| 123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114 |
- apiVersion: apiextensions.k8s.io/v1
- kind: CustomResourceDefinition
- metadata:
- annotations:
- controller-gen.kubebuilder.io/version: v0.13.0
- name: gcraccesstokens.generators.external-secrets.io
- spec:
- group: generators.external-secrets.io
- names:
- categories:
- - gcraccesstoken
- kind: GCRAccessToken
- listKind: GCRAccessTokenList
- plural: gcraccesstokens
- shortNames:
- - gcraccesstoken
- singular: gcraccesstoken
- scope: Namespaced
- versions:
- - name: v1alpha1
- schema:
- openAPIV3Schema:
- description: GCRAccessToken generates an GCP access token that can be used
- to authenticate with GCR.
- properties:
- apiVersion:
- description: 'APIVersion defines the versioned schema of this representation
- of an object. Servers should convert recognized schemas to the latest
- internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
- type: string
- kind:
- description: 'Kind is a string value representing the REST resource this
- object represents. Servers may infer this from the endpoint the client
- submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
- type: string
- metadata:
- type: object
- spec:
- properties:
- auth:
- description: Auth defines the means for authenticating with GCP
- properties:
- secretRef:
- properties:
- secretAccessKeySecretRef:
- description: The SecretAccessKey is used for authentication
- properties:
- key:
- description: The key of the entry in the Secret resource's
- `data` field to be used. Some instances of this field
- may be defaulted, in others it may be required.
- type: string
- name:
- description: The name of the Secret resource being referred
- to.
- type: string
- namespace:
- description: Namespace of the resource being referred
- to. Ignored if referent is not cluster-scoped. cluster-scoped
- defaults to the namespace of the referent.
- type: string
- type: object
- type: object
- workloadIdentity:
- properties:
- clusterLocation:
- type: string
- clusterName:
- type: string
- clusterProjectID:
- type: string
- serviceAccountRef:
- description: A reference to a ServiceAccount resource.
- properties:
- audiences:
- description: Audience specifies the `aud` claim for the
- service account token If the service account uses a
- well-known annotation for e.g. IRSA or GCP Workload
- Identity then this audiences will be appended to the
- list
- items:
- type: string
- type: array
- name:
- description: The name of the ServiceAccount resource being
- referred to.
- type: string
- namespace:
- description: Namespace of the resource being referred
- to. Ignored if referent is not cluster-scoped. cluster-scoped
- defaults to the namespace of the referent.
- type: string
- required:
- - name
- type: object
- required:
- - clusterLocation
- - clusterName
- - serviceAccountRef
- type: object
- type: object
- projectID:
- description: ProjectID defines which project to use to authenticate
- with
- type: string
- required:
- - auth
- - projectID
- type: object
- type: object
- served: true
- storage: true
- subresources:
- status: {}
|
