helm-external-secrets/config/crds/bases/generators.external-secrets.io_quayaccesstokens.yaml

apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
  annotations:
    controller-gen.kubebuilder.io/version: v0.19.0
  labels:
    external-secrets.io/component: controller
  name: quayaccesstokens.generators.external-secrets.io
spec:
  group: generators.external-secrets.io
  names:
    categories:
    - external-secrets
    - external-secrets-generators
    kind: QuayAccessToken
    listKind: QuayAccessTokenList
    plural: quayaccesstokens
    singular: quayaccesstoken
  scope: Namespaced
  versions:
  - name: v1alpha1
    schema:
      openAPIV3Schema:
        description: QuayAccessToken generates Quay oauth token for pulling/pushing
          images
        properties:
          apiVersion:
            description: |-
              APIVersion defines the versioned schema of this representation of an object.
              Servers should convert recognized schemas to the latest internal value, and
              may reject unrecognized values.
              More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
            type: string
          kind:
            description: |-
              Kind is a string value representing the REST resource this object represents.
              Servers may infer this from the endpoint the client submits requests to.
              Cannot be updated.
              In CamelCase.
              More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
            type: string
          metadata:
            type: object
          spec:
            description: QuayAccessTokenSpec defines the desired state to generate
              a Quay access token.
            properties:
              robotAccount:
                description: Name of the robot account you are federating with
                type: string
              serviceAccountRef:
                description: Name of the service account you are federating with
                properties:
                  audiences:
                    description: |-
                      Audience specifies the `aud` claim for the service account token
                      If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity
                      then this audiences will be appended to the list
                    items:
                      type: string
                    type: array
                  name:
                    description: The name of the ServiceAccount resource being referred
                      to.
                    maxLength: 253
                    minLength: 1
                    pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
                    type: string
                  namespace:
                    description: |-
                      Namespace of the resource being referred to.
                      Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent.
                    maxLength: 63
                    minLength: 1
                    pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
                    type: string
                required:
                - name
                type: object
              url:
                description: URL configures the Quay instance URL. Defaults to quay.io.
                type: string
            required:
            - robotAccount
            - serviceAccountRef
            type: object
        type: object
    served: true
    storage: true
    subresources:
      status: {}