Change CRD subdomain from external-secerets.x-k8s.io to external-secrets.io

PROJECT

@@ -1,4 +1,4 @@
-domain: x-k8s.io
+domain: io
 repo: github.com/external-secrets/external-secrets
 resources:
 - group: external-secrets

api/v1alpha1/groupversion_info.go

@@ -16,7 +16,7 @@ limitations under the License.
 
 // Package v1alpha1 contains API Schema definitions for the external-secrets v1alpha1 API group
 // +kubebuilder:object:generate=true
-// +groupName=external-secrets.x-k8s.io
+// +groupName=external-secrets.io
 package v1alpha1
 
 import (
@@ -26,7 +26,7 @@ import (
 
 var (
 	// GroupVersion is group version used to register these objects
-	GroupVersion = schema.GroupVersion{Group: "external-secrets.x-k8s.io", Version: "v1alpha1"}
+	GroupVersion = schema.GroupVersion{Group: "external-secrets.io", Version: "v1alpha1"}
 
 	// SchemeBuilder is used to add go types to the GroupVersionKind scheme
 	SchemeBuilder = &scheme.Builder{GroupVersion: GroupVersion}

config/crd/bases/external-secrets.io_externalsecrets.yaml

@@ -0,0 +1,169 @@
+
+---
+apiVersion: apiextensions.k8s.io/v1beta1
+kind: CustomResourceDefinition
+metadata:
+  annotations:
+    controller-gen.kubebuilder.io/version: v0.2.5
+  creationTimestamp: null
+  name: externalsecrets.external-secrets.io
+spec:
+  group: external-secrets.io
+  names:
+    kind: ExternalSecret
+    listKind: ExternalSecretList
+    plural: externalsecrets
+    singular: externalsecret
+  scope: Namespaced
+  validation:
+    openAPIV3Schema:
+      description: ExternalSecret is the Schema for the externalsecrets API
+      properties:
+        apiVersion:
+          description: 'APIVersion defines the versioned schema of this representation
+            of an object. Servers should convert recognized schemas to the latest
+            internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+          type: string
+        kind:
+          description: 'Kind is a string value representing the REST resource this
+            object represents. Servers may infer this from the endpoint the client
+            submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+          type: string
+        metadata:
+          type: object
+        spec:
+          description: ExternalSecretSpec defines the desired state of ExternalSecret
+          properties:
+            data:
+              description: Data defines the connection between the Kubernetes Secret
+                keys and the Provider data
+              items:
+                description: ExternalSecretData defines the connection between the
+                  Kubernetes Secret key (spec.data.<key>) and the Provider data
+                properties:
+                  remoteRef:
+                    description: ExternalSecretDataRemoteRef defines Provider data
+                      location
+                    properties:
+                      key:
+                        description: Key is the key used in the Provider, mandatory
+                        type: string
+                      property:
+                        description: Used to select a specific property of the Provider
+                          value (if a map), if supported
+                        type: string
+                      version:
+                        description: Used to select a specific version of the Provider
+                          value, if supported
+                        type: string
+                    required:
+                    - key
+                    type: object
+                  secretKey:
+                    type: string
+                required:
+                - remoteRef
+                - secretKey
+                type: object
+              type: array
+            dataFrom:
+              description: DataFrom is used to fetch all properties from a specific
+                Provider data If multiple entries are specified, the Secret keys are
+                merged in the specified order
+              items:
+                description: ExternalSecretDataRemoteRef defines Provider data location
+                properties:
+                  key:
+                    description: Key is the key used in the Provider, mandatory
+                    type: string
+                  property:
+                    description: Used to select a specific property of the Provider
+                      value (if a map), if supported
+                    type: string
+                  version:
+                    description: Used to select a specific version of the Provider
+                      value, if supported
+                    type: string
+                required:
+                - key
+                type: object
+              type: array
+            refreshInterval:
+              description: 'RefreshInterval is the amount of time before the values
+                reading again from the SecretStore provider Valid time units are "ns",
+                "us" (or "µs"), "ms", "s", "m", "h" (from time.ParseDuration) May
+                be set to zero to fetch and create it once TODO: Default to some value?'
+              type: string
+            secretStoreRef:
+              description: SecretStoreRef defines which SecretStore to fetch the ExternalSecret
+                data
+              properties:
+                kind:
+                  description: Kind of the SecretStore resource (SecretStore or ClusterSecretStore)
+                    Defaults to `SecretStore`
+                  type: string
+                name:
+                  description: Name of the SecretStore resource
+                  type: string
+              required:
+              - name
+              type: object
+            target:
+              description: ExternalSecretTarget defines the Kubernetes Secret to be
+                created There can be only one target per ExternalSecret
+              properties:
+                creationPolicy:
+                  description: CreationPolicy defines rules on how to create the resulting
+                    Secret Defaults to 'Owner'
+                  type: string
+                name:
+                  description: Name defines the name of the Secret resource to be
+                    managed This field is immutable Defaults to the .metadata.name
+                    of the ExternalSecret resource
+                  type: string
+              type: object
+          required:
+          - secretStoreRef
+          - target
+          type: object
+        status:
+          properties:
+            conditions:
+              items:
+                properties:
+                  lastSyncTime:
+                    format: date-time
+                    type: string
+                  lastTransitionTime:
+                    format: date-time
+                    type: string
+                  message:
+                    type: string
+                  reason:
+                    type: string
+                  status:
+                    type: string
+                  type:
+                    type: string
+                required:
+                - status
+                - type
+                type: object
+              type: array
+            phase:
+              description: ExternalSecretStatusPhase represents the current phase
+                of the Secret sync
+              type: string
+          type: object
+      type: object
+  version: v1alpha1
+  versions:
+  - name: v1alpha1
+    served: true
+    storage: true
+status:
+  acceptedNames:
+    kind: ""
+    plural: ""
+  conditions: []
+  storedVersions: []

