fix: correct usage of if in dlc and update for server side apply (#5092)

* fix: correct usage of if in dlc and update for server side apply

Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com>

* fix tilt server side apply

Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com>

---------

Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com>

.github/workflows/dlc.yml

@@ -9,24 +9,30 @@ on:
 permissions:
   contents: read
 
+env:
+  HAS_FOSSA_KEY: ${{ secrets.FOSSA_API_KEY != '' }}
+
 jobs:
   fossa-scan:
-    if: secrets.FOSSA_API_KEY != ''
     runs-on: ubuntu-latest
     steps:
       - uses: step-security/harden-runner@ec9f2d5744a09debf3a187a3f4f675c53b671911 # v2.13.0
+        if: ${{ env.HAS_FOSSA_KEY == 'true' }}
         with:
           egress-policy: audit
       - name: "Checkout Code"
         uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+        if: ${{ env.HAS_FOSSA_KEY == 'true' }}
 
       - name: "Run FOSSA Scan"
         uses: fossas/fossa-action@3ebcea1862c6ffbd5cf1b4d0bd6b3fe7bd6f2cac # main
+        if: ${{ env.HAS_FOSSA_KEY == 'true' }}
         with:
           api-key: ${{secrets.FOSSA_API_KEY}}
 
       - name: "Run FOSSA Test"
         uses: fossas/fossa-action@3ebcea1862c6ffbd5cf1b4d0bd6b3fe7bd6f2cac # main
+        if: ${{ env.HAS_FOSSA_KEY == 'true' }}
         with:
           api-key: ${{secrets.FOSSA_API_KEY}}
           run-tests: true

.gitignore

@@ -67,4 +67,5 @@ terraform.rc
 .terraform.lock.hcl
 
 tmp/
-tests/crds/*.yml
+tests/crds/*.yml
+.tilt-tmp

Tiltfile

@@ -35,7 +35,18 @@ for o in objects:
 updated_install = encode_yaml_stream(objects)
 
 # Apply the updated yaml to the cluster.
-k8s_yaml(updated_install, allow_duplicates = True)
+# Create the directory and write the file
+local('mkdir -p .tilt-tmp')
+local('cat > .tilt-tmp/external-secrets-modified.yaml', stdin=updated_install)
+
+# Now use k8s_custom_deploy to apply it
+k8s_custom_deploy(
+    'external-secrets',
+    apply_cmd='kubectl apply --server-side -f .tilt-tmp/external-secrets-modified.yaml -o yaml',
+    delete_cmd='kubectl delete --ignore-not-found -f .tilt-tmp/external-secrets-modified.yaml',
+    deps=['bin/deploy/manifests/external-secrets.yaml'],
+    image_deps=['oci.external-secrets.io/external-secrets/external-secrets']
+)
 
 load('ext://restart_process', 'docker_build_with_restart')
 

docs/guides/using-latest-image.md

@@ -31,7 +31,7 @@ docker build -f Dockerfile.standalone -t my-org/external-secrets:latest .
 ```
 1. Apply the `bundle.yaml`
 ```shell
-kubectl apply -f deploy/crds/bundle.yaml
+kubectl apply -f deploy/crds/bundle.yaml --server-side
 ```
 1. Modify your configs to use the image
 ```yaml

docs/introduction/getting-started.md

@@ -9,13 +9,15 @@ This tutorial is intended for those who already have the PreRequisites complete.
 > Note: The minimum supported version of Kubernetes is `1.16.0`. Users still running Kubernetes v1.15 or below should upgrade
 > to a supported version before installing external-secrets.
 
+> Note: Our CRDs have reached the 256KB limit! You have to use [server-side-apply](https://kubernetes.io/docs/reference/using-api/server-side-apply/) in all locations to install them correctly.
+
 ## Installing with Helm
 
 The default install options will automatically install and manage the CRDs as part of your helm release. If you do not want the CRDs to be automatically upgraded and managed, you must set the `installCRDs` option to `false`. (e.g. `--set installCRDs=false`)
 
 You can install those CRDs outside of `helm` using:
 ```bash
-kubectl apply -k "https://raw.githubusercontent.com/external-secrets/external-secrets/<replace_with_your_version>/deploy/crds/bundle.yaml"
+kubectl apply -k "https://raw.githubusercontent.com/external-secrets/external-secrets/<replace_with_your_version>/deploy/crds/bundle.yaml" --server-side
 ```
 
 Uncomment the relevant line in the next steps to disable the automatic install of CRDs.