index.html 99 KB

12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364656667686970717273747576777879808182838485868788899091929394959697989910010110210310410510610710810911011111211311411511611711811912012112212312412512612712812913013113213313413513613713813914014114214314414514614714814915015115215315415515615715815916016116216316416516616716816917017117217317417517617717817918018118218318418518618718818919019119219319419519619719819920020120220320420520620720820921021121221321421521621721821922022122222322422522622722822923023123223323423523623723823924024124224324424524624724824925025125225325425525625725825926026126226326426526626726826927027127227327427527627727827928028128228328428528628728828929029129229329429529629729829930030130230330430530630730830931031131231331431531631731831932032132232332432532632732832933033133233333433533633733833934034134234334434534634734834935035135235335435535635735835936036136236336436536636736836937037137237337437537637737837938038138238338438538638738838939039139239339439539639739839940040140240340440540640740840941041141241341441541641741841942042142242342442542642742842943043143243343443543643743843944044144244344444544644744844945045145245345445545645745845946046146246346446546646746846947047147247347447547647747847948048148248348448548648748848949049149249349449549649749849950050150250350450550650750850951051151251351451551651751851952052152252352452552652752852953053153253353453553653753853954054154254354454554654754854955055155255355455555655755855956056156256356456556656756856957057157257357457557657757857958058158258358458558658758858959059159259359459559659759859960060160260360460560660760860961061161261361461561661761861962062162262362462562662762862963063163263363463563663763863964064164264364464564664764864965065165265365465565665765865966066166266366466566666766866967067167267367467567667767867968068168268368468568668768868969069169269369469569669769869970070170270370470570670770870971071171271371471571671771871972072172272372472572672772872973073173273373473573673773873974074174274374474574674774874975075175275375475575675775875976076176276376476576676776876977077177277377477577677777877978078178278378478578678778878979079179279379479579679779879980080180280380480580680780880981081181281381481581681781881982082182282382482582682782882983083183283383483583683783883984084184284384484584684784884985085185285385485585685785885986086186286386486586686786886987087187287387487587687787887988088188288388488588688788888989089189289389489589689789889990090190290390490590690790890991091191291391491591691791891992092192292392492592692792892993093193293393493593693793893994094194294394494594694794894995095195295395495595695795895996096196296396496596696796896997097197297397497597697797897998098198298398498598698798898999099199299399499599699799899910001001100210031004100510061007100810091010101110121013101410151016101710181019102010211022102310241025102610271028102910301031103210331034103510361037103810391040104110421043104410451046104710481049105010511052105310541055105610571058105910601061106210631064106510661067106810691070107110721073107410751076107710781079108010811082108310841085108610871088108910901091109210931094109510961097109810991100110111021103110411051106110711081109111011111112111311141115111611171118111911201121112211231124112511261127112811291130113111321133113411351136113711381139114011411142114311441145114611471148114911501151115211531154115511561157115811591160116111621163116411651166116711681169117011711172117311741175117611771178117911801181118211831184118511861187118811891190119111921193119411951196119711981199120012011202120312041205120612071208120912101211121212131214121512161217121812191220122112221223122412251226122712281229123012311232123312341235123612371238123912401241124212431244124512461247124812491250125112521253125412551256125712581259126012611262126312641265126612671268126912701271127212731274127512761277127812791280128112821283128412851286128712881289129012911292129312941295129612971298129913001301130213031304130513061307130813091310131113121313131413151316131713181319132013211322132313241325132613271328132913301331133213331334133513361337133813391340134113421343134413451346134713481349135013511352135313541355135613571358135913601361136213631364136513661367136813691370137113721373137413751376137713781379138013811382138313841385138613871388138913901391139213931394139513961397139813991400140114021403140414051406140714081409141014111412141314141415141614171418141914201421142214231424142514261427142814291430143114321433143414351436143714381439144014411442144314441445144614471448144914501451145214531454145514561457145814591460146114621463146414651466146714681469147014711472147314741475147614771478147914801481148214831484148514861487148814891490149114921493149414951496149714981499150015011502150315041505150615071508150915101511151215131514151515161517151815191520152115221523152415251526152715281529153015311532153315341535153615371538153915401541154215431544154515461547154815491550155115521553155415551556155715581559156015611562156315641565156615671568156915701571157215731574157515761577157815791580158115821583158415851586158715881589159015911592159315941595159615971598159916001601160216031604160516061607160816091610161116121613161416151616161716181619162016211622162316241625162616271628162916301631163216331634163516361637163816391640164116421643164416451646164716481649165016511652165316541655165616571658165916601661166216631664166516661667166816691670167116721673167416751676167716781679168016811682168316841685168616871688168916901691169216931694169516961697169816991700170117021703170417051706170717081709171017111712171317141715171617171718171917201721172217231724172517261727172817291730173117321733173417351736173717381739174017411742174317441745174617471748174917501751175217531754175517561757175817591760176117621763176417651766176717681769177017711772177317741775177617771778177917801781178217831784178517861787178817891790179117921793179417951796179717981799180018011802180318041805180618071808180918101811181218131814181518161817181818191820182118221823182418251826182718281829183018311832183318341835183618371838183918401841184218431844184518461847184818491850185118521853185418551856185718581859186018611862186318641865186618671868186918701871187218731874187518761877187818791880188118821883188418851886188718881889189018911892189318941895189618971898189919001901190219031904190519061907190819091910191119121913191419151916191719181919192019211922192319241925192619271928192919301931193219331934193519361937193819391940194119421943194419451946194719481949195019511952195319541955195619571958195919601961196219631964196519661967196819691970197119721973197419751976197719781979198019811982198319841985198619871988198919901991199219931994199519961997199819992000200120022003200420052006200720082009201020112012201320142015201620172018201920202021202220232024202520262027202820292030203120322033203420352036203720382039204020412042204320442045204620472048204920502051205220532054205520562057205820592060206120622063206420652066206720682069207020712072207320742075207620772078207920802081208220832084208520862087208820892090209120922093209420952096209720982099210021012102210321042105210621072108210921102111211221132114211521162117211821192120212121222123212421252126212721282129213021312132213321342135213621372138213921402141214221432144214521462147214821492150215121522153215421552156215721582159216021612162216321642165216621672168216921702171217221732174217521762177217821792180218121822183218421852186218721882189219021912192219321942195219621972198219922002201220222032204220522062207220822092210221122122213221422152216221722182219222022212222222322242225222622272228222922302231223222332234223522362237223822392240224122422243224422452246224722482249225022512252225322542255225622572258225922602261226222632264226522662267226822692270227122722273227422752276227722782279228022812282228322842285228622872288228922902291229222932294229522962297229822992300230123022303230423052306230723082309231023112312231323142315231623172318231923202321232223232324232523262327232823292330233123322333233423352336233723382339234023412342234323442345234623472348234923502351235223532354235523562357235823592360236123622363236423652366236723682369237023712372237323742375237623772378237923802381238223832384238523862387238823892390239123922393239423952396239723982399240024012402240324042405240624072408240924102411241224132414241524162417241824192420242124222423242424252426242724282429243024312432243324342435243624372438243924402441244224432444244524462447244824492450245124522453245424552456245724582459246024612462246324642465246624672468246924702471247224732474247524762477247824792480248124822483248424852486248724882489249024912492249324942495249624972498249925002501250225032504250525062507250825092510251125122513251425152516251725182519252025212522252325242525252625272528252925302531253225332534253525362537253825392540254125422543254425452546254725482549255025512552255325542555255625572558255925602561256225632564256525662567256825692570257125722573257425752576257725782579258025812582258325842585258625872588258925902591259225932594259525962597259825992600260126022603260426052606260726082609261026112612261326142615261626172618261926202621262226232624262526262627262826292630263126322633263426352636263726382639264026412642264326442645264626472648264926502651265226532654265526562657265826592660266126622663266426652666266726682669267026712672267326742675267626772678267926802681268226832684268526862687268826892690269126922693269426952696269726982699270027012702270327042705270627072708270927102711271227132714271527162717271827192720272127222723272427252726272727282729273027312732273327342735273627372738273927402741274227432744274527462747274827492750275127522753275427552756275727582759276027612762276327642765276627672768276927702771277227732774277527762777277827792780278127822783278427852786278727882789279027912792279327942795279627972798279928002801280228032804280528062807280828092810281128122813281428152816281728182819282028212822282328242825282628272828282928302831283228332834283528362837283828392840284128422843284428452846284728482849285028512852285328542855285628572858285928602861286228632864286528662867286828692870287128722873287428752876287728782879288028812882288328842885288628872888288928902891289228932894289528962897289828992900290129022903290429052906290729082909291029112912291329142915291629172918291929202921292229232924292529262927292829292930293129322933293429352936293729382939294029412942294329442945294629472948294929502951295229532954295529562957295829592960296129622963296429652966296729682969297029712972297329742975297629772978297929802981298229832984298529862987298829892990299129922993299429952996299729982999300030013002300330043005300630073008300930103011301230133014301530163017301830193020302130223023302430253026302730283029303030313032303330343035303630373038303930403041304230433044304530463047304830493050305130523053305430553056305730583059306030613062306330643065306630673068306930703071307230733074307530763077307830793080308130823083308430853086308730883089309030913092309330943095309630973098309931003101310231033104310531063107310831093110311131123113311431153116311731183119312031213122312331243125312631273128312931303131313231333134313531363137313831393140314131423143314431453146314731483149315031513152315331543155315631573158315931603161316231633164316531663167316831693170317131723173317431753176317731783179318031813182318331843185318631873188318931903191319231933194319531963197319831993200320132023203320432053206320732083209321032113212321332143215321632173218321932203221322232233224322532263227322832293230323132323233323432353236323732383239324032413242324332443245324632473248324932503251325232533254325532563257325832593260326132623263326432653266326732683269327032713272327332743275327632773278327932803281328232833284328532863287328832893290329132923293329432953296329732983299330033013302330333043305330633073308330933103311331233133314331533163317331833193320332133223323332433253326332733283329333033313332333333343335333633373338333933403341334233433344334533463347334833493350335133523353335433553356335733583359336033613362336333643365336633673368336933703371337233733374337533763377337833793380338133823383338433853386338733883389339033913392339333943395339633973398339934003401340234033404340534063407340834093410341134123413341434153416341734183419342034213422342334243425342634273428342934303431343234333434343534363437343834393440344134423443344434453446344734483449345034513452345334543455345634573458345934603461346234633464346534663467346834693470347134723473347434753476347734783479348034813482348334843485348634873488348934903491349234933494349534963497349834993500350135023503350435053506350735083509351035113512351335143515351635173518351935203521352235233524352535263527352835293530353135323533353435353536353735383539354035413542354335443545354635473548354935503551355235533554355535563557355835593560356135623563356435653566356735683569357035713572357335743575357635773578357935803581358235833584358535863587358835893590359135923593359435953596359735983599360036013602360336043605360636073608360936103611361236133614361536163617361836193620362136223623362436253626362736283629363036313632363336343635363636373638363936403641364236433644364536463647364836493650365136523653365436553656365736583659366036613662366336643665366636673668366936703671367236733674367536763677367836793680368136823683368436853686368736883689369036913692369336943695369636973698369937003701370237033704370537063707370837093710371137123713371437153716371737183719372037213722372337243725372637273728372937303731373237333734373537363737373837393740374137423743374437453746374737483749375037513752375337543755375637573758375937603761376237633764376537663767376837693770377137723773377437753776377737783779378037813782378337843785378637873788378937903791379237933794379537963797379837993800380138023803380438053806380738083809381038113812381338143815381638173818381938203821382238233824382538263827382838293830383138323833383438353836383738383839384038413842384338443845384638473848384938503851385238533854385538563857385838593860386138623863386438653866386738683869387038713872387338743875387638773878387938803881388238833884388538863887388838893890389138923893389438953896389738983899390039013902390339043905390639073908390939103911391239133914391539163917391839193920392139223923392439253926392739283929393039313932393339343935393639373938393939403941394239433944394539463947394839493950395139523953395439553956395739583959396039613962396339643965396639673968396939703971397239733974397539763977397839793980398139823983398439853986398739883989399039913992399339943995399639973998399940004001400240034004400540064007400840094010401140124013401440154016401740184019402040214022402340244025402640274028402940304031403240334034403540364037403840394040404140424043404440454046404740484049405040514052405340544055405640574058405940604061406240634064406540664067406840694070407140724073407440754076407740784079408040814082408340844085408640874088408940904091409240934094409540964097409840994100410141024103410441054106410741084109411041114112411341144115411641174118411941204121412241234124412541264127412841294130413141324133413441354136413741384139414041414142414341444145414641474148414941504151415241534154415541564157415841594160416141624163416441654166416741684169417041714172417341744175417641774178417941804181418241834184418541864187418841894190419141924193419441954196419741984199420042014202420342044205420642074208420942104211421242134214421542164217421842194220422142224223422442254226422742284229423042314232423342344235423642374238423942404241424242434244424542464247424842494250425142524253425442554256425742584259426042614262426342644265426642674268426942704271427242734274427542764277427842794280428142824283428442854286428742884289429042914292429342944295429642974298429943004301430243034304430543064307430843094310431143124313431443154316431743184319432043214322432343244325432643274328432943304331433243334334433543364337433843394340434143424343434443454346434743484349435043514352435343544355435643574358435943604361436243634364436543664367436843694370437143724373437443754376437743784379438043814382438343844385438643874388438943904391439243934394439543964397439843994400440144024403440444054406440744084409441044114412441344144415441644174418441944204421442244234424442544264427442844294430443144324433443444354436443744384439444044414442444344444445444644474448444944504451445244534454445544564457445844594460446144624463446444654466446744684469447044714472447344744475447644774478447944804481448244834484448544864487448844894490449144924493449444954496449744984499450045014502450345044505450645074508450945104511451245134514451545164517451845194520452145224523452445254526452745284529453045314532453345344535453645374538453945404541454245434544454545464547454845494550455145524553455445554556455745584559456045614562456345644565456645674568456945704571457245734574457545764577457845794580458145824583458445854586458745884589459045914592459345944595459645974598459946004601460246034604460546064607460846094610461146124613461446154616461746184619462046214622462346244625462646274628462946304631463246334634463546364637463846394640464146424643464446454646464746484649465046514652465346544655465646574658465946604661466246634664466546664667466846694670467146724673467446754676467746784679468046814682468346844685468646874688468946904691469246934694469546964697469846994700470147024703470447054706470747084709471047114712471347144715471647174718471947204721472247234724472547264727472847294730473147324733473447354736473747384739474047414742474347444745474647474748474947504751475247534754475547564757475847594760476147624763476447654766476747684769477047714772477347744775477647774778477947804781478247834784478547864787478847894790479147924793479447954796479747984799480048014802480348044805480648074808480948104811481248134814481548164817481848194820482148224823482448254826482748284829483048314832483348344835483648374838483948404841484248434844484548464847484848494850485148524853485448554856485748584859486048614862486348644865486648674868486948704871487248734874487548764877487848794880488148824883488448854886488748884889489048914892489348944895489648974898489949004901490249034904490549064907490849094910491149124913491449154916491749184919492049214922492349244925492649274928492949304931493249334934493549364937493849394940494149424943494449454946494749484949495049514952495349544955495649574958495949604961496249634964496549664967496849694970497149724973497449754976497749784979498049814982498349844985498649874988498949904991499249934994499549964997499849995000500150025003500450055006500750085009501050115012501350145015501650175018501950205021502250235024502550265027502850295030503150325033503450355036503750385039504050415042504350445045504650475048504950505051505250535054505550565057505850595060506150625063506450655066506750685069507050715072507350745075507650775078507950805081508250835084508550865087508850895090509150925093509450955096509750985099510051015102510351045105510651075108510951105111511251135114511551165117511851195120512151225123512451255126512751285129513051315132513351345135513651375138513951405141514251435144514551465147514851495150515151525153515451555156515751585159516051615162516351645165516651675168516951705171517251735174517551765177517851795180518151825183518451855186518751885189519051915192519351945195519651975198519952005201520252035204520552065207520852095210521152125213521452155216521752185219522052215222522352245225522652275228522952305231523252335234523552365237523852395240524152425243524452455246524752485249525052515252525352545255525652575258525952605261526252635264526552665267526852695270527152725273527452755276527752785279528052815282528352845285528652875288528952905291529252935294529552965297529852995300530153025303530453055306530753085309531053115312531353145315531653175318531953205321532253235324532553265327532853295330533153325333533453355336533753385339534053415342534353445345534653475348534953505351535253535354535553565357535853595360536153625363536453655366536753685369537053715372537353745375537653775378537953805381538253835384538553865387538853895390539153925393539453955396539753985399540054015402540354045405540654075408540954105411541254135414541554165417541854195420542154225423542454255426542754285429543054315432543354345435543654375438543954405441544254435444544554465447544854495450545154525453545454555456545754585459546054615462546354645465546654675468546954705471547254735474547554765477547854795480548154825483548454855486548754885489549054915492549354945495549654975498549955005501550255035504550555065507550855095510551155125513551455155516551755185519552055215522552355245525552655275528552955305531553255335534553555365537553855395540554155425543554455455546554755485549555055515552555355545555555655575558555955605561556255635564556555665567556855695570557155725573557455755576557755785579
  1. <!doctype html>
  2. <html lang="en" class="no-js">
  3. <head>
  4. <meta charset="utf-8">
  5. <meta name="viewport" content="width=device-width,initial-scale=1">
  6. <link rel="prev" href="../../provider/nebius-mysterybox/">
  7. <link rel="next" href="../anchore-engine-credentials/">
  8. <link rel="icon" href="../../pictures/eso-round-logo.svg">
  9. <meta name="generator" content="mkdocs-1.6.1, mkdocs-material-9.7.6">
  10. <title>FluxCD - External Secrets Operator</title>
  11. <link rel="stylesheet" href="../../assets/stylesheets/main.484c7ddc.min.css">
  12. <link rel="stylesheet" href="../../assets/stylesheets/palette.ab4e12ef.min.css">
  13. <link rel="preconnect" href="https://fonts.gstatic.com" crossorigin>
  14. <link rel="stylesheet" href="https://fonts.googleapis.com/css?family=Roboto:300,300i,400,400i,700,700i%7CRoboto+Mono:400,400i,700,700i&display=fallback">
  15. <style>:root{--md-text-font:"Roboto";--md-code-font:"Roboto Mono"}</style>
  16. <script>__md_scope=new URL("../..",location),__md_hash=e=>[...e].reduce(((e,_)=>(e<<5)-e+_.charCodeAt(0)),0),__md_get=(e,_=localStorage,t=__md_scope)=>JSON.parse(_.getItem(t.pathname+"."+e)),__md_set=(e,_,t=localStorage,a=__md_scope)=>{try{t.setItem(a.pathname+"."+e,JSON.stringify(_))}catch(e){}}</script>
  17. <script id="__analytics">function __md_analytics(){function e(){dataLayer.push(arguments)}window.dataLayer=window.dataLayer||[],e("js",new Date),e("config","G-QP38TD8K7V"),document.addEventListener("DOMContentLoaded",(function(){document.forms.search&&document.forms.search.query.addEventListener("blur",(function(){this.value&&e("event","search",{search_term:this.value})}));document$.subscribe((function(){var t=document.forms.feedback;if(void 0!==t)for(var a of t.querySelectorAll("[type=submit]"))a.addEventListener("click",(function(a){a.preventDefault();var n=document.location.pathname,d=this.getAttribute("data-md-value");e("event","feedback",{page:n,data:d}),t.firstElementChild.disabled=!0;var r=t.querySelector(".md-feedback__note [data-md-value='"+d+"']");r&&(r.hidden=!1)})),t.hidden=!1})),location$.subscribe((function(t){e("config","G-QP38TD8K7V",{page_path:t.pathname})}))}));var t=document.createElement("script");t.async=!0,t.src="https://www.googletagmanager.com/gtag/js?id=G-QP38TD8K7V",document.getElementById("__analytics").insertAdjacentElement("afterEnd",t)}</script>
  18. <script>"undefined"!=typeof __md_analytics&&__md_analytics()</script>
  19. </head>
  20. <body dir="ltr" data-md-color-scheme="default" data-md-color-primary="indigo" data-md-color-accent="indigo">
  21. <input class="md-toggle" data-md-toggle="drawer" type="checkbox" id="__drawer" autocomplete="off">
  22. <input class="md-toggle" data-md-toggle="search" type="checkbox" id="__search" autocomplete="off">
  23. <label class="md-overlay" for="__drawer"></label>
  24. <div data-md-component="skip">
  25. <a href="#gitops-using-fluxcd-v2" class="md-skip">
  26. Skip to content
  27. </a>
  28. </div>
  29. <div data-md-component="announce">
  30. </div>
  31. <div data-md-color-scheme="default" data-md-component="outdated" hidden>
  32. <aside class="md-banner md-banner--warning">
  33. <div class="md-banner__inner md-grid md-typeset">
  34. You're not viewing the latest version.
  35. <a href="../../..">
  36. <strong>Click here to go to latest.</strong>
  37. </a>
  38. </div>
  39. <script>var el=document.querySelector("[data-md-component=outdated]"),base=new URL("../.."),outdated=__md_get("__outdated",sessionStorage,base);!0===outdated&&el&&(el.hidden=!1)</script>
  40. </aside>
  41. </div>
  42. <header class="md-header" data-md-component="header">
  43. <nav class="md-header__inner md-grid" aria-label="Header">
  44. <a href="../.." title="External Secrets Operator" class="md-header__button md-logo" aria-label="External Secrets Operator" data-md-component="logo">