config/crd/bases/external-secrets.io_secretstores.yaml

@@ -0,0 +1,130 @@
+
+---
+apiVersion: apiextensions.k8s.io/v1beta1
+kind: CustomResourceDefinition
+metadata:
+  annotations:
+    controller-gen.kubebuilder.io/version: v0.2.5
+  creationTimestamp: null
+  name: secretstores.external-secrets.io
+spec:
+  group: external-secrets.io
+  names:
+    kind: SecretStore
+    listKind: SecretStoreList
+    plural: secretstores
+    singular: secretstore
+  scope: Namespaced
+  validation:
+    openAPIV3Schema:
+      description: SecretStore is the Schema for the secretstores API
+      properties:
+        apiVersion:
+          description: 'APIVersion defines the versioned schema of this representation
+            of an object. Servers should convert recognized schemas to the latest
+            internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+          type: string
+        kind:
+          description: 'Kind is a string value representing the REST resource this
+            object represents. Servers may infer this from the endpoint the client
+            submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+          type: string
+        metadata:
+          type: object
+        spec:
+          description: SecretStoreSpec defines the desired state of SecretStore
+          properties:
+            awssm:
+              description: AWSSM configures this store to sync secrets using AWS Secret
+                Manager provider
+              properties:
+                auth:
+                  description: Auth defines the information necessary to authenticate
+                    against AWS
+                  properties:
+                    secretRef:
+                      properties:
+                        accessKeyIDSecretRef:
+                          description: The AccessKeyID is used for authentication
+                          properties:
+                            key:
+                              type: string
+                            name:
+                              type: string
+                            namespace:
+                              type: string
+                          required:
+                          - key
+                          - name
+                          type: object
+                        secretAccessKeySecretRef:
+                          description: The SecretAccessKey is used for authentication
+                          properties:
+                            key:
+                              type: string
+                            name:
+                              type: string
+                            namespace:
+                              type: string
+                          required:
+                          - key
+                          - name
+                          type: object
+                      type: object
+                  required:
+                  - secretRef
+                  type: object
+                region:
+                  description: AWS Region to be used for the provider
+                  type: string
+                role:
+                  description: Role is a Role ARN which the SecretManager provider
+                    will assume
+                  type: string
+              required:
+              - auth
+              - region
+              type: object
+            controller:
+              description: 'Used to select the correct KES controller (think: ingress.ingressClassName)
+                The KES controller is instantiated with a specific controller name
+                and filters ES based on this property'
+              type: string
+          type: object
+        status:
+          description: SecretStoreStatus defines the observed state of the SecretStore
+          properties:
+            conditions:
+              items:
+                properties:
+                  lastTransitionTime:
+                    format: date-time
+                    type: string
+                  message:
+                    type: string
+                  reason:
+                    type: string
+                  status:
+                    type: string
+                  type:
+                    type: string
+                required:
+                - status
+                - type
+                type: object
+              type: array
+            phase:
+              type: string
+          type: object
+      type: object
+  version: v1alpha1
+  versions:
+  - name: v1alpha1
+    served: true
+    storage: true
+status:
+  acceptedNames:
+    kind: ""
+    plural: ""
+  conditions: []
+  storedVersions: []

