1
0
Fork 0
mirror of https://github.com/external-secrets/external-secrets.git synced 2024-12-14 11:57:59 +00:00
external-secrets/config/crds/bases/generators.external-secrets.io_passwords.yaml
Tsubasa Nagasawa 199c9103db
feat(certcontroller): Allow restricting CRDs and Webhook configs in Informer cache (#3588)
* feat: Add component labels to custom resource definitions

Prerequisite for restricting the CRDs cached by Informer

Signed-off-by: Tsubasa Nagasawa <toversus2357@gmail.com>

* feat(certcontroller): Allow restricting CRDs and Webhook configs in Informer cache

The certcontroller watches CRDs and Webhook configurations, and
manages CA certificates for conversion webhooks of CRDs and Webhook
configurations. Some clusters have a large number of CRDs and Webhook
configurations installed. Additionally, some CRDs have large object sizes.
Currently, the certcontroller holds all CRDs and Webhook configurations
in the Informer cache. Since this includes CRDs not managed by the
certcontroller for CA certificates, memory usage tends to be high.
This PR adds a label to the CRDs and configures the Informer cache to hold
only the CRDs and Webhook configurations restricted by the label selector.
It assumes that the CRDs have a label. Depending on how the External Secrets
Operator is managed, it may be possible to update the External Secrets
Operator without updating the CRDs, so as a precaution, it can be turned
on/off via a startup option. It is disabled by default.

Signed-off-by: Tsubasa Nagasawa <toversus2357@gmail.com>

---------

Signed-off-by: Tsubasa Nagasawa <toversus2357@gmail.com>
2024-06-16 12:52:10 +02:00

88 lines
3.2 KiB
YAML

apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.15.0
labels:
external-secrets.io/component: controller
name: passwords.generators.external-secrets.io
spec:
group: generators.external-secrets.io
names:
categories:
- password
kind: Password
listKind: PasswordList
plural: passwords
shortNames:
- password
singular: password
scope: Namespaced
versions:
- name: v1alpha1
schema:
openAPIV3Schema:
description: |-
Password generates a random password based on the
configuration parameters in spec.
You can specify the length, characterset and other attributes.
properties:
apiVersion:
description: |-
APIVersion defines the versioned schema of this representation of an object.
Servers should convert recognized schemas to the latest internal value, and
may reject unrecognized values.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
type: string
kind:
description: |-
Kind is a string value representing the REST resource this object represents.
Servers may infer this from the endpoint the client submits requests to.
Cannot be updated.
In CamelCase.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
type: string
metadata:
type: object
spec:
description: PasswordSpec controls the behavior of the password generator.
properties:
allowRepeat:
default: false
description: set AllowRepeat to true to allow repeating characters.
type: boolean
digits:
description: |-
Digits specifies the number of digits in the generated
password. If omitted it defaults to 25% of the length of the password
type: integer
length:
default: 24
description: |-
Length of the password to be generated.
Defaults to 24
type: integer
noUpper:
default: false
description: Set NoUpper to disable uppercase characters
type: boolean
symbolCharacters:
description: |-
SymbolCharacters specifies the special characters that should be used
in the generated password.
type: string
symbols:
description: |-
Symbols specifies the number of symbol characters in the generated
password. If omitted it defaults to 25% of the length of the password
type: integer
required:
- allowRepeat
- length
- noUpper
type: object
type: object
served: true
storage: true
subresources:
status: {}