  45. <img src="../../pictures/eso-round-logo.svg" alt="logo">
  46. </a>
  47. <label class="md-header__button md-icon" for="__drawer">
  48. <svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M3 6h18v2H3zm0 5h18v2H3zm0 5h18v2H3z"/></svg>
  49. </label>
  50. <div class="md-header__title" data-md-component="header-title">
  51. <div class="md-header__ellipsis">
  52. <div class="md-header__topic">
  53. <span class="md-ellipsis">
  54. External Secrets Operator
  55. </span>
  56. </div>
  57. <div class="md-header__topic" data-md-component="header-topic">
  58. <span class="md-ellipsis">
  59. FluxCD
  60. </span>
  61. </div>
  62. </div>
  63. </div>
  64. <form class="md-header__option" data-md-component="palette">
  65. <input class="md-option" data-md-color-media="(prefers-color-scheme: light)" data-md-color-scheme="default" data-md-color-primary="indigo" data-md-color-accent="indigo" aria-label="Switch to dark mode" type="radio" name="__palette" id="__palette_0">
  66. <label class="md-header__button md-icon" title="Switch to dark mode" for="__palette_1" hidden>
  67. <svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M12 8a4 4 0 0 0-4 4 4 4 0 0 0 4 4 4 4 0 0 0 4-4 4 4 0 0 0-4-4m0 10a6 6 0 0 1-6-6 6 6 0 0 1 6-6 6 6 0 0 1 6 6 6 6 0 0 1-6 6m8-9.31V4h-4.69L12 .69 8.69 4H4v4.69L.69 12 4 15.31V20h4.69L12 23.31 15.31 20H20v-4.69L23.31 12z"/></svg>
  68. </label>
  69. <input class="md-option" data-md-color-media="(prefers-color-scheme: dark)" data-md-color-scheme="slate" data-md-color-primary="indigo" data-md-color-accent="indigo" aria-label="Switch to light mode" type="radio" name="__palette" id="__palette_1">
  70. <label class="md-header__button md-icon" title="Switch to light mode" for="__palette_0" hidden>
  71. <svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M12 18c-.89 0-1.74-.2-2.5-.55C11.56 16.5 13 14.42 13 12s-1.44-4.5-3.5-5.45C10.26 6.2 11.11 6 12 6a6 6 0 0 1 6 6 6 6 0 0 1-6 6m8-9.31V4h-4.69L12 .69 8.69 4H4v4.69L.69 12 4 15.31V20h4.69L12 23.31 15.31 20H20v-4.69L23.31 12z"/></svg>
  72. </label>
  73. </form>
  74. <script>var palette=__md_get("__palette");if(palette&&palette.color){if("(prefers-color-scheme)"===palette.color.media){var media=matchMedia("(prefers-color-scheme: light)"),input=document.querySelector(media.matches?"[data-md-color-media='(prefers-color-scheme: light)']":"[data-md-color-media='(prefers-color-scheme: dark)']");palette.color.media=input.getAttribute("data-md-color-media"),palette.color.scheme=input.getAttribute("data-md-color-scheme"),palette.color.primary=input.getAttribute("data-md-color-primary"),palette.color.accent=input.getAttribute("data-md-color-accent")}for(var[key,value]of Object.entries(palette.color))document.body.setAttribute("data-md-color-"+key,value)}</script>
  75. <label class="md-header__button md-icon" for="__search">
  76. <svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M9.5 3A6.5 6.5 0 0 1 16 9.5c0 1.61-.59 3.09-1.56 4.23l.27.27h.79l5 5-1.5 1.5-5-5v-.79l-.27-.27A6.52 6.52 0 0 1 9.5 16 6.5 6.5 0 0 1 3 9.5 6.5 6.5 0 0 1 9.5 3m0 2C7 5 5 7 5 9.5S7 14 9.5 14 14 12 14 9.5 12 5 9.5 5"/></svg>
  77. </label>
  78. <div class="md-search" data-md-component="search" role="dialog">
  79. <label class="md-search__overlay" for="__search"></label>
  80. <div class="md-search__inner" role="search">
  81. <form class="md-search__form" name="search">
  82. <input type="text" class="md-search__input" name="query" aria-label="Search" placeholder="Search" autocapitalize="off" autocorrect="off" autocomplete="off" spellcheck="false" data-md-component="search-query" required>
  83. <label class="md-search__icon md-icon" for="__search">
  84. <svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M9.5 3A6.5 6.5 0 0 1 16 9.5c0 1.61-.59 3.09-1.56 4.23l.27.27h.79l5 5-1.5 1.5-5-5v-.79l-.27-.27A6.52 6.52 0 0 1 9.5 16 6.5 6.5 0 0 1 3 9.5 6.5 6.5 0 0 1 9.5 3m0 2C7 5 5 7 5 9.5S7 14 9.5 14 14 12 14 9.5 12 5 9.5 5"/></svg>
  85. <svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M20 11v2H8l5.5 5.5-1.42 1.42L4.16 12l7.92-7.92L13.5 5.5 8 11z"/></svg>
  86. </label>
  87. <nav class="md-search__options" aria-label="Search">
  88. <button type="reset" class="md-search__icon md-icon" title="Clear" aria-label="Clear" tabindex="-1">
  89. <svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M19 6.41 17.59 5 12 10.59 6.41 5 5 6.41 10.59 12 5 17.59 6.41 19 12 13.41 17.59 19 19 17.59 13.41 12z"/></svg>
  90. </button>
  91. </nav>
  92. </form>
  93. <div class="md-search__output">
  94. <div class="md-search__scrollwrap" tabindex="0" data-md-scrollfix>
  95. <div class="md-search-result" data-md-component="search-result">
  96. <div class="md-search-result__meta">
  97. Initializing search
  98. </div>
  99. <ol class="md-search-result__list" role="presentation"></ol>
  100. </div>
  101. </div>
  102. </div>
  103. </div>
  104. </div>
  105. <div class="md-header__source">
  106. <a href="https://github.com/external-secrets/external-secrets" title="Go to repository" class="md-source" data-md-component="source">
  107. <div class="md-source__icon md-icon">
  108. <svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 448 512"><!--! Font Awesome Free 7.1.0 by @fontawesome - https://fontawesome.com License - https://fontawesome.com/license/free (Icons: CC BY 4.0, Fonts: SIL OFL 1.1, Code: MIT License) Copyright 2025 Fonticons, Inc.--><path d="M439.6 236.1 244 40.5c-5.4-5.5-12.8-8.5-20.4-8.5s-15 3-20.4 8.4L162.5 81l51.5 51.5c27.1-9.1 52.7 16.8 43.4 43.7l49.7 49.7c34.2-11.8 61.2 31 35.5 56.7-26.5 26.5-70.2-2.9-56-37.3L240.3 199v121.9c25.3 12.5 22.3 41.8 9.1 55-6.4 6.4-15.2 10.1-24.3 10.1s-17.8-3.6-24.3-10.1c-17.6-17.6-11.1-46.9 11.2-56v-123c-20.8-8.5-24.6-30.7-18.6-45L142.6 101 8.5 235.1C3 240.6 0 247.9 0 255.5s3 15 8.5 20.4l195.6 195.7c5.4 5.4 12.7 8.4 20.4 8.4s15-3 20.4-8.4l194.7-194.7c5.4-5.4 8.4-12.8 8.4-20.4s-3-15-8.4-20.4"/></svg>
  109. </div>
  110. <div class="md-source__repository">
  111. External Secrets Operator
  112. </div>
  113. </a>
  114. </div>
  115. </nav>
  116. </header>
  117. <div class="md-container" data-md-component="container">
  118. <nav class="md-tabs" aria-label="Tabs" data-md-component="tabs">
  119. <div class="md-grid">
  120. <ul class="md-tabs__list">
  121. <li class="md-tabs__item">
  122. <a href="../.." class="md-tabs__link">
  123. Introduction
  124. </a>
  125. </li>
  126. <li class="md-tabs__item">
  127. <a href="../../api/components/" class="md-tabs__link">
  128. API
  129. </a>
  130. </li>
  131. <li class="md-tabs__item">
  132. <a href="../../guides/introduction/" class="md-tabs__link">
  133. Guides
  134. </a>
  135. </li>
  136. <li class="md-tabs__item">
  137. <a href="../../provider/aws-secrets-manager/" class="md-tabs__link">
  138. Provider
  139. </a>
  140. </li>
  141. <li class="md-tabs__item md-tabs__item--active">
  142. <a href="./" class="md-tabs__link">
  143. Examples
  144. </a>
  145. </li>
  146. <li class="md-tabs__item">
  147. <a href="../../contributing/devguide/" class="md-tabs__link">
  148. Community
  149. </a>
  150. </li>
  151. </ul>
  152. </div>
  153. </nav>
  154. <main class="md-main" data-md-component="main">
  155. <div class="md-main__inner md-grid">
  156. <div class="md-sidebar md-sidebar--primary" data-md-component="sidebar" data-md-type="navigation" >
  157. <div class="md-sidebar__scrollwrap">
  158. <div class="md-sidebar__inner">
  159. <nav class="md-nav md-nav--primary md-nav--lifted" aria-label="Navigation" data-md-level="0">
  160. <label class="md-nav__title" for="__drawer">
  161. <a href="../.." title="External Secrets Operator" class="md-nav__button md-logo" aria-label="External Secrets Operator" data-md-component="logo">
  162. <img src="../../pictures/eso-round-logo.svg" alt="logo">
  163. </a>
  164. External Secrets Operator
  165. </label>
  166. <div class="md-nav__source">
  167. <a href="https://github.com/external-secrets/external-secrets" title="Go to repository" class="md-source" data-md-component="source">
  168. <div class="md-source__icon md-icon">
  169. <svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 448 512"><!--! Font Awesome Free 7.1.0 by @fontawesome - https://fontawesome.com License - https://fontawesome.com/license/free (Icons: CC BY 4.0, Fonts: SIL OFL 1.1, Code: MIT License) Copyright 2025 Fonticons, Inc.--><path d="M439.6 236.1 244 40.5c-5.4-5.5-12.8-8.5-20.4-8.5s-15 3-20.4 8.4L162.5 81l51.5 51.5c27.1-9.1 52.7 16.8 43.4 43.7l49.7 49.7c34.2-11.8 61.2 31 35.5 56.7-26.5 26.5-70.2-2.9-56-37.3L240.3 199v121.9c25.3 12.5 22.3 41.8 9.1 55-6.4 6.4-15.2 10.1-24.3 10.1s-17.8-3.6-24.3-10.1c-17.6-17.6-11.1-46.9 11.2-56v-123c-20.8-8.5-24.6-30.7-18.6-45L142.6 101 8.5 235.1C3 240.6 0 247.9 0 255.5s3 15 8.5 20.4l195.6 195.7c5.4 5.4 12.7 8.4 20.4 8.4s15-3 20.4-8.4l194.7-194.7c5.4-5.4 8.4-12.8 8.4-20.4s-3-15-8.4-20.4"/></svg>
  170. </div>
  171. <div class="md-source__repository">
  172. External Secrets Operator
  173. </div>
  174. </a>
  175. </div>
  176. <ul class="md-nav__list" data-md-scrollfix>
  177. <li class="md-nav__item md-nav__item--nested">
  178. <input class="md-nav__toggle md-toggle md-toggle--indeterminate" type="checkbox" id="__nav_1" >
  179. <div class="md-nav__link md-nav__container">
  180. <a href="../.." class="md-nav__link ">
  181. <span class="md-ellipsis">
  182. Introduction
  183. </span>
  184. </a>
  185. <label class="md-nav__link " for="__nav_1" id="__nav_1_label" tabindex="0">
  186. <span class="md-nav__icon md-icon"></span>
  187. </label>
  188. </div>
  189. <nav class="md-nav" data-md-level="1" aria-labelledby="__nav_1_label" aria-expanded="false">
  190. <label class="md-nav__title" for="__nav_1">
  191. <span class="md-nav__icon md-icon"></span>
  192. Introduction
  193. </label>
  194. <ul class="md-nav__list" data-md-scrollfix>
  195. <li class="md-nav__item">
  196. <a href="../../introduction/overview/" class="md-nav__link">
  197. <span class="md-ellipsis">
  198. Overview
  199. </span>
  200. </a>
  201. </li>
  202. <li class="md-nav__item">
  203. <a href="../../introduction/glossary/" class="md-nav__link">
  204. <span class="md-ellipsis">
  205. Glossary
  206. </span>
  207. </a>
  208. </li>
  209. <li class="md-nav__item">
  210. <a href="../../introduction/prerequisites/" class="md-nav__link">
  211. <span class="md-ellipsis">
  212. Prerequisites
  213. </span>
  214. </a>
  215. </li>
  216. <li class="md-nav__item">
  217. <a href="../../introduction/getting-started/" class="md-nav__link">
  218. <span class="md-ellipsis">
  219. Getting started
  220. </span>
  221. </a>
  222. </li>
  223. <li class="md-nav__item">
  224. <a href="../../introduction/faq/" class="md-nav__link">
  225. <span class="md-ellipsis">
  226. FAQ
  227. </span>
  228. </a>
  229. </li>
  230. <li class="md-nav__item">
  231. <a href="../../introduction/stability-support/" class="md-nav__link">
  232. <span class="md-ellipsis">
  233. Stability and Support
  234. </span>
  235. </a>
  236. </li>
  237. <li class="md-nav__item">
  238. <a href="../../introduction/deprecation-policy/" class="md-nav__link">
  239. <span class="md-ellipsis">
  240. Deprecation Policy
  241. </span>
  242. </a>
  243. </li>
  244. </ul>
  245. </nav>
  246. </li>
  247. <li class="md-nav__item md-nav__item--nested">
  248. <input class="md-nav__toggle md-toggle md-toggle--indeterminate" type="checkbox" id="__nav_2" >
  249. <label class="md-nav__link" for="__nav_2" id="__nav_2_label" tabindex="0">
  250. <span class="md-ellipsis">
  251. API
  252. </span>
  253. <span class="md-nav__icon md-icon"></span>
  254. </label>
  255. <nav class="md-nav" data-md-level="1" aria-labelledby="__nav_2_label" aria-expanded="false">
  256. <label class="md-nav__title" for="__nav_2">
  257. <span class="md-nav__icon md-icon"></span>
  258. API
  259. </label>
  260. <ul class="md-nav__list" data-md-scrollfix>
  261. <li class="md-nav__item">
  262. <a href="../../api/components/" class="md-nav__link">
  263. <span class="md-ellipsis">
  264. Components
  265. </span>
  266. </a>
  267. </li>
  268. <li class="md-nav__item md-nav__item--nested">
  269. <input class="md-nav__toggle md-toggle md-toggle--indeterminate" type="checkbox" id="__nav_2_2" >
  270. <label class="md-nav__link" for="__nav_2_2" id="__nav_2_2_label" tabindex="0">
  271. <span class="md-ellipsis">
  272. Core Resources
  273. </span>
  274. <span class="md-nav__icon md-icon"></span>
  275. </label>
