Update Helm release external-secrets to v2

Signed-off-by: Renovate Bot <tech+renovate@vshn.ch>

Author: vshn-renovate

class/defaults.yml

@@ -13,7 +13,7 @@ parameters:
     charts:
       external-secrets:
         source: https://charts.external-secrets.io
-        version: 0.18.0
+        version: 2.0.0
 
     helm_values:
       image:

tests/golden/defaults/external-secrets-operator/external-secrets-operator/10_helm_chart/external-secrets/templates/cert-controller-deployment.yaml

@@ -5,8 +5,8 @@ metadata:
     app.kubernetes.io/instance: external-secrets
     app.kubernetes.io/managed-by: Helm
     app.kubernetes.io/name: external-secrets-cert-controller
-    app.kubernetes.io/version: v0.18.0
-    helm.sh/chart: external-secrets-0.18.0
+    app.kubernetes.io/version: v2.0.0
+    helm.sh/chart: external-secrets-2.0.0
   name: external-secrets-cert-controller
   namespace: syn-external-secrets-operator
 spec:
@@ -22,8 +22,8 @@ spec:
         app.kubernetes.io/instance: external-secrets
         app.kubernetes.io/managed-by: Helm
         app.kubernetes.io/name: external-secrets-cert-controller
-        app.kubernetes.io/version: v0.18.0
-        helm.sh/chart: external-secrets-0.18.0
+        app.kubernetes.io/version: v2.0.0
+        helm.sh/chart: external-secrets-2.0.0
     spec:
       automountServiceAccountToken: true
       containers:
@@ -39,17 +39,20 @@ spec:
             - --loglevel=info
             - --zap-time-encoding=epoch
             - --enable-partial-cache=true
-          image: oci.external-secrets.io/external-secrets/external-secrets:v0.18.0
+          image: ghcr.io/external-secrets/external-secrets:v2.0.0
           imagePullPolicy: IfNotPresent
           name: cert-controller
           ports:
             - containerPort: 8080
               name: metrics
               protocol: TCP
+            - containerPort: 8081
+              name: ready
+              protocol: TCP
           readinessProbe:
             httpGet:
               path: /readyz
-              port: 8081
+              port: ready
             initialDelaySeconds: 20
             periodSeconds: 5
           securityContext:

tests/golden/defaults/external-secrets-operator/external-secrets-operator/10_helm_chart/external-secrets/templates/cert-controller-rbac.yaml

@@ -5,8 +5,8 @@ metadata:
     app.kubernetes.io/instance: external-secrets
     app.kubernetes.io/managed-by: Helm
     app.kubernetes.io/name: external-secrets-cert-controller
-    app.kubernetes.io/version: v0.18.0
-    helm.sh/chart: external-secrets-0.18.0
+    app.kubernetes.io/version: v2.0.0
+    helm.sh/chart: external-secrets-2.0.0
   name: external-secrets-cert-controller
 rules:
   - apiGroups:
@@ -45,6 +45,14 @@ rules:
       - list
       - get
       - watch
+  - apiGroups:
+      - discovery.k8s.io
+    resources:
+      - endpointslices
+    verbs:
+      - list
+      - get
+      - watch
   - apiGroups:
       - ''
     resources:
@@ -79,8 +87,8 @@ metadata:
     app.kubernetes.io/instance: external-secrets
     app.kubernetes.io/managed-by: Helm
     app.kubernetes.io/name: external-secrets-cert-controller
-    app.kubernetes.io/version: v0.18.0
-    helm.sh/chart: external-secrets-0.18.0
+    app.kubernetes.io/version: v2.0.0
+    helm.sh/chart: external-secrets-2.0.0
   name: external-secrets-cert-controller
 roleRef:
   apiGroup: rbac.authorization.k8s.io

tests/golden/defaults/external-secrets-operator/external-secrets-operator/10_helm_chart/external-secrets/templates/cert-controller-serviceaccount.yaml

@@ -5,7 +5,7 @@ metadata:
     app.kubernetes.io/instance: external-secrets
     app.kubernetes.io/managed-by: Helm
     app.kubernetes.io/name: external-secrets-cert-controller
-    app.kubernetes.io/version: v0.18.0
-    helm.sh/chart: external-secrets-0.18.0
+    app.kubernetes.io/version: v2.0.0
+    helm.sh/chart: external-secrets-2.0.0
   name: external-secrets-cert-controller
   namespace: syn-external-secrets-operator

tests/golden/defaults/external-secrets-operator/external-secrets-operator/10_helm_chart/external-secrets/templates/crds/acraccesstoken.yaml

