changed proposed items

[vazudew]

Proposed changes

Installing ESO Operator via Helm on k8s, needed exact Chart Version and to install all CRDs used. So fixed.
Fix: #16379

Unreleased product version (optional)

Related issues (optional)

[claude]

Review of PR #16380

Thanks for contributing to fix the External Secrets Operator installation! I've reviewed the changes and have some observations:

Technical accuracy ✓

The Helm command syntax is correct and the parameters are valid:

• --set installCRDs=true ensures the Custom Resource Definitions are installed
• --version 0.10.4 pins to a specific chart version

Concerns

1. Version pinning to 0.10.4 (line 48)

Version 0.10.4 appears to be quite old. External Secrets Operator has had many releases since then. Pinning to an older version in a tutorial could:

• Expose users to known security vulnerabilities
• Prevent users from accessing newer features and bug fixes
• Create maintenance burden when the tutorial eventually needs updating

Suggestion:
Consider either:

• Using the latest stable version (check the External Secrets Operator releases)
• Not pinning to a specific version (let Helm use the latest from the repo)
• If 0.10.4 is required for compatibility with a specific Pulumi ESC version, add a comment explaining why

helm upgrade --install external-secrets external-secrets/external-secrets \
    --namespace external-secrets \
    --set installCRDs=true \
    --create-namespace \
    --wait

2. Missing context for readers

The tutorial doesn't explain why --set installCRDs=true is necessary. Adding a brief comment or note would help users understand the configuration.

Testing recommendation

Since this changes installation instructions in a tutorial, please verify:

• The specified version (0.10.4) is still available in the Helm repository
• The installation completes successfully with these parameters
• The rest of the tutorial steps work correctly with this version

---

Mention me (@claude) if you'd like additional reviews or help addressing these concerns!

[stooj]

Where does the version number (0.10.0) come from?

Can we include a paragraph about finding the correct version number to use, then update the code sample with a placeholder version number instead?

--version <VERSION_NUMBER>

That means when the version number changes in 6 months we're not still instructing users to install an old version.

[pulumi-bot]

Your site preview for commit fd61f96 is ready! 🎉

http://www-testing-pulumi-docs-origin-pr-16380-fd61f967.s3-website.us-west-2.amazonaws.com.

[vazudew]

I executed the commands, k8s objects with a colleague. Updated the sample code for namespaces

[pulumi-bot]

Your site preview for commit 43c2f1b is ready! 🎉

http://www-testing-pulumi-docs-origin-pr-16380-43c2f1b9.s3-website.us-west-2.amazonaws.com.

[stooj]

A couple of small comments before this can be merged.

[stooj]

Rearrange this so the reader reads their instructions first in case they aren't paying close attention.

Something like:

You can create a SecretStore resource that will tell the External Secrets Operator to use Pulumi ESC as a secret provider for this namespace. If you want to increase the scope of the whole cluster you can use a ClusterSecretStore instead.

[vazudew]

changed the section, accordingly :)

[stooj]

Can you please lint this yaml? There has been extra indentation added, so check it's still valid.

[vazudew]

woow, good catch. The error was due to copy paste issue. Updated

[pulumi-bot]

Your site preview for commit 20e76bf is ready! 🎉

http://www-testing-pulumi-docs-origin-pr-16380-20e76bf5.s3-website.us-west-2.amazonaws.com.

[pulumi-bot]

Your site preview for commit edcb694 is ready! 🎉

http://www-testing-pulumi-docs-origin-pr-16380-edcb6948.s3-website.us-west-2.amazonaws.com.

[stooj]

Just a couple of grammar fixes

[stooj]

Grammar fixes:

However, if you want to expand the scope to the entire cluster you can use a ClusterSecretStore resource instead.

[stooj]

Grammar fixes:

You can create a SecretStore resource to notify the External Secrets Operator to use Pulumi ESC as a secret provider for a specific namespace.

[stooj]

Grammar fix:

using the External Secrets Operator.

[pulumi-bot]

Your site preview for commit 9194a21 is ready! 🎉

http://www-testing-pulumi-docs-origin-pr-16380-9194a217.s3-website.us-west-2.amazonaws.com.

[stooj]

Almost there!

[stooj]

One last comma to remove 😁

scope to entire cluster, you can use a

scope to the entire cluster you can use a

[stooj]

And a the to add.

[vazudew]

me thinks, "scope to entire cluster, " is correct, because you need a short pause there ? But i can remove it, once you confirm the removal.

The to be added for "ClusterSecretStore"? we have been using article "a" for ClusterSecretStore. ? we have to replace all "a" s to "the" ? please confirm

[stooj]

If you've been using a then use an entire cluster, sounds good.

[stooj]

And you've convinced me about the comma 😁 Keep the comma.

[pulumi-bot]

Your site preview for commit 730a4a7 is ready! 🎉

http://www-testing-pulumi-docs-origin-pr-16380-730a4a70.s3-website.us-west-2.amazonaws.com.

[stooj]

LGTM