  276. <nav class="md-nav" data-md-level="2" aria-labelledby="__nav_2_2_label" aria-expanded="false">
  277. <label class="md-nav__title" for="__nav_2_2">
  278. <span class="md-nav__icon md-icon"></span>
  279. Core Resources
  280. </label>
  281. <ul class="md-nav__list" data-md-scrollfix>
  282. <li class="md-nav__item">
  283. <a href="../../api/externalsecret/" class="md-nav__link">
  284. <span class="md-ellipsis">
  285. ExternalSecret
  286. </span>
  287. </a>
  288. </li>
  289. <li class="md-nav__item">
  290. <a href="../../api/secretstore/" class="md-nav__link">
  291. <span class="md-ellipsis">
  292. SecretStore
  293. </span>
  294. </a>
  295. </li>
  296. <li class="md-nav__item">
  297. <a href="../../api/clustersecretstore/" class="md-nav__link">
  298. <span class="md-ellipsis">
  299. ClusterSecretStore
  300. </span>
  301. </a>
  302. </li>
  303. <li class="md-nav__item">
  304. <a href="../../api/clusterexternalsecret/" class="md-nav__link">
  305. <span class="md-ellipsis">
  306. ClusterExternalSecret
  307. </span>
  308. </a>
  309. </li>
  310. <li class="md-nav__item">
  311. <a href="../../api/clusterpushsecret/" class="md-nav__link">
  312. <span class="md-ellipsis">
  313. ClusterPushSecret
  314. </span>
  315. </a>
  316. </li>
  317. <li class="md-nav__item">
  318. <a href="../../api/pushsecret/" class="md-nav__link">
  319. <span class="md-ellipsis">
  320. PushSecret
  321. </span>
  322. </a>
  323. </li>
  324. </ul>
  325. </nav>
  326. </li>
  327. <li class="md-nav__item md-nav__item--nested">
  328. <input class="md-nav__toggle md-toggle md-toggle--indeterminate" type="checkbox" id="__nav_2_3" >
  329. <div class="md-nav__link md-nav__container">
  330. <a href="../../api/generator/" class="md-nav__link ">
  331. <span class="md-ellipsis">
  332. Generators
  333. </span>
  334. </a>
  335. <label class="md-nav__link " for="__nav_2_3" id="__nav_2_3_label" tabindex="0">
  336. <span class="md-nav__icon md-icon"></span>
  337. </label>
  338. </div>
  339. <nav class="md-nav" data-md-level="2" aria-labelledby="__nav_2_3_label" aria-expanded="false">
  340. <label class="md-nav__title" for="__nav_2_3">
  341. <span class="md-nav__icon md-icon"></span>
  342. Generators
  343. </label>
  344. <ul class="md-nav__list" data-md-scrollfix>
  345. <li class="md-nav__item">
  346. <a href="../../api/generator/acr/" class="md-nav__link">
  347. <span class="md-ellipsis">
  348. Azure Container Registry
  349. </span>
  350. </a>
  351. </li>
  352. <li class="md-nav__item">
  353. <a href="../../api/generator/ecr/" class="md-nav__link">
  354. <span class="md-ellipsis">
  355. AWS Elastic Container Registry
  356. </span>
  357. </a>
  358. </li>
  359. <li class="md-nav__item">
  360. <a href="../../api/generator/sts/" class="md-nav__link">
  361. <span class="md-ellipsis">
  362. AWS STS Session Token
  363. </span>
  364. </a>
  365. </li>
  366. <li class="md-nav__item">
  367. <a href="../../api/generator/cloudsmith/" class="md-nav__link">
  368. <span class="md-ellipsis">
  369. Cloudsmith
  370. </span>
  371. </a>
  372. </li>
  373. <li class="md-nav__item">
  374. <a href="../../api/generator/cluster/" class="md-nav__link">
  375. <span class="md-ellipsis">
  376. Cluster Generator
  377. </span>
  378. </a>
  379. </li>
  380. <li class="md-nav__item">
  381. <a href="../../api/generator/gcr/" class="md-nav__link">
  382. <span class="md-ellipsis">
  383. Google Container Registry
  384. </span>
  385. </a>
  386. </li>
  387. <li class="md-nav__item">
  388. <a href="../../api/generator/grafana/" class="md-nav__link">
  389. <span class="md-ellipsis">
  390. Grafana
  391. </span>
  392. </a>
  393. </li>
  394. <li class="md-nav__item">
  395. <a href="../../api/generator/quay/" class="md-nav__link">
  396. <span class="md-ellipsis">
  397. Quay
  398. </span>
  399. </a>
  400. </li>
  401. <li class="md-nav__item">
  402. <a href="../../api/generator/vault/" class="md-nav__link">
  403. <span class="md-ellipsis">
  404. Vault Dynamic Secret
  405. </span>
  406. </a>
  407. </li>
  408. <li class="md-nav__item">
  409. <a href="../../api/generator/beyondtrustworkloadcredentials/" class="md-nav__link">
  410. <span class="md-ellipsis">
  411. BeyondTrust Workload Credentials
  412. </span>
  413. </a>
  414. </li>
  415. <li class="md-nav__item">
  416. <a href="../../api/generator/password/" class="md-nav__link">
  417. <span class="md-ellipsis">
  418. Password
  419. </span>
  420. </a>
  421. </li>
  422. <li class="md-nav__item">
  423. <a href="../../api/generator/fake/" class="md-nav__link">
  424. <span class="md-ellipsis">
  425. Fake
  426. </span>
  427. </a>
  428. </li>
  429. <li class="md-nav__item">
  430. <a href="../../api/generator/webhook/" class="md-nav__link">
  431. <span class="md-ellipsis">
  432. Webhook
  433. </span>
  434. </a>
  435. </li>
  436. <li class="md-nav__item">
  437. <a href="../../api/generator/github/" class="md-nav__link">
  438. <span class="md-ellipsis">
  439. Github
  440. </span>
  441. </a>
  442. </li>
  443. <li class="md-nav__item">
  444. <a href="../../api/generator/gitlab/" class="md-nav__link">
  445. <span class="md-ellipsis">
  446. Gitlab
  447. </span>
  448. </a>
  449. </li>
  450. <li class="md-nav__item">
  451. <a href="../../api/generator/uuid/" class="md-nav__link">
  452. <span class="md-ellipsis">
  453. UUID
  454. </span>
  455. </a>
  456. </li>
  457. <li class="md-nav__item">
  458. <a href="../../api/generator/mfa/" class="md-nav__link">
  459. <span class="md-ellipsis">
  460. MFA
  461. </span>
  462. </a>
  463. </li>
  464. <li class="md-nav__item">
  465. <a href="../../api/generator/sshkey/" class="md-nav__link">
  466. <span class="md-ellipsis">
  467. SSHKey
  468. </span>
  469. </a>
  470. </li>
  471. </ul>
  472. </nav>
  473. </li>
  474. <li class="md-nav__item md-nav__item--nested">
  475. <input class="md-nav__toggle md-toggle md-toggle--indeterminate" type="checkbox" id="__nav_2_4" >
  476. <label class="md-nav__link" for="__nav_2_4" id="__nav_2_4_label" tabindex="0">
  477. <span class="md-ellipsis">
  478. Reference Docs
  479. </span>
  480. <span class="md-nav__icon md-icon"></span>
  481. </label>
  482. <nav class="md-nav" data-md-level="2" aria-labelledby="__nav_2_4_label" aria-expanded="false">
  483. <label class="md-nav__title" for="__nav_2_4">
  484. <span class="md-nav__icon md-icon"></span>
  485. Reference Docs
  486. </label>
  487. <ul class="md-nav__list" data-md-scrollfix>
  488. <li class="md-nav__item">
  489. <a href="../../api/spec/" class="md-nav__link">
  490. <span class="md-ellipsis">
  491. API specification
  492. </span>
  493. </a>
  494. </li>
  495. <li class="md-nav__item">
  496. <a href="../../api/controller-options/" class="md-nav__link">
  497. <span class="md-ellipsis">
  498. Controller Options
  499. </span>
  500. </a>
  501. </li>
  502. <li class="md-nav__item">
  503. <a href="../../api/metrics/" class="md-nav__link">
  504. <span class="md-ellipsis">
  505. Metrics
  506. </span>
  507. </a>
  508. </li>
  509. <li class="md-nav__item">
  510. <a href="../../api/selectable-fields/" class="md-nav__link">
  511. <span class="md-ellipsis">
  512. Selectable Fields
  513. </span>
  514. </a>
  515. </li>
  516. </ul>
  517. </nav>
  518. </li>
  519. </ul>
  520. </nav>
  521. </li>
  522. <li class="md-nav__item md-nav__item--nested">
  523. <input class="md-nav__toggle md-toggle md-toggle--indeterminate" type="checkbox" id="__nav_3" >
  524. <label class="md-nav__link" for="__nav_3" id="__nav_3_label" tabindex="0">
  525. <span class="md-ellipsis">
  526. Guides
  527. </span>
  528. <span class="md-nav__icon md-icon"></span>
  529. </label>
  530. <nav class="md-nav" data-md-level="1" aria-labelledby="__nav_3_label" aria-expanded="false">
  531. <label class="md-nav__title" for="__nav_3">
  532. <span class="md-nav__icon md-icon"></span>
  533. Guides
  534. </label>
  535. <ul class="md-nav__list" data-md-scrollfix>
  536. <li class="md-nav__item">
  537. <a href="../../guides/introduction/" class="md-nav__link">
  538. <span class="md-ellipsis">
  539. Introduction
  540. </span>
  541. </a>
  542. </li>
  543. <li class="md-nav__item md-nav__item--nested">
  544. <input class="md-nav__toggle md-toggle md-toggle--indeterminate" type="checkbox" id="__nav_3_2" >
  545. <label class="md-nav__link" for="__nav_3_2" id="__nav_3_2_label" tabindex="0">
  546. <span class="md-ellipsis">
  547. External Secrets
  548. </span>
  549. <span class="md-nav__icon md-icon"></span>
  550. </label>
  551. <nav class="md-nav" data-md-level="2" aria-labelledby="__nav_3_2_label" aria-expanded="false">
  552. <label class="md-nav__title" for="__nav_3_2">
  553. <span class="md-nav__icon md-icon"></span>
  554. External Secrets
  555. </label>
  556. <ul class="md-nav__list" data-md-scrollfix>
  557. <li class="md-nav__item">
  558. <a href="../../guides/all-keys-one-secret/" class="md-nav__link">
  559. <span class="md-ellipsis">
  560. Extract structured data
  561. </span>
  562. </a>
  563. </li>
  564. <li class="md-nav__item">
  565. <a href="../../guides/getallsecrets/" class="md-nav__link">
  566. <span class="md-ellipsis">
  567. Find Secrets by Name or Metadata
  568. </span>
  569. </a>
  570. </li>
  571. <li class="md-nav__item">
  572. <a href="../../guides/datafrom-rewrite/" class="md-nav__link">
  573. <span class="md-ellipsis">
  574. Rewriting Keys
  575. </span>
  576. </a>
  577. </li>
  578. <li class="md-nav__item md-nav__item--nested">
  579. <input class="md-nav__toggle md-toggle md-toggle--indeterminate" type="checkbox" id="__nav_3_2_4" >
  580. <label class="md-nav__link" for="__nav_3_2_4" id="__nav_3_2_4_label" tabindex="0">
  581. <span class="md-ellipsis">
  582. Advanced Templating
  583. </span>
  584. <span class="md-nav__icon md-icon"></span>
  585. </label>
  586. <nav class="md-nav" data-md-level="3" aria-labelledby="__nav_3_2_4_label" aria-expanded="false">
  587. <label class="md-nav__title" for="__nav_3_2_4">
  588. <span class="md-nav__icon md-icon"></span>
  589. Advanced Templating
  590. </label>
  591. <ul class="md-nav__list" data-md-scrollfix>
  592. <li class="md-nav__item">
  593. <a href="../../guides/templating/" class="md-nav__link">
  594. <span class="md-ellipsis">
  595. v2
  596. </span>
  597. </a>
  598. </li>
  599. <li class="md-nav__item">
  600. <a href="../../guides/templating-v1/" class="md-nav__link">
  601. <span class="md-ellipsis">
  602. v1
  603. </span>
  604. </a>
  605. </li>
  606. </ul>
  607. </nav>
  608. </li>
  609. <li class="md-nav__item">
  610. <a href="../../guides/common-k8s-secret-types/" class="md-nav__link">
  611. <span class="md-ellipsis">
  612. Kubernetes Secret Types
  613. </span>
  614. </a>
  615. </li>
  616. <li class="md-nav__item">
  617. <a href="../../guides/ownership-deletion-policy/" class="md-nav__link">
  618. <span class="md-ellipsis">
  619. Lifecycle: ownership & deletion
  620. </span>
  621. </a>
  622. </li>
  623. <li class="md-nav__item">
  624. <a href="../../guides/decoding-strategy/" class="md-nav__link">
  625. <span class="md-ellipsis">
  626. Decoding Strategies
  627. </span>
  628. </a>
  629. </li>
  630. <li class="md-nav__item">
  631. <a href="../../guides/controller-class/" class="md-nav__link">
  632. <span class="md-ellipsis">
  633. Controller Classes
  634. </span>
  635. </a>
  636. </li>
  637. </ul>
  638. </nav>
  639. </li>
  640. <li class="md-nav__item">
  641. <a href="../../guides/targeting-custom-resources/" class="md-nav__link">
  642. <span class="md-ellipsis">
  643. Targeting Custom Resources
  644. </span>
  645. </a>
  646. </li>
  647. <li class="md-nav__item">
  648. <a href="../../guides/generator/" class="md-nav__link">
  649. <span class="md-ellipsis">
  650. Generators
  651. </span>
  652. </a>
  653. </li>
  654. <li class="md-nav__item">
  655. <a href="../../guides/pushsecrets/" class="md-nav__link">
  656. <span class="md-ellipsis">
  657. Push Secrets
  658. </span>
  659. </a>
  660. </li>
  661. <li class="md-nav__item md-nav__item--nested">
  662. <input class="md-nav__toggle md-toggle md-toggle--indeterminate" type="checkbox" id="__nav_3_6" >
  663. <label class="md-nav__link" for="__nav_3_6" id="__nav_3_6_label" tabindex="0">
  664. <span class="md-ellipsis">
  665. Operations
  666. </span>
  667. <span class="md-nav__icon md-icon"></span>
