apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: controller-gen.kubebuilder.io/version: v0.8.0 creationTimestamp: null name: externalsecrets.external-secrets.io spec: group: external-secrets.io names: categories: - externalsecrets kind: ExternalSecret listKind: ExternalSecretList plural: externalsecrets shortNames: - es singular: externalsecret scope: Namespaced versions: - additionalPrinterColumns: - jsonPath: .spec.secretStoreRef.name name: Store type: string - jsonPath: .spec.refreshInterval name: Refresh Interval type: string - jsonPath: .status.conditions[?(@.type=="Ready")].reason name: Status type: string name: v1alpha1 schema: openAPIV3Schema: description: ExternalSecret is the Schema for the external-secrets API. properties: apiVersion: description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' type: string kind: description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' type: string metadata: type: object spec: description: ExternalSecretSpec defines the desired state of ExternalSecret. properties: data: description: Data defines the connection between the Kubernetes Secret keys and the Provider data items: description: ExternalSecretData defines the connection between the Kubernetes Secret key (spec.data.) and the Provider data. properties: remoteRef: description: ExternalSecretDataRemoteRef defines Provider data location. properties: conversionStrategy: default: Default description: Used to define a conversion Strategy type: string key: description: Key is the key used in the Provider, mandatory type: string property: description: Used to select a specific property of the Provider value (if a map), if supported type: string version: description: Used to select a specific version of the Provider value, if supported type: string required: - key type: object secretKey: type: string required: - remoteRef - secretKey type: object type: array dataFrom: description: DataFrom is used to fetch all properties from a specific Provider data If multiple entries are specified, the Secret keys are merged in the specified order items: description: ExternalSecretDataRemoteRef defines Provider data location. properties: conversionStrategy: default: Default description: Used to define a conversion Strategy type: string key: description: Key is the key used in the Provider, mandatory type: string property: description: Used to select a specific property of the Provider value (if a map), if supported type: string version: description: Used to select a specific version of the Provider value, if supported type: string required: - key type: object type: array refreshInterval: default: 1h description: RefreshInterval is the amount of time before the values are read again from the SecretStore provider Valid time units are "ns", "us" (or "µs"), "ms", "s", "m", "h" May be set to zero to fetch and create it once. Defaults to 1h. type: string secretStoreRef: description: SecretStoreRef defines which SecretStore to fetch the ExternalSecret data. properties: kind: description: Kind of the SecretStore resource (SecretStore or ClusterSecretStore) Defaults to `SecretStore` type: string name: description: Name of the SecretStore resource type: string required: - name type: object target: description: ExternalSecretTarget defines the Kubernetes Secret to be created There can be only one target per ExternalSecret. properties: creationPolicy: default: Owner description: CreationPolicy defines rules on how to create the resulting Secret Defaults to 'Owner' type: string immutable: description: Immutable defines if the final secret will be immutable type: boolean name: description: Name defines the name of the Secret resource to be managed This field is immutable Defaults to the .metadata.name of the ExternalSecret resource type: string template: description: Template defines a blueprint for the created Secret resource. properties: data: additionalProperties: type: string type: object engineVersion: default: v1 description: EngineVersion specifies the template engine version that should be used to compile/execute the template specified in .data and .templateFrom[]. type: string metadata: description: ExternalSecretTemplateMetadata defines metadata fields for the Secret blueprint. properties: annotations: additionalProperties: type: string type: object labels: additionalProperties: type: string type: object type: object templateFrom: items: maxProperties: 1 minProperties: 1 properties: configMap: properties: items: items: properties: key: type: string required: - key type: object type: array name: type: string required: - items - name type: object secret: properties: items: items: properties: key: type: string required: - key type: object type: array name: type: string required: - items - name type: object type: object type: array type: type: string type: object type: object required: - secretStoreRef - target type: object status: properties: conditions: items: properties: lastTransitionTime: format: date-time type: string message: type: string reason: type: string status: type: string type: type: string required: - status - type type: object type: array refreshTime: description: refreshTime is the time and date the external secret was fetched and the target secret updated format: date-time nullable: true type: string syncedResourceVersion: description: SyncedResourceVersion keeps track of the last synced version type: string type: object type: object served: true storage: false subresources: status: {} - additionalPrinterColumns: - jsonPath: .spec.secretStoreRef.name name: Store type: string - jsonPath: .spec.refreshInterval name: Refresh Interval type: string - jsonPath: .status.conditions[?