Update chart external-secrets to 0.11.0 #933

Merged
jahanson merged 1 commit from renovate/external-secrets-0.x into main 2024-12-02 11:50:53 -06:00
Collaborator

This PR contains the following updates:

Package Update Change
external-secrets minor 0.10.7 -> 0.11.0

Release Notes

external-secrets/external-secrets (external-secrets)

v0.11.0

Compare Source

Kubernetes API load and significant decrease

A new way of reconciling external secrets has been added with pull request #​4086.

This significantly reduces the number of API calls that we make to the kubernetes API server.

  1. Memory usage might increase if you are not already using --enable-secrets-caching
    1. If you are using --enable-secrets-caching and want to decrease memory usage at the expense of slightly higher API usage, you can disable it and only enable --enable-managed-secrets-caching (which is the new default)
  2. In ALL cases (even when CreationPolicy is Merge), if a data key in the target Secret was created by the ExternalSecret, and it no longer exists in the template (or data/dataFrom), it will be removed from the target secret:
    1. This might cause some peoples secrets to be "cleaned of data keys" when updating to 0.11.
    2. Previously, the behaviour was undefined, and confusing because it was sort of broken when the template feature was added.
    3. The one exception is that ALL the data suddenly becomes empty and the DeletionPolicy is retain, in which case we will not even report and error, just change the SecretSynced message to explain that the secret was retained.
  3. When CreationPolicy is Owner, we now will NEVER retain any keys and fully calculate the "desired state" of the target secret each loop:
    1. This means that some peoples secrets might have keys removed when updating to 0.11.

Generators and ClusterGenerator

We added ClusterGenerators and Generator caching as well. This might create some problems in the way generators are defined now.

CRD Admission Restrictions

All of the CRDs now have proper kubebuilder markers for validation. This might surprise someone leaving out some data that was essentially actually required or expected in a certain format. This is now validated in #​4104.

Images

Image: ghcr.io/external-secrets/external-secrets:v0.11.0
Image: ghcr.io/external-secrets/external-secrets:v0.11.0-ubi
Image: ghcr.io/external-secrets/external-secrets:v0.11.0-ubi-boringssl

What's Changed

New Contributors

Full Changelog: https://github.com/external-secrets/external-secrets/compare/v0.10.7...v0.11.0


Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.


  • If you want to rebase/retry this PR, check this box

This PR has been generated by Renovate Bot.