  668. </label>
  669. <nav class="md-nav" data-md-level="2" aria-labelledby="__nav_3_6_label" aria-expanded="false">
  670. <label class="md-nav__title" for="__nav_3_6">
  671. <span class="md-nav__icon md-icon"></span>
  672. Operations
  673. </label>
  674. <ul class="md-nav__list" data-md-scrollfix>
  675. <li class="md-nav__item">
  676. <a href="../../guides/multi-tenancy/" class="md-nav__link">
  677. <span class="md-ellipsis">
  678. Multi Tenancy
  679. </span>
  680. </a>
  681. </li>
  682. <li class="md-nav__item">
  683. <a href="../../guides/security-best-practices/" class="md-nav__link">
  684. <span class="md-ellipsis">
  685. Security Best Practices
  686. </span>
  687. </a>
  688. </li>
  689. <li class="md-nav__item">
  690. <a href="../../guides/threat-model/" class="md-nav__link">
  691. <span class="md-ellipsis">
  692. Threat Model
  693. </span>
  694. </a>
  695. </li>
  696. <li class="md-nav__item">
  697. <a href="../../guides/v1beta1/" class="md-nav__link">
  698. <span class="md-ellipsis">
  699. Upgrading to v1beta1
  700. </span>
  701. </a>
  702. </li>
  703. <li class="md-nav__item">
  704. <a href="../../guides/using-latest-image/" class="md-nav__link">
  705. <span class="md-ellipsis">
  706. Using Latest Image
  707. </span>
  708. </a>
  709. </li>
  710. <li class="md-nav__item">
  711. <a href="../../guides/disable-cluster-features/" class="md-nav__link">
  712. <span class="md-ellipsis">
  713. Disable Cluster Features
  714. </span>
  715. </a>
  716. </li>
  717. </ul>
  718. </nav>
  719. </li>
  720. <li class="md-nav__item md-nav__item--nested">
  721. <input class="md-nav__toggle md-toggle md-toggle--indeterminate" type="checkbox" id="__nav_3_7" >
  722. <label class="md-nav__link" for="__nav_3_7" id="__nav_3_7_label" tabindex="0">
  723. <span class="md-ellipsis">
  724. Tooling
  725. </span>
  726. <span class="md-nav__icon md-icon"></span>
  727. </label>
  728. <nav class="md-nav" data-md-level="2" aria-labelledby="__nav_3_7_label" aria-expanded="false">
  729. <label class="md-nav__title" for="__nav_3_7">
  730. <span class="md-nav__icon md-icon"></span>
  731. Tooling
  732. </label>
  733. <ul class="md-nav__list" data-md-scrollfix>
  734. <li class="md-nav__item">
  735. <a href="../../guides/using-esoctl-tool/" class="md-nav__link">
  736. <span class="md-ellipsis">
  737. Using the esoctl tool
  738. </span>
  739. </a>
  740. </li>
  741. </ul>
  742. </nav>
  743. </li>
  744. </ul>
  745. </nav>
  746. </li>
  747. <li class="md-nav__item md-nav__item--nested">
  748. <input class="md-nav__toggle md-toggle md-toggle--indeterminate" type="checkbox" id="__nav_4" >
  749. <label class="md-nav__link" for="__nav_4" id="__nav_4_label" tabindex="0">
  750. <span class="md-ellipsis">
  751. Provider
  752. </span>
  753. <span class="md-nav__icon md-icon"></span>
  754. </label>
  755. <nav class="md-nav" data-md-level="1" aria-labelledby="__nav_4_label" aria-expanded="false">
  756. <label class="md-nav__title" for="__nav_4">
  757. <span class="md-nav__icon md-icon"></span>
  758. Provider
  759. </label>
  760. <ul class="md-nav__list" data-md-scrollfix>
  761. <li class="md-nav__item">
  762. <a href="../../provider/aws-secrets-manager/" class="md-nav__link">
  763. <span class="md-ellipsis">
  764. AWS Secrets Manager
  765. </span>
  766. </a>
  767. </li>
  768. <li class="md-nav__item">
  769. <a href="../../provider/aws-parameter-store/" class="md-nav__link">
  770. <span class="md-ellipsis">
  771. AWS Parameter Store
  772. </span>
  773. </a>
  774. </li>
  775. <li class="md-nav__item">
  776. <a href="../../provider/aws-access/" class="md-nav__link">
  777. <span class="md-ellipsis">
  778. AWS Access
  779. </span>
  780. </a>
  781. </li>
  782. <li class="md-nav__item">
  783. <a href="../../provider/azure-key-vault/" class="md-nav__link">
  784. <span class="md-ellipsis">
  785. Azure Key Vault
  786. </span>
  787. </a>
  788. </li>
  789. <li class="md-nav__item">
  790. <a href="../../provider/barbican/" class="md-nav__link">
  791. <span class="md-ellipsis">
  792. Barbican
  793. </span>
  794. </a>
  795. </li>
  796. <li class="md-nav__item">
  797. <a href="../../provider/beyondtrust/" class="md-nav__link">
  798. <span class="md-ellipsis">
  799. BeyondTrust
  800. </span>
  801. </a>
  802. </li>
  803. <li class="md-nav__item">
  804. <a href="../../provider/beyondtrustworkloadcredentials/" class="md-nav__link">
  805. <span class="md-ellipsis">
  806. BeyondTrust Workload Credentials
  807. </span>
  808. </a>
  809. </li>
  810. <li class="md-nav__item">
  811. <a href="../../provider/bitwarden-secrets-manager/" class="md-nav__link">
  812. <span class="md-ellipsis">
  813. Bitwarden Secrets Manager
  814. </span>
  815. </a>
  816. </li>
  817. <li class="md-nav__item">
  818. <a href="../../provider/chef/" class="md-nav__link">
  819. <span class="md-ellipsis">
  820. Chef
  821. </span>
  822. </a>
  823. </li>
  824. <li class="md-nav__item">
  825. <a href="../../provider/cloudru/" class="md-nav__link">
  826. <span class="md-ellipsis">
  827. Cloud.ru Secret Manager
  828. </span>
  829. </a>
  830. </li>
  831. <li class="md-nav__item">
  832. <a href="../../provider/conjur/" class="md-nav__link">
  833. <span class="md-ellipsis">
  834. CyberArk Conjur
  835. </span>
  836. </a>
  837. </li>
  838. <li class="md-nav__item">
  839. <a href="../../provider/google-secrets-manager/" class="md-nav__link">
  840. <span class="md-ellipsis">
  841. Google Cloud Secret Manager
  842. </span>
  843. </a>
  844. </li>
  845. <li class="md-nav__item">
  846. <a href="../../provider/hashicorp-vault/" class="md-nav__link">
  847. <span class="md-ellipsis">
  848. HashiCorp Vault
  849. </span>
  850. </a>
  851. </li>
  852. <li class="md-nav__item">
  853. <a href="../../provider/kubernetes/" class="md-nav__link">
  854. <span class="md-ellipsis">
  855. Kubernetes
  856. </span>
  857. </a>
  858. </li>
  859. <li class="md-nav__item">
  860. <a href="../../provider/ibm-secrets-manager/" class="md-nav__link">
  861. <span class="md-ellipsis">
  862. IBM Secrets Manager
  863. </span>
  864. </a>
  865. </li>
  866. <li class="md-nav__item">
  867. <a href="../../provider/akeyless/" class="md-nav__link">
  868. <span class="md-ellipsis">
  869. Akeyless
  870. </span>
  871. </a>
  872. </li>
  873. <li class="md-nav__item">
  874. <a href="../../provider/yandex-certificate-manager/" class="md-nav__link">
  875. <span class="md-ellipsis">
  876. Yandex Certificate Manager
  877. </span>
  878. </a>
  879. </li>
  880. <li class="md-nav__item">
  881. <a href="../../provider/yandex-lockbox/" class="md-nav__link">
  882. <span class="md-ellipsis">
  883. Yandex Lockbox
  884. </span>
  885. </a>
  886. </li>
  887. <li class="md-nav__item">
  888. <a href="../../provider/gitlab-variables/" class="md-nav__link">
  889. <span class="md-ellipsis">
  890. GitLab Variables
  891. </span>
  892. </a>
  893. </li>
  894. <li class="md-nav__item">
  895. <a href="../../provider/github/" class="md-nav__link">
  896. <span class="md-ellipsis">
  897. Github Actions Secrets
  898. </span>
  899. </a>
  900. </li>
  901. <li class="md-nav__item">
  902. <a href="../../provider/oracle-vault/" class="md-nav__link">
  903. <span class="md-ellipsis">
  904. Oracle Vault
  905. </span>
  906. </a>
  907. </li>
  908. <li class="md-nav__item">
  909. <a href="../../provider/ovhcloud/" class="md-nav__link">
  910. <span class="md-ellipsis">
  911. OVHcloud
  912. </span>
  913. </a>
  914. </li>
  915. <li class="md-nav__item">
  916. <a href="../../provider/1password-automation/" class="md-nav__link">
  917. <span class="md-ellipsis">
  918. 1Password Connect Server
  919. </span>
  920. </a>
  921. </li>
  922. <li class="md-nav__item">
  923. <a href="../../provider/1password-sdk/" class="md-nav__link">
  924. <span class="md-ellipsis">
  925. 1Password SDK
  926. </span>
  927. </a>
  928. </li>
  929. <li class="md-nav__item">
  930. <a href="../../provider/webhook/" class="md-nav__link">
  931. <span class="md-ellipsis">
  932. Webhook
  933. </span>
  934. </a>
  935. </li>
  936. <li class="md-nav__item">
  937. <a href="../../provider/fake/" class="md-nav__link">
  938. <span class="md-ellipsis">
  939. Fake
  940. </span>
  941. </a>
  942. </li>
  943. <li class="md-nav__item">
  944. <a href="../../provider/senhasegura-dsm/" class="md-nav__link">
  945. <span class="md-ellipsis">
  946. senhasegura DevOps Secrets Management (DSM)
  947. </span>
  948. </a>
  949. </li>
  950. <li class="md-nav__item">
  951. <a href="../../provider/doppler/" class="md-nav__link">
  952. <span class="md-ellipsis">
  953. Doppler
  954. </span>
  955. </a>
  956. </li>
  957. <li class="md-nav__item">
  958. <a href="../../provider/keeper-security/" class="md-nav__link">
  959. <span class="md-ellipsis">
  960. Keeper Security
  961. </span>
  962. </a>
  963. </li>
  964. <li class="md-nav__item">
  965. <a href="../../provider/cloak/" class="md-nav__link">
  966. <span class="md-ellipsis">
  967. Cloak End 2 End Encrypted Secrets
  968. </span>
  969. </a>
  970. </li>
  971. <li class="md-nav__item">
  972. <a href="../../provider/scaleway/" class="md-nav__link">
  973. <span class="md-ellipsis">
  974. Scaleway
  975. </span>
  976. </a>
  977. </li>
  978. <li class="md-nav__item">
  979. <a href="../../provider/delinea/" class="md-nav__link">
  980. <span class="md-ellipsis">
  981. Delinea
  982. </span>
  983. </a>
  984. </li>
  985. <li class="md-nav__item">
  986. <a href="../../provider/secretserver/" class="md-nav__link">
  987. <span class="md-ellipsis">
  988. Secret Server
  989. </span>
  990. </a>
  991. </li>
  992. <li class="md-nav__item">
  993. <a href="../../provider/passbolt/" class="md-nav__link">
  994. <span class="md-ellipsis">
  995. Passbolt
  996. </span>
  997. </a>
  998. </li>
  999. <li class="md-nav__item">
  1000. <a href="../../provider/pulumi/" class="md-nav__link">
  1001. <span class="md-ellipsis">
  1002. Pulumi ESC
  1003. </span>
  1004. </a>
  1005. </li>
  1006. <li class="md-nav__item">
  1007. <a href="../../provider/onboardbase/" class="md-nav__link">
  1008. <span class="md-ellipsis">
  1009. Onboardbase
  1010. </span>
  1011. </a>
  1012. </li>
  1013. <li class="md-nav__item">
  1014. <a href="../../provider-passworddepot/" class="md-nav__link">
  1015. <span class="md-ellipsis">
  1016. Password Depot
  1017. </span>
  1018. </a>
  1019. </li>
  1020. <li class="md-nav__item">
  1021. <a href="../../provider/fortanix/" class="md-nav__link">
  1022. <span class="md-ellipsis">
  1023. Fortanix
  1024. </span>
  1025. </a>
  1026. </li>
  1027. <li class="md-nav__item">
  1028. <a href="../../provider/infisical/" class="md-nav__link">
  1029. <span class="md-ellipsis">
  1030. Infisical
  1031. </span>
  1032. </a>
  1033. </li>
  1034. <li class="md-nav__item">
  1035. <a href="../../provider/previder/" class="md-nav__link">
  1036. <span class="md-ellipsis">
  1037. Previder
  1038. </span>
  1039. </a>
  1040. </li>
  1041. <li class="md-nav__item">
  1042. <a href="../../provider/openbao/" class="md-nav__link">
  1043. <span class="md-ellipsis">
  1044. OpenBao
  1045. </span>
  1046. </a>
  1047. </li>
  1048. <li class="md-nav__item">
  1049. <a href="../../provider/volcengine/" class="md-nav__link">
  1050. <span class="md-ellipsis">
  1051. Volcengine
  1052. </span>
  1053. </a>
  1054. </li>
  1055. <li class="md-nav__item">
  1056. <a href="../../provider/ngrok/" class="md-nav__link">
  1057. <span class="md-ellipsis">
  1058. ngrok
  1059. </span>
  1060. </a>
  1061. </li>
  1062. <li class="md-nav__item">
  1063. <a href="../../provider/devolutions-server/" class="md-nav__link">
  1064. <span class="md-ellipsis">
  1065. Devolutions Server
  1066. </span>
  1067. </a>
  1068. </li>
  1069. <li class="md-nav__item">
  1070. <a href="../../provider/nebius-mysterybox/" class="md-nav__link">
  1071. <span class="md-ellipsis">
  1072. Nebius MysteryBox
  1073. </span>
  1074. </a>
  1075. </li>
  1076. </ul>
  1077. </nav>
  1078. </li>
  1079. <li class="md-nav__item md-nav__item--active md-nav__item--section md-nav__item--nested">
  1080. <input class="md-nav__toggle md-toggle " type="checkbox" id="__nav_5" checked>
  1081. <label class="md-nav__link" for="__nav_5" id="__nav_5_label" tabindex="">
  1082. <span class="md-ellipsis">
  1083. Examples
