mirror of
https://github.com/external-secrets/external-secrets.git
synced 2024-12-15 17:51:01 +00:00
562 lines
23 KiB
YAML
562 lines
23 KiB
YAML
apiVersion: apiextensions.k8s.io/v1
|
|
kind: CustomResourceDefinition
|
|
metadata:
|
|
annotations:
|
|
controller-gen.kubebuilder.io/version: v0.8.0
|
|
creationTimestamp: null
|
|
name: externalsecrets.external-secrets.io
|
|
spec:
|
|
group: external-secrets.io
|
|
names:
|
|
categories:
|
|
- externalsecrets
|
|
kind: ExternalSecret
|
|
listKind: ExternalSecretList
|
|
plural: externalsecrets
|
|
shortNames:
|
|
- es
|
|
singular: externalsecret
|
|
scope: Namespaced
|
|
versions:
|
|
- additionalPrinterColumns:
|
|
- jsonPath: .spec.secretStoreRef.name
|
|
name: Store
|
|
type: string
|
|
- jsonPath: .spec.refreshInterval
|
|
name: Refresh Interval
|
|
type: string
|
|
- jsonPath: .status.conditions[?(@.type=="Ready")].reason
|
|
name: Status
|
|
type: string
|
|
deprecated: true
|
|
name: v1alpha1
|
|
schema:
|
|
openAPIV3Schema:
|
|
description: ExternalSecret is the Schema for the external-secrets API.
|
|
properties:
|
|
apiVersion:
|
|
description: 'APIVersion defines the versioned schema of this representation
|
|
of an object. Servers should convert recognized schemas to the latest
|
|
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
|
|
type: string
|
|
kind:
|
|
description: 'Kind is a string value representing the REST resource this
|
|
object represents. Servers may infer this from the endpoint the client
|
|
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
|
|
type: string
|
|
metadata:
|
|
type: object
|
|
spec:
|
|
description: ExternalSecretSpec defines the desired state of ExternalSecret.
|
|
properties:
|
|
data:
|
|
description: Data defines the connection between the Kubernetes Secret
|
|
keys and the Provider data
|
|
items:
|
|
description: ExternalSecretData defines the connection between the
|
|
Kubernetes Secret key (spec.data.<key>) and the Provider data.
|
|
properties:
|
|
remoteRef:
|
|
description: ExternalSecretDataRemoteRef defines Provider data
|
|
location.
|
|
properties:
|
|
conversionStrategy:
|
|
default: Default
|
|
description: Used to define a conversion Strategy
|
|
type: string
|
|
key:
|
|
description: Key is the key used in the Provider, mandatory
|
|
type: string
|
|
property:
|
|
description: Used to select a specific property of the Provider
|
|
value (if a map), if supported
|
|
type: string
|
|
version:
|
|
description: Used to select a specific version of the Provider
|
|
value, if supported
|
|
type: string
|
|
required:
|
|
- key
|
|
type: object
|
|
secretKey:
|
|
type: string
|
|
required:
|
|
- remoteRef
|
|
- secretKey
|
|
type: object
|
|
type: array
|
|
dataFrom:
|
|
description: DataFrom is used to fetch all properties from a specific
|
|
Provider data If multiple entries are specified, the Secret keys
|
|
are merged in the specified order
|
|
items:
|
|
description: ExternalSecretDataRemoteRef defines Provider data location.
|
|
properties:
|
|
conversionStrategy:
|
|
default: Default
|
|
description: Used to define a conversion Strategy
|
|
type: string
|
|
key:
|
|
description: Key is the key used in the Provider, mandatory
|
|
type: string
|
|
property:
|
|
description: Used to select a specific property of the Provider
|
|
value (if a map), if supported
|
|
type: string
|
|
version:
|
|
description: Used to select a specific version of the Provider
|
|
value, if supported
|
|
type: string
|
|
required:
|
|
- key
|
|
type: object
|
|
type: array
|
|
refreshInterval:
|
|
default: 1h
|
|
description: RefreshInterval is the amount of time before the values
|
|
are read again from the SecretStore provider Valid time units are
|
|
"ns", "us" (or "µs"), "ms", "s", "m", "h" May be set to zero to
|
|
fetch and create it once. Defaults to 1h.
|
|
type: string
|
|
secretStoreRef:
|
|
description: SecretStoreRef defines which SecretStore to fetch the
|
|
ExternalSecret data.
|
|
properties:
|
|
kind:
|
|
description: Kind of the SecretStore resource (SecretStore or
|
|
ClusterSecretStore) Defaults to `SecretStore`
|
|
type: string
|
|
name:
|
|
description: Name of the SecretStore resource
|
|
type: string
|
|
required:
|
|
- name
|
|
type: object
|
|
target:
|
|
description: ExternalSecretTarget defines the Kubernetes Secret to
|
|
be created There can be only one target per ExternalSecret.
|
|
properties:
|
|
creationPolicy:
|
|
default: Owner
|
|
description: CreationPolicy defines rules on how to create the
|
|
resulting Secret Defaults to 'Owner'
|
|
type: string
|
|
immutable:
|
|
description: Immutable defines if the final secret will be immutable
|
|
type: boolean
|
|
name:
|
|
description: Name defines the name of the Secret resource to be
|
|
managed This field is immutable Defaults to the .metadata.name
|
|
of the ExternalSecret resource
|
|
type: string
|
|
template:
|
|
description: Template defines a blueprint for the created Secret
|
|
resource.
|
|
properties:
|
|
data:
|
|
additionalProperties:
|
|
type: string
|
|
type: object
|
|
engineVersion:
|
|
default: v1
|
|
description: EngineVersion specifies the template engine version
|
|
that should be used to compile/execute the template specified
|
|
in .data and .templateFrom[].
|
|
type: string
|
|
metadata:
|
|
description: ExternalSecretTemplateMetadata defines metadata
|
|
fields for the Secret blueprint.
|
|
properties:
|
|
annotations:
|
|
additionalProperties:
|
|
type: string
|
|
type: object
|
|
labels:
|
|
additionalProperties:
|
|
type: string
|
|
type: object
|
|
type: object
|
|
templateFrom:
|
|
items:
|
|
maxProperties: 1
|
|
minProperties: 1
|
|
properties:
|
|
configMap:
|
|
properties:
|
|
items:
|
|
items:
|
|
properties:
|
|
key:
|
|
type: string
|
|
required:
|
|
- key
|
|
type: object
|
|
type: array
|
|
name:
|
|
type: string
|
|
required:
|
|
- items
|
|
- name
|
|
type: object
|
|
secret:
|
|
properties:
|
|
items:
|
|
items:
|
|
properties:
|
|
key:
|
|
type: string
|
|
required:
|
|
- key
|
|
type: object
|
|
type: array
|
|
name:
|
|
type: string
|
|
required:
|
|
- items
|
|
- name
|
|
type: object
|
|
type: object
|
|
type: array
|
|
type:
|
|
type: string
|
|
type: object
|
|
type: object
|
|
required:
|
|
- secretStoreRef
|
|
- target
|
|
type: object
|
|
status:
|
|
properties:
|
|
conditions:
|
|
items:
|
|
properties:
|
|
lastTransitionTime:
|
|
format: date-time
|
|
type: string
|
|
message:
|
|
type: string
|
|
reason:
|
|
type: string
|
|
status:
|
|
type: string
|
|
type:
|
|
type: string
|
|
required:
|
|
- status
|
|
- type
|
|
type: object
|
|
type: array
|
|
refreshTime:
|
|
description: refreshTime is the time and date the external secret
|
|
was fetched and the target secret updated
|
|
format: date-time
|
|
nullable: true
|
|
type: string
|
|
syncedResourceVersion:
|
|
description: SyncedResourceVersion keeps track of the last synced
|
|
version
|
|
type: string
|
|
type: object
|
|
type: object
|
|
served: true
|
|
storage: false
|
|
subresources:
|
|
status: {}
|
|
- additionalPrinterColumns:
|
|
- jsonPath: .spec.secretStoreRef.name
|
|
name: Store
|
|
type: string
|
|
- jsonPath: .spec.refreshInterval
|
|
name: Refresh Interval
|
|
type: string
|
|
- jsonPath: .status.conditions[?(@.type=="Ready")].reason
|
|
name: Status
|
|
type: string
|
|
name: v1beta1
|
|
schema:
|
|
openAPIV3Schema:
|
|
description: ExternalSecret is the Schema for the external-secrets API.
|
|
properties:
|
|
apiVersion:
|
|
description: 'APIVersion defines the versioned schema of this representation
|
|
of an object. Servers should convert recognized schemas to the latest
|
|
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
|
|
type: string
|
|
kind:
|
|
description: 'Kind is a string value representing the REST resource this
|
|
object represents. Servers may infer this from the endpoint the client
|
|
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
|
|
type: string
|
|
metadata:
|
|
type: object
|
|
spec:
|
|
description: ExternalSecretSpec defines the desired state of ExternalSecret.
|
|
properties:
|
|
data:
|
|
description: Data defines the connection between the Kubernetes Secret
|
|
keys and the Provider data
|
|
items:
|
|
description: ExternalSecretData defines the connection between the
|
|
Kubernetes Secret key (spec.data.<key>) and the Provider data.
|
|
properties:
|
|
remoteRef:
|
|
description: ExternalSecretDataRemoteRef defines Provider data
|
|
location.
|
|
properties:
|
|
conversionStrategy:
|
|
default: Default
|
|
description: Used to define a conversion Strategy
|
|
type: string
|
|
key:
|
|
description: Key is the key used in the Provider, mandatory
|
|
type: string
|
|
metadataPolicy:
|
|
description: Policy for fetching tags/labels from provider
|
|
secrets, possible options are Fetch, None. Defaults to
|
|
None
|
|
type: string
|
|
property:
|
|
description: Used to select a specific property of the Provider
|
|
value (if a map), if supported
|
|
type: string
|
|
version:
|
|
description: Used to select a specific version of the Provider
|
|
value, if supported
|
|
type: string
|
|
required:
|
|
- key
|
|
type: object
|
|
secretKey:
|
|
type: string
|
|
required:
|
|
- remoteRef
|
|
- secretKey
|
|
type: object
|
|
type: array
|
|
dataFrom:
|
|
description: DataFrom is used to fetch all properties from a specific
|
|
Provider data If multiple entries are specified, the Secret keys
|
|
are merged in the specified order
|
|
items:
|
|
maxProperties: 1
|
|
minProperties: 1
|
|
properties:
|
|
extract:
|
|
description: Used to extract multiple key/value pairs from one
|
|
secret
|
|
properties:
|
|
conversionStrategy:
|
|
default: Default
|
|
description: Used to define a conversion Strategy
|
|
type: string
|
|
key:
|
|
description: Key is the key used in the Provider, mandatory
|
|
type: string
|
|
metadataPolicy:
|
|
description: Policy for fetching tags/labels from provider
|
|
secrets, possible options are Fetch, None. Defaults to
|
|
None
|
|
type: string
|
|
property:
|
|
description: Used to select a specific property of the Provider
|
|
value (if a map), if supported
|
|
type: string
|
|
version:
|
|
description: Used to select a specific version of the Provider
|
|
value, if supported
|
|
type: string
|
|
required:
|
|
- key
|
|
type: object
|
|
find:
|
|
description: Used to find secrets based on tags or regular expressions
|
|
properties:
|
|
conversionStrategy:
|
|
default: Default
|
|
description: Used to define a conversion Strategy
|
|
type: string
|
|
name:
|
|
description: Finds secrets based on the name.
|
|
properties:
|
|
regexp:
|
|
description: Finds secrets base
|
|
type: string
|
|
type: object
|
|
path:
|
|
description: A root path to start the find operations.
|
|
type: string
|
|
tags:
|
|
additionalProperties:
|
|
type: string
|
|
description: Find secrets based on tags.
|
|
type: object
|
|
type: object
|
|
type: object
|
|
type: array
|
|
refreshInterval:
|
|
default: 1h
|
|
description: RefreshInterval is the amount of time before the values
|
|
are read again from the SecretStore provider Valid time units are
|
|
"ns", "us" (or "µs"), "ms", "s", "m", "h" May be set to zero to
|
|
fetch and create it once. Defaults to 1h.
|
|
type: string
|
|
secretStoreRef:
|
|
description: SecretStoreRef defines which SecretStore to fetch the
|
|
ExternalSecret data.
|
|
properties:
|
|
kind:
|
|
description: Kind of the SecretStore resource (SecretStore or
|
|
ClusterSecretStore) Defaults to `SecretStore`
|
|
type: string
|
|
name:
|
|
description: Name of the SecretStore resource
|
|
type: string
|
|
required:
|
|
- name
|
|
type: object
|
|
target:
|
|
description: ExternalSecretTarget defines the Kubernetes Secret to
|
|
be created There can be only one target per ExternalSecret.
|
|
properties:
|
|
creationPolicy:
|
|
default: Owner
|
|
description: CreationPolicy defines rules on how to create the
|
|
resulting Secret Defaults to 'Owner'
|
|
enum:
|
|
- Owner
|
|
- Orphan
|
|
- Merge
|
|
- None
|
|
type: string
|
|
deletionPolicy:
|
|
default: Retain
|
|
description: DeletionPolicy defines rules on how to delete the
|
|
resulting Secret Defaults to 'Retain'
|
|
enum:
|
|
- Delete
|
|
- Merge
|
|
- Retain
|
|
type: string
|
|
immutable:
|
|
description: Immutable defines if the final secret will be immutable
|
|
type: boolean
|
|
name:
|
|
description: Name defines the name of the Secret resource to be
|
|
managed This field is immutable Defaults to the .metadata.name
|
|
of the ExternalSecret resource
|
|
type: string
|
|
template:
|
|
description: Template defines a blueprint for the created Secret
|
|
resource.
|
|
properties:
|
|
data:
|
|
additionalProperties:
|
|
type: string
|
|
type: object
|
|
engineVersion:
|
|
default: v2
|
|
type: string
|
|
metadata:
|
|
description: ExternalSecretTemplateMetadata defines metadata
|
|
fields for the Secret blueprint.
|
|
properties:
|
|
annotations:
|
|
additionalProperties:
|
|
type: string
|
|
type: object
|
|
labels:
|
|
additionalProperties:
|
|
type: string
|
|
type: object
|
|
type: object
|
|
templateFrom:
|
|
items:
|
|
maxProperties: 1
|
|
minProperties: 1
|
|
properties:
|
|
configMap:
|
|
properties:
|
|
items:
|
|
items:
|
|
properties:
|
|
key:
|
|
type: string
|
|
required:
|
|
- key
|
|
type: object
|
|
type: array
|
|
name:
|
|
type: string
|
|
required:
|
|
- items
|
|
- name
|
|
type: object
|
|
secret:
|
|
properties:
|
|
items:
|
|
items:
|
|
properties:
|
|
key:
|
|
type: string
|
|
required:
|
|
- key
|
|
type: object
|
|
type: array
|
|
name:
|
|
type: string
|
|
required:
|
|
- items
|
|
- name
|
|
type: object
|
|
type: object
|
|
type: array
|
|
type:
|
|
type: string
|
|
type: object
|
|
type: object
|
|
required:
|
|
- secretStoreRef
|
|
type: object
|
|
status:
|
|
properties:
|
|
conditions:
|
|
items:
|
|
properties:
|
|
lastTransitionTime:
|
|
format: date-time
|
|
type: string
|
|
message:
|
|
type: string
|
|
reason:
|
|
type: string
|
|
status:
|
|
type: string
|
|
type:
|
|
type: string
|
|
required:
|
|
- status
|
|
- type
|
|
type: object
|
|
type: array
|
|
refreshTime:
|
|
description: refreshTime is the time and date the external secret
|
|
was fetched and the target secret updated
|
|
format: date-time
|
|
nullable: true
|
|
type: string
|
|
syncedResourceVersion:
|
|
description: SyncedResourceVersion keeps track of the last synced
|
|
version
|
|
type: string
|
|
type: object
|
|
type: object
|
|
served: true
|
|
storage: true
|
|
subresources:
|
|
status: {}
|
|
status:
|
|
acceptedNames:
|
|
kind: ""
|
|
plural: ""
|
|
conditions: []
|
|
storedVersions: []
|