feat(helm)!: Update chart external-secrets ( 0.20.4 → 2.0.1 ) by terminator-bot[bot] · Pull Request #536 · skyssolutions/infra

terminator-bot · 2026-03-10T05:09:00Z

ℹ️ Note

This PR body was truncated due to platform limits.

This PR contains the following updates:

Package	Update	Change	Pending
external-secrets	major	`0.20.4` → `2.0.1`	`2.1.0`

Warning

Some dependencies could not be looked up. Check the Dependency Dashboard for more information.

Release Notes

external-secrets/external-secrets (external-secrets)

`v2.0.1`

Compare Source

Image: ghcr.io/external-secrets/external-secrets:v2.0.1
Image: ghcr.io/external-secrets/external-secrets:v2.0.1-ubi
Image: ghcr.io/external-secrets/external-secrets:v2.0.1-ubi-boringssl

BREAKING CHANGE

The sprig update is actually a breaking change. It turns out that some of the functions in templating changed with this update.

What's Changed

General

chore: release helm chart for v2.0.0 by @Skarlso in #5932
docs: update the stability doc with the new version by @Skarlso in #5933
chore(doc): add loblaw to adopter md by @FZhg in #5937
chore: bump golang to 1.25.7 because of cve by @Skarlso in #5938
fix: deleting the whole secret when it is empty by @Skarlso in #5927
chore: update controller runtime by @Skarlso in #5930
fix: update cosign and syft for signing by @Skarlso in #5958
fix: the informer can not register use GetInformer instead by @Skarlso in #5931
fix: attempt to fix cosign compatibility issues by @gusfcarvalho in #5959
chore: remove outdated info from stability doc by @Skarlso in #5971
chore(deps): update Masterminds/sprig to 8cb06fe… by @tete17 in #5747
docs(release): Update support matrix by @evrardjp in #5978

Dependencies

chore(deps): bump golang from 20c8a94 to f6751d8 by @dependabot[bot] in #5940
chore(deps): bump ubi9/ubi from c8df11b to b8923f5 by @dependabot[bot] in #5939
chore(deps): bump distroless/static from cd64bec to 972618c by @dependabot[bot] in #5941
chore(deps): bump github/codeql-action from 4.32.0 to 4.32.2 by @dependabot[bot] in #5942
chore(deps): bump anchore/sbom-action from 0.22.1 to 0.22.2 by @dependabot[bot] in #5943
chore(deps): bump step-security/harden-runner from 2.14.1 to 2.14.2 by @dependabot[bot] in #5944
chore(deps): bump zizmorcore/zizmor-action from 0.4.1 to 0.5.0 by @dependabot[bot] in #5945
chore(deps): bump fossas/fossa-action from 1.7.0 to 1.8.0 by @dependabot[bot] in #5946
chore(deps): bump aws-actions/configure-aws-credentials from 5.1.1 to 6.0.0 by @dependabot[bot] in #5947
chore(deps): bump github/codeql-action from 4.32.2 to 4.32.3 by @dependabot[bot] in #5965
chore(deps): bump markdown from 3.10.1 to 3.10.2 in /hack/api-docs by @dependabot[bot] in #5968
chore(deps): bump aquasecurity/trivy-action from 0.33.1 to 0.34.0 by @dependabot[bot] in #5964
chore(deps): bump platformdirs from 4.5.1 to 4.9.2 in /hack/api-docs by @dependabot[bot] in #5967
chore(deps): bump pymdown-extensions from 10.20.1 to 10.21 in /hack/api-docs by @dependabot[bot] in #5969

New Contributors

@FZhg made their first contribution in #5937

Full Changelog: external-secrets/external-secrets@v2.0.0...v2.0.1

`v2.0.0`

Compare Source

BREAKING CHANGE

Please note that this release removed two of the unsupported and unmaintained providers Alibaba and Device42.

