Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat: update helm chart external-secrets to 0.11.0 #3899

Merged
merged 1 commit into from
Dec 2, 2024
Merged

feat: update helm chart external-secrets to 0.11.0 #3899

merged 1 commit into from
Dec 2, 2024

Conversation

tvories-tbot[bot]
Copy link
Contributor

@tvories-tbot tvories-tbot bot commented Dec 2, 2024

This PR contains the following updates:

Package Update Change
external-secrets minor 0.10.7 -> 0.11.0

Warning

Some dependencies could not be looked up. Check the Dependency Dashboard for more information.

Release Notes

external-secrets/external-secrets (external-secrets)

v0.11.0

Compare Source

Kubernetes API load and significant decrease

A new way of reconciling external secrets has been added with pull request #​4086.

This significantly reduces the number of API calls that we make to the kubernetes API server.

  1. Memory usage might increase if you are not already using --enable-secrets-caching
    1. If you are using --enable-secrets-caching and want to decrease memory usage at the expense of slightly higher API usage, you can disable it and only enable --enable-managed-secrets-caching (which is the new default)
  2. In ALL cases (even when CreationPolicy is Merge), if a data key in the target Secret was created by the ExternalSecret, and it no longer exists in the template (or data/dataFrom), it will be removed from the target secret:
    1. This might cause some peoples secrets to be "cleaned of data keys" when updating to 0.11.
    2. Previously, the behaviour was undefined, and confusing because it was sort of broken when the template feature was added.
    3. The one exception is that ALL the data suddenly becomes empty and the DeletionPolicy is retain, in which case we will not even report and error, just change the SecretSynced message to explain that the secret was retained.
  3. When CreationPolicy is Owner, we now will NEVER retain any keys and fully calculate the "desired state" of the target secret each loop:
    1. This means that some peoples secrets might have keys removed when updating to 0.11.
Generators and ClusterGenerator

We added ClusterGenerators and Generator caching as well. This might create some problems in the way generators are defined now.

CRD Admission Restrictions

All of the CRDs now have proper kubebuilder markers for validation. This might surprise someone leaving out some data that was essentially actually required or expected in a certain format. This is now validated in #​4104.

Images

Image: ghcr.io/external-secrets/external-secrets:v0.11.0
Image: ghcr.io/external-secrets/external-secrets:v0.11.0-ubi
Image: ghcr.io/external-secrets/external-secrets:v0.11.0-ubi-boringssl

What's Changed
New Contributors

Full Changelog: external-secrets/external-secrets@v0.10.7...v0.11.0

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

  • If you want to rebase/retry this PR, check this box

This PR has been generated by Renovate Bot.

@tvories-tbot
feat: update helm chart external-secrets to 0.11.0
986b2c0 
| datasource | package          | from   | to     |
| ---------- | ---------------- | ------ | ------ |
| helm       | external-secrets | 0.10.7 | 0.11.0 |
@tvories-tbot tvories-tbot bot requested a review from tvories as a code owner December 2, 2024 10:04
@tvories-tbot
Copy link
Contributor Author

tvories-tbot bot commented Dec 2, 2024

🦙 MegaLinter status: ✅ SUCCESS

Descriptor Linter Files Fixed Errors Elapsed time
✅ YAML prettier 2 0 0.27s

See detailed report in MegaLinter reports
Set VALIDATE_ALL_CODEBASE: true in mega-linter.yml to validate all sources, not only the diff

MegaLinter is graciously provided by OX Security

@tvories-tbot
Copy link
Contributor Author

tvories-tbot bot commented Dec 2, 2024

Edited/Blocked Notification

Renovate will not automatically rebase this PR, because it does not recognize the last commit author and assumes somebody else may have edited the PR.

You can manually request rebase by checking the rebase/retry box above.

⚠️ Warning: custom changes will be lost.

@tvories tvories merged commit 92fabef into main Dec 2, 2024
2 checks passed
@tvories tvories deleted the renovate/external-secrets-0.x branch December 2, 2024 20:49
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@tvories tvories Awaiting requested review from tvories tvories is a code owner

Assignees
No one assigned
Labels
renovate/helm type/minor
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@tvories