1
0
Fork 0
mirror of https://github.com/external-secrets/external-secrets.git synced 2024-12-14 11:57:59 +00:00
external-secrets/config/crds/bases/external-secrets.io_clusterexternalsecrets.yaml
Sonny Alves Dias 0a0fd050c0
add directive to apply template on secret names (#2802)
Signed-off-by: Sonny Alves Dias <sonny.dias@superevilmegacorp.com>
2023-10-25 13:45:38 +02:00

553 lines
26 KiB
YAML

apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.13.0
name: clusterexternalsecrets.external-secrets.io
spec:
group: external-secrets.io
names:
categories:
- externalsecrets
kind: ClusterExternalSecret
listKind: ClusterExternalSecretList
plural: clusterexternalsecrets
shortNames:
- ces
singular: clusterexternalsecret
scope: Cluster
versions:
- additionalPrinterColumns:
- jsonPath: .spec.externalSecretSpec.secretStoreRef.name
name: Store
type: string
- jsonPath: .spec.refreshTime
name: Refresh Interval
type: string
- jsonPath: .status.conditions[?(@.type=="Ready")].status
name: Ready
type: string
name: v1beta1
schema:
openAPIV3Schema:
description: ClusterExternalSecret is the Schema for the clusterexternalsecrets
API.
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this
object represents. Servers may infer this from the endpoint the client
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
metadata:
type: object
spec:
description: ClusterExternalSecretSpec defines the desired state of ClusterExternalSecret.
properties:
externalSecretMetadata:
description: The metadata of the external secrets to be created
properties:
annotations:
additionalProperties:
type: string
type: object
labels:
additionalProperties:
type: string
type: object
type: object
externalSecretName:
description: The name of the external secrets to be created defaults
to the name of the ClusterExternalSecret
type: string
externalSecretSpec:
description: The spec for the ExternalSecrets to be created
properties:
data:
description: Data defines the connection between the Kubernetes
Secret keys and the Provider data
items:
description: ExternalSecretData defines the connection between
the Kubernetes Secret key (spec.data.<key>) and the Provider
data.
properties:
remoteRef:
description: RemoteRef points to the remote secret and defines
which secret (version/property/..) to fetch.
properties:
conversionStrategy:
default: Default
description: Used to define a conversion Strategy
type: string
decodingStrategy:
default: None
description: Used to define a decoding Strategy
type: string
key:
description: Key is the key used in the Provider, mandatory
type: string
metadataPolicy:
description: Policy for fetching tags/labels from provider
secrets, possible options are Fetch, None. Defaults
to None
type: string
property:
description: Used to select a specific property of the
Provider value (if a map), if supported
type: string
version:
description: Used to select a specific version of the
Provider value, if supported
type: string
required:
- key
type: object
secretKey:
description: SecretKey defines the key in which the controller
stores the value. This is the key in the Kind=Secret
type: string
sourceRef:
description: SourceRef allows you to override the source
from which the value will pulled from.
maxProperties: 1
properties:
generatorRef:
description: GeneratorRef points to a generator custom
resource in
properties:
apiVersion:
default: generators.external-secrets.io/v1alpha1
description: Specify the apiVersion of the generator
resource
type: string
kind:
description: Specify the Kind of the resource, e.g.
Password, ACRAccessToken etc.
type: string
name:
description: Specify the name of the generator resource
type: string
required:
- kind
- name
type: object
storeRef:
description: SecretStoreRef defines which SecretStore
to fetch the ExternalSecret data.
properties:
kind:
description: Kind of the SecretStore resource (SecretStore
or ClusterSecretStore) Defaults to `SecretStore`
type: string
name:
description: Name of the SecretStore resource
type: string
required:
- name
type: object
type: object
required:
- remoteRef
- secretKey
type: object
type: array
dataFrom:
description: DataFrom is used to fetch all properties from a specific
Provider data If multiple entries are specified, the Secret
keys are merged in the specified order
items:
properties:
extract:
description: 'Used to extract multiple key/value pairs from
one secret Note: Extract does not support sourceRef.Generator
or sourceRef.GeneratorRef.'