config/crd/bases/external-secrets.x-k8s.io_externalsecrets.yaml

@@ -6,9 +6,9 @@ metadata:
   annotations:
     controller-gen.kubebuilder.io/version: v0.2.5
   creationTimestamp: null
-  name: externalsecrets.external-secrets.x-k8s.io
+  name: externalsecrets.external-secrets.io
 spec:
-  group: external-secrets.x-k8s.io
+  group: external-secrets.io
   names:
     kind: ExternalSecret
     listKind: ExternalSecretList

config/crd/bases/external-secrets.x-k8s.io_secretstores.yaml

@@ -6,9 +6,9 @@ metadata:
   annotations:
     controller-gen.kubebuilder.io/version: v0.2.5
   creationTimestamp: null
-  name: secretstores.external-secrets.x-k8s.io
+  name: secretstores.external-secrets.io
 spec:
-  group: external-secrets.x-k8s.io
+  group: external-secrets.io
   names:
     kind: SecretStore
     listKind: SecretStoreList

config/crd/kustomization.yaml

@@ -2,8 +2,8 @@
 # since it depends on service name and namespace that are out of this kustomize package.
 # It should be run by config/default
 resources:
-- bases/external-secrets.x-k8s.io_secretstores.yaml
-- bases/external-secrets.x-k8s.io_externalsecrets.yaml
+- bases/external-secrets.io_secretstores.yaml
+- bases/external-secrets.io_externalsecrets.yaml
 # +kubebuilder:scaffold:crdkustomizeresource
 
 patchesStrategicMerge:

config/crd/patches/cainjection_in_externalsecrets.yaml

@@ -5,4 +5,4 @@ kind: CustomResourceDefinition
 metadata:
   annotations:
     cert-manager.io/inject-ca-from: $(CERTIFICATE_NAMESPACE)/$(CERTIFICATE_NAME)
-  name: externalsecrets.external-secrets.x-k8s.io
+  name: externalsecrets.external-secrets.io

config/crd/patches/cainjection_in_secretstores.yaml

@@ -5,4 +5,4 @@ kind: CustomResourceDefinition
 metadata:
   annotations:
     cert-manager.io/inject-ca-from: $(CERTIFICATE_NAMESPACE)/$(CERTIFICATE_NAME)
-  name: secretstores.external-secrets.x-k8s.io
+  name: secretstores.external-secrets.io

config/crd/patches/webhook_in_externalsecrets.yaml

@@ -3,7 +3,7 @@
 apiVersion: apiextensions.k8s.io/v1beta1
 kind: CustomResourceDefinition
 metadata:
-  name: externalsecrets.external-secrets.x-k8s.io
+  name: externalsecrets.external-secrets.io
 spec:
   conversion:
     strategy: Webhook

config/crd/patches/webhook_in_secretstores.yaml

@@ -3,7 +3,7 @@
 apiVersion: apiextensions.k8s.io/v1beta1
 kind: CustomResourceDefinition
 metadata:
-  name: secretstores.external-secrets.x-k8s.io
+  name: secretstores.external-secrets.io
 spec:
   conversion:
     strategy: Webhook

config/rbac/externalsecret_editor_role.yaml

@@ -5,7 +5,7 @@ metadata:
   name: externalsecret-editor-role
 rules:
 - apiGroups:
-  - external-secrets.x-k8s.io
+  - external-secrets.io
   resources:
   - externalsecrets
   verbs:
@@ -17,7 +17,7 @@ rules:
   - update
   - watch
 - apiGroups:
-  - external-secrets.x-k8s.io
+  - external-secrets.io
   resources:
   - externalsecrets/status
   verbs:

config/rbac/externalsecret_viewer_role.yaml

@@ -5,7 +5,7 @@ metadata:
   name: externalsecret-viewer-role
 rules:
 - apiGroups:
-  - external-secrets.x-k8s.io
+  - external-secrets.io
   resources:
   - externalsecrets
   verbs:
@@ -13,7 +13,7 @@ rules:
   - list
   - watch
 - apiGroups:
-  - external-secrets.x-k8s.io
+  - external-secrets.io
   resources:
   - externalsecrets/status
   verbs:

config/rbac/role.yaml

@@ -7,7 +7,7 @@ metadata:
   name: manager-role
 rules:
 - apiGroups:
-  - external-secrets.x-k8s.io
+  - external-secrets.io
   resources:
   - externalsecrets
   verbs:
@@ -19,7 +19,7 @@ rules:
   - update
   - watch
 - apiGroups:
-  - external-secrets.x-k8s.io
+  - external-secrets.io
   resources:
   - externalsecrets/status
   verbs:
@@ -27,7 +27,7 @@ rules:
   - patch
   - update
 - apiGroups:
-  - external-secrets.x-k8s.io
+  - external-secrets.io
   resources:
   - secretstores
   verbs:
@@ -39,7 +39,7 @@ rules:
   - update
   - watch
 - apiGroups:
-  - external-secrets.x-k8s.io
+  - external-secrets.io
   resources:
   - secretstores/status
   verbs:

config/rbac/secretstore_editor_role.yaml

@@ -5,7 +5,7 @@ metadata:
   name: secretstore-editor-role
 rules:
 - apiGroups:
-  - external-secrets.x-k8s.io
+  - external-secrets.io
   resources:
   - secretstores
   verbs:
@@ -17,7 +17,7 @@ rules:
   - update
   - watch
 - apiGroups:
-  - external-secrets.x-k8s.io
+  - external-secrets.io
   resources:
   - secretstores/status
   verbs:

config/rbac/secretstore_viewer_role.yaml

@@ -5,7 +5,7 @@ metadata:
   name: secretstore-viewer-role
 rules:
 - apiGroups:
-  - external-secrets.x-k8s.io
+  - external-secrets.io
   resources:
   - secretstores
   verbs:
@@ -13,7 +13,7 @@ rules:
   - list
   - watch
 - apiGroups:
-  - external-secrets.x-k8s.io
+  - external-secrets.io
   resources:
   - secretstores/status
   verbs:

config/samples/external-secrets_v1alpha1_externalsecret.yaml

@@ -1,4 +1,4 @@
-apiVersion: external-secrets.x-k8s.io/v1alpha1
+apiVersion: external-secrets.io/v1alpha1
 kind: ExternalSecret
 metadata:
   name: externalsecret-sample

config/samples/external-secrets_v1alpha1_secretstore.yaml

@@ -1,4 +1,4 @@
-apiVersion: external-secrets.x-k8s.io/v1alpha1
+apiVersion: external-secrets.io/v1alpha1
 kind: SecretStore
 metadata:
   name: secretstore-sample

controllers/externalsecret_controller.go

@@ -34,8 +34,8 @@ type ExternalSecretReconciler struct {
 	Scheme *runtime.Scheme
 }
 
-// +kubebuilder:rbac:groups=external-secrets.x-k8s.io,resources=externalsecrets,verbs=get;list;watch;create;update;patch;delete
-// +kubebuilder:rbac:groups=external-secrets.x-k8s.io,resources=externalsecrets/status,verbs=get;update;patch
+// +kubebuilder:rbac:groups=external-secrets.io,resources=externalsecrets,verbs=get;list;watch;create;update;patch;delete
+// +kubebuilder:rbac:groups=external-secrets.io,resources=externalsecrets/status,verbs=get;update;patch
 
 func (r *ExternalSecretReconciler) Reconcile(req ctrl.Request) (ctrl.Result, error) {
 	_ = context.Background()

controllers/secretstore_controller.go

@@ -34,8 +34,8 @@ type SecretStoreReconciler struct {
 	Scheme *runtime.Scheme
 }
 
-// +kubebuilder:rbac:groups=external-secrets.x-k8s.io,resources=secretstores,verbs=get;list;watch;create;update;patch;delete
-// +kubebuilder:rbac:groups=external-secrets.x-k8s.io,resources=secretstores/status,verbs=get;update;patch
+// +kubebuilder:rbac:groups=external-secrets.io,resources=secretstores,verbs=get;list;watch;create;update;patch;delete
+// +kubebuilder:rbac:groups=external-secrets.io,resources=secretstores/status,verbs=get;update;patch
 
 func (r *SecretStoreReconciler) Reconcile(req ctrl.Request) (ctrl.Result, error) {
 	_ = context.Background()

main.go

@@ -59,7 +59,7 @@ func main() {
 		MetricsBindAddress: metricsAddr,
 		Port:               9443,
 		LeaderElection:     enableLeaderElection,
-		LeaderElectionID:   "1fc40399.x-k8s.io",
+		LeaderElectionID:   "1fc40399.io",
 	})
 	if err != nil {
 		setupLog.Error(err, "unable to start manager")