Moritz Johner
62ad1ff507
feat: gate v2 providers behind explicit opt-in
|
před 3 měsíci | |
|---|---|---|
| .. | ||
| external-secrets | před 3 měsíci | |
| README.md | před 3 měsíci | |
README.md
External Secrets Operator V2 - Helm Charts
This directory contains production-ready Helm charts for External Secrets Operator V2.
Available Charts
external-secrets-v2
Main controller chart for External Secrets Operator V2.
Install:
helm install external-secrets-v2 ./external-secrets-v2 \
--namespace external-secrets-system \
--create-namespace
Features:
- Automatic TLS certificate management
- Leader election for HA
- Prometheus metrics
- Security hardening
- Flexible RBAC
external-secrets-v2-provider-aws
AWS Secrets Manager provider for External Secrets Operator V2.
Install:
helm install aws-provider ./external-secrets-v2-provider-aws \
--namespace external-secrets-system \
--set aws.region=us-east-1 \
--set serviceAccount.annotations."eks\.amazonaws\.com/role-arn"="arn:aws:iam::ACCOUNT:role/ROLE"
Features:
- IRSA (IAM Roles for Service Accounts) support
- Connection pooling (50x faster)
- Auto-scaling support
- High availability
Quick Start
1. Install Controller
helm install external-secrets-v2 ./external-secrets-v2 \
--namespace external-secrets-system \
--create-namespace \
--wait
2. Install Provider
helm install aws-provider ./external-secrets-v2-provider-aws \
--namespace external-secrets-system \
--set aws.region=us-east-1 \
--set serviceAccount.annotations."eks\.amazonaws\.com/role-arn"="arn:aws:iam::123456789012:role/eso-aws" \
--wait
3. Verify
kubectl get pods -n external-secrets-system
Documentation
Testing
Run automated tests:
../../hack/test-helm-charts.sh all
Development
Lint Charts
helm lint ./external-secrets-v2
helm lint ./external-secrets-v2-provider-aws
Template Rendering
helm template test ./external-secrets-v2 > rendered-controller.yaml
helm template test ./external-secrets-v2-provider-aws > rendered-provider.yaml
Dry Run
helm install --dry-run test ./external-secrets-v2
helm install --dry-run test ./external-secrets-v2-provider-aws
Production Deployment
High Availability
# values-ha.yaml
replicaCount: 3
podDisruptionBudget:
enabled: true
minAvailable: 2
metrics:
enabled: true
serviceMonitor:
enabled: true
affinity:
podAntiAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
- labelSelector:
matchLabels:
app.kubernetes.io/name: external-secrets-v2
topologyKey: kubernetes.io/hostname
helm install external-secrets-v2 ./external-secrets-v2 \
--namespace external-secrets-system \
--create-namespace \
-f values-ha.yaml
GitOps
ArgoCD
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
name: external-secrets-v2
spec:
project: default
source:
repoURL: https://charts.external-secrets.io
chart: external-secrets-v2
targetRevision: 0.1.0-alpha.1
destination:
server: https://kubernetes.default.svc
namespace: external-secrets-system
syncPolicy:
automated:
prune: true
selfHeal: true
syncOptions:
- CreateNamespace=true
Flux
apiVersion: helm.toolkit.fluxcd.io/v2beta1
kind: HelmRelease
metadata:
name: external-secrets-v2
namespace: flux-system
spec:
interval: 10m
chart:
spec:
chart: external-secrets-v2
version: 0.1.0-alpha.1
sourceRef:
kind: HelmRepository
name: external-secrets
targetNamespace: external-secrets-system
install:
createNamespace: true
Chart Versions
| Chart | Version | App Version | Status |
|---|---|---|---|
| external-secrets-v2 | 0.1.0-alpha.1 | v0.1.0-alpha.1 | Alpha |
| external-secrets-v2-provider-aws | 0.1.0-alpha.1 | v0.1.0-alpha.1 | Alpha |
Support
- 🐛 Report Issues
- 💬 Slack
- 📚 Documentation
License
Apache 2.0 - See LICENSE