Deployed 88f7810 to main with MkDocs 1.2.3 and mike 1.1.2

main/provider-kubernetes/index.html

@@ -1026,28 +1026,15 @@
       <ul class="md-nav__list">
         
           <li class="md-nav__item">
-  <a href="#k8s-cluster-secret" class="md-nav__link">
-    K8s Cluster Secret
+  <a href="#in-cluster-secrets-using-client-certificates" class="md-nav__link">
+    In-cluster secrets using Client certificates
   </a>
   
 </li>
         
-      </ul>
-    </nav>
-  
-</li>
-      
-        <li class="md-nav__item">
-  <a href="#secretstore" class="md-nav__link">
-    SecretStore
-  </a>
-  
-    <nav class="md-nav" aria-label="SecretStore">
-      <ul class="md-nav__list">
-        
           <li class="md-nav__item">
-  <a href="#externalsecret" class="md-nav__link">
-    ExternalSecret
+  <a href="#remote-secret-using-a-token" class="md-nav__link">
+    Remote Secret using a Token
   </a>
   
 </li>
@@ -1417,28 +1404,15 @@
       <ul class="md-nav__list">
         
           <li class="md-nav__item">
-  <a href="#k8s-cluster-secret" class="md-nav__link">
-    K8s Cluster Secret
+  <a href="#in-cluster-secrets-using-client-certificates" class="md-nav__link">
+    In-cluster secrets using Client certificates
   </a>
   
 </li>
         
-      </ul>
-    </nav>
-  
-</li>
-      
-        <li class="md-nav__item">
-  <a href="#secretstore" class="md-nav__link">
-    SecretStore
-  </a>
-  
-    <nav class="md-nav" aria-label="SecretStore">
-      <ul class="md-nav__list">
-        
           <li class="md-nav__item">
-  <a href="#externalsecret" class="md-nav__link">
-    ExternalSecret
+  <a href="#remote-secret-using-a-token" class="md-nav__link">
+    Remote Secret using a Token
   </a>
   
