From d10a66ee68f285630f49326254423102cf8b4637 Mon Sep 17 00:00:00 2001 From: Carlos Neto Date: Mon, 29 Jul 2024 17:47:48 -0300 Subject: [PATCH] docs: add more details in the externalsecret comments in the API section (creationPolicy + deletionPolicy) (#3725) Signed-off-by: c-neto --- docs/snippets/full-external-secret.yaml | 21 +++++++++++---------- 1 file changed, 11 insertions(+), 10 deletions(-) diff --git a/docs/snippets/full-external-secret.yaml b/docs/snippets/full-external-secret.yaml index 6c7247f5e..c017bc906 100644 --- a/docs/snippets/full-external-secret.yaml +++ b/docs/snippets/full-external-secret.yaml @@ -32,17 +32,18 @@ spec: # It is immutable name: application-config - # Enum with values: 'Owner', 'Merge', or 'None' - # Default value of 'Owner' - # Owner creates the secret and sets .metadata.ownerReferences of the resource - # Merge does not create the secret, but merges in the data fields to the secret - # None does not create a secret (future use with injector) - creationPolicy: 'Merge' + # Specifies the ExternalSecret ownership details in the created Secret. Options: + # - Owner: (default) Creates the Secret and sets .metadata.ownerReferences. If the ExternalSecret is deleted, the Secret will also be deleted. + # - Merge: Does not create the Secret but merges data fields into the existing Secret (expects the Secret to already exist). + # - Orphan: Creates the Secret but does not set .metadata.ownerReferences. If the Secret already exists, it will be updated. + # - None: Does not create or update the Secret (reserved for future use with injector). + creationPolicy: Merge - # DeletionPolicy defines how/when to delete the Secret in Kubernetes - # if the provider secret gets deleted. - # Valid values are Delete, Merge, Retain - deletionPolicy: "Retain" + # Specifies what happens to the Secret when data fields are deleted from the provider (e.g., Vault, AWS Parameter Store). Options: + # - Retain: (default) Retains the Secret if all Secret data fields have been deleted from the provider. + # - Delete: Removes the Secret if all Secret data fields from the provider are deleted. + # - Merge: Removes keys from the Secret but not the Secret itself. + deletionPolicy: Retain # Specify a blueprint for the resulting Kind=Secret template: