Skip to content

Commit

Permalink
Merge pull request #272 from mbaldessari/common-automatic-update
Browse files Browse the repository at this point in the history 
common automatic update
  • Loading branch information
@mbaldessari
mbaldessari authored Jul 31, 2023
2 parents c047fa9 + c671eaf commit 297ea5b
Show file tree
Hide file tree
Showing 16 changed files with 406 additions and 448 deletions.
4 changes: 2 additions & 2 deletions common/ansible/roles/vault_utils/tasks/vault_spokes_init.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -182,8 +182,8 @@
pod: "{{ vault_pod }}"
command: >
vault write auth/"{{ item.value['vault_path'] }}"/role/"{{ item.value['vault_path'] }}"-role
bound_service_account_names="{{ external_secrets_ns }}"
bound_service_account_namespaces="{{ external_secrets_sa }}"
bound_service_account_names="{{ external_secrets_sa }}"
bound_service_account_namespaces="{{ external_secrets_ns }}"
policies="default,{{ vault_global_policy }}-secret,{{ item.value['vault_path'] }}-secret" ttl="{{ vault_spoke_ttl }}"
loop: "{{ clusters_info | dict2items }}"
when:
Expand Down
2 changes: 1 addition & 1 deletion common/golang-external-secrets/Chart.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6,6 +6,6 @@ name: golang-external-secrets
version: 0.0.1
dependencies:
- name: external-secrets
version: "0.8.3"
version: "0.8.5"
repository: "https://charts.external-secrets.io"
#"https://external-secrets.github.io/kubernetes-external-secrets"
Binary file removed common/golang-external-secrets/charts/external-secrets-0.8.3.tgz
View file
Binary file not shown.
Binary file added common/golang-external-secrets/charts/external-secrets-0.8.5.tgz
View file
Binary file not shown.
42 changes: 30 additions & 12 deletions common/golang-external-secrets/local-patches/0001-runasuser-comment-out.patch
View file
Original file line number Diff line number Diff line change
@@ -1,30 +1,48 @@
diff --color -urN external-secrets.orig/values.yaml external-secrets/values.yaml
--- external-secrets.orig/values.yaml 2023-05-22 12:42:54.000000000 +0200
+++ external-secrets/values.yaml 2023-05-22 16:20:02.748621794 +0200
@@ -117,7 +117,7 @@
diff -up external-secrets/values.yaml.orig external-secrets/values.yaml
--- external-secrets/values.yaml.orig 2023-07-31 15:12:18.815909938 +0200
+++ external-secrets/values.yaml 2023-07-31 15:32:59.905360226 +0200
@@ -117,9 +117,11 @@ securityContext:
- ALL
readOnlyRootFilesystem: true
runAsNonRoot: true
- runAsUser: 1000
- seccompProfile:
- type: RuntimeDefault
+ # runAsUser: 1000
seccompProfile:
type: RuntimeDefault
+ # Uncomment this once 4.10 is out of scope
+ # seccompProfile:
+ # type: RuntimeDefault
+ seccompProfile: null

@@ -331,7 +331,7 @@
resources: {}
# requests:
@@ -331,9 +333,11 @@ webhook:
- ALL
readOnlyRootFilesystem: true
runAsNonRoot: true
- runAsUser: 1000
- seccompProfile:
- type: RuntimeDefault
+ # runAsUser: 1000
seccompProfile:
type: RuntimeDefault
+ seccompProfile: null
+ # Uncomment this once 4.10 is out of scope
+ # seccompProfile:
+ # type: RuntimeDefault