(@.type=="Ready")].reason name: Status type: string name: v1beta1 schema: openAPIV3Schema: description: ExternalSecret is the Schema for the external-secrets API. properties: apiVersion: description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' type: string kind: description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' type: string metadata: type: object spec: description: ExternalSecretSpec defines the desired state of ExternalSecret. properties: data: description: Data defines the connection between the Kubernetes Secret keys and the Provider data items: description: ExternalSecretData defines the connection between the Kubernetes Secret key (spec.data.) and the Provider data. properties: remoteRef: description: ExternalSecretDataRemoteRef defines Provider data location. properties: conversionStrategy: default: Default description: Used to define a conversion Strategy type: string key: description: Key is the key used in the Provider, mandatory type: string property: description: Used to select a specific property of the Provider value (if a map), if supported type: string version: description: Used to select a specific version of the Provider value, if supported type: string required: - key type: object secretKey: type: string required: - remoteRef - secretKey type: object type: array dataFrom: description: DataFrom is used to fetch all properties from a specific Provider data If multiple entries are specified, the Secret keys are merged in the specified order items: maxProperties: 1 minProperties: 1 properties: extract: description: Used to extract multiple key/value pairs from one secret properties: conversionStrategy: default: Default description: Used to define a conversion Strategy type: string key: description: Key is the key used in the Provider, mandatory type: string property: description: Used to select a specific property of the Provider value (if a map), if supported type: string version: description: Used to select a specific version of the Provider value, if supported type: string required: - key type: object find: description: Used to find secrets based on tags or regular expressions properties: conversionStrategy: default: Default description: Used to define a conversion Strategy type: string name: description: Finds secrets based on the name. properties: regexp: description: Finds secrets base type: string type: object path: description: A root path to start the find operations. type: string tags: additionalProperties: type: string description: Find secrets based on tags. type: object type: object type: object type: array refreshInterval: default: 1h description: RefreshInterval is the amount of time before the values are read again from the SecretStore provider Valid time units are "ns", "us" (or "µs"), "ms", "s", "m", "h" May be set to zero to fetch and create it once. Defaults to 1h. type: string secretStoreRef: description: SecretStoreRef defines which SecretStore to fetch the ExternalSecret data. properties: kind: description: Kind of the SecretStore resource (SecretStore or ClusterSecretStore) Defaults to `SecretStore` type: string name: description: Name of the SecretStore resource type: string required: - name type: object target: description: ExternalSecretTarget defines the Kubernetes Secret to be created There can be only one target per ExternalSecret. properties: creationPolicy: default: Owner description: CreationPolicy defines rules on how to create the resulting Secret Defaults to 'Owner' type: string deletionPolicy: default: None description: DeletionPolicy defines rules on how to delete the resulting Secret Defaults to 'None' type: string immutable: description: Immutable defines if the final secret will be immutable type: boolean name: description: Name defines the name of the Secret resource to be managed This field is immutable Defaults to the .metadata.name of the ExternalSecret resource type: string template: description: Template defines a blueprint for the created Secret resource. properties: data: additionalProperties: type: string type: object engineVersion: default: v2 type: string metadata: description: ExternalSecretTemplateMetadata defines metadata fields for the Secret blueprint. properties: annotations: additionalProperties: type: string type: object labels: additionalProperties: type: string type: object type: object templateFrom: items: maxProperties: 1 minProperties: 1 properties: configMap: properties: items: items: properties: key: type: string required: - key type: object type: array name: type: string required: - items - name type: object secret: properties: items: items: properties: key: type: string required: - key type: object type: array name: type: string required: - items - name type: object type: object type: array type: type: string type: object type: object required: - secretStoreRef - target type: object status: properties: conditions: items: properties: lastTransitionTime: format: date-time type: string message: type: string reason: type: string status: type: string type: type: string required: - status - type type: object type: array refreshTime: description: refreshTime is the time and date the external secret was fetched and the target secret updated format: date-time nullable: true type: string syncedResourceVersion: description: SyncedResourceVersion keeps track of the last synced version type: string type: object type: object served: true storage: true subresources: status: {} status: acceptedNames: kind: "" plural: "" conditions: [] storedVersions: []