Image: ghcr.io/external-secrets/external-secrets:v2.0.0
Image: ghcr.io/external-secrets/external-secrets:v2.0.0-ubi
Image: ghcr.io/external-secrets/external-secrets:v2.0.0-ubi-boringssl

What's Changed

General

chore: bump charts to 1.3.2 by @gusfcarvalho in #5923
feat(charts): add hostAliases support by @janlauber in #5866
chore: remove unmaintained secret stores by @Skarlso in #5918
docs(infisical): document al provider auth methods by @varonix0 in #5929
chore: Get validating webhook failurePolicy for Secretstore dynamically by @LochanRn in #5605

New Contributors

@LochanRn made their first contribution in #5605

Full Changelog: external-secrets/external-secrets@v1.3.2...v2.0.0

`v1.3.2`

Compare Source

Image: ghcr.io/external-secrets/external-secrets:v1.3.2
Image: ghcr.io/external-secrets/external-secrets:v1.3.2-ubi
Image: ghcr.io/external-secrets/external-secrets:v1.3.2-ubi-boringssl

What's Changed

General

chore: release helm chart for v1.3.1 by @Skarlso in #5860
chore(chart): Add missing tests for readinessProbe by @jcpunk in #5769
docs: Update FluxCD example by @umizoom in #5862
fix(ci): Removed the unused check for Windows in Makefile by @HauptJ in #5870
docs(release): Add actual dates for EOL of 1.x releases in stability and support page by @n4zukker in #5889
docs: Passbolt provider maintenance ownership by @stripthis in #5886
chore: Update Passbolt MaintenanceStatus to MaintenanceStatusMaintained by @stripthis in #5887
fix(security): sanitize json.Unmarshal errors to prevent secret data … by @moolen in #5884
fix: webhook initialization order by @gusfcarvalho in #5901
chore: Cleanup flags by @evrardj-roche in #5845
fix: onepasswordsdk shared tenant by altering the provider in the client cache by @Skarlso in #5921

Dependencies

chore(deps): bump github/codeql-action from 4.31.10 to 4.31.11 by @dependabot[bot] in #5873
chore(deps): bump pymdown-extensions from 10.20 to 10.20.1 in /hack/api-docs by @dependabot[bot] in #5877
chore(deps): bump markdown from 3.10 to 3.10.1 in /hack/api-docs by @dependabot[bot] in #5880
chore(deps): bump ubi9/ubi from 22e9573 to 1f84f5c by @dependabot[bot] in #5871
chore(deps): bump actions/setup-python from 6.1.0 to 6.2.0 by @dependabot[bot] in #5872
chore(deps): bump hashicorp/setup-terraform from 93d5a27 to dcc3150 by @dependabot[bot] in #5875
chore(deps): bump actions/checkout from 6.0.1 to 6.0.2 by @dependabot[bot] in #5876
chore(deps): bump step-security/harden-runner from 2.14.0 to 2.14.1 by @dependabot[bot] in #5878
chore(deps): bump anchore/sbom-action from 0.21.1 to 0.22.0 by @dependabot[bot] in #5874
chore(deps): bump packaging from 25.0 to 26.0 in /hack/api-docs by @dependabot[bot] in #5879
chore(deps): bump golang from d9b2e14 to 98e6cff by @dependabot[bot] in #5907
chore(deps): bump alpine from 865b95f to 2510918 in /hack/api-docs by @dependabot[bot] in #5914
chore(deps): bump docker/login-action from 3.6.0 to 3.7.0 by @dependabot[bot] in #5909
chore(deps): bump actions/cache from 5.0.2 to 5.0.3 by @dependabot[bot] in #5912
chore(deps): bump actions/attest-build-provenance from 3.1.0 to 3.2.0 by @dependabot[bot] in #5910
chore(deps): bump hashicorp/setup-terraform from dcc3150 to ce70bcf by @dependabot[bot] in #5911
chore(deps): bump ubi9/ubi from 1f84f5c to c8df11b by @dependabot[bot] in #5908
chore(deps): bump alpine from 3.23.2 to 3.23.3 in /e2e by @dependabot[bot] in #5915
chore(deps): bump alpine from 865b95f to 2510918 by @dependabot[bot] in #5906
chore(deps): bump pathspec from 1.0.3 to 1.0.4 in /hack/api-docs by @dependabot[bot] in #5916
chore(deps): bump babel from 2.17.0 to 2.18.0 in /hack/api-docs by @dependabot[bot] in #5917
chore(deps): bump github/codeql-action from 4.31.11 to 4.32.0 by @dependabot[bot] in #5913

New Contributors

@umizoom made their first contribution in #5862
@HauptJ made their first contribution in #5870
@n4zukker made their first contribution in #5889
@stripthis made their first contribution in #5886

Full Changelog: external-secrets/external-secrets@v1.3.1...v1.3.2

`v1.3.1`

Compare Source

Image: ghcr.io/external-secrets/external-secrets:v1.3.1
Image: ghcr.io/external-secrets/external-secrets:v1.3.1-ubi
Image: ghcr.io/external-secrets/external-secrets:v1.3.1-ubi-boringssl

For a Full release please referre to https://github.com/external-secrets/external-secrets/releases/tag/v1.3.0. This is a fix build for the docker publish flow.

What's Changed

General

fix: ignore the in-toto manifest when promoting the docker build by @Skarlso in #5859

Full Changelog: external-secrets/external-secrets@v1.3.0...v1.3.1

`v1.2.1`

Compare Source

Image: ghcr.io/external-secrets/external-secrets:v1.2.1
Image: ghcr.io/external-secrets/external-secrets:v1.2.1-ubi
Image: ghcr.io/external-secrets/external-secrets:v1.2.1-ubi-boringssl

What's Changed

General

chore(chart): release helm chart 1.2.0 by @jakobmoellerdev in #5751
fix: metrics not being correctly updated and deleted by @Skarlso in #5714
feat(infisical): add caBundle and caProvider support by @wi-adam in #5770
docs(apis): fix inaccurate SecretStore comments (v1 + v1beta1) by @fallmo in #5773
fix: add missing link to the docs by @Skarlso in #5783
fix: for target template parsing for complex matchers by @Skarlso in #5735
fix: a lot of sonar issue fixes by @Skarlso in #5771

Dependencies

chore(deps): bump golang from 2611181 to ac09a5f by @dependabot[bot] in #5758
chore(deps): bump alpine from 3.23.0 to 3.23.2 in /e2e by @dependabot[bot] in #5764
chore(deps): bump importlib-metadata from 8.7.0 to 8.7.1 in /hack/api-docs by @dependabot[bot] in #5768
chore(deps): bump tornado from 6.5.3 to 6.5.4 in /hack/api-docs by @dependabot[bot] in #5767
chore(deps): bump mkdocs-material from 9.7.0 to 9.7.1 in /hack/api-docs by @dependabot[bot] in #5766
chore(deps): bump alpine from 51183f2 to 865b95f in /hack/api-docs by @dependabot[bot] in #5765
chore(deps): bump alpine from 51183f2 to 865b95f by @dependabot[bot] in #5756
chore(deps): bump ubi9/ubi from d4feb57 to 3816d30 by @dependabot[bot] in #5757
chore(deps): bump peter-evans/slash-command-dispatch from 5.0.1 to 5.0.2 by @dependabot[bot] in #5763
chore(deps): bump github/codeql-action from 4.31.8 to 4.31.9 by @dependabot[bot] in #5762
chore(deps): bump actions/attest-build-provenance from 3.0.0 to 3.1.0 by @dependabot[bot] in #5761
chore(deps): bump docker/setup-buildx-action from 3.11.1 to 3.12.0 by @dependabot[bot] in #5760
chore(deps): bump hashicorp/setup-terraform from 071811a to 92e4d08 by @dependabot[bot] in #5759
chore(deps): bump anchore/sbom-action from 0.20.11 to 0.21.0 by @dependabot[bot] in #5784

New Contributors

@wi-adam made their first contribution in #5770
@fallmo made their first contribution in #5773

Full Changelog: external-secrets/external-secrets@v1.2.0...v1.2.1

`v1.2.0`

Compare Source

Image: ghcr.io/external-secrets/external-secrets:v1.2.0
Image: ghcr.io/external-secrets/external-secrets:v1.2.0-ubi
Image: ghcr.io/external-secrets/external-secrets:v1.2.0-ubi-boringssl

