This repository has been archived by the owner on Jun 29, 2021. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 2
/
external-secrets-crd.yaml
129 lines (126 loc) · 3.73 KB
/
external-secrets-crd.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
{{- if .Values.localExternalSecrets }}
apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
name: externalsecrets.kubernetes-client.io
spec:
group: kubernetes-client.io
version: v1
scope: Namespaced
names:
shortNames:
- es
kind: ExternalSecret
plural: externalsecrets
singular: externalsecret
additionalPrinterColumns:
- JSONPath: .status.lastSync
name: Last Sync
type: date
- JSONPath: .status.status
name: status
type: string
- JSONPath: .metadata.creationTimestamp
name: Age
type: date
validation:
openAPIV3Schema:
properties:
spec:
type: object
properties:
template:
description: Template which will be deep merged without mutating
any existing fields. into generated secret, can be used to
set for example annotations or type on the generated secret
type: object
backendType:
type: string
enum:
- local
- secretsManager
- systemManager
- vault
- azureKeyVault
- gcpSecretsManager
- alicloudSecretsManager
vaultRole:
type: string
vaultMountPoint:
type: string
kvVersion:
description: Vault K/V version either 1 or 2, default = 2
type: integer
minimum: 1
maximum: 2
keyVaultName:
type: string
key:
type: string
dataFrom:
type: array
items:
type: string
data:
type: array
items:
type: object
properties:
key:
description: Secret key in backend
type: string
name:
description: Name set for this key in the generated secret
type: string
property:
description: Property to extract if secret in backend is a JSON object
isBinary:
description: >-
You must set this to true if configuring an item for a binary file stored in Azure KeyVault.
Azure automatically base64 encodes binary files and setting this to true ensures External Secrets
does not base64 encode the base64 encoded binary files.
type: boolean
required:
- name
- key
roleArn:
type: string
oneOf:
- properties:
backendType:
enum:
- secretsManager
- systemManager
- properties:
backendType:
enum:
- vault
required:
- vaultRole
- vaultMountPoint
- properties:
backendType:
enum:
- azureKeyVault
required:
- keyVaultName
- properties:
backendType:
enum:
- gcpSecretsManager
- properties:
backendType:
enum:
- alicloudSecretsManager
- properties:
backendType:
enum:
- local
anyOf:
- required:
- data
- required:
- dataFrom
subresources:
status: {}
{{- end }}