Erich Blume
796baaa41a
## Summary - Upgrade External Secrets Operator from v1.3.2 (helm-chart-2.0.0) to v2.2.0 - Migrate from Helm chart deployment to static kustomize manifests, matching the repo's kustomize-first pattern - Merge separate `-config` ArgoCD apps into the main operator apps (6 → 4 apps) - Clean up Helm-specific labels (`helm.sh/chart`, `managed-by: Helm`) - Update README example from v1beta1 to v1 API ## Breaking changes assessment Low risk — v2.0.0 removed Alibaba and Device42 providers (we use neither). No templating changes affect us. All ExternalSecrets already use v1 API. ## Deployment steps 1. Sync CRDs first on both clusters (new CRD version) 2. Sync operator apps (now kustomize-based) 3. Verify ClusterSecretStore and all ExternalSecrets are healthy 4. Delete orphaned config apps: `argocd app delete external-secrets-config` and `-config-ringtail` 5. `mise run services-check` Reviewed-on: #312
25 lines
715 B
YAML
25 lines
715 B
YAML
# External Secrets Operator for ringtail k3s cluster
|
|
# Same manifests as indri, different destination
|
|
#
|
|
# Prerequisites:
|
|
# - 1password-connect-ringtail must be deployed and healthy
|
|
# - external-secrets-crds-ringtail must be synced first
|
|
#
|
|
apiVersion: argoproj.io/v1alpha1
|
|
kind: Application
|
|
metadata:
|
|
name: external-secrets-ringtail
|
|
namespace: argocd
|
|
spec:
|
|
project: default
|
|
source:
|
|
repoURL: ssh://forgejo@forge.ops.eblu.me:2222/eblume/blumeops.git
|
|
targetRevision: main
|
|
path: argocd/manifests/external-secrets
|
|
destination:
|
|
server: https://ringtail.tail8d86e.ts.net:6443
|
|
namespace: external-secrets
|
|
syncPolicy:
|
|
syncOptions:
|
|
- CreateNamespace=true
|
|
- ServerSideApply=true
|