What's Changed

General

chore: bump 1.1.1 by @gusfcarvalho in #5687
chore: fix the argocd e2e test case by @Skarlso in #5688
feat(provider): add Barbican provider support by @rkferreira in #5398
docs(secretserver): promote secretserver provider to beta by @DelineaSahilWankhede in #5668
feat(controller): add flag to enable/disable secretstore reconcile by @Ilhan-Personal in #5653
fix(aws-secrets-manager): Apply filtering based on both name and tags if provided by @iypetrov in #5685
fix(gcpsm): SecretExists should check for regional secrets when store location is specified by @tokiwong in #5708
feat: introduce store deprecation by @gusfcarvalho in #5711
feat(charts): add global values for common deployment configurations by @Gabryel8818 in #5652
feat: add Doppler OIDC-based authentication by @mikesellitto in #5475
fix: make custom configuration available regardless of environment by @Skarlso in #5713
chore(chart): update bitwarden dependency to v0.5.2 by @Skarlso in #5719
docs(templating): update rbac for generic targets by @lostick in #5736
fix(testing): Breaking changes should not break ci by @evrardjp in #5739
fix(security): Get rid of getSecretKey by @evrardjp in #5738
fix(aws): parse resource policies into canonical JSON (sorted) before comparing by @cmoscofian in #5622
docs: Fix example in GCP documentation by @headcr4sh in #5745
chore(secretserver): update dependencies to accept new DelineaXPM/tss-sdk-go by @DelineaSahilWankhede in #5742
fix(gcpsm): Improve SecretExists method in GCP secret manager provider by @tosih in #5610
chore(docs): add clarification to helm values being disabled by @Skarlso in #5746
fix(release): apply 64dc681 to release by @jakobmoellerdev in #5749
docs(release): 1.2 stability-support.md by @jakobmoellerdev in #5750

Dependencies

chore(deps): bump golang from 1.25.4 to 1.25.5 by @dependabot[bot] in #5693
chore(deps): bump golang from 1.25.4-bookworm to 1.25.5-bookworm in /e2e by @dependabot[bot] in #5702
chore(deps): bump ubi9/ubi from dcd8128 to 75937d9 by @dependabot[bot] in #5655
chore(deps): bump peter-evans/slash-command-dispatch from 5.0.0 to 5.0.1 by @dependabot[bot] in #5695
chore(deps): bump github/codeql-action from 4.31.5 to 4.31.7 by @dependabot[bot] in #5696
chore(deps): bump actions/stale from 10.1.0 to 10.1.1 by @dependabot[bot] in #5697
chore(deps): bump actions/create-github-app-token from 2.2.0 to 2.2.1 by @dependabot[bot] in #5700
chore(deps): bump step-security/harden-runner from 2.13.2 to 2.13.3 by @dependabot[bot] in #5698
chore(deps): bump actions/checkout from 6.0.0 to 6.0.1 by @dependabot[bot] in #5699
chore(deps): bump platformdirs from 4.5.0 to 4.5.1 in /hack/api-docs by @dependabot[bot] in #5705
chore(deps): bump distroless/static from 87bce11 to 4b2a093 by @dependabot[bot] in #5692
chore(deps): bump alpine from 3.22 to 3.23 in /hack/api-docs by @dependabot[bot] in #5703
chore(deps): bump urllib3 from 2.5.0 to 2.6.0 in /hack/api-docs by @dependabot[bot] in #5704
chore(deps): bump pymdown-extensions from 10.17.2 to 10.18 in /hack/api-docs by @dependabot[bot] in #5706
chore(deps): bump alpine from 3.22.2 to 3.23.0 in /e2e by @dependabot[bot] in #5701
chore(deps): bump golang from 2611181 to 2611181 by @dependabot[bot] in #5721
chore(deps): bump codecov/codecov-action from 5.5.1 to 5.5.2 by @dependabot[bot] in #5725
chore(deps): bump urllib3 from 2.6.0 to 2.6.2 in /hack/api-docs by @dependabot[bot] in #5730
chore(deps): bump github/codeql-action from 4.31.7 to 4.31.8 by @dependabot[bot] in #5726
chore(deps): bump anchore/sbom-action from 0.20.10 to 0.20.11 by @dependabot[bot] in #5724
chore(deps): bump tornado from 6.5.2 to 6.5.3 in /hack/api-docs by @dependabot[bot] in #5732
chore(deps): bump ubi9/ubi from 75937d9 to d4feb57 by @dependabot[bot] in #5722
chore(deps): bump golang from 5117d68 to 09f53de in /e2e by @dependabot[bot] in #5729
chore(deps): bump alpine from 4b7ce07 to 51183f2 by @dependabot[bot] in #5694
chore(deps): bump hashicorp/setup-terraform from 712b439 to 071811a by @dependabot[bot] in #5727
chore(deps): bump pymdown-extensions from 10.18 to 10.19.1 in /hack/api-docs by @dependabot[bot] in #5731
chore(deps): bump step-security/harden-runner from 2.13.3 to 2.14.0 by @dependabot[bot] in #5728
chore(deps): bump actions/cache from 4.3.0 to 5.0.1 by @dependabot[bot] in #5723

