diff --git a/Chart.lock b/Chart.lock index 95821a7..c7ec154 100644 --- a/Chart.lock +++ b/Chart.lock @@ -1,6 +1,6 @@ dependencies: - name: external-secrets repository: https://charts.external-secrets.io - version: 0.16.2 -digest: sha256:d80bbca5c0406a3f822520d47b510579d80fdfeae88bd2b014e0f839fe8d2b65 -generated: "2026-02-23T16:14:32.591223263+01:00" + version: 1.0.0 +digest: sha256:4024655e0256c2c61b7354509b0e29d58a320f7638815a23e890eca74b12c79d +generated: "2026-05-07T14:42:18.122786414+02:00" diff --git a/Chart.yaml b/Chart.yaml index 3ea833d..336d86b 100644 --- a/Chart.yaml +++ b/Chart.yaml @@ -6,7 +6,7 @@ name: golang-external-secrets version: 0.2.0 dependencies: - name: external-secrets - version: "0.16.2" + version: "1.0.0" repository: "https://charts.external-secrets.io" #"https://external-secrets.github.io/kubernetes-external-secrets" diff --git a/charts/external-secrets-0.16.2.tgz b/charts/external-secrets-0.16.2.tgz deleted file mode 100644 index 110c6b3..0000000 Binary files a/charts/external-secrets-0.16.2.tgz and /dev/null differ diff --git a/charts/external-secrets-1.0.0.tgz b/charts/external-secrets-1.0.0.tgz new file mode 100644 index 0000000..e44e21f Binary files /dev/null and b/charts/external-secrets-1.0.0.tgz differ diff --git a/local-patches/0001-runasuser-comment-out.patch b/local-patches/0001-runasuser-comment-out.patch index 6545881..a3d2fd3 100644 --- a/local-patches/0001-runasuser-comment-out.patch +++ b/local-patches/0001-runasuser-comment-out.patch @@ -1,8 +1,7 @@ -diff -up external-secrets/values.yaml.orig external-secrets/values.yaml ---- external-secrets/values.yaml.orig 2023-07-31 15:12:18.815909938 +0200 -+++ external-secrets/values.yaml 2023-07-31 15:32:59.905360226 +0200 -@@ -117,9 +117,11 @@ securityContext: - - ALL +--- external-secrets/values.yaml.orig 2025-11-07 13:00:07.000000000 +0100 ++++ external-secrets/values.yaml 2026-05-21 14:24:29.643282111 +0200 +@@ -208,9 +208,10 @@ securityContext: + enabled: true readOnlyRootFilesystem: true runAsNonRoot: true - runAsUser: 1000 @@ -12,34 +11,31 @@ diff -up external-secrets/values.yaml.orig external-secrets/values.yaml + # Uncomment this once 4.10 is out of scope + # seccompProfile: + # type: RuntimeDefault -+ seccompProfile: null resources: {} # requests: -@@ -331,9 +333,11 @@ webhook: - - ALL +@@ -522,9 +523,10 @@ webhook: + enabled: true readOnlyRootFilesystem: true runAsNonRoot: true - runAsUser: 1000 - seccompProfile: - type: RuntimeDefault + # runAsUser: 1000 -+ seccompProfile: null + # Uncomment this once 4.10 is out of scope + # seccompProfile: + # type: RuntimeDefault resources: {} # requests: -@@ -453,9 +457,11 @@ certController: - - ALL +@@ -666,9 +668,10 @@ certController: + enabled: true readOnlyRootFilesystem: true runAsNonRoot: true - runAsUser: 1000 - seccompProfile: - type: RuntimeDefault + # runAsUser: 1000 -+ seccompProfile: null + # Uncomment this once 4.10 is out of scope + # seccompProfile: + # type: RuntimeDefault diff --git a/local-patches/0002-serverisde-apply-crds.patch b/local-patches/0002-serverisde-apply-crds.patch new file mode 100644 index 0000000..6582da5 --- /dev/null +++ b/local-patches/0002-serverisde-apply-crds.patch @@ -0,0 +1,12 @@ +--- external-secrets/values.orig 2026-05-20 11:47:26.165841288 +0200 ++++ external-secrets/values.yaml 2026-05-20 11:47:39.985616724 +0200 +@@ -46,7 +46,8 @@ crds: + createClusterPushSecret: true + # -- If true, create CRDs for Push Secret. + createPushSecret: true +- annotations: {} ++ annotations: ++ argocd.argoproj.io/sync-options: ServerSideApply=true + conversion: + # -- Conversion is disabled by default as we stopped supporting v1alpha1. + enabled: false diff --git a/templates/kubernetes/golang-external-secrets-hub-secretstore.yaml b/templates/kubernetes/golang-external-secrets-hub-secretstore.yaml index 39c3f7c..d356071 100644 --- a/templates/kubernetes/golang-external-secrets-hub-secretstore.yaml +++ b/templates/kubernetes/golang-external-secrets-hub-secretstore.yaml @@ -1,6 +1,6 @@ {{- if eq .Values.global.secretStore.backend "kubernetes" }} --- -apiVersion: external-secrets.io/v1beta1 +apiVersion: external-secrets.io/v1 kind: ClusterSecretStore metadata: name: kubernetes-backend diff --git a/templates/vault/golang-external-secrets-hub-secretstore.yaml b/templates/vault/golang-external-secrets-hub-secretstore.yaml index 2d6afdc..c96620f 100644 --- a/templates/vault/golang-external-secrets-hub-secretstore.yaml +++ b/templates/vault/golang-external-secrets-hub-secretstore.yaml @@ -6,7 +6,7 @@ {{- end }} {{- end }} --- -apiVersion: external-secrets.io/v1beta1 +apiVersion: external-secrets.io/v1 kind: ClusterSecretStore metadata: name: vault-backend diff --git a/tests/golang_external_secrets_secretstore_test.yaml b/tests/golang_external_secrets_secretstore_test.yaml index bb5cb54..e8a33ed 100644 --- a/tests/golang_external_secrets_secretstore_test.yaml +++ b/tests/golang_external_secrets_secretstore_test.yaml @@ -23,7 +23,7 @@ tests: count: 1 - containsDocument: kind: ClusterSecretStore - apiVersion: external-secrets.io/v1beta1 + apiVersion: external-secrets.io/v1 name: vault-backend namespace: golang-external-secrets @@ -37,7 +37,7 @@ tests: count: 1 - containsDocument: kind: ClusterSecretStore - apiVersion: external-secrets.io/v1beta1 + apiVersion: external-secrets.io/v1 name: vault-backend namespace: golang-external-secrets diff --git a/values.yaml b/values.yaml index 5b152fe..7c7a0e4 100644 --- a/values.yaml +++ b/values.yaml @@ -72,12 +72,12 @@ clusterGroup: external-secrets: image: # -- Tag for the ESO main image - tag: v0.16.2-ubi + tag: v1.0.0-ubi webhook: image: # -- Tag for the ESO webhook image - tag: v0.16.2-ubi + tag: v1.0.0-ubi certController: image: # -- Tag for the ESO certController image - tag: v0.16.2-ubi + tag: v1.0.0-ubi