| 123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558 |
- apiVersion: apiextensions.k8s.io/v1
- kind: CustomResourceDefinition
- metadata:
- annotations:
- controller-gen.kubebuilder.io/version: v0.13.0
- name: clusterexternalsecrets.external-secrets.io
- spec:
- group: external-secrets.io
- names:
- categories:
- - externalsecrets
- kind: ClusterExternalSecret
- listKind: ClusterExternalSecretList
- plural: clusterexternalsecrets
- shortNames:
- - ces
- singular: clusterexternalsecret
- scope: Cluster
- versions:
- - additionalPrinterColumns:
- - jsonPath: .spec.externalSecretSpec.secretStoreRef.name
- name: Store
- type: string
- - jsonPath: .spec.refreshTime
- name: Refresh Interval
- type: string
- - jsonPath: .status.conditions[?(@.type=="Ready")].status
- name: Ready
- type: string
- name: v1beta1
- schema:
- openAPIV3Schema:
- description: ClusterExternalSecret is the Schema for the clusterexternalsecrets
- API.
- properties:
- apiVersion:
- description: 'APIVersion defines the versioned schema of this representation
- of an object. Servers should convert recognized schemas to the latest
- internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
- type: string
- kind:
- description: 'Kind is a string value representing the REST resource this
- object represents. Servers may infer this from the endpoint the client
- submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
- type: string
- metadata:
- type: object
- spec:
- description: ClusterExternalSecretSpec defines the desired state of ClusterExternalSecret.
- properties:
- externalSecretMetadata:
- description: The metadata of the external secrets to be created
- properties:
- annotations:
- additionalProperties:
- type: string
- type: object
- labels:
- additionalProperties:
- type: string
- type: object
- type: object
- externalSecretName:
- description: The name of the external secrets to be created defaults
- to the name of the ClusterExternalSecret
- type: string
- externalSecretSpec:
- description: The spec for the ExternalSecrets to be created
- properties:
- data:
- description: Data defines the connection between the Kubernetes
- Secret keys and the Provider data
- items:
- description: ExternalSecretData defines the connection between
- the Kubernetes Secret key (spec.data.<key>) and the Provider
- data.
- properties:
- remoteRef:
- description: RemoteRef points to the remote secret and defines
- which secret (version/property/..) to fetch.
- properties:
- conversionStrategy:
- default: Default
- description: Used to define a conversion Strategy
- type: string
- decodingStrategy:
- default: None
- description: Used to define a decoding Strategy
- type: string
- key:
- description: Key is the key used in the Provider, mandatory
- type: string
- metadataPolicy:
- description: Policy for fetching tags/labels from provider
- secrets, possible options are Fetch, None. Defaults
- to None
- type: string
- property:
- description: Used to select a specific property of the
- Provider value (if a map), if supported
- type: string
- version:
- description: Used to select a specific version of the
- Provider value, if supported
- type: string
- required:
- - key
- type: object
- secretKey:
- description: SecretKey defines the key in which the controller
- stores the value. This is the key in the Kind=Secret
- type: string
- sourceRef:
- description: SourceRef allows you to override the source
- from which the value will pulled from.
- maxProperties: 1
- properties:
- generatorRef:
- description: GeneratorRef points to a generator custom
- resource in
- properties:
- apiVersion:
- default: generators.external-secrets.io/v1alpha1
- description: Specify the apiVersion of the generator
- resource
- type: string
- kind:
- description: Specify the Kind of the resource, e.g.
- Password, ACRAccessToken etc.
- type: string
- name:
- description: Specify the name of the generator resource
- type: string
- required:
- - kind
- - name
- type: object
- storeRef:
- description: SecretStoreRef defines which SecretStore
- to fetch the ExternalSecret data.
- properties:
- kind:
- description: Kind of the SecretStore resource (SecretStore
- or ClusterSecretStore) Defaults to `SecretStore`
- type: string
- name:
- description: Name of the SecretStore resource
- type: string
- required:
- - name
- type: object
- type: object
- required:
- - remoteRef
- - secretKey
- type: object
- type: array
- dataFrom:
- description: DataFrom is used to fetch all properties from a specific
- Provider data If multiple entries are specified, the Secret
- keys are merged in the specified order
- items:
- properties:
- extract:
- description: 'Used to extract multiple key/value pairs from
- one secret Note: Extract does not support sourceRef.Generator
- or sourceRef.GeneratorRef.'
