fix: pull external-secrets chart from OCI
This commit is contained in:
@@ -237,14 +237,37 @@ jobs:
|
|||||||
}
|
}
|
||||||
|
|
||||||
eso_diagnostics() {
|
eso_diagnostics() {
|
||||||
kubectl -n flux-system get kustomizations,helmrepositories,helmcharts,helmreleases || true
|
kubectl -n flux-system get kustomizations,ocirepositories,helmrepositories,helmcharts,helmreleases || true
|
||||||
kubectl -n flux-system describe kustomization addon-external-secrets || true
|
kubectl -n flux-system describe kustomization addon-external-secrets || true
|
||||||
kubectl -n flux-system describe helmrepository external-secrets || true
|
kubectl -n flux-system describe ocirepository external-secrets || true
|
||||||
kubectl -n flux-system describe helmchart.source.toolkit.fluxcd.io flux-system-external-secrets || true
|
|
||||||
kubectl -n flux-system describe helmrelease external-secrets || true
|
kubectl -n flux-system describe helmrelease external-secrets || true
|
||||||
kubectl -n external-secrets get pods -o wide || true
|
kubectl -n external-secrets get pods -o wide || true
|
||||||
}
|
}
|
||||||
|
|
||||||
|
wait_for_flux_oci_helm_release() {
|
||||||
|
local oci_name="$1"
|
||||||
|
local release_name="$2"
|
||||||
|
local target_namespace="$3"
|
||||||
|
local oci_timeout="$4"
|
||||||
|
local release_timeout="$5"
|
||||||
|
local reconcile_at
|
||||||
|
|
||||||
|
wait_for_resource flux-system "ocirepository.source.toolkit.fluxcd.io/${oci_name}" 600
|
||||||
|
reconcile_at="$(date +%s)"
|
||||||
|
kubectl -n flux-system annotate "ocirepository/${oci_name}" reconcile.fluxcd.io/requestedAt="${reconcile_at}" --overwrite
|
||||||
|
kubectl -n flux-system annotate "helmrelease/${release_name}" reconcile.fluxcd.io/requestedAt="${reconcile_at}" --overwrite
|
||||||
|
|
||||||
|
if ! kubectl -n flux-system wait --for=condition=Ready "ocirepository/${oci_name}" --timeout="${oci_timeout}"; then
|
||||||
|
eso_diagnostics
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
|
||||||
|
if ! kubectl -n flux-system wait --for=condition=Ready "helmrelease/${release_name}" --timeout="${release_timeout}"; then
|
||||||
|
eso_diagnostics
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
}
|
||||||
|
|
||||||
flux_helm_diagnostics() {
|
flux_helm_diagnostics() {
|
||||||
local repo_name="$1"
|
local repo_name="$1"
|
||||||
local chart_name="$2"
|
local chart_name="$2"
|
||||||
@@ -318,7 +341,7 @@ jobs:
|
|||||||
# Wait directly on the ESO Helm objects; Kustomization readiness hides useful failure details.
|
# Wait directly on the ESO Helm objects; Kustomization readiness hides useful failure details.
|
||||||
wait_for_resource flux-system kustomization.kustomize.toolkit.fluxcd.io/addon-external-secrets 600
|
wait_for_resource flux-system kustomization.kustomize.toolkit.fluxcd.io/addon-external-secrets 600
|
||||||
kubectl -n flux-system annotate kustomization/addon-external-secrets reconcile.fluxcd.io/requestedAt="$(date +%s)" --overwrite
|
kubectl -n flux-system annotate kustomization/addon-external-secrets reconcile.fluxcd.io/requestedAt="$(date +%s)" --overwrite
|
||||||
wait_for_flux_helm_release external-secrets flux-system-external-secrets external-secrets external-secrets 900s 1800s 1800s
|
wait_for_flux_oci_helm_release external-secrets external-secrets external-secrets 1800s 1800s
|
||||||
wait_for_resource "" crd/clustersecretstores.external-secrets.io 900
|
wait_for_resource "" crd/clustersecretstores.external-secrets.io 900
|
||||||
wait_for_resource "" crd/externalsecrets.external-secrets.io 900
|
wait_for_resource "" crd/externalsecrets.external-secrets.io 900
|
||||||
kubectl wait --for=condition=established --timeout=600s crd/clustersecretstores.external-secrets.io
|
kubectl wait --for=condition=established --timeout=600s crd/clustersecretstores.external-secrets.io
|
||||||
|
|||||||
@@ -6,14 +6,10 @@ metadata:
|
|||||||
spec:
|
spec:
|
||||||
interval: 10m
|
interval: 10m
|
||||||
targetNamespace: external-secrets
|
targetNamespace: external-secrets
|
||||||
chart:
|
chartRef:
|
||||||
spec:
|
kind: OCIRepository
|
||||||
chart: external-secrets
|
name: external-secrets
|
||||||
version: 2.1.0
|
namespace: flux-system
|
||||||
sourceRef:
|
|
||||||
kind: HelmRepository
|
|
||||||
name: external-secrets
|
|
||||||
namespace: flux-system
|
|
||||||
install:
|
install:
|
||||||
createNamespace: true
|
createNamespace: true
|
||||||
remediation:
|
remediation:
|
||||||
|
|||||||
@@ -1,8 +0,0 @@
|
|||||||
apiVersion: source.toolkit.fluxcd.io/v1
|
|
||||||
kind: HelmRepository
|
|
||||||
metadata:
|
|
||||||
name: external-secrets
|
|
||||||
namespace: flux-system
|
|
||||||
spec:
|
|
||||||
interval: 1h
|
|
||||||
url: https://charts.external-secrets.io
|
|
||||||
@@ -2,5 +2,5 @@ apiVersion: kustomize.config.k8s.io/v1beta1
|
|||||||
kind: Kustomization
|
kind: Kustomization
|
||||||
resources:
|
resources:
|
||||||
- namespace.yaml
|
- namespace.yaml
|
||||||
- helmrepository-external-secrets.yaml
|
- ocirepository-external-secrets.yaml
|
||||||
- helmrelease-external-secrets.yaml
|
- helmrelease-external-secrets.yaml
|
||||||
|
|||||||
@@ -0,0 +1,13 @@
|
|||||||
|
apiVersion: source.toolkit.fluxcd.io/v1
|
||||||
|
kind: OCIRepository
|
||||||
|
metadata:
|
||||||
|
name: external-secrets
|
||||||
|
namespace: flux-system
|
||||||
|
spec:
|
||||||
|
interval: 10m
|
||||||
|
url: oci://ghcr.io/external-secrets/charts/external-secrets
|
||||||
|
ref:
|
||||||
|
tag: 2.1.0
|
||||||
|
layerSelector:
|
||||||
|
mediaType: application/vnd.cncf.helm.chart.content.v1.tar+gzip
|
||||||
|
operation: copy
|
||||||
Reference in New Issue
Block a user