New Contributors

@iypetrov made their first contribution in #5685
@tokiwong made their first contribution in #5708
@Gabryel8818 made their first contribution in #5652
@mikesellitto made their first contribution in #5475
@lostick made their first contribution in #5736
@cmoscofian made their first contribution in #5622
@headcr4sh made their first contribution in #5745
@tosih made their first contribution in #5610

Full Changelog: external-secrets/external-secrets@v1.1.1...v1.2.0

`v1.1.1`

Compare Source

Image: ghcr.io/external-secrets/external-secrets:v1.1.1
Image: ghcr.io/external-secrets/external-secrets:v1.1.1-ubi
Image: ghcr.io/external-secrets/external-secrets:v1.1.1-ubi-boringssl

What's Changed

General

chore(chart): release helm chart 1.1.0 by @Skarlso in #5619
docs: improve spec.md by exporting generator types by @gusfcarvalho in #5624
chore(deps): remove sprig fork by @Skarlso in #5626
fix: report 404 secrets correctly in Gitlab provider by @alekc in #5104
docs(secretserver): update documentation to include Platform compatibility by @DelineaSahilWankhede in #5546
docs: add llm policy by @Skarlso in #5649
fix: pass in the token to the build and publish container by @Skarlso in #5651
test(secretserver): improve test coverage for SecretServer provider by @DelineaSahilWankhede in #5641
fix: docs pipeline by @rkferreira in #5663
fix: modify the url of the remote to include the token by @Skarlso in #5664
feat(helm): add dynamic labelSelector if not define in topologySpread… by @fe80 in #5065
feat: Support retry settings for Doppler provider by @maduonline in #5608
feat(beyondtrust): enable pushing secrets in BeyondTrust provider by @btfhernandez in #5586
fix: correctly merge map fields during templating by @Skarlso in #5671
fix: use patch instead of update for finalizers addition and removal by @Skarlso in #5670
feat(oracle): implement SecretExists by @anders-swanson in #5672
fix(security): create provider for webhook & fake by @ShimonDarshan in #5628
fix: set client transport to use GitHub Enterprise URL by @fred-gagnon in #5662
feat(generator): Password generator can generate and expose multiple passwords by @Trojanekkk in #5669
fix: run check diff on main by @Skarlso in #5681
feat: bitwardenServerSDKURL is required for bitwardensecretsmanager by @budimanjojo in #5679
fix: update the refreshInterval formatting everywhere by @Skarlso in #5680
clean: Update conjur-api-go; Disable credential storage by @szh in #5648
fix: add live-reload to make docs.serve by @gusfcarvalho in #5676
fix: remove cached artifacts after build by @gusfcarvalho in #5686
fix(keepersecurity): properly handle fields key by @pepordev in #5674