- properties:
- conversionStrategy:
- default: Default
- description: Used to define a conversion Strategy
- type: string
- decodingStrategy:
- default: None
- description: Used to define a decoding Strategy
- type: string
- key:
- description: Key is the key used in the Provider, mandatory
- type: string
- metadataPolicy:
- description: Policy for fetching tags/labels from provider
- secrets, possible options are Fetch, None. Defaults
- to None
- type: string
- property:
- description: Used to select a specific property of the
- Provider value (if a map), if supported
- type: string
- version:
- description: Used to select a specific version of the
- Provider value, if supported
- type: string
- required:
- - key
- type: object
- find:
- description: 'Used to find secrets based on tags or regular
- expressions Note: Find does not support sourceRef.Generator
- or sourceRef.GeneratorRef.'
- properties:
- conversionStrategy:
- default: Default
- description: Used to define a conversion Strategy
- type: string
- decodingStrategy:
- default: None
- description: Used to define a decoding Strategy
- type: string
- name:
- description: Finds secrets based on the name.
- properties:
- regexp:
- description: Finds secrets base
- type: string
- type: object
- path:
- description: A root path to start the find operations.
- type: string
- tags:
- additionalProperties:
- type: string
- description: Find secrets based on tags.
- type: object
- type: object
- rewrite:
- description: Used to rewrite secret Keys after getting them
- from the secret Provider Multiple Rewrite operations can
- be provided. They are applied in a layered order (first
- to last)
- items:
- properties:
- regexp:
- description: Used to rewrite with regular expressions.
- The resulting key will be the output of a regexp.ReplaceAll
- operation.
- properties:
- source:
- description: Used to define the regular expression
- of a re.Compiler.
- type: string
- target:
- description: Used to define the target pattern
- of a ReplaceAll operation.
- type: string
- required:
- - source
- - target
- type: object
- transform:
- description: Used to apply string transformation on
- the secrets. The resulting key will be the output
- of the template applied by the operation.
- properties:
- template:
- description: Used to define the template to apply
- on the secret name. `.value ` will specify the
- secret name in the template.
- type: string
- required:
- - template
- type: object
- type: object
- type: array
- sourceRef:
- description: SourceRef points to a store or generator which
- contains secret values ready to use. Use this in combination
- with Extract or Find pull values out of a specific SecretStore.
- When sourceRef points to a generator Extract or Find is
- not supported. The generator returns a static map of values
- maxProperties: 1
- properties:
- generatorRef:
- description: GeneratorRef points to a generator custom
- resource in
- properties:
- apiVersion:
- default: generators.external-secrets.io/v1alpha1
- description: Specify the apiVersion of the generator
- resource
- type: string
- kind:
- description: Specify the Kind of the resource, e.g.
- Password, ACRAccessToken etc.
- type: string
- name:
- description: Specify the name of the generator resource
- type: string
- required:
- - kind
- - name
- type: object
- storeRef:
- description: SecretStoreRef defines which SecretStore
- to fetch the ExternalSecret data.
- properties:
- kind:
- description: Kind of the SecretStore resource (SecretStore
- or ClusterSecretStore) Defaults to `SecretStore`
- type: string
- name:
- description: Name of the SecretStore resource
- type: string
- required:
- - name
- type: object
- type: object
- type: object
- type: array
- refreshInterval:
- default: 1h
- description: RefreshInterval is the amount of time before the
- values are read again from the SecretStore provider Valid time
- units are "ns", "us" (or "µs"), "ms", "s", "m", "h" May be set
- to zero to fetch and create it once. Defaults to 1h.
- type: string
- secretStoreRef:
- description: SecretStoreRef defines which SecretStore to fetch
- the ExternalSecret data.
- properties:
- kind:
- description: Kind of the SecretStore resource (SecretStore
- or ClusterSecretStore) Defaults to `SecretStore`
- type: string
- name:
- description: Name of the SecretStore resource
- type: string
- required:
- - name
- type: object
- target:
- default:
- creationPolicy: Owner
- deletionPolicy: Retain
- description: ExternalSecretTarget defines the Kubernetes Secret
- to be created There can be only one target per ExternalSecret.
- properties:
- creationPolicy:
- default: Owner
- description: CreationPolicy defines rules on how to create
- the resulting Secret Defaults to 'Owner'
- enum:
- - Owner
- - Orphan
- - Merge
- - None
- type: string
- deletionPolicy:
- default: Retain
- description: DeletionPolicy defines rules on how to delete
- the resulting Secret Defaults to 'Retain'
- enum:
- - Delete
- - Merge
- - Retain
- type: string
- immutable:
- description: Immutable defines if the final secret will be
- immutable
- type: boolean
- name:
- description: Name defines the name of the Secret resource
- to be managed This field is immutable Defaults to the .metadata.name
- of the ExternalSecret resource
- type: string
- template:
- description: Template defines a blueprint for the created
- Secret resource.
- properties:
- data:
- additionalProperties:
- type: string
- type: object
- engineVersion:
- default: v2
- type: string
- mergePolicy:
- default: Replace
- type: string
- metadata:
- description: ExternalSecretTemplateMetadata defines metadata
- fields for the Secret blueprint.
- properties:
- annotations:
- additionalProperties:
- type: string
- type: object
- labels:
- additionalProperties:
- type: string
- type: object
- type: object
- templateFrom:
- items:
- properties:
- configMap:
- properties:
- items:
- items:
- properties:
- key:
- type: string
- templateAs:
- default: Values
- type: string
- required:
- - key
- type: object
- type: array
- name:
- type: string
- required:
- - items
- - name
- type: object
- literal:
- type: string
- secret:
- properties:
- items:
- items:
- properties:
- key:
- type: string
- templateAs:
- default: Values
- type: string
- required:
- - key
- type: object
- type: array
- name:
- type: string
- required:
- - items
- - name
- type: object
- target:
- default: Data
- type: string
- type: object
- type: array
- type:
- type: string
- type: object
- type: object
- type: object
- namespaceSelector:
- description: The labels to select by to find the Namespaces to create
- the ExternalSecrets in.
- properties:
- matchExpressions:
- description: matchExpressions is a list of label selector requirements.
- The requirements are ANDed.
- items:
- description: A label selector requirement is a selector that
- contains values, a key, and an operator that relates the key
- and values.
- properties:
- key:
- description: key is the label key that the selector applies
- to.
- type: string
- operator:
- description: operator represents a key's relationship to
- a set of values. Valid operators are In, NotIn, Exists
- and DoesNotExist.
- type: string
- values:
- description: values is an array of string values. If the
- operator is In or NotIn, the values array must be non-empty.
- If the operator is Exists or DoesNotExist, the values
- array must be empty. This array is replaced during a strategic
- merge patch.
- items:
- type: string
- type: array
- required:
- - key
- - operator
- type: object
- type: array
- matchLabels:
- additionalProperties:
- type: string
- description: matchLabels is a map of {key,value} pairs. A single
- {key,value} in the matchLabels map is equivalent to an element
- of matchExpressions, whose key field is "key", the operator
- is "In", and the values array contains only "value". The requirements
- are ANDed.
- type: object
- type: object
- x-kubernetes-map-type: atomic
- namespaces:
- description: Choose namespaces by name. This field is ORed with anything
- that NamespaceSelector ends up choosing.
- items:
- type: string
- type: array
- refreshTime:
- description: The time in which the controller should reconcile its
- objects and recheck namespaces for labels.
- type: string
- required:
- - externalSecretSpec
- type: object
- status:
- description: ClusterExternalSecretStatus defines the observed state of
- ClusterExternalSecret.
- properties:
- conditions:
- items:
- properties:
- message:
- type: string
- status:
- type: string
- type:
- type: string
- required:
- - status
- - type
- type: object
- type: array
- externalSecretName:
- description: ExternalSecretName is the name of the ExternalSecrets
- created by the ClusterExternalSecret
- type: string
- failedNamespaces:
- description: Failed namespaces are the namespaces that failed to apply
- an ExternalSecret
- items:
- description: ClusterExternalSecretNamespaceFailure represents a
- failed namespace deployment and it's reason.
- properties:
- namespace:
- description: Namespace is the namespace that failed when trying
- to apply an ExternalSecret
- type: string
- reason:
- description: Reason is why the ExternalSecret failed to apply
- to the namespace
- type: string
- required:
- - namespace
- type: object
- type: array
- provisionedNamespaces:
- description: ProvisionedNamespaces are the namespaces where the ClusterExternalSecret
- has secrets
- items:
- type: string
- type: array
- type: object
- type: object
- served: true
- storage: true
- subresources:
- status: {}
|
