Skip to content

chore: update external secrets to 2.4.0#3187

Open
merll wants to merge 6 commits intomainfrom
ci-update-external-secrets-to-2.4.0
Open

chore: update external secrets to 2.4.0#3187
merll wants to merge 6 commits intomainfrom
ci-update-external-secrets-to-2.4.0

Conversation

@merll
Copy link
Copy Markdown
Collaborator

@merll merll commented Apr 28, 2026

📌 Summary

🔍 Reviewer Notes

🧹 Checklist

  • Code is readable, maintainable, and robust.
  • Unit tests added/updated

@svcAPLBot
Copy link
Copy Markdown
Contributor

svcAPLBot commented Apr 28, 2026
edited
Loading

Comparison of Helm chart templating output:

# raw/templates/resources.yaml

@@ apiVersion @@
# external-secrets.io/v1/ExternalSecret/apl-gitea-operator/apl-gitea-operator-secret
! ± value change
- external-secrets.io/v1beta1
+ external-secrets.io/v1

# raw/templates/resources.yaml

@@ apiVersion @@
# external-secrets.io/v1/ExternalSecret/apl-harbor-operator/apl-harbor-operator-secret
! ± value change
- external-secrets.io/v1beta1
+ external-secrets.io/v1

# raw/templates/resources.yaml

@@ apiVersion @@
# external-secrets.io/v1/ExternalSecret/apl-keycloak-operator/apl-keycloak-operator-secret
! ± value change
- external-secrets.io/v1beta1
+ external-secrets.io/v1

# raw/templates/resources.yaml

@@ apiVersion @@
! ± value change
- external-secrets.io/v1beta1
+ external-secrets.io/v1

# raw/templates/resources.yaml

@@ apiVersion @@
# external-secrets.io/v1/ExternalSecret/argocd/argocd-repo-creds-gitea-internal
! ± value change
- external-secrets.io/v1beta1
+ external-secrets.io/v1

@@ apiVersion @@
# external-secrets.io/v1/ExternalSecret/argocd/argocd-repo-creds-gitea
! ± value change
- external-secrets.io/v1beta1
+ external-secrets.io/v1

@@ apiVersion @@
# external-secrets.io/v1/ExternalSecret/argocd/argocd-redis-secret
! ± value change
- external-secrets.io/v1beta1
+ external-secrets.io/v1

@@ apiVersion @@
# external-secrets.io/v1/ExternalSecret/argocd/argocd-oidc-secret
! ± value change
- external-secrets.io/v1beta1
+ external-secrets.io/v1

# raw/templates/resources.yaml

@@ apiVersion @@
# external-secrets.io/v1/ExternalSecret/custom-ca
! ± value change
- external-secrets.io/v1beta1
+ external-secrets.io/v1

@@ apiVersion @@
# external-secrets.io/v1/ExternalSecret/external-dns
! ± value change
- external-secrets.io/v1beta1
+ external-secrets.io/v1

# New file added: external-secrets/templates/cert-controller-deployment.yaml
# New file added: external-secrets/templates/cert-controller-rbac.yaml
# New file added: external-secrets/templates/cert-controller-serviceaccount.yaml
# Old file deleted: external-secrets/templates/clusterrole.yaml
# external-secrets/templates/deployment.yaml

@@ spec @@
! + one map entry added:
+ revisionHistoryLimit: 10

@@ spec.template.metadata.labels @@
! + three map entries added:
+ helm.sh/chart: external-secrets-2.4.0
+ app.kubernetes.io/version: v2.4.0
+ app.kubernetes.io/managed-by: Helm

@@ spec.template.spec @@
! + three map entries added:
+ automountServiceAccountToken: true
+ hostNetwork: false
+ dnsPolicy: ClusterFirst

@@ spec.template.spec.containers.external-secrets @@
! + one map entry added:
+ securityContext:
+   allowPrivilegeEscalation: false
+   capabilities:
+     drop:
+     - ALL
+   readOnlyRootFilesystem: true
+   runAsNonRoot: true
+   runAsUser: 1000
+   seccompProfile:
+     type: RuntimeDefault

@@ spec.template.spec.containers.external-secrets.image @@
! ± value change
- ghcr.io/external-secrets/external-secrets:v0.14.3
+ ghcr.io/external-secrets/external-secrets:v2.4.0

