Home Explore Help
Sign In
logic855
/
helm-external-secrets
mirror of https://github.com/external-secrets/external-secrets
1
0
Fork 0
Files Issues 0 Wiki
Browse Source

Add kubernetes provider documentation

Docs 4 years ago
parent
045e056719
commit
a1ea34d3b3
2 changed files with 59 additions and 0 deletions
Unified View Show Diff Stats
  1. 58 0
      docs/provider-kubernetes.md
  2. 1 0
      hack/api-docs/mkdocs.yml

+ 58 - 0
docs/provider-kubernetes.md
View File 

@@ -0,0 +1,58 @@
 
+External Secrets Operator allows to retrieve in-cluster secrets or from a remote Kubernetes Cluster.
 
+
 
+### Authentication
 
+
 
+It's possible to authenticate against the Kubernetes API using client certificates, a bearer token or a service account (not implemented yet). The operator enforces that exactly one authentication method is used.
 
+
 
+## Example
 
+
 
+### SecretStore
 
+
 
+The `Server` section specifies the url of the Kubernetes API and the location to fetch the CA. The `auth` section indicates the type of authentication to use, `cert`, `token` or `serviceAccount` and includes the path to fetch the certificates or the token.
 
+
 
+
 
+```
 
+apiVersion: external-secrets.io/v1alpha1
 
+kind: SecretStore
 
+metadata:
 
+  name: example
 
+spec:
 
+  provider:
 
+      kubernetes:  
+        server: 
+          url:  https://127.0.0.1:36473
 
+          caProvider: 
+            type: Secret
 
+            name : kind-cluster-secrets
 
+            key: ca
 
+        auth:
 
+          cert:
 
+            clientCert: 
+                name: kind-cluster-secrets
 
+                key: certificate
 
+            clientKey: 
+                name: kind-cluster-secrets
 
+                key: key
 
+```
 
+        
+### ExternalSecret
 
+
 
+```
 
+apiVersion: external-secrets.io/v1alpha1
 
+kind: ExternalSecret
 
+metadata:
 
+  name: example
 
+spec:
 
+  refreshInterval: 1h           
+  secretStoreRef:
 
+    kind: SecretStore
 
+    name: example               # name of the SecretStore (or kind specified)
 
+  target:
 
+    name: secret-to-be-created  # name of the k8s Secret to be created
 
+    creationPolicy: Owner
 
+  data:
 
+  - secretKey: extra #
 
+    remoteRef:
 
+      key: secret-example
 
+      property: extra
 
+```

+ 1 - 0
hack/api-docs/mkdocs.yml
View File 

@@ -63,6 +63,7 @@ nav:
 
       - Oracle Vault: provider-oracle-vault.md
 
       - Oracle Vault: provider-oracle-vault.md
 
     - Webhook: provider-webhook.md
 
     - Webhook: provider-webhook.md
 
     - Fake: provider-fake.md
 
     - Fake: provider-fake.md
 
+    - Kubernetes: provider-kubernetes.md
 
   - Examples:
 
   - Examples:
 
     - FluxCD: examples-gitops-using-fluxcd.md
 
     - FluxCD: examples-gitops-using-fluxcd.md
 
     - Anchore Engine: examples-anchore-engine-credentials.md
 
     - Anchore Engine: examples-anchore-engine-credentials.md