Dependencies

chore(deps): bump golang from d3f0cf7 to d3f0cf7 by @dependabot[bot] in #5630
chore(deps): bump golang from 7419f54 to e174196 in /e2e by @dependabot[bot] in #5638
chore(deps): bump zizmorcore/zizmor-action from 0.2.0 to 0.3.0 by @dependabot[bot] in #5637
chore(deps): bump actions/setup-go from 6.0.0 to 6.1.0 by @dependabot[bot] in #5636
chore(deps): bump anchore/sbom-action from 0.20.9 to 0.20.10 by @dependabot[bot] in #5635
chore(deps): bump actions/create-github-app-token from 2.1.4 to 2.2.0 by @dependabot[bot] in #5634
chore(deps): bump github/codeql-action from 4.31.3 to 4.31.4 by @dependabot[bot] in #5633
chore(deps): bump aws-actions/configure-aws-credentials from f2964c7 to 4a54c24 by @dependabot[bot] in #5632
chore(deps): bump actions/checkout from 5.0.0 to 6.0.0 by @dependabot[bot] in #5631
chore(deps): bump pymdown-extensions from 10.17.1 to 10.17.2 in /hack/api-docs by @dependabot[bot] in #5660
chore(deps): bump softprops/action-gh-release from 2.4.2 to 2.5.0 by @dependabot[bot] in #5656
chore(deps): bump actions/setup-python from 6.0.0 to 6.1.0 by @dependabot[bot] in #5657
chore(deps): bump peter-evans/slash-command-dispatch from 4.0.0 to 5.0.0 by @dependabot[bot] in #5658
chore(deps): bump hashicorp/setup-terraform from 4c5fdab to 712b439 by @dependabot[bot] in #5659

New Contributors

@fe80 made their first contribution in #5065
@maduonline made their first contribution in #5608
@fred-gagnon made their first contribution in #5662
@Trojanekkk made their first contribution in #5669
@budimanjojo made their first contribution in #5679

Full Changelog: external-secrets/external-secrets@v1.1.0...v1.1.1

`v1.1.0`

Compare Source

Image: ghcr.io/external-secrets/external-secrets:v1.1.0
Image: ghcr.io/external-secrets/external-secrets:v1.1.0-ubi
Image: ghcr.io/external-secrets/external-secrets:v1.1.0-ubi-boringssl

What's Changed

!NOTE!: During last community meeting we discussed that we are retiring our scarf account. With that, we will be changing back to ghcr.io/external-secrets/external-secrets instead of oci.external-secrets.io/external-secrets/external-secrets.

For now, the old domain will live for a couple months to give people to change back. With this release , the values in the helm chart that define where the image is switched back to ghcr.

The helm-chart itself is served from under github-pages so that does not move.

General

chore(chart): release helm chart 1.0.0 by @Skarlso in #5552
feat(security): add support for ECDSA ssh keys by @bigjazzsound in #5559
fix: minor typo in comment of KeeperSecurity example by @mdjong1 in #5573
docs(gcp): update documentation for using WorkloadIdentityFederation in non-GKE cluster by @jennweir in #5556
chore(release): add darwin_arm64 releases by @lbordowitz in #5583
feat: support override IAM endpoint in IBM provider for APIkey auth by @fidel-ruiz in #5550
feat(security): build tags for all the providers to disable them on d… by @ShimonDarshan in #5578
fix: do not include the last element of the path in the iteration by @Skarlso in #5588
fix(k8s): support deleting whole secret by @tiagolobocastro in #5538
fix(provider): configure TLS for secret server provider by @Lumexralph in #5558
chore(aws): remove any usage of aws-sdk-v1 by @Skarlso in #5590
fix(gcp): check for secret version exists in PushSecret by @bpalko in #5593
feat(vault): add GCP Workload Identity authentication support by @SamuelMolling in #5356
chore: fix sonar cloud issues by @Skarlso in #5405
chore(aws-sdk-v2): update dependencies to accept new aws regions by @damienpuig in #5577
feat(chart): use ghcr.io instead of our own domain by @evrardjp in #5617

