Erich Blume
105a2c8c08
## Summary - Bump External Secrets Operator Helm chart from `helm-chart-1.3.1` to `helm-chart-2.0.0` (operator v1.3.2) - Updates both the operator app and CRDs app `targetRevision` - No Helm values changes needed — `installCRDs`, `resources`, `webhook`, `certController` keys are unchanged ## Breaking changes in chart 2.0.0 - **Removed providers:** Alibaba and Device42 (unmaintained) — does not affect our 1Password setup - **Templating engine v1 deprecated** — our ExternalSecrets don't set `engineVersion`, so they use the default (v2) - **Webhook `failurePolicy`** for SecretStore is now dynamic ## Deployment 1. Sync CRDs first: `argocd app set external-secrets-crds --revision update/external-secrets-helm-2.0.0 && argocd app sync external-secrets-crds` 2. Sync operator: `argocd app set external-secrets --revision update/external-secrets-helm-2.0.0 && argocd app sync external-secrets` 3. Verify: `kubectl --context=minikube-indri -n external-secrets get pods` 4. After merge, set both apps back to `--revision main` 🤖 Generated with [Claude Code](https://claude.com/claude-code) Reviewed-on: https://forge.ops.eblu.me/eblume/blumeops/pulls/203
33 lines
1 KiB
YAML
33 lines
1 KiB
YAML
# External Secrets Operator - Kubernetes secret sync from external providers
|
|
# Syncs secrets from 1Password Connect to native Kubernetes Secrets
|
|
#
|
|
# Chart mirrored from https://github.com/external-secrets/external-secrets
|
|
#
|
|
# Prerequisites:
|
|
# - 1password-connect must be deployed and healthy
|
|
#
|
|
apiVersion: argoproj.io/v1alpha1
|
|
kind: Application
|
|
metadata:
|
|
name: external-secrets
|
|
namespace: argocd
|
|
spec:
|
|
project: default
|
|
sources:
|
|
- repoURL: ssh://forgejo@forge.ops.eblu.me:2222/eblume/external-secrets.git
|
|
targetRevision: helm-chart-2.0.0
|
|
path: deploy/charts/external-secrets
|
|
helm:
|
|
releaseName: external-secrets
|
|
valueFiles:
|
|
- $values/argocd/manifests/external-secrets/values.yaml
|
|
- repoURL: ssh://forgejo@forge.ops.eblu.me:2222/eblume/blumeops.git
|
|
targetRevision: main
|
|
ref: values
|
|
destination:
|
|
server: https://kubernetes.default.svc
|
|
namespace: external-secrets
|
|
syncPolicy:
|
|
syncOptions:
|
|
- CreateNamespace=true
|
|
- ServerSideApply=true
|