properties:
conversionStrategy:
default: Default
description: Used to define a conversion Strategy
type: string
decodingStrategy:
default: None
description: Used to define a decoding Strategy
type: string
key:
description: Key is the key used in the Provider, mandatory
type: string
metadataPolicy:
description: Policy for fetching tags/labels from provider
secrets, possible options are Fetch, None. Defaults
to None
type: string
property:
description: Used to select a specific property of the
Provider value (if a map), if supported
type: string
version:
description: Used to select a specific version of the
Provider value, if supported
type: string
required:
- key
type: object
find:
description: 'Used to find secrets based on tags or regular
expressions Note: Find does not support sourceRef.Generator
or sourceRef.GeneratorRef.'
properties:
conversionStrategy:
default: Default
description: Used to define a conversion Strategy
type: string
decodingStrategy:
default: None
description: Used to define a decoding Strategy
type: string
name:
description: Finds secrets based on the name.
properties:
regexp:
description: Finds secrets base
type: string
type: object
path:
description: A root path to start the find operations.
type: string
tags:
additionalProperties:
type: string
description: Find secrets based on tags.
type: object
type: object
rewrite:
description: Used to rewrite secret Keys after getting them
from the secret Provider Multiple Rewrite operations can
be provided. They are applied in a layered order (first
to last)
items:
properties:
regexp:
description: Used to rewrite with regular expressions.
The resulting key will be the output of a regexp.ReplaceAll
operation.
properties:
source:
description: Used to define the regular expression
of a re.Compiler.
type: string
target:
description: Used to define the target pattern
of a ReplaceAll operation.
type: string
required:
- source
- target
type: object
transform:
description: Used to apply string transformation on
the secrets. The resulting key will be the output
of the template applied by the operation.
properties:
template:
description: Used to define the template to apply
on the secret name. `.value ` will specify the
secret name in the template.
type: string
required:
- template
type: object
type: object
type: array
sourceRef:
description: SourceRef points to a store or generator which
contains secret values ready to use. Use this in combination
with Extract or Find pull values out of a specific SecretStore.
When sourceRef points to a generator Extract or Find is
not supported. The generator returns a static map of values
maxProperties: 1
properties:
generatorRef:
description: GeneratorRef points to a generator custom
resource in
properties:
apiVersion:
default: generators.external-secrets.io/v1alpha1
description: Specify the apiVersion of the generator
resource
type: string
kind:
description: Specify the Kind of the resource, e.g.
Password, ACRAccessToken etc.
type: string
name:
description: Specify the name of the generator resource
type: string
required:
- kind
- name
type: object
storeRef:
description: SecretStoreRef defines which SecretStore
to fetch the ExternalSecret data.
properties:
kind:
description: Kind of the SecretStore resource (SecretStore
or ClusterSecretStore) Defaults to `SecretStore`
type: string
name:
description: Name of the SecretStore resource
type: string
required:
- name
type: object
type: object
type: object
type: array
refreshInterval:
default: 1h
description: RefreshInterval is the amount of time before the
values are read again from the SecretStore provider Valid time
units are "ns", "us" (or "µs"), "ms", "s", "m", "h" May be set
to zero to fetch and create it once. Defaults to 1h.
type: string
secretStoreRef:
description: SecretStoreRef defines which SecretStore to fetch
the ExternalSecret data.
properties:
kind:
description: Kind of the SecretStore resource (SecretStore
or ClusterSecretStore) Defaults to `SecretStore`
type: string
name:
description: Name of the SecretStore resource
type: string
required:
- name
type: object
target:
default:
creationPolicy: Owner
deletionPolicy: Retain
description: ExternalSecretTarget defines the Kubernetes Secret
to be created There can be only one target per ExternalSecret.
properties:
creationPolicy:
default: Owner
description: CreationPolicy defines rules on how to create
the resulting Secret Defaults to 'Owner'
enum:
- Owner
- Orphan
- Merge
- None
type: string
deletionPolicy:
default: Retain
description: DeletionPolicy defines rules on how to delete
the resulting Secret Defaults to 'Retain'
enum:
- Delete
- Merge
- Retain
type: string
immutable:
description: Immutable defines if the final secret will be
immutable
type: boolean
name:
description: Name defines the name of the Secret resource
to be managed This field is immutable Defaults to the .metadata.name
of the ExternalSecret resource
type: string
template:
description: Template defines a blueprint for the created
Secret resource.
properties:
data:
additionalProperties:
type: string
type: object
engineVersion:
default: v2
type: string
mergePolicy:
default: Replace
type: string
metadata:
description: ExternalSecretTemplateMetadata defines metadata
fields for the Secret blueprint.
properties:
annotations:
additionalProperties:
type: string
type: object
labels:
additionalProperties:
type: string
type: object
type: object
templateFrom:
items:
properties:
configMap:
properties:
items:
items:
properties:
key:
type: string
templateAs:
default: Values
type: string
required:
- key
type: object
type: array
name:
type: string
required:
- items
- name
type: object
literal:
type: string
secret:
properties:
items:
items:
properties:
key:
type: string
templateAs:
default: Values
type: string
required:
- key
type: object
type: array
name:
type: string
required:
- items
- name
type: object
target:
default: Data
type: string
type: object
type: array
type:
type: string
type: object
type: object
type: object
namespaceSelector:
description: The labels to select by to find the Namespaces to create
the ExternalSecrets in.
properties:
matchExpressions:
description: matchExpressions is a list of label selector requirements.
The requirements are ANDed.
items:
description: A label selector requirement is a selector that
contains values, a key, and an operator that relates the key
and values.
properties:
key:
description: key is the label key that the selector applies
to.
type: string
operator:
description: operator represents a key's relationship to
a set of values. Valid operators are In, NotIn, Exists
and DoesNotExist.
type: string
values:
description: values is an array of string values. If the
operator is In or NotIn, the values array must be non-empty.
If the operator is Exists or DoesNotExist, the values
array must be empty. This array is replaced during a strategic
merge patch.
items:
type: string
type: array
required:
- key
- operator
type: object
type: array
matchLabels:
additionalProperties:
type: string
description: matchLabels is a map of {key,value} pairs. A single
{key,value} in the matchLabels map is equivalent to an element
of matchExpressions, whose key field is "key", the operator
is "In", and the values array contains only "value". The requirements
are ANDed.
type: object
type: object
x-kubernetes-map-type: atomic
refreshTime:
description: The time in which the controller should reconcile it's
objects and recheck namespaces for labels.
type: string
required:
- externalSecretSpec
- namespaceSelector
type: object
status:
description: ClusterExternalSecretStatus defines the observed state of
ClusterExternalSecret.
properties:
conditions:
items:
properties:
message:
type: string
status:
type: string
type:
type: string
required:
- status
- type
type: object
type: array
externalSecretName:
description: ExternalSecretName is the name of the ExternalSecrets
created by the ClusterExternalSecret
type: string
failedNamespaces:
description: Failed namespaces are the namespaces that failed to apply
an ExternalSecret
items:
description: ClusterExternalSecretNamespaceFailure represents a
failed namespace deployment and it's reason.
properties:
namespace:
description: Namespace is the namespace that failed when trying
to apply an ExternalSecret
type: string
reason:
description: Reason is why the ExternalSecret failed to apply
to the namespace
type: string
required:
- namespace
type: object
type: array
provisionedNamespaces:
description: ProvisionedNamespaces are the namespaces where the ClusterExternalSecret
has secrets
items:
type: string
type: array
type: object
type: object
served: true
storage: true
subresources:
status: {}