Upgrade External Secrets Operator v2.2.0 + migrate Helm to kustomize #312

Merged

eblume merged 1 commit from upgrade-external-secrets-v2 into main 2026-03-25 15:56:41 -07:00

Conversation 0 Commits 1 Files changed 16 +830 -111

eblume commented 2026-03-25 15:41:24 -07:00

Owner

Copy link

Summary

• Upgrade External Secrets Operator from v1.3.2 (helm-chart-2.0.0) to v2.2.0
• Migrate from Helm chart deployment to static kustomize manifests, matching the repo's kustomize-first pattern
• Merge separate -config ArgoCD apps into the main operator apps (6 → 4 apps)
• Clean up Helm-specific labels (helm.sh/chart, managed-by: Helm)
• Update README example from v1beta1 to v1 API

Breaking changes assessment

Low risk — v2.0.0 removed Alibaba and Device42 providers (we use neither). No templating changes affect us. All ExternalSecrets already use v1 API.

Deployment steps

1. Sync CRDs first on both clusters (new CRD version)
2. Sync operator apps (now kustomize-based)
3. Verify ClusterSecretStore and all ExternalSecrets are healthy
4. Delete orphaned config apps: argocd app delete external-secrets-config and -config-ringtail
5. mise run services-check

## Summary - Upgrade External Secrets Operator from v1.3.2 (helm-chart-2.0.0) to v2.2.0 - Migrate from Helm chart deployment to static kustomize manifests, matching the repo's kustomize-first pattern - Merge separate `-config` ArgoCD apps into the main operator apps (6 → 4 apps) - Clean up Helm-specific labels (`helm.sh/chart`, `managed-by: Helm`) - Update README example from v1beta1 to v1 API ## Breaking changes assessment Low risk — v2.0.0 removed Alibaba and Device42 providers (we use neither). No templating changes affect us. All ExternalSecrets already use v1 API. ## Deployment steps 1. Sync CRDs first on both clusters (new CRD version) 2. Sync operator apps (now kustomize-based) 3. Verify ClusterSecretStore and all ExternalSecrets are healthy 4. Delete orphaned config apps: `argocd app delete external-secrets-config` and `-config-ringtail` 5. `mise run services-check`

eblume added 1 commit 2026-03-25 15:41:25 -07:00

Upgrade External Secrets Operator v2.2.0 + migrate Helm to kustomize ... b178ee54ca

Replace the Helm chart deployment with static kustomize manifests rendered
from upstream chart v2.2.0. This aligns ESO with the repo's kustomize-first
pattern and simplifies upgrades. Merges the separate -config apps into the
main app, reducing from 6 to 4 ArgoCD applications.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

eblume merged commit 796baaa41a into main 2026-03-25 15:56:41 -07:00

eblume referenced this pull request from a commit 2026-03-25 15:56:42 -07:00

Upgrade External Secrets Operator v2.2.0 + migrate Helm to kustomize (#312)

Sign in to join this conversation.

Reviewers

No reviewers

Labels

Clear labels

No items

No labels

Milestone

Clear milestone

No items

No milestone

Projects

Clear projects

No items

No project

Assignees

Clear assignees

No assignees

1 participant

Notifications

Subscribe

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference

eblume/blumeops!312

No description provided.