| 123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142 |
- ---
- apiVersion: apiextensions.k8s.io/v1
- kind: CustomResourceDefinition
- metadata:
- annotations:
- controller-gen.kubebuilder.io/version: v0.4.1
- creationTimestamp: null
- name: clustersecretstores.external-secrets.io
- spec:
- group: external-secrets.io
- names:
- categories:
- - externalsecrets
- kind: ClusterSecretStore
- listKind: ClusterSecretStoreList
- plural: clustersecretstores
- shortNames:
- - css
- singular: clustersecretstore
- scope: Cluster
- versions:
- - additionalPrinterColumns:
- - jsonPath: .metadata.creationTimestamp
- name: AGE
- type: date
- name: v1alpha1
- schema:
- openAPIV3Schema:
- description: ClusterSecretStore represents a secure external location for
- storing secrets, which can be referenced as part of `storeRef` fields.
- properties:
- apiVersion:
- description: 'APIVersion defines the versioned schema of this representation
- of an object. Servers should convert recognized schemas to the latest
- internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
- type: string
- kind:
- description: 'Kind is a string value representing the REST resource this
- object represents. Servers may infer this from the endpoint the client
- submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
- type: string
- metadata:
- type: object
- spec:
- description: SecretStoreSpec defines the desired state of SecretStore.
- properties:
- controller:
- description: 'Used to select the correct KES controller (think: ingress.ingressClassName)
- The KES controller is instantiated with a specific controller name
- and filters ES based on this property'
- type: string
- provider:
- description: Used to configure the provider. Only one provider may
- be set
- maxProperties: 1
- minProperties: 1
- properties:
- awssm:
- description: AWSSM configures this store to sync secrets using
- AWS Secret Manager provider
- properties:
- auth:
- description: Auth defines the information necessary to authenticate
- against AWS
- properties:
- secretRef:
- properties:
- accessKeyIDSecretRef:
- description: The AccessKeyID is used for authentication
- properties:
- key:
- description: The key of the entry in the Secret
- resource's `data` field to be used. Some instances
- of this field may be defaulted, in others it
- may be required.
- type: string
- name:
- description: 'Name of the resource being referred
- to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
- type: string
- namespace:
- description: Namespace of the resource being referred
- to. Ignored if referent is not cluster-scoped.
- cluster-scoped defaults to the namespace of
- the referent.
- type: string
- required:
- - name
- type: object
- secretAccessKeySecretRef:
- description: The SecretAccessKey is used for authentication
- properties:
- key:
- description: The key of the entry in the Secret
- resource's `data` field to be used. Some instances
- of this field may be defaulted, in others it
- may be required.
- type: string
- name:
- description: 'Name of the resource being referred
- to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
- type: string
- namespace:
- description: Namespace of the resource being referred
- to. Ignored if referent is not cluster-scoped.
- cluster-scoped defaults to the namespace of
- the referent.
- type: string
- required:
- - name
- type: object
- type: object
- required:
- - secretRef
- type: object
- region:
- description: AWS Region to be used for the provider
- type: string
- role:
- description: Role is a Role ARN which the SecretManager provider
- will assume
- type: string
- required:
- - auth
- - region
- type: object
- type: object
- required:
- - provider
- type: object
- type: object
- served: true
- storage: true
- subresources:
- status: {}
- status:
- acceptedNames:
- kind: ""
- plural: ""
- conditions: []
- storedVersions: []
|
