Skip to content

Fix renovate and upgrade release manifest version from v1beta to v1 for ESO Custom resources #124

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 8 commits into from
Jun 3, 2025
Merged

Fix renovate and upgrade release manifest version from v1beta to v1 for ESO Custom resources #124

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
8 commits
Select commit Hold shift + click to select a range
2de5f6a
chore(deps): update terraform dependencies
terraform-ibm-modules-ops May 26, 2025
b085a06
fix(deps): update helm release external-secrets to latest
terraform-ibm-modules-ops May 26, 2025
d37c9ca
Merge branch 'renovate/charts-and-images' of https://github.com/terra…
vbontempi May 28, 2025
bb41faf
fix: updated version for test
vbontempi May 28, 2025
f41e744
fix: changed manifest to v1 from v1beta for eso
vbontempi May 28, 2025
72b9c94
fix: added force_reload to helm release
vbontempi May 29, 2025
de2b599
feat: restored chart version to 0.16.2 to allow two steps upgrade avo…
vbontempi May 30, 2025
3270b69
docs: fixed README usage SKIP UPGRADE TEST
vbontempi May 30, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
23 changes: 5 additions & 18 deletions README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -343,7 +343,7 @@ Labels: app=raw
release=apikeynspace1-es-docker-uc
Annotations: meta.helm.sh/release-name: apikeynspace1-es-docker-uc
meta.helm.sh/release-namespace: apikeynspace1
API Version: external-secrets.io/v1beta1
API Version: external-secrets.io/v1
Kind: ExternalSecret
Metadata:
(...)
Expand Down Expand Up @@ -469,23 +469,10 @@ data:
## Usage

```hcl
module "es_kubernetes_secret" {
source = "../modules/eso-external-secret"
es_kubernetes_secret_type = "dockerconfigjson"
sm_secret_type = "iam_credentials"
sm_secret_id = module.docker_config.serviceid_apikey_secret_id
eso_setup = true
es_kubernetes_namespaces = var.es_kubernetes_namespaces
es_docker_email = "[email protected]"
eso_generic_secret_apikey = data.ibm_secrets_manager_secret.secret_puller_secret.api_key # pragma: allowlist secret
secrets_manager_guid = module.secrets_manager_iam_configuration.secrets_manager_guid
region = "us-south"
es_kubernetes_secret_name = "dockerconfigjson-iam"
depends_on = [
kubernetes_namespace.cluster_namespaces
]
es_kubernetes_secret_data_key = "apiKey"
es_helm_rls_name = "es-docker-iam"
# Replace "master" with a GIT release version to lock into a specific release
module "external_secrets_operator" {
source = "git::https://github.com/terraform-ibm-modules/terraform-ibm-external-secrets-operator.git?ref=master"
eso_namespace = var.eso_namespace
}
```

