mirror of
https://github.com/external-secrets/external-secrets.git
synced 2024-12-14 11:57:59 +00:00
324c7def06
Co-authored-by: Gustavo Fernandes de Carvalho <gusfcarvalho@gmail.com>
78 lines
2.6 KiB
YAML
78 lines
2.6 KiB
YAML
{% raw %}
|
|
apiVersion: external-secrets.io/v1beta1
|
|
kind: ClusterExternalSecret
|
|
metadata:
|
|
name: "hello-world"
|
|
spec:
|
|
# The name to be used on the ExternalSecrets
|
|
externalSecretName: "hello-world-es"
|
|
|
|
# This is a basic label selector to select the namespaces to deploy ExternalSecrets to.
|
|
# you can read more about them here https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#resources-that-support-set-based-requirements
|
|
namespaceSelector:
|
|
matchLabels:
|
|
cool: label
|
|
|
|
# How often the ClusterExternalSecret should reconcile itself
|
|
# This will decide how often to check and make sure that the ExternalSecrets exist in the matching namespaces
|
|
refreshTime: "1m"
|
|
|
|
# This is the spec of the ExternalSecrets to be created
|
|
# The content of this was taken from our ExternalSecret example
|
|
externalSecretSpec:
|
|
secretStoreRef:
|
|
name: secret-store-name
|
|
kind: SecretStore
|
|
|
|
refreshInterval: "1h"
|
|
target:
|
|
name: my-secret
|
|
creationPolicy: 'Merge'
|
|
template:
|
|
type: kubernetes.io/dockerconfigjson
|
|
|
|
metadata:
|
|
annotations: {}
|
|
labels: {}
|
|
data:
|
|
config.yml: |
|
|
endpoints:
|
|
- https://{{ .data.user }}:{{ .data.password }}@api.exmaple.com
|
|
templateFrom:
|
|
- configMap:
|
|
name: alertmanager
|
|
items:
|
|
- key: alertmanager.yaml
|
|
data:
|
|
- secretKey: secret-key-to-be-managed
|
|
remoteRef:
|
|
key: provider-key
|
|
version: provider-key-version
|
|
property: provider-key-property
|
|
dataFrom:
|
|
- key: provider-key
|
|
version: provider-key-version
|
|
property: provider-key-property
|
|
|
|
status:
|
|
# This will list any namespaces where the creation of the ExternalSecret failed
|
|
# This will not list any issues with the ExternalSecrets, you will have to check the
|
|
# ExternalSecrets to see any issues with them.
|
|
failedNamespaces:
|
|
- namespace: "matching-ns-1"
|
|
# This is one of the possible messages, and likely the most common
|
|
reason: "external secret already exists in namespace"
|
|
|
|
# You can find all matching and successfully deployed namespaces here
|
|
provisionedNamespaces:
|
|
- "matching-ns-3"
|
|
- "matching-ns-2"
|
|
|
|
# The condition can be Ready, PartiallyReady, or NotReady
|
|
# PartiallyReady would indicate an error in 1 or more namespaces
|
|
# NotReady would indicate errors in all namespaces meaning all ExternalSecrets resulted in errors
|
|
conditions:
|
|
- type: PartiallyReady
|
|
status: "True"
|
|
lastTransitionTime: "2022-01-12T12:33:02Z"
|
|
{% endraw %}
|