Dependencies

chore(deps): bump golang from 1.25.3 to 1.25.4 by @dependabot[bot] in #5560
chore(deps): bump golang from 1.25.3-bookworm to 1.25.4-bookworm in /e2e by @dependabot[bot] in #5568
chore(deps): bump step-security/harden-runner from 2.13.1 to 2.13.2 by @dependabot[bot] in #5561
chore(deps): bump softprops/action-gh-release from 2.4.1 to 2.4.2 by @dependabot[bot] in #5564
chore(deps): bump helm/chart-testing-action from 2.7.0 to 2.8.0 by @dependabot[bot] in #5565
chore(deps): bump aws-actions/configure-aws-credentials from 0d00a56 to 2475ef7 by @dependabot[bot] in #5562
chore(deps): bump helm/kind-action from 1.12.0 to 1.13.0 by @dependabot[bot] in #5563
chore(deps): bump docker/setup-qemu-action from 3.6.0 to 3.7.0 by @dependabot[bot] in #5567
chore(deps): bump regex from 2025.10.23 to 2025.11.3 in /hack/api-docs by @dependabot[bot] in #5570
chore(deps): bump markdown from 3.9 to 3.10 in /hack/api-docs by @dependabot[bot] in #5569
chore(deps): bump hashicorp/setup-terraform from 982f6f0 to 4c5fdab by @dependabot[bot] in #5566
chore(deps): bump golang from d3f0cf7 to d3f0cf7 by @dependabot[bot] in #5595
chore(deps): bump github/codeql-action from 4.31.2 to 4.31.3 by @dependabot[bot] in #5596
chore(deps): bump click from 8.3.0 to 8.3.1 in /hack/api-docs by @dependabot[bot] in [#5602](https://redirect.github.com/external-secre

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

If you want to rebase/retry this PR, check this box

This PR has been generated by Renovate Bot.

| datasource | package | from | to | | ---------- | ---------------- | ------ | ----- | | helm | external-secrets | 0.20.4 | 2.0.1 |

github-actions · 2026-03-10T05:09:28Z

--- kubernetes/apps/infra/external-secrets/app Kustomization: flux-system/external-secrets HelmRelease: infra/external-secrets

+++ kubernetes/apps/infra/external-secrets/app Kustomization: flux-system/external-secrets HelmRelease: infra/external-secrets

@@ -12,13 +12,13 @@

     spec:
       chart: external-secrets
       sourceRef:
         kind: HelmRepository
         name: external-secrets
         namespace: flux-system
-      version: 0.20.4
+      version: 2.0.1
   install:
     remediation:
       retries: 3
   interval: 30m
   maxHistory: 2
   uninstall:

github-actions · 2026-03-10T05:09:29Z

--- HelmRelease: infra/external-secrets Deployment: infra/external-secrets-cert-controller

+++ HelmRelease: infra/external-secrets Deployment: infra/external-secrets-cert-controller

@@ -34,13 +34,13 @@

             - ALL
           readOnlyRootFilesystem: true
           runAsNonRoot: true
           runAsUser: 1000
           seccompProfile:
             type: RuntimeDefault
-        image: oci.external-secrets.io/external-secrets/external-secrets:v0.20.4
+        image: ghcr.io/external-secrets/external-secrets:v2.0.1
         imagePullPolicy: IfNotPresent
         args:
         - certcontroller
         - --crd-requeue-interval=5m
         - --service-name=external-secrets-webhook
         - --service-namespace=infra
@@ -52,13 +52,16 @@

         - --zap-time-encoding=epoch
         - --enable-partial-cache=true
         ports:
         - containerPort: 8080
           protocol: TCP
           name: metrics
+        - containerPort: 8081
+          protocol: TCP
+          name: ready
         readinessProbe:
           httpGet:
-            port: 8081
+            port: ready
             path: /readyz
           initialDelaySeconds: 20
           periodSeconds: 5
 
