|
|
@@ -11,28 +11,28 @@ The external-secrets binary includes three components: `core controller`, `certc
|
|
|
|
|
|
The core controller is invoked without a subcommand and can be configured with the following flags:
|
|
|
|
|
|
-| Name | Type | Default | Description |
|
|
|
-|-----------------------------------------------|----------|-------------------------------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------|
|
|
|
-| `--client-burst` | int | uses rest client default (10) | Maximum Burst allowed to be passed to rest.Client |
|
|
|
-| `--client-qps` | float32 | uses rest client default (5) | QPS configuration to be passed to rest.Client |
|
|
|
-| `--concurrent` | int | 1 | The number of concurrent reconciles. |
|
|
|
-| `--controller-class` | string | default | The controller is instantiated with a specific controller name and filters ES based on this property |
|
|
|
-| `--enable-cluster-external-secret-reconciler` | boolean | true | Enables the cluster external secret reconciler. |
|
|
|
-| `--enable-cluster-store-reconciler` | boolean | true | Enables the cluster store reconciler. |
|
|
|
-| `--enable-push-secret-reconciler` | boolean | true | Enables the push secret reconciler. |
|
|
|
-| `--enable-secrets-caching` | boolean | false | Enable secrets caching for ALL secrets in the cluster (WARNING: can increase memory usage). |
|
|
|
-| `--enable-configmaps-caching` | boolean | false | Enable configmaps caching for ALL configmaps in the cluster (WARNING: can increase memory usage). |
|
|
|
-| `--enable-managed-secrets-caching` | boolean | true | Enable secrets caching for secrets managed by an ExternalSecret. |
|
|
|
-| `--enable-flood-gate` | boolean | true | Enable flood gate. External secret will be reconciled only if the ClusterStore or Store have an healthy or unknown state. |
|
|
|
-| `--enable-extended-metric-labels` | boolean | true | Enable recommended kubernetes annotations as labels in metrics. |
|
|
|
-| `--enable-leader-election` | boolean | false | Enable leader election for controller manager. Enabling this will ensure there is only one active controller manager. |
|
|
|
-| `--experimental-enable-aws-session-cache` | boolean | false | Enable experimental AWS session cache. External secret will reuse the AWS session without creating a new one on each request. |
|
|
|
-| `--help` | | | help for external-secrets |
|
|
|
-| `--loglevel` | string | info | loglevel to use, one of: debug, info, warn, error, dpanic, panic, fatal |
|
|
|
-| `--zap-time-encoding` | string | epoch | loglevel to use, one of: epoch, millis, nano, iso8601, rfc3339, rfc3339nano |
|
|
|
-| `--metrics-addr` | string | :8080 | The address the metric endpoint binds to. |
|
|
|
-| `--namespace` | string | - | watch external secrets scoped in the provided namespace only. ClusterSecretStore can be used but only work if it doesn't reference resources from other namespaces |
|
|
|
-| `--store-requeue-interval` | duration | 5m0s | Default Time duration between reconciling (Cluster)SecretStores |
|
|
|
+| Name | Type | Default | Description |
|
|
|
+|-----------------------------------------------|----------|---------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------|
|
|
|
+| `--client-burst` | int | 100 | Maximum Burst allowed to be passed to rest.Client |
|
|
|
+| `--client-qps` | float32 | 50 | QPS configuration to be passed to rest.Client |
|
|
|
+| `--concurrent` | int | 1 | The number of concurrent reconciles. |
|
|
|
+| `--controller-class` | string | default | The controller is instantiated with a specific controller name and filters ES based on this property |
|
|
|
+| `--enable-cluster-external-secret-reconciler` | boolean | true | Enables the cluster external secret reconciler. |
|
|
|
+| `--enable-cluster-store-reconciler` | boolean | true | Enables the cluster store reconciler. |
|
|
|
+| `--enable-push-secret-reconciler` | boolean | true | Enables the push secret reconciler. |
|
|
|
+| `--enable-secrets-caching` | boolean | false | Enable secrets caching for ALL secrets in the cluster (WARNING: can increase memory usage). |
|
|
|
+| `--enable-configmaps-caching` | boolean | false | Enable configmaps caching for ALL configmaps in the cluster (WARNING: can increase memory usage). |
|
|
|
+| `--enable-managed-secrets-caching` | boolean | true | Enable secrets caching for secrets managed by an ExternalSecret. |
|
|
|
+| `--enable-flood-gate` | boolean | true | Enable flood gate. External secret will be reconciled only if the ClusterStore or Store have an healthy or unknown state. |
|
|
|
+| `--enable-extended-metric-labels` | boolean | true | Enable recommended kubernetes annotations as labels in metrics. |
|
|
|
+| `--enable-leader-election` | boolean | false | Enable leader election for controller manager. Enabling this will ensure there is only one active controller manager. |
|
|
|
+| `--experimental-enable-aws-session-cache` | boolean | false | Enable experimental AWS session cache. External secret will reuse the AWS session without creating a new one on each request. |
|
|
|
+| `--help` | | | help for external-secrets |
|
|
|
+| `--loglevel` | string | info | loglevel to use, one of: debug, info, warn, error, dpanic, panic, fatal |
|
|
|
+| `--zap-time-encoding` | string | epoch | loglevel to use, one of: epoch, millis, nano, iso8601, rfc3339, rfc3339nano |
|
|
|
+| `--metrics-addr` | string | :8080 | The address the metric endpoint binds to. |
|
|
|
+| `--namespace` | string | - | watch external secrets scoped in the provided namespace only. ClusterSecretStore can be used but only work if it doesn't reference resources from other namespaces |
|
|
|
+| `--store-requeue-interval` | duration | 5m0s | Default Time duration between reconciling (Cluster)SecretStores |
|
|
|
|
|
|
## Cert Controller Flags
|
|
|
|
Mathew Wicks