version: "v0.9.18" app.kubernetes.io/managed-by: Helm --- # Source: golang-external-secrets/charts/external-secrets/templates/serviceaccount.yaml @@ -19,10 +19,10 @@ metadata: name: common-golang-external-secrets namespace: default labels: - helm.sh/chart: external-secrets-0.9.16 + helm.sh/chart: external-secrets-0.9.18 app.kubernetes.io/name: external-secrets app.kubernetes.io/instance: common-golang-external-secrets - app.kubernetes.io/version: "v0.9.16" + app.kubernetes.io/version: "v0.9.18" app.kubernetes.io/managed-by: Helm --- # Source: golang-external-secrets/charts/external-secrets/templates/webhook-serviceaccount.yaml @@ -32,10 +32,10 @@ metadata: name: external-secrets-webhook namespace: default labels: - helm.sh/chart: external-secrets-0.9.16 + helm.sh/chart: external-secrets-0.9.18 app.kubernetes.io/name: external-secrets-webhook app.kubernetes.io/instance: common-golang-external-secrets - app.kubernetes.io/version: "v0.9.16" + app.kubernetes.io/version: "v0.9.18" app.kubernetes.io/managed-by: Helm --- # Source: golang-external-secrets/charts/external-secrets/templates/webhook-secret.yaml @@ -45,10 +45,10 @@ metadata: name: common-golang-external-secrets-webhook namespace: default labels: - helm.sh/chart: external-secrets-0.9.16 + helm.sh/chart: external-secrets-0.9.18 app.kubernetes.io/name: external-secrets-webhook app.kubernetes.io/instance: common-golang-external-secrets - app.kubernetes.io/version: "v0.9.16" + app.kubernetes.io/version: "v0.9.18" app.kubernetes.io/managed-by: Helm external-secrets.io/component: webhook --- @@ -67,7 +67,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.14.0 + controller-gen.kubebuilder.io/version: v0.15.0 name: acraccesstokens.generators.external-secrets.io spec: group: generators.external-secrets.io @@ -263,7 +263,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.14.0 + controller-gen.kubebuilder.io/version: v0.15.0 name: clusterexternalsecrets.external-secrets.io spec: group: external-secrets.io @@ -780,11 +780,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string @@ -827,11 +829,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string @@ -844,7 +848,7 @@ spec: x-kubernetes-map-type: atomic type: array namespaces: - description: Choose namespaces by name. This field is ORed with anything that NamespaceSelector ends up choosing. + description: Choose namespaces by name. This field is ORed with anything that NamespaceSelectors ends up choosing. items: type: string type: array @@ -916,7 +920,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.14.0 + controller-gen.kubebuilder.io/version: v0.15.0 name: clustersecretstores.external-secrets.io spec: group: external-secrets.io @@ -2484,11 +2488,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string @@ -2921,6 +2927,23 @@ spec: authSecretRef: description: Auth configures how the operator authenticates with Azure. Required for ServicePrincipal auth type. Optional for WorkloadIdentity. properties: + clientCertificate: + description: The Azure ClientCertificate of the service principle used for authentication. + properties: + key: + description: |- + The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be + defaulted, in others it may be required. + type: string + name: + description: The name of the Secret resource being referred to. + type: string + namespace: + description: |- + Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults + to the namespace of the referent. + type: string + type: object clientId: description: The Azure clientId of the service principle or managed identity used for authentication. properties: @@ -5079,7 +5102,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.14.0 + controller-gen.kubebuilder.io/version: v0.15.0 name: ecrauthorizationtokens.generators.external-secrets.io spec: group: generators.external-secrets.io @@ -5246,7 +5269,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.14.0 + controller-gen.kubebuilder.io/version: v0.15.0 name: externalsecrets.external-secrets.io spec: group: external-secrets.io @@ -6051,7 +6074,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.14.0 + controller-gen.kubebuilder.io/version: v0.15.0 name: fakes.generators.external-secrets.io spec: group: generators.external-secrets.io @@ -6127,7 +6150,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.14.0 + controller-gen.kubebuilder.io/version: v0.15.0 name: gcraccesstokens.generators.external-secrets.io spec: group: generators.external-secrets.io @@ -6255,7 +6278,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.14.0 + controller-gen.kubebuilder.io/version: v0.15.0 name: githubaccesstokens.generators.external-secrets.io spec: group: generators.external-secrets.io @@ -6357,7 +6380,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.14.0 + controller-gen.kubebuilder.io/version: v0.15.0 name: passwords.generators.external-secrets.io spec: group: generators.external-secrets.io @@ -6455,7 +6478,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.14.0 + controller-gen.kubebuilder.io/version: v0.15.0 name: pushsecrets.external-secrets.io spec: group: external-secrets.io @@ -6586,11 +6609,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string @@ -6831,7 +6856,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.14.0 + controller-gen.kubebuilder.io/version: v0.15.0 name: secretstores.external-secrets.io spec: group: external-secrets.io @@ -8399,11 +8424,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string @@ -8836,6 +8863,23 @@ spec: authSecretRef: description: Auth configures how the operator authenticates with Azure. Required for ServicePrincipal auth type. Optional for WorkloadIdentity. properties: + clientCertificate: + description: The Azure ClientCertificate of the service principle used for authentication. + properties: + key: + description: |- + The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be + defaulted, in others it may be required. + type: string + name: + description: The name of the Secret resource being referred to. + type: string + namespace: + description: |- + Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults + to the namespace of the referent. + type: string + type: object clientId: description: The Azure clientId of the service principle or managed identity used for authentication. properties: @@ -10994,7 +11038,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.14.0 + controller-gen.kubebuilder.io/version: v0.15.0 name: vaultdynamicsecrets.generators.external-secrets.io spec: group: generators.external-secrets.io @@ -11686,7 +11730,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.14.0 + controller-gen.kubebuilder.io/version: v0.15.0 name: webhooks.generators.external-secrets.io spec: group: generators.external-secrets.io @@ -11834,10 +11878,10 @@ kind: ClusterRole metadata: name: common-golang-external-secrets-cert-controller labels: - helm.sh/chart: external-secrets-0.9.16 + helm.sh/chart: external-secrets-0.9.18 app.kubernetes.io/name: external-secrets-cert-controller app.kubernetes.io/instance: common-golang-external-secrets - app.kubernetes.io/version: "v0.9.16" + app.kubernetes.io/version: "v0.9.18" app.kubernetes.io/managed-by: Helm rules: - apiGroups: @@ -11901,10 +11945,10 @@ kind: ClusterRole metadata: name: common-golang-external-secrets-controller labels: - helm.sh/chart: external-secrets-0.9.16 + helm.sh/chart: external-secrets-0.9.18 app.kubernetes.io/name: external-secrets app.kubernetes.io/instance: common-golang-external-secrets - app.kubernetes.io/version: "v0.9.16" + app.kubernetes.io/version: "v0.9.18" app.kubernetes.io/managed-by: Helm rules: - apiGroups: @@ -12012,10 +12056,10 @@ kind: ClusterRole metadata: name: common-golang-external-secrets-view labels: - helm.sh/chart: external-secrets-0.9.16 + helm.sh/chart: external-secrets-0.9.18 app.kubernetes.io/name: external-secrets app.kubernetes.io/instance: common-golang-external-secrets - app.kubernetes.io/version: "v0.9.16" + app.kubernetes.io/version: "v0.9.18" app.kubernetes.io/managed-by: Helm rbac.authorization.k8s.io/aggregate-to-view: "true" rbac.authorization.k8s.io/aggregate-to-edit: "true" @@ -12054,10 +12098,10 @@ kind: ClusterRole metadata: name: common-golang-external-secrets-edit labels: - helm.sh/chart: external-secrets-0.9.16 + helm.sh/chart: external-secrets-0.9.18 app.kubernetes.io/name: external-secrets app.kubernetes.io/instance: common-golang-external-secrets - app.kubernetes.io/version: "v0.9.16" + app.kubernetes.io/version: "v0.9.18" app.kubernetes.io/managed-by: Helm rbac.authorization.k8s.io/aggregate-to-edit: "true" rbac.authorization.k8s.io/aggregate-to-admin: "true" @@ -12100,10 +12144,10 @@ metadata: name: common-golang-external-secrets-servicebindings labels: servicebinding.io/controller: "true" - helm.sh/chart: external-secrets-0.9.16 + helm.sh/chart: external-secrets-0.9.18 app.kubernetes.io/name: external-secrets app.kubernetes.io/instance: common-golang-external-secrets - app.kubernetes.io/version: "v0.9.16" + app.kubernetes.io/version: "v0.9.18" app.kubernetes.io/managed-by: Helm rules: - apiGroups: @@ -12121,10 +12165,10 @@ kind: ClusterRoleBinding metadata: name: common-golang-external-secrets-cert-controller labels: - helm.sh/chart: external-secrets-0.9.16 + helm.sh/chart: external-secrets-0.9.18 app.kubernetes.io/name: external-secrets-cert-controller app.kubernetes.io/instance: common-golang-external-secrets - app.kubernetes.io/version: "v0.9.16" + app.kubernetes.io/version: "v0.9.18" app.kubernetes.io/managed-by: Helm roleRef: apiGroup: rbac.authorization.k8s.io @@ -12141,10 +12185,10 @@ kind: ClusterRoleBinding metadata: name: common-golang-external-secrets-controller labels: - helm.sh/chart: external-secrets-0.9.16 + helm.sh/chart: external-secrets-0.9.18 app.kubernetes.io/name: external-secrets app.kubernetes.io/instance: common-golang-external-secrets - app.kubernetes.io/version: "v0.9.16" + app.kubernetes.io/version: "v0.9.18" app.kubernetes.io/managed-by: Helm roleRef: apiGroup: rbac.authorization.k8s.io @@ -12177,10 +12221,10 @@ metadata: name: common-golang-external-secrets-leaderelection namespace: default labels: - helm.sh/chart: external-secrets-0.9.16 + helm.sh/chart: external-secrets-0.9.18 app.kubernetes.io/name: external-secrets app.kubernetes.io/instance: common-golang-external-secrets - app.kubernetes.io/version: "v0.9.16" + app.kubernetes.io/version: "v0.9.18" app.kubernetes.io/managed-by: Helm rules: - apiGroups: @@ -12216,10 +12260,10 @@ metadata: name: common-golang-external-secrets-leaderelection namespace: default labels: - helm.sh/chart: external-secrets-0.9.16 + helm.sh/chart: external-secrets-0.9.18 app.kubernetes.io/name: external-secrets app.kubernetes.io/instance: common-golang-external-secrets - app.kubernetes.io/version: "v0.9.16" + app.kubernetes.io/version: "v0.9.18" app.kubernetes.io/managed-by: Helm roleRef: apiGroup: rbac.authorization.k8s.io @@ -12237,10 +12281,10 @@ metadata: name: common-golang-external-secrets-webhook namespace: default labels: - helm.sh/chart: external-secrets-0.9.16 + helm.sh/chart: external-secrets-0.9.18 app.kubernetes.io/name: external-secrets-webhook app.kubernetes.io/instance: common-golang-external-secrets - app.kubernetes.io/version: "v0.9.16" + app.kubernetes.io/version: "v0.9.18" app.kubernetes.io/managed-by: Helm external-secrets.io/component: webhook spec: @@ -12261,10 +12305,10 @@ metadata: name: common-golang-external-secrets-cert-controller namespace: default labels: - helm.sh/chart: external-secrets-0.9.16 + helm.sh/chart: external-secrets-0.9.18 app.kubernetes.io/name: external-secrets-cert-controller app.kubernetes.io/instance: common-golang-external-secrets - app.kubernetes.io/version: "v0.9.16" + app.kubernetes.io/version: "v0.9.18" app.kubernetes.io/managed-by: Helm spec: replicas: 1 @@ -12276,10 +12320,10 @@ spec: template: metadata: labels: - helm.sh/chart: external-secrets-0.9.16 + helm.sh/chart: external-secrets-0.9.18 app.kubernetes.io/name: external-secrets-cert-controller app.kubernetes.io/instance: common-golang-external-secrets - app.kubernetes.io/version: "v0.9.16" + app.kubernetes.io/version: "v0.9.18" app.kubernetes.io/managed-by: Helm spec: serviceAccountName: external-secrets-cert-controller @@ -12294,7 +12338,7 @@ spec: - ALL readOnlyRootFilesystem: true runAsNonRoot: true - image: ghcr.io/external-secrets/external-secrets:v0.9.16-ubi + image: ghcr.io/external-secrets/external-secrets:v0.9.18-ubi imagePullPolicy: IfNotPresent args: - certcontroller @@ -12324,10 +12368,10 @@ metadata: name: common-golang-external-secrets namespace: default labels: - helm.sh/chart: external-secrets-0.9.16 + helm.sh/chart: external-secrets-0.9.18 app.kubernetes.io/name: external-secrets app.kubernetes.io/instance: common-golang-external-secrets - app.kubernetes.io/version: "v0.9.16" + app.kubernetes.io/version: "v0.9.18" app.kubernetes.io/managed-by: Helm spec: replicas: 1 @@ -12339,10 +12383,10 @@ spec: template: metadata: labels: - helm.sh/chart: external-secrets-0.9.16 + helm.sh/chart: external-secrets-0.9.18 app.kubernetes.io/name: external-secrets app.kubernetes.io/instance: common-golang-external-secrets - app.kubernetes.io/version: "v0.9.16" + app.kubernetes.io/version: "v0.9.18" app.kubernetes.io/managed-by: Helm spec: serviceAccountName: common-golang-external-secrets @@ -12357,7 +12401,7 @@ spec: - ALL readOnlyRootFilesystem: true runAsNonRoot: true - image: ghcr.io/external-secrets/external-secrets:v0.9.16-ubi + image: ghcr.io/external-secrets/external-secrets:v0.9.18-ubi imagePullPolicy: IfNotPresent args: - --concurrent=1 @@ -12366,6 +12410,7 @@ spec: - containerPort: 8080 protocol: TCP name: metrics + dnsPolicy: ClusterFirst --- # Source: golang-external-secrets/charts/external-secrets/templates/webhook-deployment.yaml apiVersion: apps/v1 @@ -12374,10 +12419,10 @@ metadata: name: common-golang-external-secrets-webhook namespace: default labels: - helm.sh/chart: external-secrets-0.9.16 + helm.sh/chart: external-secrets-0.9.18 app.kubernetes.io/name: external-secrets-webhook app.kubernetes.io/instance: common-golang-external-secrets - app.kubernetes.io/version: "v0.9.16" + app.kubernetes.io/version: "v0.9.18" app.kubernetes.io/managed-by: Helm spec: replicas: 1 @@ -12389,10 +12434,10 @@ spec: template: metadata: labels: - helm.sh/chart: external-secrets-0.9.16 + helm.sh/chart: external-secrets-0.9.18 app.kubernetes.io/name: external-secrets-webhook app.kubernetes.io/instance: common-golang-external-secrets - app.kubernetes.io/version: "v0.9.16" + app.kubernetes.io/version: "v0.9.18" app.kubernetes.io/managed-by: Helm spec: hostNetwork: false @@ -12407,7 +12452,7 @@ spec: - ALL readOnlyRootFilesystem: true runAsNonRoot: true - image: ghcr.io/external-secrets/external-secrets:v0.9.16-ubi + image: ghcr.io/external-secrets/external-secrets:v0.9.18-ubi imagePullPolicy: IfNotPresent args: - webhook diff --git a/tests/common-golang-external-secrets-naked.expected.yaml b/tests/common-golang-external-secrets-naked.expected.yaml index 3d54dd63..dc6b146d 100644 --- a/tests/common-golang-external-secrets-naked.expected.yaml +++ b/tests/common-golang-external-secrets-naked.expected.yaml @@ -6,10 +6,10 @@ metadata: name: external-secrets-cert-controller namespace: default labels: - helm.sh/chart: external-secrets-0.9.16 + helm.sh/chart: external-secrets-0.9.18 app.kubernetes.io/name: external-secrets-cert-controller app.kubernetes.io/instance: common-golang-external-secrets - app.kubernetes.io/version: "v0.9.16" + app.kubernetes.io/version: "v0.9.18" app.kubernetes.io/managed-by: Helm --- # Source: golang-external-secrets/charts/external-secrets/templates/serviceaccount.yaml @@ -19,10 +19,10 @@ metadata: name: common-golang-external-secrets namespace: default labels: - helm.sh/chart: external-secrets-0.9.16 + helm.sh/chart: external-secrets-0.9.18 app.kubernetes.io/name: external-secrets app.kubernetes.io/instance: common-golang-external-secrets - app.kubernetes.io/version: "v0.9.16" + app.kubernetes.io/version: "v0.9.18" app.kubernetes.io/managed-by: Helm --- # Source: golang-external-secrets/charts/external-secrets/templates/webhook-serviceaccount.yaml @@ -32,10 +32,10 @@ metadata: name: external-secrets-webhook namespace: default labels: - helm.sh/chart: external-secrets-0.9.16 + helm.sh/chart: external-secrets-0.9.18 app.kubernetes.io/name: external-secrets-webhook app.kubernetes.io/instance: common-golang-external-secrets - app.kubernetes.io/version: "v0.9.16" + app.kubernetes.io/version: "v0.9.18" app.kubernetes.io/managed-by: Helm --- # Source: golang-external-secrets/charts/external-secrets/templates/webhook-secret.yaml @@ -45,10 +45,10 @@ metadata: name: common-golang-external-secrets-webhook namespace: default labels: - helm.sh/chart: external-secrets-0.9.16 + helm.sh/chart: external-secrets-0.9.18 app.kubernetes.io/name: external-secrets-webhook app.kubernetes.io/instance: common-golang-external-secrets - app.kubernetes.io/version: "v0.9.16" + app.kubernetes.io/version: "v0.9.18" app.kubernetes.io/managed-by: Helm external-secrets.io/component: webhook --- @@ -67,7 +67,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.14.0 + controller-gen.kubebuilder.io/version: v0.15.0 name: acraccesstokens.generators.external-secrets.io spec: group: generators.external-secrets.io @@ -263,7 +263,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.14.0 + controller-gen.kubebuilder.io/version: v0.15.0 name: clusterexternalsecrets.external-secrets.io spec: group: external-secrets.io @@ -780,11 +780,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string @@ -827,11 +829,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string @@ -844,7 +848,7 @@ spec: x-kubernetes-map-type: atomic type: array namespaces: - description: Choose namespaces by name. This field is ORed with anything that NamespaceSelector ends up choosing. + description: Choose namespaces by name. This field is ORed with anything that NamespaceSelectors ends up choosing. items: type: string type: array @@ -916,7 +920,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.14.0 + controller-gen.kubebuilder.io/version: v0.15.0 name: clustersecretstores.external-secrets.io spec: group: external-secrets.io @@ -2484,11 +2488,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string @@ -2921,6 +2927,23 @@ spec: authSecretRef: description: Auth configures how the operator authenticates with Azure. Required for ServicePrincipal auth type. Optional for WorkloadIdentity. properties: + clientCertificate: + description: The Azure ClientCertificate of the service principle used for authentication. + properties: + key: + description: |- + The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be + defaulted, in others it may be required. + type: string + name: + description: The name of the Secret resource being referred to. + type: string + namespace: + description: |- + Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults + to the namespace of the referent. + type: string + type: object clientId: description: The Azure clientId of the service principle or managed identity used for authentication. properties: @@ -5079,7 +5102,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.14.0 + controller-gen.kubebuilder.io/version: v0.15.0 name: ecrauthorizationtokens.generators.external-secrets.io spec: group: generators.external-secrets.io @@ -5246,7 +5269,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.14.0 + controller-gen.kubebuilder.io/version: v0.15.0 name: externalsecrets.external-secrets.io spec: group: external-secrets.io @@ -6051,7 +6074,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.14.0 + controller-gen.kubebuilder.io/version: v0.15.0 name: fakes.generators.external-secrets.io spec: group: generators.external-secrets.io @@ -6127,7 +6150,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.14.0 + controller-gen.kubebuilder.io/version: v0.15.0 name: gcraccesstokens.generators.external-secrets.io spec: group: generators.external-secrets.io @@ -6255,7 +6278,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.14.0 + controller-gen.kubebuilder.io/version: v0.15.0 name: githubaccesstokens.generators.external-secrets.io spec: group: generators.external-secrets.io @@ -6357,7 +6380,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.14.0 + controller-gen.kubebuilder.io/version: v0.15.0 name: passwords.generators.external-secrets.io spec: group: generators.external-secrets.io @@ -6455,7 +6478,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.14.0 + controller-gen.kubebuilder.io/version: v0.15.0 name: pushsecrets.external-secrets.io spec: group: external-secrets.io @@ -6586,11 +6609,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string @@ -6831,7 +6856,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.14.0 + controller-gen.kubebuilder.io/version: v0.15.0 name: secretstores.external-secrets.io spec: group: external-secrets.io @@ -8399,11 +8424,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string @@ -8836,6 +8863,23 @@ spec: authSecretRef: description: Auth configures how the operator authenticates with Azure. Required for ServicePrincipal auth type. Optional for WorkloadIdentity. properties: + clientCertificate: + description: The Azure ClientCertificate of the service principle used for authentication. + properties: + key: + description: |- + The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be + defaulted, in others it may be required. + type: string + name: + description: The name of the Secret resource being referred to. + type: string + namespace: + description: |- + Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults + to the namespace of the referent. + type: string + type: object clientId: description: The Azure clientId of the service principle or managed identity used for authentication. properties: @@ -10994,7 +11038,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.14.0 + controller-gen.kubebuilder.io/version: v0.15.0 name: vaultdynamicsecrets.generators.external-secrets.io spec: group: generators.external-secrets.io @@ -11686,7 +11730,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.14.0 + controller-gen.kubebuilder.io/version: v0.15.0 name: webhooks.generators.external-secrets.io spec: group: generators.external-secrets.io @@ -11834,10 +11878,10 @@ kind: ClusterRole metadata: name: common-golang-external-secrets-cert-controller labels: - helm.sh/chart: external-secrets-0.9.16 + helm.sh/chart: external-secrets-0.9.18 app.kubernetes.io/name: external-secrets-cert-controller app.kubernetes.io/instance: common-golang-external-secrets - app.kubernetes.io/version: "v0.9.16" + app.kubernetes.io/version: "v0.9.18" app.kubernetes.io/managed-by: Helm rules: - apiGroups: @@ -11901,10 +11945,10 @@ kind: ClusterRole metadata: name: common-golang-external-secrets-controller labels: - helm.sh/chart: external-secrets-0.9.16 + helm.sh/chart: external-secrets-0.9.18 app.kubernetes.io/name: external-secrets app.kubernetes.io/instance: common-golang-external-secrets - app.kubernetes.io/version: "v0.9.16" + app.kubernetes.io/version: "v0.9.18" app.kubernetes.io/managed-by: Helm rules: - apiGroups: @@ -12012,10 +12056,10 @@ kind: ClusterRole metadata: name: common-golang-external-secrets-view labels: - helm.sh/chart: external-secrets-0.9.16 + helm.sh/chart: external-secrets-0.9.18 app.kubernetes.io/name: external-secrets app.kubernetes.io/instance: common-golang-external-secrets - app.kubernetes.io/version: "v0.9.16" + app.kubernetes.io/version: "v0.9.18" app.kubernetes.io/managed-by: Helm rbac.authorization.k8s.io/aggregate-to-view: "true" rbac.authorization.k8s.io/aggregate-to-edit: "true" @@ -12054,10 +12098,10 @@ kind: ClusterRole metadata: name: common-golang-external-secrets-edit labels: - helm.sh/chart: external-secrets-0.9.16 + helm.sh/chart: external-secrets-0.9.18 app.kubernetes.io/name: external-secrets app.kubernetes.io/instance: common-golang-external-secrets - app.kubernetes.io/version: "v0.9.16" + app.kubernetes.io/version: "v0.9.18" app.kubernetes.io/managed-by: Helm rbac.authorization.k8s.io/aggregate-to-edit: "true" rbac.authorization.k8s.io/aggregate-to-admin: "true" @@ -12100,10 +12144,10 @@ metadata: name: common-golang-external-secrets-servicebindings labels: servicebinding.io/controller: "true" - helm.sh/chart: external-secrets-0.9.16 + helm.sh/chart: external-secrets-0.9.18 app.kubernetes.io/name: external-secrets app.kubernetes.io/instance: common-golang-external-secrets - app.kubernetes.io/version: "v0.9.16" + app.kubernetes.io/version: "v0.9.18" app.kubernetes.io/managed-by: Helm rules: - apiGroups: @@ -12121,10 +12165,10 @@ kind: ClusterRoleBinding metadata: name: common-golang-external-secrets-cert-controller labels: - helm.sh/chart: external-secrets-0.9.16 + helm.sh/chart: external-secrets-0.9.18 app.kubernetes.io/name: external-secrets-cert-controller app.kubernetes.io/instance: common-golang-external-secrets - app.kubernetes.io/version: "v0.9.16" + app.kubernetes.io/version: "v0.9.18" app.kubernetes.io/managed-by: Helm roleRef: apiGroup: rbac.authorization.k8s.io @@ -12141,10 +12185,10 @@ kind: ClusterRoleBinding metadata: name: common-golang-external-secrets-controller labels: - helm.sh/chart: external-secrets-0.9.16 + helm.sh/chart: external-secrets-0.9.18 app.kubernetes.io/name: external-secrets app.kubernetes.io/instance: common-golang-external-secrets - app.kubernetes.io/version: "v0.9.16" + app.kubernetes.io/version: "v0.9.18" app.kubernetes.io/managed-by: Helm roleRef: apiGroup: rbac.authorization.k8s.io @@ -12177,10 +12221,10 @@ metadata: name: common-golang-external-secrets-leaderelection namespace: default labels: - helm.sh/chart: external-secrets-0.9.16 + helm.sh/chart: external-secrets-0.9.18 app.kubernetes.io/name: external-secrets app.kubernetes.io/instance: common-golang-external-secrets - app.kubernetes.io/version: "v0.9.16" + app.kubernetes.io/version: "v0.9.18" app.kubernetes.io/managed-by: Helm rules: - apiGroups: @@ -12216,10 +12260,10 @@ metadata: name: common-golang-external-secrets-leaderelection namespace: default labels: - helm.sh/chart: external-secrets-0.9.16 + helm.sh/chart: external-secrets-0.9.18 app.kubernetes.io/name: external-secrets app.kubernetes.io/instance: common-golang-external-secrets - app.kubernetes.io/version: "v0.9.16" + app.kubernetes.io/version: "v0.9.18" app.kubernetes.io/managed-by: Helm roleRef: apiGroup: rbac.authorization.k8s.io @@ -12237,10 +12281,10 @@ metadata: name: common-golang-external-secrets-webhook namespace: default labels: - helm.sh/chart: external-secrets-0.9.16 + helm.sh/chart: external-secrets-0.9.18 app.kubernetes.io/name: external-secrets-webhook app.kubernetes.io/instance: common-golang-external-secrets - app.kubernetes.io/version: "v0.9.16" + app.kubernetes.io/version: "v0.9.18" app.kubernetes.io/managed-by: Helm external-secrets.io/component: webhook spec: @@ -12261,10 +12305,10 @@ metadata: name: common-golang-external-secrets-cert-controller namespace: default labels: - helm.sh/chart: external-secrets-0.9.16 + helm.sh/chart: external-secrets-0.9.18 app.kubernetes.io/name: external-secrets-cert-controller app.kubernetes.io/instance: common-golang-external-secrets - app.kubernetes.io/version: "v0.9.16" + app.kubernetes.io/version: "v0.9.18" app.kubernetes.io/managed-by: Helm spec: replicas: 1 @@ -12276,10 +12320,10 @@ spec: template: metadata: labels: - helm.sh/chart: external-secrets-0.9.16 + helm.sh/chart: external-secrets-0.9.18 app.kubernetes.io/name: external-secrets-cert-controller app.kubernetes.io/instance: common-golang-external-secrets - app.kubernetes.io/version: "v0.9.16" + app.kubernetes.io/version: "v0.9.18" app.kubernetes.io/managed-by: Helm spec: serviceAccountName: external-secrets-cert-controller @@ -12294,7 +12338,7 @@ spec: - ALL readOnlyRootFilesystem: true runAsNonRoot: true - image: ghcr.io/external-secrets/external-secrets:v0.9.16-ubi + image: ghcr.io/external-secrets/external-secrets:v0.9.18-ubi imagePullPolicy: IfNotPresent args: - certcontroller @@ -12324,10 +12368,10 @@ metadata: name: common-golang-external-secrets namespace: default labels: - helm.sh/chart: external-secrets-0.9.16 + helm.sh/chart: external-secrets-0.9.18 app.kubernetes.io/name: external-secrets app.kubernetes.io/instance: common-golang-external-secrets - app.kubernetes.io/version: "v0.9.16" + app.kubernetes.io/version: "v0.9.18" app.kubernetes.io/managed-by: Helm spec: replicas: 1 @@ -12339,10 +12383,10 @@ spec: template: metadata: labels: - helm.sh/chart: external-secrets-0.9.16 + helm.sh/chart: external-secrets-0.9.18 app.kubernetes.io/name: external-secrets app.kubernetes.io/instance: common-golang-external-secrets - app.kubernetes.io/version: "v0.9.16" + app.kubernetes.io/version: "v0.9.18" app.kubernetes.io/managed-by: Helm spec: serviceAccountName: common-golang-external-secrets @@ -12357,7 +12401,7 @@ spec: - ALL readOnlyRootFilesystem: true runAsNonRoot: true - image: ghcr.io/external-secrets/external-secrets:v0.9.16-ubi + image: ghcr.io/external-secrets/external-secrets:v0.9.18-ubi imagePullPolicy: IfNotPresent args: - --concurrent=1 @@ -12366,6 +12410,7 @@ spec: - containerPort: 8080 protocol: TCP name: metrics + dnsPolicy: ClusterFirst --- # Source: golang-external-secrets/charts/external-secrets/templates/webhook-deployment.yaml apiVersion: apps/v1 @@ -12374,10 +12419,10 @@ metadata: name: common-golang-external-secrets-webhook namespace: default labels: - helm.sh/chart: external-secrets-0.9.16 + helm.sh/chart: external-secrets-0.9.18 app.kubernetes.io/name: external-secrets-webhook app.kubernetes.io/instance: common-golang-external-secrets - app.kubernetes.io/version: "v0.9.16" + app.kubernetes.io/version: "v0.9.18" app.kubernetes.io/managed-by: Helm spec: replicas: 1 @@ -12389,10 +12434,10 @@ spec: template: metadata: labels: - helm.sh/chart: external-secrets-0.9.16 + helm.sh/chart: external-secrets-0.9.18 app.kubernetes.io/name: external-secrets-webhook app.kubernetes.io/instance: common-golang-external-secrets - app.kubernetes.io/version: "v0.9.16" + app.kubernetes.io/version: "v0.9.18" app.kubernetes.io/managed-by: Helm spec: hostNetwork: false @@ -12407,7 +12452,7 @@ spec: - ALL readOnlyRootFilesystem: true runAsNonRoot: true - image: ghcr.io/external-secrets/external-secrets:v0.9.16-ubi + image: ghcr.io/external-secrets/external-secrets:v0.9.18-ubi imagePullPolicy: IfNotPresent args: - webhook diff --git a/tests/common-golang-external-secrets-normal.expected.yaml b/tests/common-golang-external-secrets-normal.expected.yaml index a0ad351a..2f0b9ac3 100644 --- a/tests/common-golang-external-secrets-normal.expected.yaml +++ b/tests/common-golang-external-secrets-normal.expected.yaml @@ -6,10 +6,10 @@ metadata: name: external-secrets-cert-controller namespace: default labels: - helm.sh/chart: external-secrets-0.9.16 + helm.sh/chart: external-secrets-0.9.18 app.kubernetes.io/name: external-secrets-cert-controller app.kubernetes.io/instance: common-golang-external-secrets - app.kubernetes.io/version: "v0.9.16" + app.kubernetes.io/version: "v0.9.18" app.kubernetes.io/managed-by: Helm --- # Source: golang-external-secrets/charts/external-secrets/templates/serviceaccount.yaml @@ -19,10 +19,10 @@ metadata: name: common-golang-external-secrets namespace: default labels: - helm.sh/chart: external-secrets-0.9.16 + helm.sh/chart: external-secrets-0.9.18 app.kubernetes.io/name: external-secrets app.kubernetes.io/instance: common-golang-external-secrets - app.kubernetes.io/version: "v0.9.16" + app.kubernetes.io/version: "v0.9.18" app.kubernetes.io/managed-by: Helm --- # Source: golang-external-secrets/charts/external-secrets/templates/webhook-serviceaccount.yaml @@ -32,10 +32,10 @@ metadata: name: external-secrets-webhook namespace: default labels: - helm.sh/chart: external-secrets-0.9.16 + helm.sh/chart: external-secrets-0.9.18 app.kubernetes.io/name: external-secrets-webhook app.kubernetes.io/instance: common-golang-external-secrets - app.kubernetes.io/version: "v0.9.16" + app.kubernetes.io/version: "v0.9.18" app.kubernetes.io/managed-by: Helm --- # Source: golang-external-secrets/charts/external-secrets/templates/webhook-secret.yaml @@ -45,10 +45,10 @@ metadata: name: common-golang-external-secrets-webhook namespace: default labels: - helm.sh/chart: external-secrets-0.9.16 + helm.sh/chart: external-secrets-0.9.18 app.kubernetes.io/name: external-secrets-webhook app.kubernetes.io/instance: common-golang-external-secrets - app.kubernetes.io/version: "v0.9.16" + app.kubernetes.io/version: "v0.9.18" app.kubernetes.io/managed-by: Helm external-secrets.io/component: webhook --- @@ -67,7 +67,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.14.0 + controller-gen.kubebuilder.io/version: v0.15.0 name: acraccesstokens.generators.external-secrets.io spec: group: generators.external-secrets.io @@ -263,7 +263,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.14.0 + controller-gen.kubebuilder.io/version: v0.15.0 name: clusterexternalsecrets.external-secrets.io spec: group: external-secrets.io @@ -780,11 +780,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string @@ -827,11 +829,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string @@ -844,7 +848,7 @@ spec: x-kubernetes-map-type: atomic type: array namespaces: - description: Choose namespaces by name. This field is ORed with anything that NamespaceSelector ends up choosing. + description: Choose namespaces by name. This field is ORed with anything that NamespaceSelectors ends up choosing. items: type: string type: array @@ -916,7 +920,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.14.0 + controller-gen.kubebuilder.io/version: v0.15.0 name: clustersecretstores.external-secrets.io spec: group: external-secrets.io @@ -2484,11 +2488,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string @@ -2921,6 +2927,23 @@ spec: authSecretRef: description: Auth configures how the operator authenticates with Azure. Required for ServicePrincipal auth type. Optional for WorkloadIdentity. properties: + clientCertificate: + description: The Azure ClientCertificate of the service principle used for authentication. + properties: + key: + description: |- + The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be + defaulted, in others it may be required. + type: string + name: + description: The name of the Secret resource being referred to. + type: string + namespace: + description: |- + Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults + to the namespace of the referent. + type: string + type: object clientId: description: The Azure clientId of the service principle or managed identity used for authentication. properties: @@ -5079,7 +5102,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.14.0 + controller-gen.kubebuilder.io/version: v0.15.0 name: ecrauthorizationtokens.generators.external-secrets.io spec: group: generators.external-secrets.io @@ -5246,7 +5269,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.14.0 + controller-gen.kubebuilder.io/version: v0.15.0 name: externalsecrets.external-secrets.io spec: group: external-secrets.io @@ -6051,7 +6074,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.14.0 + controller-gen.kubebuilder.io/version: v0.15.0 name: fakes.generators.external-secrets.io spec: group: generators.external-secrets.io @@ -6127,7 +6150,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.14.0 + controller-gen.kubebuilder.io/version: v0.15.0 name: gcraccesstokens.generators.external-secrets.io spec: group: generators.external-secrets.io @@ -6255,7 +6278,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.14.0 + controller-gen.kubebuilder.io/version: v0.15.0 name: githubaccesstokens.generators.external-secrets.io spec: group: generators.external-secrets.io @@ -6357,7 +6380,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.14.0 + controller-gen.kubebuilder.io/version: v0.15.0 name: passwords.generators.external-secrets.io spec: group: generators.external-secrets.io @@ -6455,7 +6478,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.14.0 + controller-gen.kubebuilder.io/version: v0.15.0 name: pushsecrets.external-secrets.io spec: group: external-secrets.io @@ -6586,11 +6609,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string @@ -6831,7 +6856,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.14.0 + controller-gen.kubebuilder.io/version: v0.15.0 name: secretstores.external-secrets.io spec: group: external-secrets.io @@ -8399,11 +8424,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string @@ -8836,6 +8863,23 @@ spec: authSecretRef: description: Auth configures how the operator authenticates with Azure. Required for ServicePrincipal auth type. Optional for WorkloadIdentity. properties: + clientCertificate: + description: The Azure ClientCertificate of the service principle used for authentication. + properties: + key: + description: |- + The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be + defaulted, in others it may be required. + type: string + name: + description: The name of the Secret resource being referred to. + type: string + namespace: + description: |- + Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults + to the namespace of the referent. + type: string + type: object clientId: description: The Azure clientId of the service principle or managed identity used for authentication. properties: @@ -10994,7 +11038,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.14.0 + controller-gen.kubebuilder.io/version: v0.15.0 name: vaultdynamicsecrets.generators.external-secrets.io spec: group: generators.external-secrets.io @@ -11686,7 +11730,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.14.0 + controller-gen.kubebuilder.io/version: v0.15.0 name: webhooks.generators.external-secrets.io spec: group: generators.external-secrets.io @@ -11834,10 +11878,10 @@ kind: ClusterRole metadata: name: common-golang-external-secrets-cert-controller labels: - helm.sh/chart: external-secrets-0.9.16 + helm.sh/chart: external-secrets-0.9.18 app.kubernetes.io/name: external-secrets-cert-controller app.kubernetes.io/instance: common-golang-external-secrets - app.kubernetes.io/version: "v0.9.16" + app.kubernetes.io/version: "v0.9.18" app.kubernetes.io/managed-by: Helm rules: - apiGroups: @@ -11901,10 +11945,10 @@ kind: ClusterRole metadata: name: common-golang-external-secrets-controller labels: - helm.sh/chart: external-secrets-0.9.16 + helm.sh/chart: external-secrets-0.9.18 app.kubernetes.io/name: external-secrets app.kubernetes.io/instance: common-golang-external-secrets - app.kubernetes.io/version: "v0.9.16" + app.kubernetes.io/version: "v0.9.18" app.kubernetes.io/managed-by: Helm rules: - apiGroups: @@ -12012,10 +12056,10 @@ kind: ClusterRole metadata: name: common-golang-external-secrets-view labels: - helm.sh/chart: external-secrets-0.9.16 + helm.sh/chart: external-secrets-0.9.18 app.kubernetes.io/name: external-secrets app.kubernetes.io/instance: common-golang-external-secrets - app.kubernetes.io/version: "v0.9.16" + app.kubernetes.io/version: "v0.9.18" app.kubernetes.io/managed-by: Helm rbac.authorization.k8s.io/aggregate-to-view: "true" rbac.authorization.k8s.io/aggregate-to-edit: "true" @@ -12054,10 +12098,10 @@ kind: ClusterRole metadata: name: common-golang-external-secrets-edit labels: - helm.sh/chart: external-secrets-0.9.16 + helm.sh/chart: external-secrets-0.9.18 app.kubernetes.io/name: external-secrets app.kubernetes.io/instance: common-golang-external-secrets - app.kubernetes.io/version: "v0.9.16" + app.kubernetes.io/version: "v0.9.18" app.kubernetes.io/managed-by: Helm rbac.authorization.k8s.io/aggregate-to-edit: "true" rbac.authorization.k8s.io/aggregate-to-admin: "true" @@ -12100,10 +12144,10 @@ metadata: name: common-golang-external-secrets-servicebindings labels: servicebinding.io/controller: "true" - helm.sh/chart: external-secrets-0.9.16 + helm.sh/chart: external-secrets-0.9.18 app.kubernetes.io/name: external-secrets app.kubernetes.io/instance: common-golang-external-secrets - app.kubernetes.io/version: "v0.9.16" + app.kubernetes.io/version: "v0.9.18" app.kubernetes.io/managed-by: Helm rules: - apiGroups: @@ -12121,10 +12165,10 @@ kind: ClusterRoleBinding metadata: name: common-golang-external-secrets-cert-controller labels: - helm.sh/chart: external-secrets-0.9.16 + helm.sh/chart: external-secrets-0.9.18 app.kubernetes.io/name: external-secrets-cert-controller app.kubernetes.io/instance: common-golang-external-secrets - app.kubernetes.io/version: "v0.9.16" + app.kubernetes.io/version: "v0.9.18" app.kubernetes.io/managed-by: Helm roleRef: apiGroup: rbac.authorization.k8s.io @@ -12141,10 +12185,10 @@ kind: ClusterRoleBinding metadata: name: common-golang-external-secrets-controller labels: - helm.sh/chart: external-secrets-0.9.16 + helm.sh/chart: external-secrets-0.9.18 app.kubernetes.io/name: external-secrets app.kubernetes.io/instance: common-golang-external-secrets - app.kubernetes.io/version: "v0.9.16" + app.kubernetes.io/version: "v0.9.18" app.kubernetes.io/managed-by: Helm roleRef: apiGroup: rbac.authorization.k8s.io @@ -12177,10 +12221,10 @@ metadata: name: common-golang-external-secrets-leaderelection namespace: default labels: - helm.sh/chart: external-secrets-0.9.16 + helm.sh/chart: external-secrets-0.9.18 app.kubernetes.io/name: external-secrets app.kubernetes.io/instance: common-golang-external-secrets - app.kubernetes.io/version: "v0.9.16" + app.kubernetes.io/version: "v0.9.18" app.kubernetes.io/managed-by: Helm rules: - apiGroups: @@ -12216,10 +12260,10 @@ metadata: name: common-golang-external-secrets-leaderelection namespace: default labels: - helm.sh/chart: external-secrets-0.9.16 + helm.sh/chart: external-secrets-0.9.18 app.kubernetes.io/name: external-secrets app.kubernetes.io/instance: common-golang-external-secrets - app.kubernetes.io/version: "v0.9.16" + app.kubernetes.io/version: "v0.9.18" app.kubernetes.io/managed-by: Helm roleRef: apiGroup: rbac.authorization.k8s.io @@ -12237,10 +12281,10 @@ metadata: name: common-golang-external-secrets-webhook namespace: default labels: - helm.sh/chart: external-secrets-0.9.16 + helm.sh/chart: external-secrets-0.9.18 app.kubernetes.io/name: external-secrets-webhook app.kubernetes.io/instance: common-golang-external-secrets - app.kubernetes.io/version: "v0.9.16" + app.kubernetes.io/version: "v0.9.18" app.kubernetes.io/managed-by: Helm external-secrets.io/component: webhook spec: @@ -12261,10 +12305,10 @@ metadata: name: common-golang-external-secrets-cert-controller namespace: default labels: - helm.sh/chart: external-secrets-0.9.16 + helm.sh/chart: external-secrets-0.9.18 app.kubernetes.io/name: external-secrets-cert-controller app.kubernetes.io/instance: common-golang-external-secrets - app.kubernetes.io/version: "v0.9.16" + app.kubernetes.io/version: "v0.9.18" app.kubernetes.io/managed-by: Helm spec: replicas: 1 @@ -12276,10 +12320,10 @@ spec: template: metadata: labels: - helm.sh/chart: external-secrets-0.9.16 + helm.sh/chart: external-secrets-0.9.18 app.kubernetes.io/name: external-secrets-cert-controller app.kubernetes.io/instance: common-golang-external-secrets - app.kubernetes.io/version: "v0.9.16" + app.kubernetes.io/version: "v0.9.18" app.kubernetes.io/managed-by: Helm spec: serviceAccountName: external-secrets-cert-controller @@ -12294,7 +12338,7 @@ spec: - ALL readOnlyRootFilesystem: true runAsNonRoot: true - image: ghcr.io/external-secrets/external-secrets:v0.9.16-ubi + image: ghcr.io/external-secrets/external-secrets:v0.9.18-ubi imagePullPolicy: IfNotPresent args: - certcontroller @@ -12324,10 +12368,10 @@ metadata: name: common-golang-external-secrets namespace: default labels: - helm.sh/chart: external-secrets-0.9.16 + helm.sh/chart: external-secrets-0.9.18 app.kubernetes.io/name: external-secrets app.kubernetes.io/instance: common-golang-external-secrets - app.kubernetes.io/version: "v0.9.16" + app.kubernetes.io/version: "v0.9.18" app.kubernetes.io/managed-by: Helm spec: replicas: 1 @@ -12339,10 +12383,10 @@ spec: template: metadata: labels: - helm.sh/chart: external-secrets-0.9.16 + helm.sh/chart: external-secrets-0.9.18 app.kubernetes.io/name: external-secrets app.kubernetes.io/instance: common-golang-external-secrets - app.kubernetes.io/version: "v0.9.16" + app.kubernetes.io/version: "v0.9.18" app.kubernetes.io/managed-by: Helm spec: serviceAccountName: common-golang-external-secrets @@ -12357,7 +12401,7 @@ spec: - ALL readOnlyRootFilesystem: true runAsNonRoot: true - image: ghcr.io/external-secrets/external-secrets:v0.9.16-ubi + image: ghcr.io/external-secrets/external-secrets:v0.9.18-ubi imagePullPolicy: IfNotPresent args: - --concurrent=1 @@ -12366,6 +12410,7 @@ spec: - containerPort: 8080 protocol: TCP name: metrics + dnsPolicy: ClusterFirst --- # Source: golang-external-secrets/charts/external-secrets/templates/webhook-deployment.yaml apiVersion: apps/v1 @@ -12374,10 +12419,10 @@ metadata: name: common-golang-external-secrets-webhook namespace: default labels: - helm.sh/chart: external-secrets-0.9.16 + helm.sh/chart: external-secrets-0.9.18 app.kubernetes.io/name: external-secrets-webhook app.kubernetes.io/instance: common-golang-external-secrets - app.kubernetes.io/version: "v0.9.16" + app.kubernetes.io/version: "v0.9.18" app.kubernetes.io/managed-by: Helm spec: replicas: 1 @@ -12389,10 +12434,10 @@ spec: template: metadata: labels: - helm.sh/chart: external-secrets-0.9.16 + helm.sh/chart: external-secrets-0.9.18 app.kubernetes.io/name: external-secrets-webhook app.kubernetes.io/instance: common-golang-external-secrets - app.kubernetes.io/version: "v0.9.16" + app.kubernetes.io/version: "v0.9.18" app.kubernetes.io/managed-by: Helm spec: hostNetwork: false @@ -12407,7 +12452,7 @@ spec: - ALL readOnlyRootFilesystem: true runAsNonRoot: true - image: ghcr.io/external-secrets/external-secrets:v0.9.16-ubi + image: ghcr.io/external-secrets/external-secrets:v0.9.18-ubi imagePullPolicy: IfNotPresent args: - webhook diff --git