@@ spec.template.spec.containers.external-secrets.args @@
! + five list entries added:
+ - "--enable-cluster-external-secret-reconciler=false"
+ - "--enable-cluster-push-secret-reconciler=false"
+ - "--enable-push-secret-reconciler=false"
+ - "--loglevel=info"
+ - "--zap-time-encoding=epoch"

# New file added: external-secrets/templates/rbac.yaml
# external-secrets/templates/serviceaccount.yaml

# New file added: external-secrets/templates/validatingwebhook.yaml
# New file added: external-secrets/templates/webhook-deployment.yaml
# New file added: external-secrets/templates/webhook-secret.yaml
# New file added: external-secrets/templates/webhook-service.yaml
# New file added: external-secrets/templates/webhook-serviceaccount.yaml
# raw/templates/resources.yaml

@@ apiVersion @@
# external-secrets.io/v1/ClusterSecretStore/core-secrets-store
! ± value change
- external-secrets.io/v1beta1
+ external-secrets.io/v1

# raw/templates/resources.yaml

@@ apiVersion @@
# external-secrets.io/v1/ExternalSecret/gitea-smtp-secret
! ± value change
- external-secrets.io/v1beta1
+ external-secrets.io/v1

@@ apiVersion @@
# external-secrets.io/v1/ExternalSecret/linode-creds
! ± value change
- external-secrets.io/v1beta1
+ external-secrets.io/v1

@@ apiVersion @@
# external-secrets.io/v1/ExternalSecret/gitea-admin-secret
! ± value change
- external-secrets.io/v1beta1
+ external-secrets.io/v1

# raw/templates/resources.yaml

@@ apiVersion @@
! ± value change
- external-secrets.io/v1beta1
+ external-secrets.io/v1

# raw/templates/resources.yaml

@@ apiVersion @@
# external-secrets.io/v1/ExternalSecret/harbor-registry-credentials
! ± value change
- external-secrets.io/v1beta1
+ external-secrets.io/v1

@@ apiVersion @@
# external-secrets.io/v1/ExternalSecret/registry-storage-credentials
! ± value change
- external-secrets.io/v1beta1
+ external-secrets.io/v1

@@ apiVersion @@
# external-secrets.io/v1/ExternalSecret/linode-creds
! ± value change
- external-secrets.io/v1beta1
+ external-secrets.io/v1

@@ apiVersion @@
# external-secrets.io/v1/ExternalSecret/harbor-registry-http
! ± value change
- external-secrets.io/v1beta1
+ external-secrets.io/v1

@@ apiVersion @@
# external-secrets.io/v1/ExternalSecret/harbor-jobservice-secret
! ± value change
- external-secrets.io/v1beta1
+ external-secrets.io/v1

@@ apiVersion @@
# external-secrets.io/v1/ExternalSecret/harbor-core-xsrf-secret
! ± value change
- external-secrets.io/v1beta1
+ external-secrets.io/v1

@@ apiVersion @@
# external-secrets.io/v1/ExternalSecret/harbor-core-secret
! ± value change
- external-secrets.io/v1beta1
+ external-secrets.io/v1

@@ apiVersion @@
# external-secrets.io/v1/ExternalSecret/harbor-secret-key
! ± value change
- external-secrets.io/v1beta1
+ external-secrets.io/v1

@@ apiVersion @@
# external-secrets.io/v1/ExternalSecret/harbor-admin-password
! ± value change
- external-secrets.io/v1beta1
+ external-secrets.io/v1

# raw/templates/resources.yaml

@@ apiVersion @@
# external-secrets.io/v1/ExternalSecret/oauth2-proxy-client-access
! ± value change
- external-secrets.io/v1beta1
+ external-secrets.io/v1

@@ apiVersion @@
# external-secrets.io/v1/ExternalSecret/oauth2-proxy-redis-password
! ± value change
- external-secrets.io/v1beta1
+ external-secrets.io/v1

# raw/templates/resources.yaml

@@ apiVersion @@
# external-secrets.io/v1/ExternalSecret/linode-creds
! ± value change
- external-secrets.io/v1beta1
+ external-secrets.io/v1

@@ apiVersion @@
# external-secrets.io/v1/ExternalSecret/keycloak/keycloak-initial-admin
! ± value change
- external-secrets.io/v1beta1
+ external-secrets.io/v1

# raw/templates/resources.yaml

@@ apiVersion @@
# external-secrets.io/v1/ExternalSecret/mlpipeline-obj-artifact
! ± value change
- external-secrets.io/v1beta1
+ external-secrets.io/v1

@@ apiVersion @@
# external-secrets.io/v1/ExternalSecret/kfp-mysql-secret
! ± value change
- external-secrets.io/v1beta1
+ external-secrets.io/v1

# raw/templates/resources.yaml

@@ apiVersion @@
# external-secrets.io/v1/ExternalSecret/reverse-proxy-auth-config
! ± value change
- external-secrets.io/v1beta1
+ external-secrets.io/v1

@@ apiVersion @@
# external-secrets.io/v1/ExternalSecret/loki-s3-linode-credentials
! ± value change
- external-secrets.io/v1beta1
+ external-secrets.io/v1

# raw/templates/resources.yaml

@@ apiVersion @@
! ± value change
- external-secrets.io/v1beta1
+ external-secrets.io/v1

# raw/templates/resources.yaml

@@ apiVersion @@
# external-secrets.io/v1/ExternalSecret/monitoring/alertmanager-platform-config
! ± value change
- external-secrets.io/v1beta1
+ external-secrets.io/v1

@@ apiVersion @@
# external-secrets.io/v1/ExternalSecret/prometheus-remote-write-basic-auth
! ± value change
- external-secrets.io/v1beta1
+ external-secrets.io/v1

@@ apiVersion @@
# external-secrets.io/v1/ExternalSecret/monitoring/grafana-loki-datasource-secret
! ± value change
- external-secrets.io/v1beta1
+ external-secrets.io/v1

@@ apiVersion @@
# external-secrets.io/v1/ExternalSecret/monitoring/grafana-oidc-secret
! ± value change
- external-secrets.io/v1beta1
+ external-secrets.io/v1

@@ apiVersion @@
# external-secrets.io/v1/ExternalSecret/monitoring/grafana-admin-secret
! ± value change
- external-secrets.io/v1beta1
+ external-secrets.io/v1

# raw/templates/resources.yaml

@@ apiVersion @@
! ± value change
- external-secrets.io/v1beta1
+ external-secrets.io/v1

# rabbitmq-cluster-operator/templates/messaging-topology-operator/validating-webhook-configuration.yaml

# raw/templates/resources.yaml

@@ apiVersion @@
# external-secrets.io/v1/ExternalSecret/team-demo/alertmanager-team-demo-config
! ± value change
- external-secrets.io/v1beta1
+ external-secrets.io/v1

@@ apiVersion @@
# external-secrets.io/v1/ExternalSecret/team-demo/grafana-loki-datasource-secret
! ± value change
- external-secrets.io/v1beta1
+ external-secrets.io/v1

@@ apiVersion @@
# external-secrets.io/v1/ExternalSecret/team-demo/grafana-oidc-secret
! ± value change
- external-secrets.io/v1beta1
+ external-secrets.io/v1

@@ apiVersion @@
# external-secrets.io/v1/ExternalSecret/team-demo/team-demo-grafana-admin
! ± value change
- external-secrets.io/v1beta1
+ external-secrets.io/v1

# raw/templates/resources.yaml

@@ apiVersion @@
# external-secrets.io/v1/ExternalSecret/team-dev/alertmanager-team-dev-config
! ± value change
- external-secrets.io/v1beta1
+ external-secrets.io/v1

@@ spec.data @@
# external-secrets.io/v1/ExternalSecret/team-dev/alertmanager-team-dev-config
! ± type change from <nil> to list
- <nil>
+

@@ apiVersion @@
# external-secrets.io/v1/ExternalSecret/team-dev/grafana-loki-datasource-secret
! ± value change
- external-secrets.io/v1beta1
+ external-secrets.io/v1

@@ apiVersion @@
# external-secrets.io/v1/ExternalSecret/team-dev/grafana-oidc-secret
! ± value change
- external-secrets.io/v1beta1
+ external-secrets.io/v1

@@ apiVersion @@
# external-secrets.io/v1/ExternalSecret/team-dev/team-dev-grafana-admin
! ± value change
- external-secrets.io/v1beta1
+ external-secrets.io/v1

# values-repo.yaml

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@ferruhcihan ferruhcihan Awaiting requested review from ferruhcihan ferruhcihan is a code owner

@CasLubbers CasLubbers Awaiting requested review from CasLubbers CasLubbers is a code owner

@j-zimnowoda j-zimnowoda Awaiting requested review from j-zimnowoda j-zimnowoda is a code owner

@Ani1357 Ani1357 Awaiting requested review from Ani1357 Ani1357 is a code owner

At least 2 approving reviews are required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@merll @svcAPLBot