diff --git a/PROJECT b/PROJECT index 7c7b92e88..20647a6b6 100644 --- a/PROJECT +++ b/PROJECT @@ -1,4 +1,4 @@ -domain: x-k8s.io +domain: io repo: github.com/external-secrets/external-secrets resources: - group: external-secrets diff --git a/api/v1alpha1/groupversion_info.go b/api/v1alpha1/groupversion_info.go index f5bc3804b..2f5c80022 100644 --- a/api/v1alpha1/groupversion_info.go +++ b/api/v1alpha1/groupversion_info.go @@ -16,7 +16,7 @@ limitations under the License. // Package v1alpha1 contains API Schema definitions for the external-secrets v1alpha1 API group // +kubebuilder:object:generate=true -// +groupName=external-secrets.x-k8s.io +// +groupName=external-secrets.io package v1alpha1 import ( @@ -26,7 +26,7 @@ import ( var ( // GroupVersion is group version used to register these objects - GroupVersion = schema.GroupVersion{Group: "external-secrets.x-k8s.io", Version: "v1alpha1"} + GroupVersion = schema.GroupVersion{Group: "external-secrets.io", Version: "v1alpha1"} // SchemeBuilder is used to add go types to the GroupVersionKind scheme SchemeBuilder = &scheme.Builder{GroupVersion: GroupVersion} diff --git a/config/crd/bases/external-secrets.io_externalsecrets.yaml b/config/crd/bases/external-secrets.io_externalsecrets.yaml new file mode 100644 index 000000000..301b5bf43 --- /dev/null +++ b/config/crd/bases/external-secrets.io_externalsecrets.yaml @@ -0,0 +1,169 @@ + +--- +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.2.5 + creationTimestamp: null + name: externalsecrets.external-secrets.io +spec: + group: external-secrets.io + names: + kind: ExternalSecret + listKind: ExternalSecretList + plural: externalsecrets + singular: externalsecret + scope: Namespaced + validation: + openAPIV3Schema: + description: ExternalSecret is the Schema for the externalsecrets API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: ExternalSecretSpec defines the desired state of ExternalSecret + properties: + data: + description: Data defines the connection between the Kubernetes Secret + keys and the Provider data + items: + description: ExternalSecretData defines the connection between the + Kubernetes Secret key (spec.data.) and the Provider data + properties: + remoteRef: + description: ExternalSecretDataRemoteRef defines Provider data + location + properties: + key: + description: Key is the key used in the Provider, mandatory + type: string + property: + description: Used to select a specific property of the Provider + value (if a map), if supported + type: string + version: + description: Used to select a specific version of the Provider + value, if supported + type: string + required: + - key + type: object + secretKey: + type: string + required: + - remoteRef + - secretKey + type: object + type: array + dataFrom: + description: DataFrom is used to fetch all properties from a specific + Provider data If multiple entries are specified, the Secret keys are + merged in the specified order + items: + description: ExternalSecretDataRemoteRef defines Provider data location + properties: + key: + description: Key is the key used in the Provider, mandatory + type: string + property: + description: Used to select a specific property of the Provider + value (if a map), if supported + type: string + version: + description: Used to select a specific version of the Provider + value, if supported + type: string + required: + - key + type: object + type: array + refreshInterval: + description: 'RefreshInterval is the amount of time before the values + reading again from the SecretStore provider Valid time units are "ns", + "us" (or "µs"), "ms", "s", "m", "h" (from time.ParseDuration) May + be set to zero to fetch and create it once TODO: Default to some value?' + type: string + secretStoreRef: + description: SecretStoreRef defines which SecretStore to fetch the ExternalSecret + data + properties: + kind: + description: Kind of the SecretStore resource (SecretStore or ClusterSecretStore) + Defaults to `SecretStore` + type: string + name: + description: Name of the SecretStore resource + type: string + required: + - name + type: object + target: + description: ExternalSecretTarget defines the Kubernetes Secret to be + created There can be only one target per ExternalSecret + properties: + creationPolicy: + description: CreationPolicy defines rules on how to create the resulting + Secret Defaults to 'Owner' + type: string + name: + description: Name defines the name of the Secret resource to be + managed This field is immutable Defaults to the .metadata.name + of the ExternalSecret resource + type: string + type: object + required: + - secretStoreRef + - target + type: object + status: + properties: + conditions: + items: + properties: + lastSyncTime: + format: date-time + type: string + lastTransitionTime: + format: date-time + type: string + message: + type: string + reason: + type: string + status: + type: string + type: + type: string + required: + - status + - type + type: object + type: array + phase: + description: ExternalSecretStatusPhase represents the current phase + of the Secret sync + type: string + type: object + type: object + version: v1alpha1 + versions: + - name: v1alpha1 + served: true + storage: true +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] diff --git a/config/crd/bases/external-secrets.io_secretstores.yaml b/config/crd/bases/external-secrets.io_secretstores.yaml new file mode 100644 index 000000000..6186b1d25 --- /dev/null +++ b/config/crd/bases/external-secrets.io_secretstores.yaml @@ -0,0 +1,130 @@ + +--- +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.2.5 + creationTimestamp: null + name: secretstores.external-secrets.io +spec: + group: external-secrets.io + names: + kind: SecretStore + listKind: SecretStoreList + plural: secretstores + singular: secretstore + scope: Namespaced + validation: + openAPIV3Schema: + description: SecretStore is the Schema for the secretstores API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: SecretStoreSpec defines the desired state of SecretStore + properties: + awssm: + description: AWSSM configures this store to sync secrets using AWS Secret + Manager provider + properties: + auth: + description: Auth defines the information necessary to authenticate + against AWS + properties: + secretRef: + properties: + accessKeyIDSecretRef: + description: The AccessKeyID is used for authentication + properties: + key: + type: string + name: + type: string + namespace: + type: string + required: + - key + - name + type: object + secretAccessKeySecretRef: + description: The SecretAccessKey is used for authentication + properties: + key: + type: string + name: + type: string + namespace: + type: string + required: + - key + - name + type: object + type: object + required: + - secretRef + type: object + region: + description: AWS Region to be used for the provider + type: string + role: + description: Role is a Role ARN which the SecretManager provider + will assume + type: string + required: + - auth + - region + type: object + controller: + description: 'Used to select the correct KES controller (think: ingress.ingressClassName) + The KES controller is instantiated with a specific controller name + and filters ES based on this property' + type: string + type: object + status: + description: SecretStoreStatus defines the observed state of the SecretStore + properties: + conditions: + items: + properties: + lastTransitionTime: + format: date-time + type: string + message: + type: string + reason: + type: string + status: + type: string + type: + type: string + required: + - status + - type + type: object + type: array + phase: + type: string + type: object + type: object + version: v1alpha1 + versions: + - name: v1alpha1 + served: true + storage: true +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] diff --git a/config/crd/bases/external-secrets.x-k8s.io_externalsecrets.yaml b/config/crd/bases/external-secrets.x-k8s.io_externalsecrets.yaml index 75ece42f0..301b5bf43 100644 --- a/config/crd/bases/external-secrets.x-k8s.io_externalsecrets.yaml +++ b/config/crd/bases/external-secrets.x-k8s.io_externalsecrets.yaml @@ -6,9 +6,9 @@ metadata: annotations: controller-gen.kubebuilder.io/version: v0.2.5 creationTimestamp: null - name: externalsecrets.external-secrets.x-k8s.io + name: externalsecrets.external-secrets.io spec: - group: external-secrets.x-k8s.io + group: external-secrets.io names: kind: ExternalSecret listKind: ExternalSecretList diff --git a/config/crd/bases/external-secrets.x-k8s.io_secretstores.yaml b/config/crd/bases/external-secrets.x-k8s.io_secretstores.yaml index 0cf9ab890..6186b1d25 100644 --- a/config/crd/bases/external-secrets.x-k8s.io_secretstores.yaml +++ b/config/crd/bases/external-secrets.x-k8s.io_secretstores.yaml @@ -6,9 +6,9 @@ metadata: annotations: controller-gen.kubebuilder.io/version: v0.2.5 creationTimestamp: null - name: secretstores.external-secrets.x-k8s.io + name: secretstores.external-secrets.io spec: - group: external-secrets.x-k8s.io + group: external-secrets.io names: kind: SecretStore listKind: SecretStoreList diff --git a/config/crd/kustomization.yaml b/config/crd/kustomization.yaml index 2b49e3e63..acec8621e 100644 --- a/config/crd/kustomization.yaml +++ b/config/crd/kustomization.yaml @@ -2,8 +2,8 @@ # since it depends on service name and namespace that are out of this kustomize package. # It should be run by config/default resources: -- bases/external-secrets.x-k8s.io_secretstores.yaml -- bases/external-secrets.x-k8s.io_externalsecrets.yaml +- bases/external-secrets.io_secretstores.yaml +- bases/external-secrets.io_externalsecrets.yaml # +kubebuilder:scaffold:crdkustomizeresource patchesStrategicMerge: diff --git a/config/crd/patches/cainjection_in_externalsecrets.yaml b/config/crd/patches/cainjection_in_externalsecrets.yaml index 2abd47ba7..7e8fc5758 100644 --- a/config/crd/patches/cainjection_in_externalsecrets.yaml +++ b/config/crd/patches/cainjection_in_externalsecrets.yaml @@ -5,4 +5,4 @@ kind: CustomResourceDefinition metadata: annotations: cert-manager.io/inject-ca-from: $(CERTIFICATE_NAMESPACE)/$(CERTIFICATE_NAME) - name: externalsecrets.external-secrets.x-k8s.io + name: externalsecrets.external-secrets.io diff --git a/config/crd/patches/cainjection_in_secretstores.yaml b/config/crd/patches/cainjection_in_secretstores.yaml index fb6cf292d..35b460d2a 100644 --- a/config/crd/patches/cainjection_in_secretstores.yaml +++ b/config/crd/patches/cainjection_in_secretstores.yaml @@ -5,4 +5,4 @@ kind: CustomResourceDefinition metadata: annotations: cert-manager.io/inject-ca-from: $(CERTIFICATE_NAMESPACE)/$(CERTIFICATE_NAME) - name: secretstores.external-secrets.x-k8s.io + name: secretstores.external-secrets.io diff --git a/config/crd/patches/webhook_in_externalsecrets.yaml b/config/crd/patches/webhook_in_externalsecrets.yaml index 2b7918f63..d96d17bdb 100644 --- a/config/crd/patches/webhook_in_externalsecrets.yaml +++ b/config/crd/patches/webhook_in_externalsecrets.yaml @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1beta1 kind: CustomResourceDefinition metadata: - name: externalsecrets.external-secrets.x-k8s.io + name: externalsecrets.external-secrets.io spec: conversion: strategy: Webhook diff --git a/config/crd/patches/webhook_in_secretstores.yaml b/config/crd/patches/webhook_in_secretstores.yaml index f09630769..5e292ad2d 100644 --- a/config/crd/patches/webhook_in_secretstores.yaml +++ b/config/crd/patches/webhook_in_secretstores.yaml @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1beta1 kind: CustomResourceDefinition metadata: - name: secretstores.external-secrets.x-k8s.io + name: secretstores.external-secrets.io spec: conversion: strategy: Webhook diff --git a/config/rbac/externalsecret_editor_role.yaml b/config/rbac/externalsecret_editor_role.yaml index 77fdbc6ff..e78564f7a 100644 --- a/config/rbac/externalsecret_editor_role.yaml +++ b/config/rbac/externalsecret_editor_role.yaml @@ -5,7 +5,7 @@ metadata: name: externalsecret-editor-role rules: - apiGroups: - - external-secrets.x-k8s.io + - external-secrets.io resources: - externalsecrets verbs: @@ -17,7 +17,7 @@ rules: - update - watch - apiGroups: - - external-secrets.x-k8s.io + - external-secrets.io resources: - externalsecrets/status verbs: diff --git a/config/rbac/externalsecret_viewer_role.yaml b/config/rbac/externalsecret_viewer_role.yaml index 7926d090b..5f37453a6 100644 --- a/config/rbac/externalsecret_viewer_role.yaml +++ b/config/rbac/externalsecret_viewer_role.yaml @@ -5,7 +5,7 @@ metadata: name: externalsecret-viewer-role rules: - apiGroups: - - external-secrets.x-k8s.io + - external-secrets.io resources: - externalsecrets verbs: @@ -13,7 +13,7 @@ rules: - list - watch - apiGroups: - - external-secrets.x-k8s.io + - external-secrets.io resources: - externalsecrets/status verbs: diff --git a/config/rbac/role.yaml b/config/rbac/role.yaml index deb3a279b..2be32374f 100644 --- a/config/rbac/role.yaml +++ b/config/rbac/role.yaml @@ -7,7 +7,7 @@ metadata: name: manager-role rules: - apiGroups: - - external-secrets.x-k8s.io + - external-secrets.io resources: - externalsecrets verbs: @@ -19,7 +19,7 @@ rules: - update - watch - apiGroups: - - external-secrets.x-k8s.io + - external-secrets.io resources: - externalsecrets/status verbs: @@ -27,7 +27,7 @@ rules: - patch - update - apiGroups: - - external-secrets.x-k8s.io + - external-secrets.io resources: - secretstores verbs: @@ -39,7 +39,7 @@ rules: - update - watch - apiGroups: - - external-secrets.x-k8s.io + - external-secrets.io resources: - secretstores/status verbs: diff --git a/config/rbac/secretstore_editor_role.yaml b/config/rbac/secretstore_editor_role.yaml index 8c17132f4..90b09fde6 100644 --- a/config/rbac/secretstore_editor_role.yaml +++ b/config/rbac/secretstore_editor_role.yaml @@ -5,7 +5,7 @@ metadata: name: secretstore-editor-role rules: - apiGroups: - - external-secrets.x-k8s.io + - external-secrets.io resources: - secretstores verbs: @@ -17,7 +17,7 @@ rules: - update - watch - apiGroups: - - external-secrets.x-k8s.io + - external-secrets.io resources: - secretstores/status verbs: diff --git a/config/rbac/secretstore_viewer_role.yaml b/config/rbac/secretstore_viewer_role.yaml index 98d2a6d5b..b7de60d85 100644 --- a/config/rbac/secretstore_viewer_role.yaml +++ b/config/rbac/secretstore_viewer_role.yaml @@ -5,7 +5,7 @@ metadata: name: secretstore-viewer-role rules: - apiGroups: - - external-secrets.x-k8s.io + - external-secrets.io resources: - secretstores verbs: @@ -13,7 +13,7 @@ rules: - list - watch - apiGroups: - - external-secrets.x-k8s.io + - external-secrets.io resources: - secretstores/status verbs: diff --git a/config/samples/external-secrets_v1alpha1_externalsecret.yaml b/config/samples/external-secrets_v1alpha1_externalsecret.yaml index c0b5e1b88..5aa07be2b 100644 --- a/config/samples/external-secrets_v1alpha1_externalsecret.yaml +++ b/config/samples/external-secrets_v1alpha1_externalsecret.yaml @@ -1,4 +1,4 @@ -apiVersion: external-secrets.x-k8s.io/v1alpha1 +apiVersion: external-secrets.io/v1alpha1 kind: ExternalSecret metadata: name: externalsecret-sample diff --git a/config/samples/external-secrets_v1alpha1_secretstore.yaml b/config/samples/external-secrets_v1alpha1_secretstore.yaml index 318ae2d1e..d2b3571b0 100644 --- a/config/samples/external-secrets_v1alpha1_secretstore.yaml +++ b/config/samples/external-secrets_v1alpha1_secretstore.yaml @@ -1,4 +1,4 @@ -apiVersion: external-secrets.x-k8s.io/v1alpha1 +apiVersion: external-secrets.io/v1alpha1 kind: SecretStore metadata: name: secretstore-sample diff --git a/controllers/externalsecret_controller.go b/controllers/externalsecret_controller.go index 014636b69..79d59b878 100644 --- a/controllers/externalsecret_controller.go +++ b/controllers/externalsecret_controller.go @@ -34,8 +34,8 @@ type ExternalSecretReconciler struct { Scheme *runtime.Scheme } -// +kubebuilder:rbac:groups=external-secrets.x-k8s.io,resources=externalsecrets,verbs=get;list;watch;create;update;patch;delete -// +kubebuilder:rbac:groups=external-secrets.x-k8s.io,resources=externalsecrets/status,verbs=get;update;patch +// +kubebuilder:rbac:groups=external-secrets.io,resources=externalsecrets,verbs=get;list;watch;create;update;patch;delete +// +kubebuilder:rbac:groups=external-secrets.io,resources=externalsecrets/status,verbs=get;update;patch func (r *ExternalSecretReconciler) Reconcile(req ctrl.Request) (ctrl.Result, error) { _ = context.Background() diff --git a/controllers/secretstore_controller.go b/controllers/secretstore_controller.go index 6947f7654..949856907 100644 --- a/controllers/secretstore_controller.go +++ b/controllers/secretstore_controller.go @@ -34,8 +34,8 @@ type SecretStoreReconciler struct { Scheme *runtime.Scheme } -// +kubebuilder:rbac:groups=external-secrets.x-k8s.io,resources=secretstores,verbs=get;list;watch;create;update;patch;delete -// +kubebuilder:rbac:groups=external-secrets.x-k8s.io,resources=secretstores/status,verbs=get;update;patch +// +kubebuilder:rbac:groups=external-secrets.io,resources=secretstores,verbs=get;list;watch;create;update;patch;delete +// +kubebuilder:rbac:groups=external-secrets.io,resources=secretstores/status,verbs=get;update;patch func (r *SecretStoreReconciler) Reconcile(req ctrl.Request) (ctrl.Result, error) { _ = context.Background() diff --git a/main.go b/main.go index f2c02904c..c3005f385 100644 --- a/main.go +++ b/main.go @@ -59,7 +59,7 @@ func main() { MetricsBindAddress: metricsAddr, Port: 9443, LeaderElection: enableLeaderElection, - LeaderElectionID: "1fc40399.x-k8s.io", + LeaderElectionID: "1fc40399.io", }) if err != nil { setupLog.Error(err, "unable to start manager")