@@ -2,7 +2,7 @@ apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
   annotations:
-    controller-gen.kubebuilder.io/version: v0.18.0
+    controller-gen.kubebuilder.io/version: v0.19.0
   labels:
     external-secrets.io/component: controller
   name: acraccesstokens.generators.external-secrets.io
@@ -55,6 +55,8 @@ spec:
                 see: https://github.com/Azure/acr/blob/main/docs/AAD-OAuth.md#overview
               properties:
                 auth:
+                  description: ACRAuth defines the authentication methods for Azure
+                    Container Registry.
                   properties:
                     managedIdentity:
                       description: ManagedIdentity uses Azure Managed Identity to
@@ -71,8 +73,8 @@ spec:
                       properties:
                         secretRef:
                           description: |-
-                            Configuration used to authenticate with Azure using static
-                            credentials stored in a Kind=Secret.
+                            AzureACRServicePrincipalAuthSecretRef defines the secret references for Azure Service Principal authentication.
+                            It uses static credentials stored in a Kind=Secret.
                           properties:
                             clientId:
                               description: The Azure clientId of the service principle
@@ -175,14 +177,15 @@ spec:
                   default: PublicCloud
                   description: |-
                     EnvironmentType specifies the Azure cloud environment endpoints to use for
-                    connecting and authenticating with Azure. By default it points to the public cloud AAD endpoint.
+                    connecting and authenticating with Azure. By default, it points to the public cloud AAD endpoint.
                     The following endpoints are available, also see here: https://github.com/Azure/go-autorest/blob/main/autorest/azure/environments.go#L152
                     PublicCloud, USGovernmentCloud, ChinaCloud, GermanCloud
                   enum:
                     - PublicCloud
                     - USGovernmentCloud
                     - ChinaCloud
                     - GermanCloud
+                    - AzureStackCloud
                   type: string
                 registry:
                   description: |-

tests/golden/defaults/external-secrets-operator/external-secrets-operator/10_helm_chart/external-secrets/templates/crds/cloudsmithaccesstoken.yaml

@@ -0,0 +1,97 @@
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  annotations:
+    controller-gen.kubebuilder.io/version: v0.19.0
+  labels:
+    external-secrets.io/component: controller
+  name: cloudsmithaccesstokens.generators.external-secrets.io
+spec:
+  group: generators.external-secrets.io
+  names:
+    categories:
+      - external-secrets
+      - external-secrets-generators
+    kind: CloudsmithAccessToken
+    listKind: CloudsmithAccessTokenList
+    plural: cloudsmithaccesstokens
+    singular: cloudsmithaccesstoken
+  scope: Namespaced
+  versions:
+    - name: v1alpha1
+      schema:
+        openAPIV3Schema:
+          description: CloudsmithAccessToken generates Cloudsmith access token using
+            OIDC authentication
+          properties:
+            apiVersion:
+              description: |-
+                APIVersion defines the versioned schema of this representation of an object.
+                Servers should convert recognized schemas to the latest internal value, and
+                may reject unrecognized values.
+                More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+              type: string
+            kind:
+              description: |-
+                Kind is a string value representing the REST resource this object represents.
+                Servers may infer this from the endpoint the client submits requests to.
+                Cannot be updated.
+                In CamelCase.
+                More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+              type: string
+            metadata:
+              type: object
+            spec:
+              description: CloudsmithAccessTokenSpec defines the configuration for
+                generating a Cloudsmith access token using OIDC authentication.
+              properties:
+                apiUrl:
+                  description: APIURL configures the Cloudsmith API URL. Defaults
+                    to https://api.cloudsmith.io.
+                  type: string
+                orgSlug:
+                  description: OrgSlug is the organization slug in Cloudsmith
+                  type: string
+                serviceAccountRef:
+                  description: Name of the service account you are federating with
+                  properties:
+                    audiences:
+                      description: |-
+                        Audience specifies the `aud` claim for the service account token
+                        If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity
+                        then this audiences will be appended to the list
+                      items:
+                        type: string
+                      type: array
+                    name:
+                      description: The name of the ServiceAccount resource being referred
+                        to.
+                      maxLength: 253
+                      minLength: 1
+                      pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
+                      type: string
+                    namespace:
+                      description: |-
+                        Namespace of the resource being referred to.
+                        Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent.
+                      maxLength: 63
+                      minLength: 1
+                      pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
+                      type: string
+                  required:
+                    - name
+                  type: object
+                serviceSlug:
+                  description: ServiceSlug is the service slug in Cloudsmith for OIDC
+                    authentication
+                  type: string
+              required:
+                - orgSlug
+                - serviceAccountRef
+                - serviceSlug
+              type: object
+          type: object
+      served: true
+      storage: true
+      subresources:
+        status: {}