  1084. </span>
  1085. <span class="md-nav__icon md-icon"></span>
  1086. </label>
  1087. <nav class="md-nav" data-md-level="1" aria-labelledby="__nav_5_label" aria-expanded="true">
  1088. <label class="md-nav__title" for="__nav_5">
  1089. <span class="md-nav__icon md-icon"></span>
  1090. Examples
  1091. </label>
  1092. <ul class="md-nav__list" data-md-scrollfix>
  1093. <li class="md-nav__item md-nav__item--active">
  1094. <input class="md-nav__toggle md-toggle" type="checkbox" id="__toc">
  1095. <label class="md-nav__link md-nav__link--active" for="__toc">
  1096. <span class="md-ellipsis">
  1097. FluxCD
  1098. </span>
  1099. <span class="md-nav__icon md-icon"></span>
  1100. </label>
  1101. <a href="./" class="md-nav__link md-nav__link--active">
  1102. <span class="md-ellipsis">
  1103. FluxCD
  1104. </span>
  1105. </a>
  1106. <nav class="md-nav md-nav--secondary" aria-label="Table of contents">
  1107. <label class="md-nav__title" for="__toc">
  1108. <span class="md-nav__icon md-icon"></span>
  1109. Table of contents
  1110. </label>
  1111. <ul class="md-nav__list" data-md-component="toc" data-md-scrollfix>
  1112. <li class="md-nav__item">
  1113. <a href="#advantages" class="md-nav__link">
  1114. <span class="md-ellipsis">
  1115. Advantages
  1116. </span>
  1117. </a>
  1118. </li>
  1119. <li class="md-nav__item">
  1120. <a href="#the-approach" class="md-nav__link">
  1121. <span class="md-ellipsis">
  1122. The approach
  1123. </span>
  1124. </a>
  1125. </li>
  1126. <li class="md-nav__item">
  1127. <a href="#the-problem" class="md-nav__link">
  1128. <span class="md-ellipsis">
  1129. The problem
  1130. </span>
  1131. </a>
  1132. </li>
  1133. <li class="md-nav__item">
  1134. <a href="#the-solution" class="md-nav__link">
  1135. <span class="md-ellipsis">
  1136. The solution
  1137. </span>
  1138. </a>
  1139. </li>
  1140. <li class="md-nav__item">
  1141. <a href="#create-the-main-kustomization" class="md-nav__link">
  1142. <span class="md-ellipsis">
  1143. Create the main kustomization
  1144. </span>
  1145. </a>
  1146. </li>
  1147. <li class="md-nav__item">
  1148. <a href="#create-the-secret" class="md-nav__link">
  1149. <span class="md-ellipsis">
  1150. Create the secret
  1151. </span>
  1152. </a>
  1153. </li>
  1154. <li class="md-nav__item">
  1155. <a href="#creating-the-references-to-repositories" class="md-nav__link">
  1156. <span class="md-ellipsis">
  1157. Creating the references to repositories
  1158. </span>
  1159. </a>
  1160. </li>
  1161. <li class="md-nav__item">
  1162. <a href="#deploy-the-crds" class="md-nav__link">
  1163. <span class="md-ellipsis">
  1164. Deploy the CRDs
  1165. </span>
  1166. </a>
  1167. </li>
  1168. <li class="md-nav__item">
  1169. <a href="#deploy-the-operator" class="md-nav__link">
  1170. <span class="md-ellipsis">
  1171. Deploy the operator
  1172. </span>
  1173. </a>
  1174. </li>
  1175. <li class="md-nav__item">
  1176. <a href="#deploy-the-crs" class="md-nav__link">
  1177. <span class="md-ellipsis">
  1178. Deploy the CRs
  1179. </span>
  1180. </a>
  1181. </li>
  1182. <li class="md-nav__item">
  1183. <a href="#results" class="md-nav__link">
  1184. <span class="md-ellipsis">
  1185. Results
  1186. </span>
  1187. </a>
  1188. </li>
  1189. </ul>
  1190. </nav>
  1191. </li>
  1192. <li class="md-nav__item">
  1193. <a href="../anchore-engine-credentials/" class="md-nav__link">
  1194. <span class="md-ellipsis">
  1195. Anchore Engine
  1196. </span>
  1197. </a>
  1198. </li>
  1199. <li class="md-nav__item">
  1200. <a href="../jenkins-kubernetes-credentials/" class="md-nav__link">
  1201. <span class="md-ellipsis">
  1202. Jenkins
  1203. </span>
  1204. </a>
  1205. </li>
  1206. <li class="md-nav__item">
  1207. <a href="../bitwarden/" class="md-nav__link">
  1208. <span class="md-ellipsis">
  1209. Bitwarden
  1210. </span>
  1211. </a>
  1212. </li>
  1213. </ul>
  1214. </nav>
  1215. </li>
  1216. <li class="md-nav__item md-nav__item--nested">
  1217. <input class="md-nav__toggle md-toggle md-toggle--indeterminate" type="checkbox" id="__nav_6" >
  1218. <label class="md-nav__link" for="__nav_6" id="__nav_6_label" tabindex="0">
  1219. <span class="md-ellipsis">
  1220. Community
  1221. </span>
  1222. <span class="md-nav__icon md-icon"></span>
  1223. </label>
  1224. <nav class="md-nav" data-md-level="1" aria-labelledby="__nav_6_label" aria-expanded="false">
  1225. <label class="md-nav__title" for="__nav_6">
  1226. <span class="md-nav__icon md-icon"></span>
  1227. Community
  1228. </label>
  1229. <ul class="md-nav__list" data-md-scrollfix>
  1230. <li class="md-nav__item md-nav__item--nested">
  1231. <input class="md-nav__toggle md-toggle md-toggle--indeterminate" type="checkbox" id="__nav_6_1" >
  1232. <label class="md-nav__link" for="__nav_6_1" id="__nav_6_1_label" tabindex="0">
  1233. <span class="md-ellipsis">
  1234. Contributing
  1235. </span>
  1236. <span class="md-nav__icon md-icon"></span>
  1237. </label>
  1238. <nav class="md-nav" data-md-level="2" aria-labelledby="__nav_6_1_label" aria-expanded="false">
  1239. <label class="md-nav__title" for="__nav_6_1">
  1240. <span class="md-nav__icon md-icon"></span>
  1241. Contributing
  1242. </label>
  1243. <ul class="md-nav__list" data-md-scrollfix>
  1244. <li class="md-nav__item">
  1245. <a href="../../contributing/devguide/" class="md-nav__link">
  1246. <span class="md-ellipsis">
  1247. Developer guide
  1248. </span>
  1249. </a>
  1250. </li>
  1251. <li class="md-nav__item">
  1252. <a href="../../contributing/process/" class="md-nav__link">
  1253. <span class="md-ellipsis">
  1254. Contributing Process
  1255. </span>
  1256. </a>
  1257. </li>
  1258. <li class="md-nav__item">
  1259. <a href="../../contributing/release/" class="md-nav__link">
  1260. <span class="md-ellipsis">
  1261. Release Process
  1262. </span>
  1263. </a>
  1264. </li>
  1265. <li class="md-nav__item">
  1266. <a href="../../contributing/coc/" class="md-nav__link">
  1267. <span class="md-ellipsis">
  1268. Code of Conduct
  1269. </span>
  1270. </a>
  1271. </li>
  1272. <li class="md-nav__item">
  1273. <a href="../../contributing/calendar/" class="md-nav__link">
  1274. <span class="md-ellipsis">
  1275. Community meetings calendar
  1276. </span>
  1277. </a>
  1278. </li>
  1279. <li class="md-nav__item">
  1280. <a href="../../contributing/roadmap/" class="md-nav__link">
  1281. <span class="md-ellipsis">
  1282. Roadmap
  1283. </span>
  1284. </a>
  1285. </li>
  1286. <li class="md-nav__item">
  1287. <a href="../../contributing/burnout-mitigation/" class="md-nav__link">
  1288. <span class="md-ellipsis">
  1289. Burnout Prevention
  1290. </span>
  1291. </a>
  1292. </li>
  1293. <li class="md-nav__item">
  1294. <a href="../../contributing/llm-policy/" class="md-nav__link">
  1295. <span class="md-ellipsis">
  1296. LLM Policy
  1297. </span>
  1298. </a>
  1299. </li>
  1300. </ul>
  1301. </nav>
  1302. </li>
  1303. <li class="md-nav__item md-nav__item--nested">
  1304. <input class="md-nav__toggle md-toggle md-toggle--indeterminate" type="checkbox" id="__nav_6_2" >
  1305. <label class="md-nav__link" for="__nav_6_2" id="__nav_6_2_label" tabindex="0">
  1306. <span class="md-ellipsis">
  1307. External Resources
  1308. </span>
  1309. <span class="md-nav__icon md-icon"></span>
  1310. </label>
  1311. <nav class="md-nav" data-md-level="2" aria-labelledby="__nav_6_2_label" aria-expanded="false">
  1312. <label class="md-nav__title" for="__nav_6_2">
  1313. <span class="md-nav__icon md-icon"></span>
  1314. External Resources
  1315. </label>
  1316. <ul class="md-nav__list" data-md-scrollfix>
  1317. <li class="md-nav__item">
  1318. <a href="../../eso-talks/" class="md-nav__link">
  1319. <span class="md-ellipsis">
  1320. Talks
  1321. </span>
  1322. </a>
  1323. </li>
  1324. <li class="md-nav__item">
  1325. <a href="../../eso-demos/" class="md-nav__link">
  1326. <span class="md-ellipsis">
  1327. Demos
  1328. </span>
  1329. </a>
  1330. </li>
  1331. <li class="md-nav__item">
  1332. <a href="../../eso-blogs/" class="md-nav__link">
  1333. <span class="md-ellipsis">
  1334. Blogs
  1335. </span>
  1336. </a>
  1337. </li>
  1338. <li class="md-nav__item">
  1339. <a href="../../eso-tools/" class="md-nav__link">
  1340. <span class="md-ellipsis">
  1341. Tools
  1342. </span>
  1343. </a>
  1344. </li>
  1345. </ul>
  1346. </nav>
  1347. </li>
  1348. </ul>
  1349. </nav>
  1350. </li>
  1351. </ul>
  1352. </nav>
  1353. </div>
  1354. </div>
  1355. </div>
  1356. <div class="md-sidebar md-sidebar--secondary" data-md-component="sidebar" data-md-type="toc" >
  1357. <div class="md-sidebar__scrollwrap">
  1358. <div class="md-sidebar__inner">
  1359. <nav class="md-nav md-nav--secondary" aria-label="Table of contents">
  1360. <label class="md-nav__title" for="__toc">
  1361. <span class="md-nav__icon md-icon"></span>
  1362. Table of contents
  1363. </label>
  1364. <ul class="md-nav__list" data-md-component="toc" data-md-scrollfix>
  1365. <li class="md-nav__item">
  1366. <a href="#advantages" class="md-nav__link">
  1367. <span class="md-ellipsis">
  1368. Advantages
  1369. </span>
  1370. </a>
  1371. </li>
  1372. <li class="md-nav__item">
  1373. <a href="#the-approach" class="md-nav__link">
  1374. <span class="md-ellipsis">
  1375. The approach
  1376. </span>
  1377. </a>
  1378. </li>
  1379. <li class="md-nav__item">
  1380. <a href="#the-problem" class="md-nav__link">
  1381. <span class="md-ellipsis">
  1382. The problem
  1383. </span>
  1384. </a>
  1385. </li>
  1386. <li class="md-nav__item">
  1387. <a href="#the-solution" class="md-nav__link">
  1388. <span class="md-ellipsis">
  1389. The solution
  1390. </span>
  1391. </a>
  1392. </li>
  1393. <li class="md-nav__item">
  1394. <a href="#create-the-main-kustomization" class="md-nav__link">
  1395. <span class="md-ellipsis">
  1396. Create the main kustomization
  1397. </span>
  1398. </a>
  1399. </li>
  1400. <li class="md-nav__item">
  1401. <a href="#create-the-secret" class="md-nav__link">
  1402. <span class="md-ellipsis">
  1403. Create the secret
  1404. </span>
  1405. </a>
  1406. </li>
  1407. <li class="md-nav__item">
  1408. <a href="#creating-the-references-to-repositories" class="md-nav__link">
  1409. <span class="md-ellipsis">
  1410. Creating the references to repositories
  1411. </span>
  1412. </a>
  1413. </li>
  1414. <li class="md-nav__item">
  1415. <a href="#deploy-the-crds" class="md-nav__link">
  1416. <span class="md-ellipsis">
  1417. Deploy the CRDs
  1418. </span>
  1419. </a>
  1420. </li>
  1421. <li class="md-nav__item">
  1422. <a href="#deploy-the-operator" class="md-nav__link">
  1423. <span class="md-ellipsis">
  1424. Deploy the operator
  1425. </span>
  1426. </a>
  1427. </li>
  1428. <li class="md-nav__item">
  1429. <a href="#deploy-the-crs" class="md-nav__link">
  1430. <span class="md-ellipsis">
  1431. Deploy the CRs
  1432. </span>
  1433. </a>
  1434. </li>
  1435. <li class="md-nav__item">
  1436. <a href="#results" class="md-nav__link">
  1437. <span class="md-ellipsis">
  1438. Results
  1439. </span>
  1440. </a>
  1441. </li>
  1442. </ul>
  1443. </nav>
  1444. </div>
  1445. </div>
  1446. </div>
  1447. <div class="md-content" data-md-component="content">
  1448. <article class="md-content__inner md-typeset">
  1449. <h1 id="gitops-using-fluxcd-v2">GitOps using FluxCD (v2)</h1>
  1450. <p>FluxCD is a GitOps operator for Kubernetes. It synchronizes the status of the cluster from manifests allocated in
  1451. different repositories (Git or Helm). This approach fits perfectly with External Secrets on clusters which are dynamically
  1452. created, to get credentials with no manual intervention from the beginning.</p>
  1453. <h2 id="advantages">Advantages</h2>
  1454. <p>This approach has several advantages as follows:</p>
  1455. <ul>
  1456. <li><strong>Homogenize environments</strong> allowing developers to use the same toolset in Kind in the same way they do in the cloud
  1457. provider distributions such as EKS or GKE. This accelerates the development</li>
  1458. <li><strong>Reduce security risks</strong>, because credentials can be easily obtained, so temptation to store them locally is reduced.</li>
  1459. <li><strong>Application compatibility increase</strong>: Applications are deployed in different ways, and sometimes they need to share