This PR contains the following updates: | Package | Update | Change | |---|---|---| | [external-secrets](https://github.com/external-secrets/external-secrets) | minor | `0.10.7` -> `0.11.0` | --- ### Release Notes <details> <summary>external-secrets/external-secrets (external-secrets)</summary> ### [`v0.11.0`](https://github.com/external-secrets/external-secrets/releases/tag/v0.11.0) [Compare Source](https://github.com/external-secrets/external-secrets/compare/v0.10.7...v0.11.0) #### Kubernetes API load and significant decrease A new way of reconciling external secrets has been added with pull request [#&#8203;4086](https://github.com/external-secrets/external-secrets/issues/4086). This significantly reduces the number of API calls that we make to the kubernetes API server. 1. Memory usage might increase if you are not already using `--enable-secrets-caching` 1. If you are using `--enable-secrets-caching` and want to decrease memory usage at the expense of slightly higher API usage, you can disable it and only enable `--enable-managed-secrets-caching` (which is the new default) 2. In ALL cases (even when CreationPolicy is Merge), if a data key in the target Secret was created by the ExternalSecret, and it no longer exists in the template (or data/dataFrom), it will be removed from the target secret: 1. This might cause some peoples secrets to be "cleaned of data keys" when updating to 0.11. 2. Previously, the behaviour was undefined, and confusing because it was sort of broken when the template feature was added. 3. The one exception is that ALL the data suddenly becomes empty and the DeletionPolicy is retain, in which case we will not even report and error, just change the SecretSynced message to explain that the secret was retained. 3. When CreationPolicy is Owner, we now will NEVER retain any keys and fully calculate the "desired state" of the target secret each loop: 1. This means that some peoples secrets might have keys removed when updating to 0.11. #### Generators and ClusterGenerator We added ClusterGenerators and Generator caching as well. This might create some problems in the way generators are defined now. #### CRD Admission Restrictions All of the CRDs now have proper kubebuilder markers for validation. This might surprise someone leaving out some data that was essentially actually required or expected in a certain format. This is now validated in [#&#8203;4104](https://github.com/external-secrets/external-secrets/issues/4104). #### Images Image: `ghcr.io/external-secrets/external-secrets:v0.11.0` Image: `ghcr.io/external-secrets/external-secrets:v0.11.0-ubi` Image: `ghcr.io/external-secrets/external-secrets:v0.11.0-ubi-boringssl` #### What's Changed - chore: bump version v0.10.7 by [@&#8203;Skarlso](https://github.com/Skarlso) in https://github.com/external-secrets/external-secrets/pull/4141 - feat: significantly reduce api calls and introduce partial secret cache by [@&#8203;thesuperzapper](https://github.com/thesuperzapper) in https://github.com/external-secrets/external-secrets/pull/4086 - chore(deps): bump mkdocs-material from 9.5.44 to 9.5.45 in /hack/api-docs by [@&#8203;dependabot](https://github.com/dependabot) in https://github.com/external-secrets/external-secrets/pull/4143 - chore(deps): bump tornado from 6.4.1 to 6.4.2 in /hack/api-docs by [@&#8203;dependabot](https://github.com/dependabot) in https://github.com/external-secrets/external-secrets/pull/4144 - chore(deps): bump codecov/codecov-action from 5.0.2 to 5.0.7 by [@&#8203;dependabot](https://github.com/dependabot) in https://github.com/external-secrets/external-secrets/pull/4145 - chore(deps): bump aquasecurity/trivy-action from 0.28.0 to 0.29.0 by [@&#8203;dependabot](https://github.com/dependabot) in https://github.com/external-secrets/external-secrets/pull/4146 - chore(deps): bump github/codeql-action from 3.27.4 to 3.27.5 by [@&#8203;dependabot](https://github.com/dependabot) in https://github.com/external-secrets/external-secrets/pull/4147 - chore: update dependencies by [@&#8203;eso-service-account-app](https://github.com/eso-service-account-app) in https://github.com/external-secrets/external-secrets/pull/4148 - fix: gitlab empty response by [@&#8203;Skarlso](https://github.com/Skarlso) in https://github.com/external-secrets/external-secrets/pull/4152 - feat: add ability to push expiration date to secret in azure key vault by [@&#8203;deggja](https://github.com/deggja) in https://github.com/external-secrets/external-secrets/pull/4149 - feat: implement a cluster-wide generator by [@&#8203;Skarlso](https://github.com/Skarlso) in https://github.com/external-secrets/external-secrets/pull/4140 - feat: Add API key auth support on BeyondTrust provider by [@&#8203;dtejadav](https://github.com/dtejadav) in https://github.com/external-secrets/external-secrets/pull/4101 - Add support for multiple Items fields in DelineSecretServer secrets by [@&#8203;ronaldosaheki](https://github.com/ronaldosaheki) in https://github.com/external-secrets/external-secrets/pull/4051 - chore: deprecation policy and deprecating process by [@&#8203;gusfcarvalho](https://github.com/gusfcarvalho) in https://github.com/external-secrets/external-secrets/pull/4154 - fix: use cache when retrieving generators by [@&#8203;thesuperzapper](https://github.com/thesuperzapper) in https://github.com/external-secrets/external-secrets/pull/4153 - fix: e2e test for AWS not setting name and namespace by [@&#8203;Skarlso](https://github.com/Skarlso) in https://github.com/external-secrets/external-secrets/pull/4157 - fix: handle managed identity ClientID or ResourceID in acr generator by [@&#8203;bonddim](https://github.com/bonddim) in https://github.com/external-secrets/external-secrets/pull/4150 - feat: add CRD validation for resource name/key fields by [@&#8203;thesuperzapper](https://github.com/thesuperzapper) in https://github.com/external-secrets/external-secrets/pull/4104 - fix: issues with generators by [@&#8203;thesuperzapper](https://github.com/thesuperzapper) in https://github.com/external-secrets/external-secrets/pull/4163 #### New Contributors - [@&#8203;thesuperzapper](https://github.com/thesuperzapper) made their first contribution in https://github.com/external-secrets/external-secrets/pull/4086 - [@&#8203;deggja](https://github.com/deggja) made their first contribution in https://github.com/external-secrets/external-secrets/pull/4149 - [@&#8203;dtejadav](https://github.com/dtejadav) made their first contribution in https://github.com/external-secrets/external-secrets/pull/4101 - [@&#8203;ronaldosaheki](https://github.com/ronaldosaheki) made their first contribution in https://github.com/external-secrets/external-secrets/pull/4051 - [@&#8203;bonddim](https://github.com/bonddim) made their first contribution in https://github.com/external-secrets/external-secrets/pull/4150 **Full Changelog**: https://github.com/external-secrets/external-secrets/compare/v0.10.7...v0.11.0 </details> --- ### Configuration 📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzOS40Mi40IiwidXBkYXRlZEluVmVyIjoiMzkuNDIuNCIsInRhcmdldEJyYW5jaCI6Im1haW4iLCJsYWJlbHMiOlsicmVub3ZhdGUvaGVsbSIsInR5cGUvbWlub3IiXX0=-->
smeagol-help added 1 commit 2024-12-02 08:35:01 -06:00
jahanson merged commit d4073a9b2d into main 2024-12-02 11:50:53 -06:00
jahanson deleted branch renovate/external-secrets-0.x 2024-12-02 11:50:53 -06:00
Sign in to join this conversation.
No reviewers
No labels
No milestone
No project
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference: jahanson/theshire#933
No description provided.