mirror of
https://github.com/external-secrets/external-secrets.git
synced 2024-12-15 17:51:01 +00:00
fc7281a39b
Also, some generators's examples didn't have the `.metadata.name` property. Signed-off-by: Sebastián Gómez <sebastiangomezcorrea@gmail.com>
40 lines
No EOL
1.1 KiB
YAML
40 lines
No EOL
1.1 KiB
YAML
apiVersion: generators.external-secrets.io/v1alpha1
|
|
kind: ACRAccessToken
|
|
metadata:
|
|
name: my-azurecr
|
|
spec:
|
|
tenantId: 11111111-2222-3333-4444-111111111111
|
|
registry: example.azurecr.io
|
|
|
|
# optional; scope token down to a single repository/action
|
|
# if set, it will generate an access token instead of an refresh token.
|
|
scope: "repository:foo:pull,push"
|
|
|
|
# Specify Azure cloud type, defaults to PublicCloud.
|
|
# This is used for authenticating with Azure Active Directory.
|
|
# available options: PublicCloud, USGovernmentCloud, ChinaCloud, GermanCloud
|
|
environmentType: "PublicCloud"
|
|
|
|
# choose one authentication method
|
|
auth:
|
|
|
|
# option 1: point to a secret that contains a client-id and client-secret
|
|
servicePrincipal:
|
|
secretRef:
|
|
clientSecret:
|
|
name: az-secret
|
|
key: clientsecret
|
|
clientId:
|
|
name: az-secret
|
|
key: clientid
|
|
|
|
# option 2:
|
|
managedIdentity:
|
|
identityId: "xxxxx"
|
|
|
|
# option 3:
|
|
workloadIdentity:
|
|
# note: you can reference service accounts across namespaces.
|
|
serviceAccountRef:
|
|
name: "my-service-account"
|
|
audiences: [] |