Expand Down
2 changes: 1 addition & 1 deletion examples/all-combined/main.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -186,7 +186,7 @@ module "network_acl" {
# OCP CLUSTER creation
module "ocp_base" {
source = "terraform-ibm-modules/base-ocp-vpc/ibm"
version = "3.46.17"
version = "3.48.3"
cluster_name = "${var.prefix}-vpc"
resource_group_id = module.resource_group.resource_group_id
region = var.region
Expand Down
2 changes: 1 addition & 1 deletion examples/all-combined/privatecertificate.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -13,7 +13,7 @@ locals {
# private certificate engine
module "secrets_manager_private_secret_engine" {
source = "terraform-ibm-modules/secrets-manager-private-cert-engine/ibm"
version = "1.4.0"
version = "1.5.2"
secrets_manager_guid = local.sm_guid
region = local.sm_region
root_ca_name = var.pvt_ca_name != null ? var.pvt_ca_name : "pvt-${var.prefix}-project-root-ca"
Expand Down
4 changes: 2 additions & 2 deletions examples/all-combined/secretsmanager.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -36,7 +36,7 @@ resource "ibm_resource_instance" "secrets_manager" {
# create secrets group for secrets
module "secrets_manager_group" {
source = "terraform-ibm-modules/secrets-manager-secret-group/ibm"
version = "1.3.5"
version = "1.3.7"
region = local.sm_region
secrets_manager_guid = local.sm_guid
secret_group_name = "${var.prefix}-secret-group" #checkov:skip=CKV_SECRET_6: does not require high entropy string as is static value
Expand All @@ -49,7 +49,7 @@ module "secrets_manager_group" {
# additional secrets manager secret group for service level secrets
module "secrets_manager_group_acct" {
source = "terraform-ibm-modules/secrets-manager-secret-group/ibm"
version = "1.3.5"
version = "1.3.7"
region = local.sm_region
secrets_manager_guid = local.sm_guid
#tfsec:ignore:general-secrets-no-plaintext-exposure
Expand Down
2 changes: 1 addition & 1 deletion examples/all-combined/tpauth_cluster_sstore.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -7,7 +7,7 @@
# creating a secrets group for clustersecretstore with trustedprofile auth
module "tp_clusterstore_secrets_manager_group" {
source = "terraform-ibm-modules/secrets-manager-secret-group/ibm"
version = "1.3.5"
version = "1.3.7"
region = local.sm_region
secrets_manager_guid = local.sm_guid
secret_group_name = "${var.prefix}-cpstore-tp-secret-group" #checkov:skip=CKV_SECRET_6: does not require high entropy string as is static value
Expand Down
8 changes: 4 additions & 4 deletions examples/all-combined/tpauth_namespaced_sstore.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -40,7 +40,7 @@ module "eso_tp_namespace_secretstores" {
# creating a secrets group for each namespace to be used for namespaced secretstores with trustedprofile auth
module "tp_secrets_manager_groups" {
source = "terraform-ibm-modules/secrets-manager-secret-group/ibm"
version = "1.3.5"
version = "1.3.7"
count = length(var.es_namespaces_tp)
region = local.sm_region
secrets_manager_guid = local.sm_guid
Expand Down Expand Up @@ -140,7 +140,7 @@ module "eso_tp_namespace_secretstore_multisg" {
# creating two secrets groups for a single namespace to test trusted profile policy on multiple secrets groups
module "tp_secrets_manager_group_multi_1" {
source = "terraform-ibm-modules/secrets-manager-secret-group/ibm"
version = "1.3.5"
version = "1.3.7"
region = local.sm_region
secrets_manager_guid = local.sm_guid
secret_group_name = "${var.prefix}-tp-secret-group-multisg-1" #checkov:skip=CKV_SECRET_6: does not require high entropy string as is static value
Expand All @@ -152,7 +152,7 @@ module "tp_secrets_manager_group_multi_1" {

module "tp_secrets_manager_group_multi_2" {
source = "terraform-ibm-modules/secrets-manager-secret-group/ibm"
version = "1.3.5"
version = "1.3.7"
region = local.sm_region
secrets_manager_guid = local.sm_guid
secret_group_name = "${var.prefix}-tp-secret-group-multisg-21" #checkov:skip=CKV_SECRET_6: does not require high entropy string as is static value
Expand Down Expand Up @@ -285,7 +285,7 @@ module "eso_tp_namespace_secretstore_nosecgroup" {
# creating secrets group for a single namespace to test trusted profile policy without any secret group in the TP policy
module "tp_secrets_manager_group_not_for_policy" {
source = "terraform-ibm-modules/secrets-manager-secret-group/ibm"
version = "1.3.5"
version = "1.3.7"
region = local.sm_region
secrets_manager_guid = local.sm_guid
secret_group_name = "${var.prefix}-tp-secret-group-not-for-policy" #checkov:skip=CKV_SECRET_6: does not require high entropy string as is static value
Expand Down
4 changes: 2 additions & 2 deletions examples/basic/main.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -198,7 +198,7 @@ module "network_acl" {
# OCP CLUSTER creation
module "ocp_base" {
source = "terraform-ibm-modules/base-ocp-vpc/ibm"
version = "3.46.17"
version = "3.48.3"
cluster_name = "${var.prefix}-vpc"
resource_group_id = module.resource_group.resource_group_id
region = var.region
Expand Down Expand Up @@ -267,7 +267,7 @@ resource "ibm_resource_instance" "secrets_manager" {
# Additional Secrets-Manager Secret-Group for SERVICE level secrets
module "secrets_manager_group_acct" {
source = "terraform-ibm-modules/secrets-manager-secret-group/ibm"
version = "1.3.5"
version = "1.3.7"
region = local.sm_region
secrets_manager_guid = local.sm_guid
#tfsec:ignore:general-secrets-no-plaintext-exposure
Expand Down
2 changes: 1 addition & 1 deletion examples/basic/version.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -15,7 +15,7 @@ terraform {
}
ibm = {
source = "IBM-Cloud/ibm"
version = "= 1.76.0"
version = "= 1.78.2"
}
null = {
source = "hashicorp/null"
Expand Down
2 changes: 1 addition & 1 deletion examples/trusted-profiles-authentication/main.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -41,7 +41,7 @@ resource "ibm_resource_instance" "secrets_manager" {

