feat(helm): update external-secrets ( 0.9.20 → 0.10.0 )

[bot-akira[bot]]

trafficstars

This PR contains the following updates:

Package	Update	Change
external-secrets	minor	0.9.20 -> 0.10.0

---

[!WARNING] Some dependencies could not be looked up. Check the Dependency Dashboard for more information.

---

Release Notes

external-secrets/external-secrets (external-secrets)

v0.10.0

Compare Source

:warning: :red-alert: BREAKING CHANGE :red-alert: :warning:

• Webhook Generator Webhook generator labels have changed from generators.external-secrets.io/type: webhook to external-secrets.io/type: webhook.

• Webhook Provider Webhook provider now can only use secrets that are labeled with external-secrets.io/type: webhook. This enforces explicit setup for webhook secrets by users.

Fixing the issue:

add the label for the secret used by the webhook:

apiVersion: v1
kind: Secret
metadata:
  name: your-secret
  labels:
    external-secrets.io/type: webhook ### <<<<<<<<<<<<< ADD THIS
data:
...

Image: ghcr.io/external-secrets/external-secrets:v0.10.0 Image: ghcr.io/external-secrets/external-secrets:v0.10.0-ubi Image: ghcr.io/external-secrets/external-secrets:v0.10.0-ubi-boringssl