a/tests/common-hashicorp-vault-industrial-edge-factory.expected.yaml b/tests/common-hashicorp-vault-industrial-edge-factory.expected.yaml index 9838c4a7..62eadc16 100644 --- a/tests/common-hashicorp-vault-industrial-edge-factory.expected.yaml +++ b/tests/common-hashicorp-vault-industrial-edge-factory.expected.yaml @@ -206,7 +206,7 @@ spec: containers: - name: vault - image: registry.connect.redhat.com/hashicorp/vault:1.16.1-ubi + image: registry.connect.redhat.com/hashicorp/vault:1.16.2-ubi imagePullPolicy: IfNotPresent command: - "/bin/sh" @@ -375,7 +375,7 @@ spec: containers: - name: common-hashicorp-vault-server-test - image: registry.connect.redhat.com/hashicorp/vault:1.16.1-ubi + image: registry.connect.redhat.com/hashicorp/vault:1.16.2-ubi imagePullPolicy: IfNotPresent env: - name: VAULT_ADDR diff --git a/tests/common-hashicorp-vault-industrial-edge-hub.expected.yaml b/tests/common-hashicorp-vault-industrial-edge-hub.expected.yaml index 9838c4a7..62eadc16 100644 --- a/tests/common-hashicorp-vault-industrial-edge-hub.expected.yaml +++ b/tests/common-hashicorp-vault-industrial-edge-hub.expected.yaml @@ -206,7 +206,7 @@ spec: containers: - name: vault - image: registry.connect.redhat.com/hashicorp/vault:1.16.1-ubi + image: registry.connect.redhat.com/hashicorp/vault:1.16.2-ubi imagePullPolicy: IfNotPresent command: - "/bin/sh" @@ -375,7 +375,7 @@ spec: containers: - name: common-hashicorp-vault-server-test - image: registry.connect.redhat.com/hashicorp/vault:1.16.1-ubi + image: registry.connect.redhat.com/hashicorp/vault:1.16.2-ubi imagePullPolicy: IfNotPresent env: - name: VAULT_ADDR diff --git a/tests/common-hashicorp-vault-medical-diagnosis-hub.expected.yaml b/tests/common-hashicorp-vault-medical-diagnosis-hub.expected.yaml index 9838c4a7..62eadc16 100644 --- a/tests/common-hashicorp-vault-medical-diagnosis-hub.expected.yaml +++ b/tests/common-hashicorp-vault-medical-diagnosis-hub.expected.yaml @@ -206,7 +206,7 @@ spec: containers: - name: vault - image: registry.connect.redhat.com/hashicorp/vault:1.16.1-ubi + image: registry.connect.redhat.com/hashicorp/vault:1.16.2-ubi imagePullPolicy: IfNotPresent command: - "/bin/sh" @@ -375,7 +375,7 @@ spec: containers: - name: common-hashicorp-vault-server-test - image: registry.connect.redhat.com/hashicorp/vault:1.16.1-ubi + image: registry.connect.redhat.com/hashicorp/vault:1.16.2-ubi imagePullPolicy: IfNotPresent env: - name: VAULT_ADDR diff --git a/tests/common-hashicorp-vault-naked.expected.yaml b/tests/common-hashicorp-vault-naked.expected.yaml index e6933c44..16eadf00 100644 --- a/tests/common-hashicorp-vault-naked.expected.yaml +++ b/tests/common-hashicorp-vault-naked.expected.yaml @@ -206,7 +206,7 @@ spec: containers: - name: vault - image: registry.connect.redhat.com/hashicorp/vault:1.16.1-ubi + image: registry.connect.redhat.com/hashicorp/vault:1.16.2-ubi imagePullPolicy: IfNotPresent command: - "/bin/sh" @@ -375,7 +375,7 @@ spec: containers: - name: common-hashicorp-vault-server-test - image: registry.connect.redhat.com/hashicorp/vault:1.16.1-ubi + image: registry.connect.redhat.com/hashicorp/vault:1.16.2-ubi imagePullPolicy: IfNotPresent env: - name: VAULT_ADDR diff --git a/tests/common-hashicorp-vault-normal.expected.yaml b/tests/common-hashicorp-vault-normal.expected.yaml index 9838c4a7..62eadc16 100644 --- a/tests/common-hashicorp-vault-normal.expected.yaml +++ b/tests/common-hashicorp-vault-normal.expected.yaml @@ -206,7 +206,7 @@ spec: containers: - name: vault - image: registry.connect.redhat.com/hashicorp/vault:1.16.1-ubi + image: registry.connect.redhat.com/hashicorp/vault:1.16.2-ubi imagePullPolicy: IfNotPresent command: - "/bin/sh" @@ -375,7 +375,7 @@ spec: containers: - name: common-hashicorp-vault-server-test - image: registry.connect.redhat.com/hashicorp/vault:1.16.1-ubi + image: registry.connect.redhat.com/hashicorp/vault:1.16.2-ubi imagePullPolicy: IfNotPresent env: - name: VAULT_ADDR diff --git a/tests/common-operator-install-industrial-edge-factory.expected.yaml b/tests/common-operator-install-industrial-edge-factory.expected.yaml index b04d071e..755b244f 100644 --- a/tests/common-operator-install-industrial-edge-factory.expected.yaml +++ b/tests/common-operator-install-industrial-edge-factory.expected.yaml @@ -25,9 +25,6 @@ spec: gitSpec: targetRepo: https://github.com/pattern-clone/mypattern targetRevision: main - gitOpsSpec: - operatorChannel: gitops-1.12 - operatorSource: redhat-operators multiSourceConfig: enabled: false --- diff --git a/tests/common-operator-install-industrial-edge-hub.expected.yaml b/tests/common-operator-install-industrial-edge-hub.expected.yaml index b04d071e..755b244f 100644 --- a/tests/common-operator-install-industrial-edge-hub.expected.yaml +++ b/tests/common-operator-install-industrial-edge-hub.expected.yaml @@ -25,9 +25,6 @@ spec: gitSpec: targetRepo: https://github.com/pattern-clone/mypattern targetRevision: main - gitOpsSpec: - operatorChannel: gitops-1.12 - operatorSource: redhat-operators multiSourceConfig: enabled: false --- diff --git a/tests/common-operator-install-medical-diagnosis-hub.expected.yaml b/tests/common-operator-install-medical-diagnosis-hub.expected.yaml index b04d071e..755b244f 100644 --- a/tests/common-operator-install-medical-diagnosis-hub.expected.yaml +++ b/tests/common-operator-install-medical-diagnosis-hub.expected.yaml @@ -25,9 +25,6 @@ spec: gitSpec: targetRepo: https://github.com/pattern-clone/mypattern targetRevision: main - gitOpsSpec: - operatorChannel: gitops-1.12 - operatorSource: redhat-operators multiSourceConfig: enabled: false --- diff --git a/tests/common-operator-install-naked.expected.yaml b/tests/common-operator-install-naked.expected.yaml index ada9ab18..937fb6a2 100644 --- a/tests/common-operator-install-naked.expected.yaml +++ b/tests/common-operator-install-naked.expected.yaml @@ -25,9 +25,6 @@ spec: gitSpec: targetRepo: https://github.com/pattern-clone/mypattern targetRevision: main - gitOpsSpec: - operatorChannel: gitops-1.12 - operatorSource: redhat-operators multiSourceConfig: enabled: false --- diff --git a/tests/common-operator-install-normal.expected.yaml b/tests/common-operator-install-normal.expected.yaml index b04d071e..755b244f 100644 --- a/tests/common-operator-install-normal.expected.yaml +++ b/tests/common-operator-install-normal.expected.yaml @@ -25,9 +25,6 @@ spec: gitSpec: targetRepo: https://github.com/pattern-clone/mypattern targetRevision: main - gitOpsSpec: - operatorChannel: gitops-1.12 - operatorSource: redhat-operators multiSourceConfig: enabled: false ---