module "secrets_manager_groups" {
source = "terraform-ibm-modules/secrets-manager-secret-group/ibm"
version = "1.3.5"
version = "1.3.7"
count = length(kubernetes_namespace.examples)
region = local.sm_region
secrets_manager_guid = local.sm_guid
Expand Down
4 changes: 2 additions & 2 deletions modules/eso-clusterstore/main.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -36,7 +36,7 @@ resource "helm_release" "cluster_secret_store_apikey" {
values = [
<<-EOF
resources:
- apiVersion: external-secrets.io/v1beta1
- apiVersion: external-secrets.io/v1
kind: ClusterSecretStore
metadata:
name: "${var.clusterstore_name}"
Expand Down Expand Up @@ -70,7 +70,7 @@ resource "helm_release" "cluster_secret_store_tp" {
values = [
<<-EOF
resources:
- apiVersion: external-secrets.io/v1beta1
- apiVersion: external-secrets.io/v1
kind: ClusterSecretStore
metadata:
name: "${var.clusterstore_name}"
Expand Down
12 changes: 6 additions & 6 deletions modules/eso-external-secret/main.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -112,7 +112,7 @@ resource "helm_release" "kubernetes_secret" {
values = [
<<-EOF
resources:
- apiVersion: external-secrets.io/v1beta1
- apiVersion: external-secrets.io/v1
kind: ExternalSecret
metadata:
name: "${var.es_kubernetes_secret_name}"
Expand Down Expand Up @@ -151,7 +151,7 @@ resource "helm_release" "kubernetes_secret_chain_list" {
values = [
<<-EOF
resources:
- apiVersion: external-secrets.io/v1beta1
- apiVersion: external-secrets.io/v1
kind: ExternalSecret
metadata:
name: "${var.es_kubernetes_secret_name}"
Expand Down Expand Up @@ -193,7 +193,7 @@ resource "helm_release" "kubernetes_secret_user_pw" {
values = [
<<-EOF
resources:
- apiVersion: external-secrets.io/v1beta1
- apiVersion: external-secrets.io/v1
kind: ExternalSecret
metadata:
name: "${var.es_kubernetes_secret_name}"
Expand Down Expand Up @@ -237,7 +237,7 @@ resource "helm_release" "kubernetes_secret_certificate" {
values = [
<<-EOF
resources:
- apiVersion: external-secrets.io/v1beta1
- apiVersion: external-secrets.io/v1
kind: ExternalSecret
metadata:
name: "${var.es_kubernetes_secret_name}"
Expand Down Expand Up @@ -274,7 +274,7 @@ resource "helm_release" "kubernetes_secret_kv_key" {
values = [
<<-EOF
resources:
- apiVersion: external-secrets.io/v1beta1
- apiVersion: external-secrets.io/v1
kind: ExternalSecret
metadata:
name: "${var.es_kubernetes_secret_name}"
Expand Down Expand Up @@ -314,7 +314,7 @@ resource "helm_release" "kubernetes_secret_kv_all" {
values = [
<<-EOF
resources:
- apiVersion: external-secrets.io/v1beta1
- apiVersion: external-secrets.io/v1
kind: ExternalSecret
metadata:
name: "${var.es_kubernetes_secret_name}"
Expand Down
4 changes: 2 additions & 2 deletions modules/eso-secretstore/main.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -31,7 +31,7 @@ resource "helm_release" "external_secret_store_apikey" {
values = [
<<-EOF
resources:
- apiVersion: external-secrets.io/v1beta1
- apiVersion: external-secrets.io/v1
kind: SecretStore
metadata:
name: "${var.sstore_store_name}"
Expand Down Expand Up @@ -60,7 +60,7 @@ resource "helm_release" "external_secret_store_tp" {
values = [
<<-EOF
resources:
- apiVersion: external-secrets.io/v1beta1
- apiVersion: external-secrets.io/v1
kind: SecretStore
metadata:
name: "${var.sstore_store_name}"
Expand Down