2022-10-29 18:15:50 +00:00
apiVersion : apiextensions.k8s.io/v1
kind : CustomResourceDefinition
metadata :
annotations :
2024-10-29 09:54:27 +00:00
controller-gen.kubebuilder.io/version : v0.16.5
2024-06-16 10:52:10 +00:00
labels :
external-secrets.io/component : controller
2022-10-29 18:15:50 +00:00
name : ecrauthorizationtokens.generators.external-secrets.io
spec :
group : generators.external-secrets.io
names :
categories :
2024-09-25 07:45:07 +00:00
- external-secrets
- external-secrets-generators
2022-10-29 18:15:50 +00:00
kind : ECRAuthorizationToken
listKind : ECRAuthorizationTokenList
plural : ecrauthorizationtokens
singular : ecrauthorizationtoken
scope : Namespaced
versions :
- name : v1alpha1
schema :
openAPIV3Schema :
2024-01-22 19:56:06 +00:00
description : |-
ECRAuthorizationTokenSpec uses the GetAuthorizationToken API to retrieve an
authorization token.
The authorization token is valid for 12 hours.
The authorizationToken returned is a base64 encoded string that can be decoded
and used in a docker login command to authenticate to a registry.
For more information, see Registry authentication (https://docs.aws.amazon.com/AmazonECR/latest/userguide/Registries.html#registry_auth) in the Amazon Elastic Container Registry User Guide.
2022-10-29 18:15:50 +00:00
properties :
apiVersion :
2024-01-22 19:56:06 +00:00
description : |-
APIVersion defines the versioned schema of this representation of an object.
Servers should convert recognized schemas to the latest internal value, and
may reject unrecognized values.
More info : https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
2022-10-29 18:15:50 +00:00
type : string
kind :
2024-01-22 19:56:06 +00:00
description : |-
Kind is a string value representing the REST resource this object represents.
Servers may infer this from the endpoint the client submits requests to.
Cannot be updated.
In CamelCase.
More info : https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
2022-10-29 18:15:50 +00:00
type : string
metadata :
type : object
spec :
properties :
auth :
description : Auth defines how to authenticate with AWS
properties :
jwt :
description : Authenticate against AWS using service account tokens.
properties :
serviceAccountRef :
description : A reference to a ServiceAccount resource.
properties :
audiences :
2024-01-22 19:56:06 +00:00
description : |-
Audience specifies the `aud` claim for the service account token
If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity
then this audiences will be appended to the list
2022-10-29 18:15:50 +00:00
items :
type : string
type : array
name :
description : The name of the ServiceAccount resource being
referred to.
2024-11-28 15:53:07 +00:00
maxLength : 253
minLength : 1
pattern : ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
2022-10-29 18:15:50 +00:00
type : string
namespace :
2024-01-22 19:56:06 +00:00
description : |-
2024-11-28 15:53:07 +00:00
Namespace of the resource being referred to.
Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent.
maxLength : 63
minLength : 1
pattern : ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
2022-10-29 18:15:50 +00:00
type : string
required :
- name
type : object
type : object
secretRef :
2024-01-22 19:56:06 +00:00
description : |-
AWSAuthSecretRef holds secret references for AWS credentials
both AccessKeyID and SecretAccessKey must be defined in order to properly authenticate.
2022-10-29 18:15:50 +00:00
properties :
accessKeyIDSecretRef :
description : The AccessKeyID is used for authentication
properties :
key :
2024-01-22 19:56:06 +00:00
description : |-
2024-11-28 15:53:07 +00:00
A key in the referenced Secret.
Some instances of this field may be defaulted, in others it may be required.
maxLength : 253
minLength : 1
pattern : ^[-._a-zA-Z0-9]+$
2022-10-29 18:15:50 +00:00
type : string
name :
description : The name of the Secret resource being referred
to.
2024-11-28 15:53:07 +00:00
maxLength : 253
minLength : 1
pattern : ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
2022-10-29 18:15:50 +00:00
type : string
namespace :
2024-01-22 19:56:06 +00:00
description : |-
2024-11-28 15:53:07 +00:00
The namespace of the Secret resource being referred to.
Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent.
maxLength : 63
minLength : 1
pattern : ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
2022-10-29 18:15:50 +00:00
type : string
type : object
secretAccessKeySecretRef :
description : The SecretAccessKey is used for authentication
properties :
key :
2024-01-22 19:56:06 +00:00
description : |-
2024-11-28 15:53:07 +00:00
A key in the referenced Secret.
Some instances of this field may be defaulted, in others it may be required.
maxLength : 253
minLength : 1
pattern : ^[-._a-zA-Z0-9]+$
2022-10-29 18:15:50 +00:00
type : string
name :
description : The name of the Secret resource being referred
to.
2024-11-28 15:53:07 +00:00
maxLength : 253
minLength : 1
pattern : ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
2022-10-29 18:15:50 +00:00
type : string
namespace :
2024-01-22 19:56:06 +00:00
description : |-
2024-11-28 15:53:07 +00:00
The namespace of the Secret resource being referred to.
Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent.
maxLength : 63
minLength : 1
pattern : ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
2022-10-29 18:15:50 +00:00
type : string
type : object
sessionTokenSecretRef :
2024-01-22 19:56:06 +00:00
description : |-
The SessionToken used for authentication
This must be defined if AccessKeyID and SecretAccessKey are temporary credentials
see : https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_use-resources.html
2022-10-29 18:15:50 +00:00
properties :
key :
2024-01-22 19:56:06 +00:00
description : |-
2024-11-28 15:53:07 +00:00
A key in the referenced Secret.
Some instances of this field may be defaulted, in others it may be required.
maxLength : 253
minLength : 1
pattern : ^[-._a-zA-Z0-9]+$
2022-10-29 18:15:50 +00:00
type : string
name :
description : The name of the Secret resource being referred
to.
2024-11-28 15:53:07 +00:00
maxLength : 253
minLength : 1
pattern : ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
2022-10-29 18:15:50 +00:00
type : string
namespace :
2024-01-22 19:56:06 +00:00
description : |-
2024-11-28 15:53:07 +00:00
The namespace of the Secret resource being referred to.
Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent.
maxLength : 63
minLength : 1
pattern : ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
2022-10-29 18:15:50 +00:00
type : string
type : object
type : object
type : object
region :
description : Region specifies the region to operate in.
type : string
role :
2024-01-22 19:56:06 +00:00
description : |-
You can assume a role before making calls to the
desired AWS service.
2022-10-29 18:15:50 +00:00
type : string
required :
- region
type : object
type : object
served : true
storage : true
subresources :
status : {}