@@ -453,7 +453,7 @@
resources: {}
# requests:
@@ -453,9 +457,11 @@ certController:
- ALL
readOnlyRootFilesystem: true
runAsNonRoot: true
- runAsUser: 1000
- seccompProfile:
- type: RuntimeDefault
+ # runAsUser: 1000
seccompProfile:
type: RuntimeDefault
+ seccompProfile: null
+ # Uncomment this once 4.10 is out of scope
+ # seccompProfile:
+ # type: RuntimeDefault

resources: {}
# requests:
6 changes: 3 additions & 3 deletions common/golang-external-secrets/values.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -11,10 +11,10 @@ clusterGroup:

external-secrets:
image:
tag: v0.8.3-ubi
tag: v0.8.5-ubi
webhook:
image:
tag: v0.8.3-ubi
tag: v0.8.5-ubi
certController:
image:
tag: v0.8.3-ubi
tag: v0.8.5-ubi
80 changes: 37 additions & 43 deletions common/tests/golang-external-secrets-industrial-edge-factory.expected.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6,10 +6,10 @@ metadata:
name: external-secrets-cert-controller
namespace: "default"
labels:
helm.sh/chart: external-secrets-0.8.3
helm.sh/chart: external-secrets-0.8.5
app.kubernetes.io/name: external-secrets-cert-controller
app.kubernetes.io/instance: golang-external-secrets
app.kubernetes.io/version: "v0.8.3"
app.kubernetes.io/version: "v0.8.5"
app.kubernetes.io/managed-by: Helm
---
# Source: golang-external-secrets/charts/external-secrets/templates/serviceaccount.yaml
Expand All @@ -19,10 +19,10 @@ metadata:
name: golang-external-secrets
namespace: "default"
labels:
helm.sh/chart: external-secrets-0.8.3
helm.sh/chart: external-secrets-0.8.5
app.kubernetes.io/name: external-secrets
app.kubernetes.io/instance: golang-external-secrets
app.kubernetes.io/version: "v0.8.3"
app.kubernetes.io/version: "v0.8.5"
app.kubernetes.io/managed-by: Helm
---
# Source: golang-external-secrets/charts/external-secrets/templates/webhook-serviceaccount.yaml
Expand All @@ -32,10 +32,10 @@ metadata:
name: external-secrets-webhook
namespace: "default"
labels:
helm.sh/chart: external-secrets-0.8.3
helm.sh/chart: external-secrets-0.8.5
app.kubernetes.io/name: external-secrets-webhook
app.kubernetes.io/instance: golang-external-secrets
app.kubernetes.io/version: "v0.8.3"
app.kubernetes.io/version: "v0.8.5"
app.kubernetes.io/managed-by: Helm
---
# Source: golang-external-secrets/charts/external-secrets/templates/webhook-secret.yaml
Expand All @@ -45,10 +45,10 @@ metadata:
name: golang-external-secrets-webhook
namespace: "default"
labels:
helm.sh/chart: external-secrets-0.8.3
helm.sh/chart: external-secrets-0.8.5
app.kubernetes.io/name: external-secrets-webhook
app.kubernetes.io/instance: golang-external-secrets
app.kubernetes.io/version: "v0.8.3"
app.kubernetes.io/version: "v0.8.5"
app.kubernetes.io/managed-by: Helm
external-secrets.io/component: webhook
---
Expand Down Expand Up @@ -7771,10 +7771,10 @@ kind: ClusterRole
metadata:
name: golang-external-secrets-cert-controller
labels:
helm.sh/chart: external-secrets-0.8.3
helm.sh/chart: external-secrets-0.8.5
app.kubernetes.io/name: external-secrets-cert-controller
app.kubernetes.io/instance: golang-external-secrets
app.kubernetes.io/version: "v0.8.3"
app.kubernetes.io/version: "v0.8.5"
app.kubernetes.io/managed-by: Helm
rules:
- apiGroups:
Expand Down Expand Up @@ -7838,10 +7838,10 @@ kind: ClusterRole
metadata:
name: golang-external-secrets-controller
labels:
helm.sh/chart: external-secrets-0.8.3
helm.sh/chart: external-secrets-0.8.5
app.kubernetes.io/name: external-secrets
app.kubernetes.io/instance: golang-external-secrets
app.kubernetes.io/version: "v0.8.3"
app.kubernetes.io/version: "v0.8.5"
app.kubernetes.io/managed-by: Helm
rules:
- apiGroups:
Expand Down Expand Up @@ -7947,10 +7947,10 @@ kind: ClusterRole
metadata:
name: golang-external-secrets-view
labels:
helm.sh/chart: external-secrets-0.8.3
helm.sh/chart: external-secrets-0.8.5
app.kubernetes.io/name: external-secrets
app.kubernetes.io/instance: golang-external-secrets
app.kubernetes.io/version: "v0.8.3"
app.kubernetes.io/version: "v0.8.5"
app.kubernetes.io/managed-by: Helm
rbac.authorization.k8s.io/aggregate-to-view: "true"
rbac.authorization.k8s.io/aggregate-to-edit: "true"
Expand Down Expand Up @@ -7987,10 +7987,10 @@ kind: ClusterRole
metadata:
name: golang-external-secrets-edit
labels:
helm.sh/chart: external-secrets-0.8.3
helm.sh/chart: external-secrets-0.8.5
app.kubernetes.io/name: external-secrets
app.kubernetes.io/instance: golang-external-secrets
app.kubernetes.io/version: "v0.8.3"
app.kubernetes.io/version: "v0.8.5"
app.kubernetes.io/managed-by: Helm
rbac.authorization.k8s.io/aggregate-to-edit: "true"
rbac.authorization.k8s.io/aggregate-to-admin: "true"
Expand Down Expand Up @@ -8031,10 +8031,10 @@ metadata:
name: golang-external-secrets-servicebindings
labels:
servicebinding.io/controller: "true"
helm.sh/chart: external-secrets-0.8.3
helm.sh/chart: external-secrets-0.8.5
app.kubernetes.io/name: external-secrets
app.kubernetes.io/instance: golang-external-secrets
app.kubernetes.io/version: "v0.8.3"
app.kubernetes.io/version: "v0.8.5"
app.kubernetes.io/managed-by: Helm
rules:
- apiGroups:
Expand All @@ -8052,10 +8052,10 @@ kind: ClusterRoleBinding
metadata:
name: golang-external-secrets-cert-controller
labels:
helm.sh/chart: external-secrets-0.8.3
helm.sh/chart: external-secrets-0.8.5
app.kubernetes.io/name: external-secrets-cert-controller
app.kubernetes.io/instance: golang-external-secrets
app.kubernetes.io/version: "v0.8.3"
app.kubernetes.io/version: "v0.8.5"
app.kubernetes.io/managed-by: Helm
roleRef:
apiGroup: rbac.authorization.k8s.io
Expand All @@ -8072,10 +8072,10 @@ kind: ClusterRoleBinding
metadata:
name: golang-external-secrets-controller
labels:
helm.sh/chart: external-secrets-0.8.3
helm.sh/chart: external-secrets-0.8.5
app.kubernetes.io/name: external-secrets
app.kubernetes.io/instance: golang-external-secrets
app.kubernetes.io/version: "v0.8.3"
app.kubernetes.io/version: "v0.8.5"
app.kubernetes.io/managed-by: Helm
roleRef:
apiGroup: rbac.authorization.k8s.io
Expand Down Expand Up @@ -8108,10 +8108,10 @@ metadata:
name: golang-external-secrets-leaderelection
namespace: "default"
labels:
helm.sh/chart: external-secrets-0.8.3
helm.sh/chart: external-secrets-0.8.5
app.kubernetes.io/name: external-secrets
app.kubernetes.io/instance: golang-external-secrets
app.kubernetes.io/version: "v0.8.3"
app.kubernetes.io/version: "v0.8.5"
app.kubernetes.io/managed-by: Helm
rules:
- apiGroups:
Expand Down Expand Up @@ -8147,10 +8147,10 @@ metadata:
name: golang-external-secrets-leaderelection
namespace: "default"
labels:
helm.sh/chart: external-secrets-0.8.3
helm.sh/chart: external-secrets-0.8.5
app.kubernetes.io/name: external-secrets
app.kubernetes.io/instance: golang-external-secrets
app.kubernetes.io/version: "v0.8.3"
app.kubernetes.io/version: "v0.8.5"
app.kubernetes.io/managed-by: Helm
roleRef:
apiGroup: rbac.authorization.k8s.io
Expand All @@ -8168,10 +8168,10 @@ metadata:
name: golang-external-secrets-webhook
namespace: "default"
labels:
helm.sh/chart: external-secrets-0.8.3
helm.sh/chart: external-secrets-0.8.5
app.kubernetes.io/name: external-secrets-webhook
app.kubernetes.io/instance: golang-external-secrets
app.kubernetes.io/version: "v0.8.3"
app.kubernetes.io/version: "v0.8.5"
app.kubernetes.io/managed-by: Helm
external-secrets.io/component: webhook
spec:
Expand All @@ -8192,10 +8192,10 @@ metadata:
name: golang-external-secrets-cert-controller
namespace: "default"
labels:
helm.sh/chart: external-secrets-0.8.3
helm.sh/chart: external-secrets-0.8.5
app.kubernetes.io/name: external-secrets-cert-controller
app.kubernetes.io/instance: golang-external-secrets
app.kubernetes.io/version: "v0.8.3"
app.kubernetes.io/version: "v0.8.5"
app.kubernetes.io/managed-by: Helm
spec:
replicas: 1
Expand All @@ -8222,9 +8222,7 @@ spec:
- ALL
readOnlyRootFilesystem: true
runAsNonRoot: true
seccompProfile:
type: RuntimeDefault
image: "ghcr.io/external-secrets/external-secrets:v0.8.3-ubi"
image: "ghcr.io/external-secrets/external-secrets:v0.8.5-ubi"
imagePullPolicy: IfNotPresent
args:
- certcontroller
Expand Down Expand Up @@ -8252,10 +8250,10 @@ metadata:
name: golang-external-secrets
namespace: "default"
labels:
helm.sh/chart: external-secrets-0.8.3
helm.sh/chart: external-secrets-0.8.5
app.kubernetes.io/name: external-secrets
app.kubernetes.io/instance: golang-external-secrets
app.kubernetes.io/version: "v0.8.3"
app.kubernetes.io/version: "v0.8.5"
app.kubernetes.io/managed-by: Helm
spec:
replicas: 1
Expand All @@ -8282,9 +8280,7 @@ spec:
- ALL
readOnlyRootFilesystem: true
runAsNonRoot: true
seccompProfile:
type: RuntimeDefault
image: "ghcr.io/external-secrets/external-secrets:v0.8.3-ubi"
image: "ghcr.io/external-secrets/external-secrets:v0.8.5-ubi"
imagePullPolicy: IfNotPresent
args:
- --concurrent=1
Expand All @@ -8300,10 +8296,10 @@ metadata:
name: golang-external-secrets-webhook
namespace: "default"
labels:
helm.sh/chart: external-secrets-0.8.3
helm.sh/chart: external-secrets-0.8.5
app.kubernetes.io/name: external-secrets-webhook
app.kubernetes.io/instance: golang-external-secrets
app.kubernetes.io/version: "v0.8.3"
app.kubernetes.io/version: "v0.8.5"
app.kubernetes.io/managed-by: Helm
spec:
replicas: 1
Expand All @@ -8330,9 +8326,7 @@ spec:
- ALL
readOnlyRootFilesystem: true
runAsNonRoot: true
seccompProfile:
type: RuntimeDefault
image: "ghcr.io/external-secrets/external-secrets:v0.8.3-ubi"
image: "ghcr.io/external-secrets/external-secrets:v0.8.5-ubi"
imagePullPolicy: IfNotPresent
args:
- webhook
Expand Down
Loading

0 comments on commit 297ea5b

Please sign in to comment.