What's Changed

• chore: bump to 0.9.20 by @​gusfcarvalho in https://github.com/external-secrets/external-secrets/pull/3660
• chore(deps): bump golang from 1.22.4 to 1.22.5 by @​dependabot in https://github.com/external-secrets/external-secrets/pull/3662
• chore(deps): bump distroless/static from 4197211 to ce46866 by @​dependabot in https://github.com/external-secrets/external-secrets/pull/3663
• chore(deps): bump docker/setup-buildx-action from 3.3.0 to 3.4.0 by @​dependabot in https://github.com/external-secrets/external-secrets/pull/3665
• chore(deps): bump docker/setup-qemu-action from 3.0.0 to 3.1.0 by @​dependabot in https://github.com/external-secrets/external-secrets/pull/3666
• chore(deps): bump mkdocs-material from 9.5.27 to 9.5.28 in /hack/api-docs by @​dependabot in https://github.com/external-secrets/external-secrets/pull/3667
• chore(deps): bump certifi from 2024.6.2 to 2024.7.4 in /hack/api-docs by @​dependabot in https://github.com/external-secrets/external-secrets/pull/3668
• chore(deps): bump golang from 1.22.4-bookworm to 1.22.5-bookworm in /e2e by @​dependabot in https://github.com/external-secrets/external-secrets/pull/3669
• chore: update dependencies by @​eso-service-account-app in https://github.com/external-secrets/external-secrets/pull/3670
• sets eso-service-account for creating e2e comments by @​gusfcarvalho in https://github.com/external-secrets/external-secrets/pull/3678
• use github token for the actions check by @​gusfcarvalho in https://github.com/external-secrets/external-secrets/pull/3679
• Add support for Delinea Secret Server by @​pacificcode in https://github.com/external-secrets/external-secrets/pull/3468
• Fix: Only URL encode data being passed to URLs (#​3652) by @​ryanmeans in https://github.com/external-secrets/external-secrets/pull/3674
• Commenting secrets manifest from hashicorp vault integration #​3661 by @​jeffmachado in https://github.com/external-secrets/external-secrets/pull/3680
• docs: Fix namespaceRegexes in full-cluster-secret-store.yaml by @​excalq in https://github.com/external-secrets/external-secrets/pull/3681
• Support for Oracle PushSecret.property #​2911 by @​Aeyk in https://github.com/external-secrets/external-secrets/pull/3577
• support for adding headers in vault provider by @​abhinav1708 in https://github.com/external-secrets/external-secrets/pull/3677
• chore(deps): bump github/codeql-action from 3.25.11 to 3.25.12 by @​dependabot in https://github.com/external-secrets/external-secrets/pull/3688
• chore(deps): bump actions/setup-go from 5.0.1 to 5.0.2 by @​dependabot in https://github.com/external-secrets/external-secrets/pull/3691
• chore(deps): bump actions/setup-python from 5.1.0 to 5.1.1 by @​dependabot in https://github.com/external-secrets/external-secrets/pull/3690
• chore(deps): bump aquasecurity/trivy-action from 0.23.0 to 0.24.0 by @​dependabot in https://github.com/external-secrets/external-secrets/pull/3689
• chore(deps): bump golang from 8c9183f to 8c9183f by @​dependabot in https://github.com/external-secrets/external-secrets/pull/3687
• chore(deps): bump mkdocs-material from 9.5.28 to 9.5.29 in /hack/api-docs by @​dependabot in https://github.com/external-secrets/external-secrets/pull/3692
• fix: aws secretmanager's SecretExists returns true for non-existent secrets by @​mintbomb27 in https://github.com/external-secrets/external-secrets/pull/3684
• chore: update dependencies by @​eso-service-account-app in https://github.com/external-secrets/external-secrets/pull/3693
• Added 2 articles I wrote on AWS secrets injection and ESO templating by @​alinadir44 in https://github.com/external-secrets/external-secrets/pull/3707
• Update docs for namespaceSelectors usage and namespaceSelector deprecation by @​mtougeron in https://github.com/external-secrets/external-secrets/pull/3695
• fix: add namespace to path and route construction by @​Skarlso in https://github.com/external-secrets/external-secrets/pull/3632
• chore(deps): bump softprops/action-gh-release from 2.0.6 to 2.0.8 by @​dependabot in https://github.com/external-secrets/external-secrets/pull/3708
• chore(deps): bump github/codeql-action from 3.25.12 to 3.25.13 by @​dependabot in https://github.com/external-secrets/external-secrets/pull/3709
• Update bitwarden-secrets-manager.md by @​zazathomas in https://github.com/external-secrets/external-secrets/pull/3710
• chore: update dependencies by @​eso-service-account-app in https://github.com/external-secrets/external-secrets/pull/3711
• feat: add PushSecret support for Pulumi ESC by @​dirien in https://github.com/external-secrets/external-secrets/pull/3597
• remove redundant parameter grab call, we already have the data by @​rumenvasilev in https://github.com/external-secrets/external-secrets/pull/3722
• chore(deps): bump docker/login-action from 3.2.0 to 3.3.0 by @​dependabot in https://github.com/external-secrets/external-secrets/pull/3729
• chore(deps): bump ossf/scorecard-action from 2.3.3 to 2.4.0 by @​dependabot in https://github.com/external-secrets/external-secrets/pull/3727
• chore(deps): bump docker/setup-buildx-action from 3.4.0 to 3.5.0 by @​dependabot in https://github.com/external-secrets/external-secrets/pull/3728
• chore(deps): bump docker/setup-qemu-action from 3.1.0 to 3.2.0 by @​dependabot in https://github.com/external-secrets/external-secrets/pull/3731
• chore(deps): bump github/codeql-action from 3.25.13 to 3.25.15 by @​dependabot in https://github.com/external-secrets/external-secrets/pull/3730
• chore(deps): bump alpine from 77726ef to 0a4eaa0 by @​dependabot in https://github.com/external-secrets/external-secrets/pull/3733
• chore(deps): bump golang from 8c9183f to 0d3653d by @​dependabot in https://github.com/external-secrets/external-secrets/pull/3732
• feat: increase verbosity of error message during validation by @​Skarlso in https://github.com/external-secrets/external-secrets/pull/3742
• chore(deps): bump golang from 6c27802 to af9b40f in /e2e by @​dependabot in https://github.com/external-secrets/external-secrets/pull/3734
• chore(deps): bump alpine from 3.20.1 to 3.20.2 in /e2e by @​dependabot in https://github.com/external-secrets/external-secrets/pull/3735
• chore(deps): bump alpine from b89d9c9 to 0a4eaa0 in /hack/api-docs by @​dependabot in https://github.com/external-secrets/external-secrets/pull/3736
• chore(deps): bump regex from 2024.5.15 to 2024.7.24 in /hack/api-docs by @​dependabot in https://github.com/external-secrets/external-secrets/pull/3737
• chore(deps): bump mkdocs-material from 9.5.29 to 9.5.30 in /hack/api-docs by @​dependabot in https://github.com/external-secrets/external-secrets/pull/3738
• chore(deps): bump importlib-metadata from 8.0.0 to 8.2.0 in /hack/api-docs by @​dependabot in https://github.com/external-secrets/external-secrets/pull/3739
• chore(deps): bump pymdown-extensions from 10.8.1 to 10.9 in /hack/api-docs by @​dependabot in https://github.com/external-secrets/external-secrets/pull/3740
• docs: Remove references to pemCertificate and pemPrivateKey functions by @​trenslow in https://github.com/external-secrets/external-secrets/pull/3744
• chore: update dependencies by @​eso-service-account-app in https://github.com/external-secrets/external-secrets/pull/3741
• docs: Improvements in the ExternalSecret comments in API section by @​c-neto in https://github.com/external-secrets/external-secrets/pull/3725
• feat: add prefix definition to all secret keys for aws parameter store by @​Skarlso in https://github.com/external-secrets/external-secrets/pull/3718
• feat: do not modify the secret in case of a NotModified by @​Skarlso in https://github.com/external-secrets/external-secrets/pull/3746
• feat: webhook secrets must be labeled by @​gusfcarvalho in https://github.com/external-secrets/external-secrets/pull/3753
• feat: support pkcs12 with chain in pushsecret to Azure KeyVault by @​mysteq in https://github.com/external-secrets/external-secrets/pull/3747
• docs: document fullPemToPkcs12 and fullPemToPkcs12Pass helper functions by @​mysteq in https://github.com/external-secrets/external-secrets/pull/3749

New Contributors

• @​ryanmeans made their first contribution in https://github.com/external-secrets/external-secrets/pull/3674
• @​jeffmachado made their first contribution in https://github.com/external-secrets/external-secrets/pull/3680
• @​excalq made their first contribution in https://github.com/external-secrets/external-secrets/pull/3681
• @​Aeyk made their first contribution in https://github.com/external-secrets/external-secrets/pull/3577
• @​abhinav1708 made their first contribution in https://github.com/external-secrets/external-secrets/pull/3677
• @​mintbomb27 made their first contribution in https://github.com/external-secrets/external-secrets/pull/3684
• @​alinadir44 made their first contribution in https://github.com/external-secrets/external-secrets/pull/3707
• @​mtougeron made their first contribution in https://github.com/external-secrets/external-secrets/pull/3695
• @​zazathomas made their first contribution in https://github.com/external-secrets/external-secrets/pull/3710
• @​rumenvasilev made their first contribution in https://github.com/external-secrets/external-secrets/pull/3722
• @​trenslow made their first contribution in https://github.com/external-secrets/external-secrets/pull/3744
• @​c-neto made their first contribution in https://github.com/external-secrets/external-secrets/pull/3725
• @​mysteq made their first contribution in https://github.com/external-secrets/external-secrets/pull/3747

Full Changelog: https://github.com/external-secrets/external-secrets/compare/v0.9.20...v0.10.0

---

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• [ ] If you want to rebase/retry this PR, check this box

---

This PR has been generated by Renovate Bot.

[bot-akira[bot]]

--- HelmRelease: kube-system/external-secrets ClusterRole: kube-system/external-secrets-cert-controller

+++ HelmRelease: kube-system/external-secrets ClusterRole: kube-system/external-secrets-cert-controller

@@ -20,15 +20,23 @@

   - patch
 - apiGroups:
   - admissionregistration.k8s.io
   resources:
   - validatingwebhookconfigurations
   verbs:
-  - get
   - list
   - watch
+  - get
+- apiGroups:
+  - admissionregistration.k8s.io
+  resources:
+  - validatingwebhookconfigurations
+  resourceNames:
+  - secretstore-validate
+  - externalsecret-validate
+  verbs:
   - update
   - patch
 - apiGroups:
   - ''
   resources:
   - endpoints
--- HelmRelease: kube-system/external-secrets Deployment: kube-system/external-secrets-cert-controller

+++ HelmRelease: kube-system/external-secrets Deployment: kube-system/external-secrets-cert-controller

@@ -34,13 +34,13 @@

             - ALL
           readOnlyRootFilesystem: true
           runAsNonRoot: true
           runAsUser: 1000
           seccompProfile:
             type: RuntimeDefault
-        image: ghcr.io/external-secrets/external-secrets:v0.9.20
+        image: ghcr.io/external-secrets/external-secrets:v0.10.2
         imagePullPolicy: IfNotPresent
         args:
         - certcontroller
         - --crd-requeue-interval=5m
         - --service-name=external-secrets-webhook
         - --service-namespace=kube-system
--- HelmRelease: kube-system/external-secrets Deployment: kube-system/external-secrets

+++ HelmRelease: kube-system/external-secrets Deployment: kube-system/external-secrets

@@ -34,13 +34,13 @@

             - ALL
           readOnlyRootFilesystem: true
           runAsNonRoot: true
           runAsUser: 1000
           seccompProfile:
             type: RuntimeDefault
-        image: ghcr.io/external-secrets/external-secrets:v0.9.20
+        image: ghcr.io/external-secrets/external-secrets:v0.10.2
         imagePullPolicy: IfNotPresent
         args:
         - --enable-leader-election=true
         - --concurrent=1
         - --metrics-addr=:8080
         - --loglevel=info
--- HelmRelease: kube-system/external-secrets Deployment: kube-system/external-secrets-webhook

+++ HelmRelease: kube-system/external-secrets Deployment: kube-system/external-secrets-webhook

@@ -34,13 +34,13 @@

             - ALL
           readOnlyRootFilesystem: true
           runAsNonRoot: true
           runAsUser: 1000
           seccompProfile:
             type: RuntimeDefault
-        image: ghcr.io/external-secrets/external-secrets:v0.9.20
+        image: ghcr.io/external-secrets/external-secrets:v0.10.2
         imagePullPolicy: IfNotPresent
         args:
         - webhook
         - --port=10250
         - --dns-name=external-secrets-webhook.kube-system.svc
         - --cert-dir=/tmp/certs

[bot-akira[bot]]

--- kubernetes/apps/kube-system/external-secrets/app Kustomization: flux-system/cluster-apps-external-secrets HelmRelease: kube-system/external-secrets

+++ kubernetes/apps/kube-system/external-secrets/app Kustomization: flux-system/cluster-apps-external-secrets HelmRelease: kube-system/external-secrets

@@ -13,13 +13,13 @@

       chart: external-secrets
       interval: 15m
       sourceRef:
         kind: HelmRepository
         name: external-secrets
         namespace: flux-system
-      version: 0.9.20
+      version: 0.10.2
   install:
     createNamespace: true
     remediation:
       retries: 3
   interval: 15m
   maxHistory: 3

[axeII]

🦙 MegaLinter status: ✅ SUCCESS

Descriptor	Linter	Files	Fixed	Errors	Elapsed time

See detailed report in MegaLinter reports Set VALIDATE_ALL_CODEBASE: true in mega-linter.yml to validate all sources, not only the diff

MegaLinter is graciously provided by