--- HelmRelease: infra/external-secrets Deployment: infra/external-secrets

+++ HelmRelease: infra/external-secrets Deployment: infra/external-secrets

@@ -34,13 +34,13 @@

             - ALL
           readOnlyRootFilesystem: true
           runAsNonRoot: true
           runAsUser: 1000
           seccompProfile:
             type: RuntimeDefault
-        image: oci.external-secrets.io/external-secrets/external-secrets:v0.20.4
+        image: ghcr.io/external-secrets/external-secrets:v2.0.1
         imagePullPolicy: IfNotPresent
         args:
         - --concurrent=1
         - --metrics-addr=:8080
         - --loglevel=info
         - --zap-time-encoding=epoch
--- HelmRelease: infra/external-secrets Deployment: infra/external-secrets-webhook

+++ HelmRelease: infra/external-secrets Deployment: infra/external-secrets-webhook

@@ -34,13 +34,13 @@

             - ALL
           readOnlyRootFilesystem: true
           runAsNonRoot: true
           runAsUser: 1000
           seccompProfile:
             type: RuntimeDefault
-        image: oci.external-secrets.io/external-secrets/external-secrets:v0.20.4
+        image: ghcr.io/external-secrets/external-secrets:v2.0.1
         imagePullPolicy: IfNotPresent
         args:
         - webhook
         - --port=10250
         - --dns-name=external-secrets-webhook.infra.svc
         - --cert-dir=/tmp/certs
@@ -53,15 +53,18 @@

         - containerPort: 8080
           protocol: TCP
           name: metrics
         - containerPort: 10250
           protocol: TCP
           name: webhook
+        - containerPort: 8081
+          protocol: TCP
+          name: ready
         readinessProbe:
           httpGet:
-            port: 8081
+            port: ready
             path: /readyz
           initialDelaySeconds: 20
           periodSeconds: 5
         volumeMounts:
         - name: certs
           mountPath: /tmp/certs
--- HelmRelease: infra/external-secrets ValidatingWebhookConfiguration: infra/secretstore-validate

+++ HelmRelease: infra/external-secrets ValidatingWebhookConfiguration: infra/secretstore-validate

@@ -29,12 +29,13 @@

       path: /validate-external-secrets-io-v1-secretstore
   admissionReviewVersions:
   - v1
   - v1beta1
   sideEffects: None
   timeoutSeconds: 5
+  failurePolicy: Fail
 - name: validate.clustersecretstore.external-secrets.io
   rules:
   - apiGroups:
     - external-secrets.io
     apiVersions:
     - v1

feat(helm)!: Update chart external-secrets ( 0.20.4 → 2.0.1 )

84bed7f

| datasource | package | from | to | | ---------- | ---------------- | ------ | ----- | | helm | external-secrets | 0.20.4 | 2.0.1 |

terminator-bot bot added renovate/helm type/major labels Mar 10, 2026

github-actions bot added the area/kubernetes Changes made in the kubernetes directory label Mar 10, 2026

samip5 closed this Mar 11, 2026

samip5 deleted the renovate/external-secrets-2.x branch March 11, 2026 19:57

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

feat(helm)!: Update chart external-secrets ( 0.20.4 → 2.0.1 )#536

feat(helm)!: Update chart external-secrets ( 0.20.4 → 2.0.1 )#536
terminator-bot[bot] wants to merge 1 commit intomainfrom
renovate/external-secrets-2.x

terminator-bot bot commented Mar 10, 2026

Uh oh!

github-actions bot commented Mar 10, 2026

Uh oh!

github-actions bot commented Mar 10, 2026

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant

Uh oh!

Conversation

terminator-bot bot commented Mar 10, 2026

Release Notes

BREAKING CHANGE

What's Changed

General

Dependencies

New Contributors

BREAKING CHANGE

What's Changed

General

New Contributors

What's Changed

General

Dependencies

New Contributors

What's Changed

General

What's Changed

General

Dependencies

New Contributors

What's Changed

General

Dependencies

New Contributors

What's Changed

General

Dependencies

New Contributors

What's Changed

General

Dependencies

Configuration

Uh oh!

github-actions bot commented Mar 10, 2026

Uh oh!

github-actions bot commented Mar 10, 2026

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant