Skip to content

Commit

Permalink
resolving merge conflicts
Browse files Browse the repository at this point in the history
  • Loading branch information
day0hero committed Jul 31, 2023
2 parents fc060b8 + 009dc4b commit a72f2d3
Show file tree
Hide file tree
Showing 7 changed files with 294 additions and 53 deletions.
Binary file not shown.
Original file line number Diff line number Diff line change
Expand Up @@ -8140,6 +8140,25 @@ rules:
- "update"
- "patch"
---
# Source: golang-external-secrets/templates/golang-external-secrets-hub-vault-rbac-role.yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
name: view-pods
namespace: vault
annotations:
argocd.argoproj.io/hook: PreSync
argocd.argoproj.io/sync-wave: "-15"
rules:
- apiGroups:
- ""
resources:
- pods
verbs:
- get
- list
- watch
---
# Source: golang-external-secrets/charts/external-secrets/templates/rbac.yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
Expand All @@ -8161,6 +8180,25 @@ subjects:
name: golang-external-secrets
namespace: "default"
---
# Source: golang-external-secrets/templates/golang-external-secrets-hub-vault-rbac-rolebinding.yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: view-pods-rb
namespace: vault
annotations:
argocd.argoproj.io/hook: PreSync
argocd.argoproj.io/sync-wave: "-15"
subjects:
- kind: ServiceAccount
name: vault
namespace: vault
apiGroup: ""
roleRef:
kind: Role
name: view-pods
apiGroup: rbac.authorization.k8s.io
---
# Source: golang-external-secrets/charts/external-secrets/templates/webhook-service.yaml
apiVersion: v1
kind: Service
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -8140,6 +8140,25 @@ rules:
- "update"
- "patch"
---
# Source: golang-external-secrets/templates/golang-external-secrets-hub-vault-rbac-role.yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
name: view-pods
namespace: vault
annotations:
argocd.argoproj.io/hook: PreSync
argocd.argoproj.io/sync-wave: "-15"
rules:
- apiGroups:
- ""
resources:
- pods
verbs:
- get
- list
- watch
---
# Source: golang-external-secrets/charts/external-secrets/templates/rbac.yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
Expand All @@ -8161,6 +8180,25 @@ subjects:
name: golang-external-secrets
namespace: "default"
---
# Source: golang-external-secrets/templates/golang-external-secrets-hub-vault-rbac-rolebinding.yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: view-pods-rb
namespace: vault
annotations:
argocd.argoproj.io/hook: PreSync
argocd.argoproj.io/sync-wave: "-15"
subjects:
- kind: ServiceAccount
name: vault
namespace: vault
apiGroup: ""
roleRef:
kind: Role
name: view-pods
apiGroup: rbac.authorization.k8s.io
---
# Source: golang-external-secrets/charts/external-secrets/templates/webhook-service.yaml
apiVersion: v1
kind: Service
Expand Down Expand Up @@ -8358,6 +8396,32 @@ spec:
secret:
secretName: golang-external-secrets-webhook
---
# Source: golang-external-secrets/templates/golang-external-secrets-hub-presync.yaml
apiVersion: batch/v1
kind: Job
metadata:
annotations:
argocd.argoproj.io/hook: PreSync
name: job-wait-for-vault
# By placing the job in the vault namespace we can avoid dealing with RBACs
namespace: vault
spec:
template:
spec:
containers:
- image: image-registry.openshift-image-registry.svc:5000/openshift/cli:latest
command:
- /bin/bash
- -c
- |
oc wait --for=condition=Ready=true pods -n vault vault-0 --timeout=900s
name: wait-for-healthy-vault
dnsPolicy: ClusterFirst
restartPolicy: Never
serviceAccount: vault
serviceAccountName: vault
terminationGracePeriodSeconds: 60
---
# Source: golang-external-secrets/templates/golang-external-secrets-hub-secretstore.yaml
apiVersion: external-secrets.io/v1beta1
kind: ClusterSecretStore
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -8140,6 +8140,25 @@ rules:
- "update"
- "patch"
---
# Source: golang-external-secrets/templates/golang-external-secrets-hub-vault-rbac-role.yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
name: view-pods
namespace: vault
annotations:
argocd.argoproj.io/hook: PreSync
argocd.argoproj.io/sync-wave: "-15"
rules:
- apiGroups:
- ""
resources:
- pods
verbs:
- get
- list
- watch
---
# Source: golang-external-secrets/charts/external-secrets/templates/rbac.yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
Expand All @@ -8161,6 +8180,25 @@ subjects:
name: golang-external-secrets
namespace: "default"
---
# Source: golang-external-secrets/templates/golang-external-secrets-hub-vault-rbac-rolebinding.yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: view-pods-rb
namespace: vault
annotations:
argocd.argoproj.io/hook: PreSync
argocd.argoproj.io/sync-wave: "-15"
subjects:
- kind: ServiceAccount
name: vault
namespace: vault
apiGroup: ""
roleRef:
kind: Role
name: view-pods
apiGroup: rbac.authorization.k8s.io
---
# Source: golang-external-secrets/charts/external-secrets/templates/webhook-service.yaml
apiVersion: v1
kind: Service
Expand Down Expand Up @@ -8358,6 +8396,32 @@ spec:
secret:
secretName: golang-external-secrets-webhook
---
# Source: golang-external-secrets/templates/golang-external-secrets-hub-presync.yaml
apiVersion: batch/v1
kind: Job
metadata:
annotations:
argocd.argoproj.io/hook: PreSync
name: job-wait-for-vault
# By placing the job in the vault namespace we can avoid dealing with RBACs
namespace: vault
spec:
template:
spec:
containers:
- image: image-registry.openshift-image-registry.svc:5000/openshift/cli:latest
command:
- /bin/bash
- -c
- |
oc wait --for=condition=Ready=true pods -n vault vault-0 --timeout=900s
name: wait-for-healthy-vault
dnsPolicy: ClusterFirst
restartPolicy: Never
serviceAccount: vault
serviceAccountName: vault
terminationGracePeriodSeconds: 60
---
# Source: golang-external-secrets/templates/golang-external-secrets-hub-secretstore.yaml
apiVersion: external-secrets.io/v1beta1
kind: ClusterSecretStore
Expand Down
64 changes: 64 additions & 0 deletions common/tests/golang-external-secrets-naked.expected.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -8140,6 +8140,25 @@ rules:
- "update"
- "patch"
---
# Source: golang-external-secrets/templates/golang-external-secrets-hub-vault-rbac-role.yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
name: view-pods
namespace: vault
annotations:
argocd.argoproj.io/hook: PreSync
argocd.argoproj.io/sync-wave: "-15"
rules:
- apiGroups:
- ""
resources:
- pods
verbs:
- get
- list
- watch
---
# Source: golang-external-secrets/charts/external-secrets/templates/rbac.yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
Expand All @@ -8161,6 +8180,25 @@ subjects:
name: golang-external-secrets
namespace: "default"
---
# Source: golang-external-secrets/templates/golang-external-secrets-hub-vault-rbac-rolebinding.yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: view-pods-rb
namespace: vault
annotations:
argocd.argoproj.io/hook: PreSync
argocd.argoproj.io/sync-wave: "-15"
subjects:
- kind: ServiceAccount
name: vault
namespace: vault
apiGroup: ""
roleRef:
kind: Role
name: view-pods
apiGroup: rbac.authorization.k8s.io
---
# Source: golang-external-secrets/charts/external-secrets/templates/webhook-service.yaml
apiVersion: v1
kind: Service
Expand Down Expand Up @@ -8358,6 +8396,32 @@ spec:
secret:
secretName: golang-external-secrets-webhook
---
# Source: golang-external-secrets/templates/golang-external-secrets-hub-presync.yaml
apiVersion: batch/v1
kind: Job
metadata:
annotations:
argocd.argoproj.io/hook: PreSync
name: job-wait-for-vault
# By placing the job in the vault namespace we can avoid dealing with RBACs
namespace: vault
spec:
template:
spec:
containers:
- image: image-registry.openshift-image-registry.svc:5000/openshift/cli:latest
command:
- /bin/bash
- -c
- |
oc wait --for=condition=Ready=true pods -n vault vault-0 --timeout=900s
name: wait-for-healthy-vault
dnsPolicy: ClusterFirst
restartPolicy: Never
serviceAccount: vault
serviceAccountName: vault
terminationGracePeriodSeconds: 60
---
# Source: golang-external-secrets/templates/golang-external-secrets-hub-secretstore.yaml
apiVersion: external-secrets.io/v1beta1
kind: ClusterSecretStore
Expand Down
64 changes: 64 additions & 0 deletions common/tests/golang-external-secrets-normal.expected.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -8140,6 +8140,25 @@ rules:
- "update"
- "patch"
---
# Source: golang-external-secrets/templates/golang-external-secrets-hub-vault-rbac-role.yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
name: view-pods
namespace: vault
annotations:
argocd.argoproj.io/hook: PreSync
argocd.argoproj.io/sync-wave: "-15"
rules:
- apiGroups:
- ""
resources:
- pods
verbs:
- get
- list
- watch
---
# Source: golang-external-secrets/charts/external-secrets/templates/rbac.yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
Expand All @@ -8161,6 +8180,25 @@ subjects:
name: golang-external-secrets
namespace: "default"
---
# Source: golang-external-secrets/templates/golang-external-secrets-hub-vault-rbac-rolebinding.yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: view-pods-rb
namespace: vault
annotations:
argocd.argoproj.io/hook: PreSync
argocd.argoproj.io/sync-wave: "-15"
subjects:
- kind: ServiceAccount
name: vault
namespace: vault
apiGroup: ""
roleRef:
kind: Role
name: view-pods
apiGroup: rbac.authorization.k8s.io
---
# Source: golang-external-secrets/charts/external-secrets/templates/webhook-service.yaml
apiVersion: v1
kind: Service
Expand Down Expand Up @@ -8358,6 +8396,32 @@ spec:
secret:
secretName: golang-external-secrets-webhook
---
# Source: golang-external-secrets/templates/golang-external-secrets-hub-presync.yaml
apiVersion: batch/v1
kind: Job
metadata:
annotations:
argocd.argoproj.io/hook: PreSync
name: job-wait-for-vault
# By placing the job in the vault namespace we can avoid dealing with RBACs
namespace: vault
spec:
template:
spec:
containers:
- image: image-registry.openshift-image-registry.svc:5000/openshift/cli:latest
command:
- /bin/bash
- -c
- |
oc wait --for=condition=Ready=true pods -n vault vault-0 --timeout=900s
name: wait-for-healthy-vault
dnsPolicy: ClusterFirst
restartPolicy: Never
serviceAccount: vault
serviceAccountName: vault
terminationGracePeriodSeconds: 60
---
# Source: golang-external-secrets/templates/golang-external-secrets-hub-secretstore.yaml
apiVersion: external-secrets.io/v1beta1
kind: ClusterSecretStore
Expand Down
Loading

0 comments on commit a72f2d3

Please sign in to comment.