| 123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106 |
- {% raw %}
- apiVersion: external-secrets.io/v1
- kind: ClusterExternalSecret
- metadata:
- name: "hello-world"
- spec:
- # The name to be used on the ExternalSecrets.
- # Defaults to the name of the ClusterExternalSecret when omitted.
- externalSecretName: "hello-world-es"
- # Optional labels and annotations to set on every created ExternalSecret.
- externalSecretMetadata:
- labels: {}
- annotations: {}
- # This is a basic label selector to select the namespaces to deploy ExternalSecrets to.
- # you can read more about them here https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#resources-that-support-set-based-requirements
- # Deprecated: Use namespaceSelectors instead.
- # namespaceSelector:
- # matchLabels:
- # cool: label
- # This is a list of basic label selector to select the namespaces to deploy ExternalSecrets to.
- # you can read more about them here https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#resources-that-support-set-based-requirements
- # The list is OR'd together, so if any of the namespaceSelectors match the namespace,
- # the ExternalSecret will be deployed to that namespace.
- namespaceSelectors:
- - matchLabels:
- cool: label
- # Choose namespaces by name. This is OR'd with anything namespaceSelectors matches.
- # Deprecated: Use namespaceSelectors instead.
- # namespaces:
- # - my-namespace
- # How often the ClusterExternalSecret should reconcile itself
- # This will decide how often to check and make sure that the ExternalSecrets exist in the matching namespaces
- # If omitted, the controller's default requeue interval is used.
- refreshTime: "1m"
- # This is the spec of the ExternalSecrets to be created
- # The content of this was taken from our ExternalSecret example
- externalSecretSpec:
- secretStoreRef:
- name: secret-store-name
- kind: SecretStore
- # RefreshPolicy determines how the ExternalSecret should be refreshed:
- # - CreatedOnce: Creates the Secret only if it does not exist and does not update it afterward
- # - Periodic: (default) Synchronizes the Secret at intervals specified by refreshInterval
- # - OnChange: Only synchronizes when the ExternalSecret's metadata or specification changes
- refreshPolicy: Periodic
- refreshInterval: "1h0m0s"
- target:
- name: my-secret
- creationPolicy: 'Merge'
- template:
- type: kubernetes.io/dockerconfigjson
- metadata:
- annotations: {}
- labels: {}
- data:
- config.yml: |
- endpoints:
- - https://{{ .data.user }}:{{ .data.password }}@api.exmaple.com
- templateFrom:
- - configMap:
- name: alertmanager
- items:
- - key: alertmanager.yaml
- data:
- - secretKey: secret-key-to-be-managed
- remoteRef:
- key: provider-key
- version: provider-key-version
- property: provider-key-property
- dataFrom:
- - key: provider-key
- version: provider-key-version
- property: provider-key-property
- status:
- # This will list any namespaces where the creation of the ExternalSecret failed
- # This will not list any issues with the ExternalSecrets, you will have to check the
- # ExternalSecrets to see any issues with them.
- failedNamespaces:
- - namespace: "matching-ns-1"
- # This is one of the possible messages, and likely the most common
- reason: "external secret already exists in namespace"
- # You can find all matching and successfully deployed namespaces here
- provisionedNamespaces:
- - "matching-ns-3"
- - "matching-ns-2"
- # The only condition type is Ready. status is "True" when all matching
- # namespaces synced, and "False" if one or more namespaces failed (the failed
- # ones are listed under failedNamespaces above).
- conditions:
- - type: Ready
- status: "False"
- message: "one or more namespaces failed"
- lastTransitionTime: "2022-01-12T12:33:02Z"
- {% endraw %}
|