  1460. credentials. This can be done using External Secrets as a wire for them at real time.</li>
  1461. <li><strong>Automation by default</strong> oh, come on!</li>
  1462. </ul>
  1463. <h2 id="the-approach">The approach</h2>
  1464. <p>FluxCD is composed by several controllers dedicated to manage different custom resources. The most important
  1465. ones are <strong>Kustomization</strong> (to clarify, Flux one, not Kubernetes' one) and <strong>HelmRelease</strong> to deploy using the approaches
  1466. of the same names.</p>
  1467. <p>External Secrets can be deployed using Helm <a href="../../introduction/getting-started/">as explained here</a>. The deployment includes the
  1468. CRDs if enabled on the <code>values.yaml</code>, but after this, you need to deploy some <code>SecretStore</code> to start
  1469. getting credentials from your secrets manager with External Secrets.</p>
  1470. <blockquote>
  1471. <p>The idea of this guide is to deploy the whole stack, using flux, needed by developers not to worry about the credentials,
  1472. but only about the application and its code.</p>
  1473. </blockquote>
  1474. <h2 id="the-problem">The problem</h2>
  1475. <p>This can sound easy, but External Secrets is deployed using Helm, which is managed by the HelmController,
  1476. and your custom resources, for example a <code>ClusterSecretStore</code> and the related <code>Secret</code>, are often deployed using a
  1477. <code>kustomization.yaml</code>, which is deployed by the KustomizeController.</p>
  1478. <p>Both controllers manage the resources independently, at different moments, with no possibility to wait each other.
  1479. This means that we have a wonderful race condition where sometimes the CRs (<code>SecretStore</code>,<code>ClusterSecretStore</code>...) tries
  1480. to be deployed before than the CRDs needed to recognize them.</p>
  1481. <p>A second, subtler race exists around the <strong>admission webhook</strong>. External Secrets ships a <code>ValidatingWebhookConfiguration</code>
  1482. that is registered in the API server as soon as the HelmRelease is applied, before the webhook pod has had time to start
  1483. serving. If a Kustomization tries to apply an <code>ExternalSecret</code> or <code>ClusterSecretStore</code> in that brief window, the API
  1484. server performs a dry-run validation, the webhook endpoint returns <code>connection refused</code>, and the reconciliation fails with:</p>
  1485. <div class="highlight"><pre><span></span><code>Internal error occurred: failed calling webhook &quot;validate.externalsecret.external-secrets.io&quot;: ...
  1486. dial tcp &lt;ip&gt;:443: connect: connection refused
  1487. </code></pre></div>
  1488. <p>Flux retries after <code>interval</code> (typically 10 minutes), so everything works on the second attempt, but the initial
  1489. deployment always fails. The fix is a three-level dependency chain that ensures the webhook pod is healthy before
  1490. any CR is applied.</p>
  1491. <h2 id="the-solution">The solution</h2>
  1492. <p>Let's see the conditions to start working on a solution:</p>
  1493. <ul>
  1494. <li>The External Secrets operator is deployed with Helm, and admits disabling the CRDs deployment</li>
  1495. <li>The race condition only affects the deployment of <code>CustomResourceDefinition</code> and the CRs needed later</li>
  1496. <li>CRDs can be deployed directly from the Git repository of the project using a Flux <code>Kustomization</code></li>
  1497. <li>The operator HelmRelease is wrapped in its own Flux <code>Kustomization</code> with <code>wait: true</code> so it only
  1498. reports Ready after all deployed resources (including the webhook pod) are healthy</li>
  1499. <li>Required CRs can be deployed using a Flux <code>Kustomization</code> that depends on the operator Kustomization,
  1500. not just the CRDs, guaranteeing the webhook is serving before any CR dry-run is attempted</li>
  1501. <li>All previous manifests can be applied with a Kubernetes <code>kustomization</code></li>
  1502. </ul>
  1503. <p>The dependency chain is:</p>
  1504. <div class="highlight"><pre><span></span><code>external-secrets-crds --&gt; external-secrets-operator (wait: true) --&gt; external-secrets-crs
  1505. </code></pre></div>
  1506. <h2 id="create-the-main-kustomization">Create the main kustomization</h2>
  1507. <p>To have a better view of things needed later, the first manifest to be created is the <code>kustomization.yaml</code></p>
  1508. <div class="highlight"><pre><span></span><code><span class="nt">apiVersion</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">kustomize.config.k8s.io/v1beta1</span>
  1509. <span class="nt">kind</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">Kustomization</span>
  1510. <span class="nt">resources</span><span class="p">:</span>
  1511. <span class="c1"># Deploy the Vault access secret</span>
  1512. <span class="p p-Indicator">-</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">namespace.yaml</span>
  1513. <span class="p p-Indicator">-</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">secret-token.yaml</span>
  1514. <span class="c1"># Deploy the repositories</span>
  1515. <span class="p p-Indicator">-</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">repositories.yaml</span>
  1516. <span class="c1"># Deploy the CRDs</span>
  1517. <span class="p p-Indicator">-</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">deployment-crds.yaml</span>
  1518. <span class="c1"># Deploy the operator (wrapped in a Kustomization so wait: true gates the CRs)</span>
  1519. <span class="p p-Indicator">-</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">deployment-operator.yaml</span>
  1520. <span class="c1"># Deploy default Custom Resources from &#39;crs&#39; directory</span>
  1521. <span class="c1"># INFO: This depends on the operator deployment. Will happen after the webhook is ready</span>
  1522. <span class="p p-Indicator">-</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">deployment-crs.yaml</span>
  1523. </code></pre></div>
  1524. <h2 id="create-the-secret">Create the secret</h2>
  1525. <p>To access your secret manager, External Secrets needs some credentials. They are stored inside a Secret, which is intended
  1526. to be deployed by automation as a good practise. This time, a placeholder called <code>secret-token.yaml</code> is show as an example:</p>
  1527. <div class="highlight"><pre><span></span><code><span class="c1"># The namespace.yaml first</span>
  1528. <span class="nt">apiVersion</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">v1</span>
  1529. <span class="nt">kind</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">Namespace</span>
  1530. <span class="nt">metadata</span><span class="p">:</span>
  1531. <span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">external-secrets</span>
  1532. </code></pre></div>
  1533. <div class="highlight"><pre><span></span><code><span class="nt">apiVersion</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">v1</span>
  1534. <span class="nt">kind</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">Secret</span>
  1535. <span class="nt">metadata</span><span class="p">:</span>
  1536. <span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">vault-token-global</span>
  1537. <span class="w"> </span><span class="nt">namespace</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">external-secrets</span>
  1538. <span class="nt">stringData</span><span class="p">:</span>
  1539. <span class="w"> </span><span class="c1"># This token must be patched by overlays. Not here for security reasons</span>
  1540. <span class="w"> </span><span class="nt">token</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">change-me-placeholder</span>
  1541. </code></pre></div>
  1542. <h2 id="creating-the-references-to-repositories">Creating the references to repositories</h2>
  1543. <p>Create a manifest called <code>repositories.yaml</code> to store the references to external repositories for Flux</p>
  1544. <div class="highlight"><pre><span></span><code><span class="c1"># Reference to Helm repository</span>
  1545. <span class="nt">apiVersion</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">source.toolkit.fluxcd.io/v1</span>
  1546. <span class="nt">kind</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">HelmRepository</span>
  1547. <span class="nt">metadata</span><span class="p">:</span>
  1548. <span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">external-secrets</span>
  1549. <span class="w"> </span><span class="nt">namespace</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">flux-system</span>
  1550. <span class="nt">spec</span><span class="p">:</span>
  1551. <span class="w"> </span><span class="nt">interval</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">10m</span>
  1552. <span class="w"> </span><span class="nt">url</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">https://charts.external-secrets.io</span>
  1553. <span class="nn">---</span>
  1554. <span class="nt">apiVersion</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">source.toolkit.fluxcd.io/v1</span>
  1555. <span class="nt">kind</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">GitRepository</span>
  1556. <span class="nt">metadata</span><span class="p">:</span>
  1557. <span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">external-secrets</span>
  1558. <span class="w"> </span><span class="nt">namespace</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">flux-system</span>
  1559. <span class="nt">spec</span><span class="p">:</span>
  1560. <span class="w"> </span><span class="nt">interval</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">10m</span>
  1561. <span class="w"> </span><span class="nt">ref</span><span class="p">:</span>
  1562. <span class="w"> </span><span class="nt">tag</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">v1.3.1</span>
  1563. <span class="w"> </span><span class="nt">url</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">https://github.com/external-secrets/external-secrets</span>
  1564. </code></pre></div>
  1565. <h2 id="deploy-the-crds">Deploy the CRDs</h2>
  1566. <p>As mentioned, CRDs can be deployed using the official Helm package, but to solve the race condition, they will be deployed
  1567. from our git repository using a Kustomization manifest called <code>deployment-crds.yaml</code> as follows:</p>
  1568. <div class="highlight"><pre><span></span><code><span class="nn">---</span>
  1569. <span class="nt">apiVersion</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">kustomize.toolkit.fluxcd.io/v1</span>
  1570. <span class="nt">kind</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">Kustomization</span>
  1571. <span class="nt">metadata</span><span class="p">:</span>
  1572. <span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">external-secrets-crds</span>
  1573. <span class="w"> </span><span class="nt">namespace</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">flux-system</span>
  1574. <span class="nt">spec</span><span class="p">:</span>
  1575. <span class="w"> </span><span class="nt">interval</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">10m</span>
  1576. <span class="w"> </span><span class="nt">path</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">./config/crds/bases</span>
  1577. <span class="w"> </span><span class="nt">prune</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">true</span>
  1578. <span class="w"> </span><span class="nt">wait</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">true</span>
  1579. <span class="w"> </span><span class="nt">sourceRef</span><span class="p">:</span>
  1580. <span class="w"> </span><span class="nt">kind</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">GitRepository</span>
  1581. <span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">external-secrets</span>
  1582. </code></pre></div>
  1583. <p>Note the <code>wait: true</code> field. This ensures the Kustomization only reports Ready after all CRDs have been fully
  1584. established in the API server, so the operator can register its validation webhooks and controllers cleanly.</p>
  1585. <h2 id="deploy-the-operator">Deploy the operator</h2>
  1586. <p>The operator HelmRelease is placed inside an <code>operator/</code> subdirectory and wrapped with its own Flux Kustomization.
  1587. Create a manifest called <code>deployment-operator.yaml</code>:</p>
  1588. <div class="highlight"><pre><span></span><code><span class="nt">apiVersion</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">kustomize.toolkit.fluxcd.io/v1</span>
  1589. <span class="nt">kind</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">Kustomization</span>
  1590. <span class="nt">metadata</span><span class="p">:</span>
  1591. <span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">external-secrets-operator</span>
  1592. <span class="w"> </span><span class="nt">namespace</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">flux-system</span>
  1593. <span class="nt">spec</span><span class="p">:</span>
  1594. <span class="w"> </span><span class="nt">dependsOn</span><span class="p">:</span>
  1595. <span class="w"> </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">external-secrets-crds</span>
  1596. <span class="w"> </span><span class="nt">interval</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">10m</span>
  1597. <span class="w"> </span><span class="nt">path</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">./infrastructure/external-secrets/operator</span>
  1598. <span class="w"> </span><span class="nt">prune</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">true</span>
  1599. <span class="w"> </span><span class="nt">wait</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">true</span>
  1600. <span class="w"> </span><span class="nt">sourceRef</span><span class="p">:</span>
  1601. <span class="w"> </span><span class="nt">kind</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">GitRepository</span>
  1602. <span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">flux-system</span>
  1603. </code></pre></div>
  1604. <p>The <code>wait: true</code> here is the key to solving the webhook race condition: Flux will not mark
  1605. <code>external-secrets-operator</code> as Ready until every resource the HelmRelease created -- including the webhook
  1606. Deployment -- has reached a healthy state. Only then will the CRs Kustomization be allowed to proceed.</p>
  1607. <p>Inside the <code>operator/</code> subdirectory, place the HelmRelease manifest (<code>operator/deployment.yaml</code>):</p>
  1608. <div class="highlight"><pre><span></span><code><span class="c1"># How to manage values files. Ref: https://fluxcd.io/docs/guides/helmreleases/#refer-to-values-inside-the-chart</span>
  1609. <span class="c1"># How to inject values: https://fluxcd.io/docs/guides/helmreleases/#cloud-storage</span>
  1610. <span class="nn">---</span>
  1611. <span class="nt">apiVersion</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">helm.toolkit.fluxcd.io/v2</span>
  1612. <span class="nt">kind</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">HelmRelease</span>
  1613. <span class="nt">metadata</span><span class="p">:</span>
  1614. <span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">external-secrets</span>
  1615. <span class="w"> </span><span class="nt">namespace</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">flux-system</span>
  1616. <span class="nt">spec</span><span class="p">:</span>
  1617. <span class="w"> </span><span class="c1"># Override Release name to avoid the pattern Namespace-Release</span>
  1618. <span class="w"> </span><span class="c1"># Ref: https://fluxcd.io/flux/components/helm/api/v2/#helm.toolkit.fluxcd.io/v2.HelmRelease</span>
  1619. <span class="w"> </span><span class="nt">interval</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">10m</span>
  1620. <span class="w"> </span><span class="nt">releaseName</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">external-secrets</span>
  1621. <span class="w"> </span><span class="nt">chart</span><span class="p">:</span>
  1622. <span class="w"> </span><span class="nt">spec</span><span class="p">:</span>
  1623. <span class="w"> </span><span class="nt">chart</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">external-secrets</span>
  1624. <span class="w"> </span><span class="nt">version</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">1.3.1</span>
  1625. <span class="w"> </span><span class="nt">sourceRef</span><span class="p">:</span>
  1626. <span class="w"> </span><span class="nt">kind</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">HelmRepository</span>
  1627. <span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">external-secrets</span>
  1628. <span class="w"> </span><span class="nt">namespace</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">flux-system</span>
  1629. <span class="w"> </span><span class="nt">values</span><span class="p">:</span>
  1630. <span class="w"> </span><span class="nt">crds</span><span class="p">:</span>
  1631. <span class="w"> </span><span class="nt">create</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">false</span>
  1632. <span class="w"> </span><span class="c1"># Ref: https://fluxcd.io/flux/components/helm/api/v2/#helm.toolkit.fluxcd.io/v2.Install</span>
  1633. <span class="w"> </span><span class="nt">install</span><span class="p">:</span>
  1634. <span class="w"> </span><span class="nt">createNamespace</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">true</span>
  1635. </code></pre></div>
  1636. <h2 id="deploy-the-crs">Deploy the CRs</h2>
  1637. <p>Now, be ready for the arcane magic. Create a Kustomization manifest called <code>deployment-crs.yaml</code> with the following content:</p>
  1638. <div class="highlight"><pre><span></span><code><span class="nt">apiVersion</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">kustomize.toolkit.fluxcd.io/v1</span>
  1639. <span class="nt">kind</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">Kustomization</span>
  1640. <span class="nt">metadata</span><span class="p">:</span>
  1641. <span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">external-secrets-crs</span>
  1642. <span class="w"> </span><span class="nt">namespace</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">flux-system</span>
  1643. <span class="nt">spec</span><span class="p">:</span>
  1644. <span class="w"> </span><span class="nt">dependsOn</span><span class="p">:</span>
  1645. <span class="w"> </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">external-secrets-operator</span>
  1646. <span class="w"> </span><span class="nt">interval</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">10m</span>
  1647. <span class="w"> </span><span class="nt">retryInterval</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">1m</span>
  1648. <span class="w"> </span><span class="nt">path</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">./infrastructure/external-secrets/crs</span>
  1649. <span class="w"> </span><span class="nt">prune</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">true</span>
  1650. <span class="w"> </span><span class="nt">sourceRef</span><span class="p">:</span>
  1651. <span class="w"> </span><span class="nt">kind</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">GitRepository</span>
  1652. <span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">flux-system</span>
  1653. </code></pre></div>
  1654. <p>There are several interesting details to see here, that finally solves the race condition:</p>
  1655. <ol>
  1656. <li>The <code>dependsOn</code> field now points to <code>external-secrets-operator</code> rather than <code>external-secrets-crds</code>. This
  1657. dependency forces this deployment to wait for the operator (including its webhook) to be fully ready before
  1658. any CR is applied, eliminating the webhook race condition.</li>
  1659. <li><code>retryInterval: 1m</code> makes Flux retry quickly if the very first reconcile still catches a brief startup window.</li>
  1660. <li>The reference to the place where to find the CRs
  1661. <div class="highlight"><pre><span></span><code><span class="nt">path</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">./infrastructure/external-secrets/crs</span>
  1662. <span class="nt">sourceRef</span><span class="p">:</span>
  1663. <span class="w"> </span><span class="nt">kind</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">GitRepository</span>
  1664. <span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">flux-system</span>
  1665. </code></pre></div>
  1666. Custom Resources will be searched in the relative path <code>./infrastructure/external-secrets/crs</code> of the GitRepository
  1667. called <code>flux-system</code>, which is a reference to the same repository that FluxCD watches to synchronize the cluster.
  1668. With fewer words, a reference to itself, but going to another directory called <code>crs</code></li>
  1669. </ol>
  1670. <p>Of course, allocate inside the mentioned path <code>./infrastructure/external-secrets/crs</code>, all the desired CRs to be deployed,
  1671. for example, a manifest <code>clusterSecretStore.yaml</code> to reach your Hashicorp Vault as follows:</p>
  1672. <div class="highlight"><pre><span></span><code><span class="nt">apiVersion</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">external-secrets.io/v1</span>
  1673. <span class="nt">kind</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">ClusterSecretStore</span>
  1674. <span class="nt">metadata</span><span class="p">:</span>
  1675. <span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">vault-backend-global</span>
  1676. <span class="nt">spec</span><span class="p">:</span>
  1677. <span class="w"> </span><span class="nt">provider</span><span class="p">:</span>
  1678. <span class="w"> </span><span class="nt">vault</span><span class="p">:</span>
  1679. <span class="w"> </span><span class="nt">server</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;https://vault.your-domain.com&quot;</span>
  1680. <span class="w"> </span><span class="nt">path</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">secret</span>
  1681. <span class="w"> </span><span class="nt">version</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">v2</span>
  1682. <span class="w"> </span><span class="nt">auth</span><span class="p">:</span>
  1683. <span class="w"> </span><span class="c1"># points to a secret that contains a vault token</span>
  1684. <span class="w"> </span><span class="c1"># https://www.vaultproject.io/docs/auth/token</span>
  1685. <span class="w"> </span><span class="nt">tokenSecretRef</span><span class="p">:</span>
  1686. <span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;vault-token-global&quot;</span>
  1687. <span class="w"> </span><span class="nt">key</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;token&quot;</span>
  1688. <span class="w"> </span><span class="nt">namespace</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">external-secrets</span>
  1689. </code></pre></div>
  1690. <h2 id="results">Results</h2>
  1691. <p>At the end, the required files tree is:</p>
  1692. <div class="highlight"><pre><span></span><code>./infrastructure/external-secrets/
  1693. kustomization.yaml
  1694. namespace.yaml
  1695. secret-token.yaml
  1696. repositories.yaml
  1697. deployment-crds.yaml
  1698. deployment-operator.yaml
  1699. operator/
  1700. kustomization.yaml
  1701. deployment.yaml
  1702. deployment-crs.yaml
  1703. crs/
  1704. kustomization.yaml
  1705. clusterSecretStore.yaml
  1706. </code></pre></div>
  1707. </article>
  1708. </div>
  1709. <script>var target=document.getElementById(location.hash.slice(1));target&&target.name&&(target.checked=target.name.startsWith("__tabbed_"))</script>
  1710. </div>
  1711. </main>
  1712. <img referrerpolicy="no-referrer-when-downgrade"
  1713. src="https://static.scarf.sh/a.png?x-pxid=6658a9eb-067d-49f1-94f2-b8b00f21451e" alt=""
  1714. hidden />
  1715. <footer class="md-footer">
  1716. <div class="md-footer-meta md-typeset">
  1717. <div class="md-footer-meta__inner md-grid">
  1718. <div class="md-copyright">
  1719. <div class="md-copyright__highlight">
  1720. &copy; 2025 The external-secrets Authors.<br/>
  1721. &copy; 2025 The Linux Foundation. All rights reserved.<br/><br/>
  1722. The Linux Foundation has registered trademarks and uses trademarks.<br/>
  1723. For a list of trademarks of The Linux Foundation, please see our <a href="https://www.linuxfoundation.org/trademark-usage/">Trademark Usage page</a>.
  1724. </div>
  1725. Made with
  1726. <a href="https://squidfunk.github.io/mkdocs-material/" target="_blank" rel="noopener">
  1727. Material for MkDocs
  1728. </a>
  1729. </div>
  1730. </div>
  1731. </div>
  1732. </footer>
  1733. </div>
  1734. <div class="md-dialog" data-md-component="dialog">
  1735. <div class="md-dialog__inner md-typeset"></div>
  1736. </div>
  1737. <script id="__config" type="application/json">{"annotate": null, "base": "../..", "features": ["navigation.tabs", "navigation.indexes", "navigation.expand"], "search": "../../assets/javascripts/workers/search.2c215733.min.js", "tags": null, "translations": {"clipboard.copied": "Copied to clipboard", "clipboard.copy": "Copy to clipboard", "search.result.more.one": "1 more on this page", "search.result.more.other": "# more on this page", "search.result.none": "No matching documents", "search.result.one": "1 matching document", "search.result.other": "# matching documents", "search.result.placeholder": "Type to start searching", "search.result.term.missing": "Missing", "select.version": "Select version"}, "version": {"provider": "mike"}}</script>
  1738. <script src="../../assets/javascripts/bundle.79ae519e.min.js"></script>
  1739. </body>
  1740. </html>