apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: controller-gen.kubebuilder.io/version: v0.14.0 name: pushsecrets.external-secrets.io spec: group: external-secrets.io names: categories: - pushsecrets kind: PushSecret listKind: PushSecretList plural: pushsecrets singular: pushsecret scope: Namespaced versions: - additionalPrinterColumns: - jsonPath: .metadata.creationTimestamp name: AGE type: date - jsonPath: .status.conditions[?(@.type=="Ready")].reason name: Status type: string name: v1alpha1 schema: openAPIV3Schema: properties: apiVersion: description: |- APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: description: |- Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object spec: description: PushSecretSpec configures the behavior of the PushSecret. properties: data: description: Secret Data that should be pushed to providers items: properties: match: description: Match a given Secret Key to be pushed to the provider. properties: remoteRef: description: Remote Refs to push to providers. properties: property: description: Name of the property in the resulting secret type: string remoteKey: description: Name of the resulting provider secret. type: string required: - remoteKey type: object secretKey: description: Secret Key to be pushed type: string required: - remoteRef type: object metadata: description: |- Metadata is metadata attached to the secret. The structure of metadata is provider specific, please look it up in the provider documentation. x-kubernetes-preserve-unknown-fields: true required: - match type: object type: array deletionPolicy: default: None description: 'Deletion Policy to handle Secrets in the provider. Possible Values: "Delete/None". Defaults to "None".' enum: - Delete - None type: string refreshInterval: description: The Interval to which External Secrets will try to push a secret definition type: string secretStoreRefs: items: properties: kind: default: SecretStore description: |- Kind of the SecretStore resource (SecretStore or ClusterSecretStore) Defaults to `SecretStore` type: string labelSelector: description: Optionally, sync to secret stores with label selector properties: matchExpressions: description: matchExpressions is a list of label selector requirements. The requirements are ANDed. items: description: |- A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. properties: key: description: key is the label key that the selector applies to. type: string operator: description: |- operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. type: string values: description: |- values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. items: type: string type: array required: - key - operator type: object type: array matchLabels: additionalProperties: type: string description: |- matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. type: object type: object x-kubernetes-map-type: atomic name: description: Optionally, sync to the SecretStore of the given name type: string type: object type: array selector: description: The Secret Selector (k8s source) for the Push Secret properties: secret: description: Select a Secret to Push. properties: name: description: Name of the Secret. The Secret must exist in the same namespace as the PushSecret manifest. type: string required: - name type: object required: - secret type: object template: description: Template defines a blueprint for the created Secret resource. properties: data: additionalProperties: type: string type: object engineVersion: default: v2 description: |- EngineVersion specifies the template engine version that should be used to compile/execute the template specified in .data and .templateFrom[]. enum: - v1 - v2 type: string mergePolicy: default: Replace enum: - Replace - Merge type: string metadata: description: ExternalSecretTemplateMetadata defines metadata fields for the Secret blueprint. properties: annotations: additionalProperties: type: string type: object labels: additionalProperties: type: string type: object type: object templateFrom: items: properties: configMap: properties: items: items: properties: key: type: string templateAs: default: Values enum: - Values - KeysAndValues type: string required: - key type: object type: array name: type: string required: - items - name type: object literal: type: string secret: properties: items: items: properties: key: type: string templateAs: default: Values enum: - Values - KeysAndValues type: string required: - key type: object type: array name: type: string required: - items - name type: object target: default: Data enum: - Data - Annotations - Labels type: string type: object type: array type: type: string type: object required: - secretStoreRefs - selector type: object status: description: PushSecretStatus indicates the history of the status of PushSecret. properties: conditions: items: description: PushSecretStatusCondition indicates the status of the PushSecret. properties: lastTransitionTime: format: date-time type: string message: type: string reason: type: string status: type: string type: description: PushSecretConditionType indicates the condition of the PushSecret. type: string required: - status - type type: object type: array refreshTime: description: |- refreshTime is the time and date the external secret was fetched and the target secret updated format: date-time nullable: true type: string syncedPushSecrets: additionalProperties: additionalProperties: properties: match: description: Match a given Secret Key to be pushed to the provider. properties: remoteRef: description: Remote Refs to push to providers. properties: property: description: Name of the property in the resulting secret type: string remoteKey: description: Name of the resulting provider secret. type: string required: - remoteKey type: object secretKey: description: Secret Key to be pushed type: string required: - remoteRef type: object metadata: description: |- Metadata is metadata attached to the secret. The structure of metadata is provider specific, please look it up in the provider documentation. x-kubernetes-preserve-unknown-fields: true required: - match type: object type: object description: Synced Push Secrets for later deletion. Matches Secret Stores to PushSecretData that was stored to that secretStore. type: object syncedResourceVersion: description: SyncedResourceVersion keeps track of the last synced version. type: string type: object type: object served: true storage: true subresources: status: {}