 </li>
@@ -1471,49 +1445,40 @@
 <h3 id="authentication">Authentication</h3>
 <p>It's possible to authenticate against the Kubernetes API using client certificates, a bearer token or a service account (not implemented yet). The operator enforces that exactly one authentication method is used.</p>
 <h2 id="example">Example</h2>
-<h3 id="k8s-cluster-secret">K8s Cluster Secret</h3>
-<div class="highlight"><pre><span></span><code>apiVersion: v1
+<h3 id="in-cluster-secrets-using-client-certificates">In-cluster secrets using Client certificates</h3>
+<ol>
+<li>Create a K8s Secret with the encoded base64 ca and client certificates</li>
+</ol>
+<p><div class="highlight"><pre><span></span><code>apiVersion: v1
 kind: Secret
 metadata:
   name: cluster-secrets
 data:
   # Fill with your encoded base64 CA
-  ca: Cg==
+  certificate-authority-data: Cg==
   # Fill with your encoded base64 Certificate
-  certificate: Cg==
+  client-certificate-data: Cg==
   # Fill with your encoded base64 Key
-  key: Cg==
-stringData:
-  # Fill with your a string Token
-  bearerToken: &quot;my-token&quot;
+  client-key-data: Cg==
 </code></pre></div>
-<h2 id="secretstore">SecretStore</h2>
-<p>The <code>Server</code> section specifies the url of the Kubernetes API and the location to fetch the CA. The <code>auth</code> section indicates the type of authentication to use, <code>cert</code>, <code>token</code> or <code>serviceAccount</code> and includes the path to fetch the certificates or the token.</p>
-<div class="highlight"><pre><span></span><code>apiVersion: external-secrets.io/v1beta1
+2. Create a SecretStore</p>
+<p>The Servers <code>url</code> won't be present as it will default to <code>kubernetes.default</code>, add a proper value if needed. In this example the Certificate Authority is fetch using the referenced <code>caProvider</code>.</p>
+<p>The <code>auth</code> section indicates that the type <code>cert</code>  will be used for authentication, it includes the path to fetch the client certificate and key.</p>
+<p><div class="highlight"><pre><span></span><code>apiVersion: external-secrets.io/v1beta1
 kind: SecretStore
 metadata:
   name: example
 spec:
   provider:
-      kubernetes:
-        # If not remoteNamesapce is provided, default namespace is used
-        remoteNamespace: default  
+      kubernetes: 
         server: 
-          url:  https://127.0.0.1:36473
-          # Add your encoded base64 to caBundle or a referenced caProvider
-          # if both are provided caProvider will be ignored
-          caBundle: Cg==
+          # referenced caProvider
           caProvider: 
             type: Secret
             name : cluster-secrets
-            key: ca
+            key: certificate-authority-data
         auth:
-          # Add a referenced bearerToken or client certificates, 
-          # if both are provided client certificates will be ignored
-          token:
-            bearerToken:
-              name: cluster-secrets
-              key: bearerToken
+          # referenced client certificates
           cert:
             clientCert: 
                 name: cluster-secrets
@@ -1521,7 +1486,9 @@ spec:
             clientKey: 
                 name: cluster-secrets
                 key: key
----
+</code></pre></div>
+3. Create the local secret that will be synced </p>
+<p><div class="highlight"><pre><span></span><code>---
 apiVersion: v1
 kind: Secret
 metadata:
@@ -1529,7 +1496,7 @@ metadata:
 data:
   extra: YmFyCg==
 </code></pre></div>
-<h3 id="externalsecret">ExternalSecret</h3>
+4. Finally create the ExternalSecret resource</p>
 <div class="highlight"><pre><span></span><code>apiVersion: external-secrets.io/v1beta1
 kind: ExternalSecret
 metadata:
@@ -1548,6 +1515,63 @@ spec:
       key: secret-example
       property: extra
 </code></pre></div>
+<h3 id="remote-secret-using-a-token">Remote Secret using a Token</h3>
+<ol>
+<li>Create a K8s Secret with the encoded base64 ca and client token.</li>
+</ol>
+<p><div class="highlight"><pre><span></span><code>apiVersion: v1
+kind: Secret
+metadata:
+  name: cluster-secrets
+data:
+  # Fill with your encoded base64 CA
+  certificate-authority-data: Cg==
+stringData:
+  # Fill with your string Token
+  bearerToken: &quot;my-token&quot;
+</code></pre></div>
+2. Create a SecretStore</p>
+<p>The Server section specifies the <code>url</code> of the remote Kubernetes API. In this example the Certificate Authority is fetch using the encoded base64 <code>caBundle</code>. </p>
+<p>The <code>auth</code> section indicates that the  <code>token</code> type will be used for authentication, it includes the path to fetch the token.</p>
+<p><div class="highlight"><pre><span></span><code>apiVersion: external-secrets.io/v1beta1
+kind: SecretStore
+metadata:
+  name: example
+spec:
+  provider:
+      kubernetes: 
+        # If not remoteNamesapce is provided, default     namespace is used
+        remoteNamespace: remote-namespace
+        server: 
+          url: https://remote.kubernetes.api-server.address
+          # Add your encoded base64 to caBundle
+          caBundle: Cg==
+        auth:
+          # Adds referenced bearerToken
+          token:
+            bearerToken:
+              name: cluster-secrets
+              key: bearerToken
+</code></pre></div>
+4. Finally create the ExternalSecret resource</p>
+<div class="highlight"><pre><span></span><code>apiVersion: external-secrets.io/v1beta1
+kind: ExternalSecret
+metadata:
+  name: example
+spec:
+  refreshInterval: 1h           
+  secretStoreRef:
+    kind: SecretStore
+    name: example               # name of the SecretStore (or kind specified)
+  target:
+    name: secret-to-be-created  # name of the k8s Secret to be created
+    creationPolicy: Owner
+  data:
+  - secretKey: extra
+    remoteRef:
+      key: secret-remote-example
+      property: extra
+</code></pre></div>
 
               
             </article>