1---
2apiVersion: apiextensions.k8s.io/v1
3kind: CustomResourceDefinition
4metadata:
5 annotations:
6 controller-gen.kubebuilder.io/version: (unknown)
7 name: pushsecrets.external-secrets.io
8spec:
9 group: external-secrets.io
10 names:
11 categories:
12 - pushsecrets
13 kind: PushSecret
14 listKind: PushSecretList
15 plural: pushsecrets
16 singular: pushsecret
17 scope: Namespaced
18 versions:
19 - additionalPrinterColumns:
20 - jsonPath: .metadata.creationTimestamp
21 name: AGE
22 type: date
23 - jsonPath: .status.conditions[?(@.type=="Ready")].reason
24 name: Status
25 type: string
26 name: v1alpha1
27 schema:
28 openAPIV3Schema:
29 properties:
30 apiVersion:
31 description: |-
32 APIVersion defines the versioned schema of this representation of an object.
33 Servers should convert recognized schemas to the latest internal value, and
34 may reject unrecognized values.
35 More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
36 type: string
37 kind:
38 description: |-
39 Kind is a string value representing the REST resource this object represents.
40 Servers may infer this from the endpoint the client submits requests to.
41 Cannot be updated.
42 In CamelCase.
43 More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
44 type: string
45 metadata:
46 type: object
47 spec:
48 description: PushSecretSpec configures the behavior of the PushSecret.
49 properties:
50 data:
51 description: Secret Data that should be pushed to providers
52 items:
53 properties:
54 conversionStrategy:
55 default: None
56 description: Used to define a conversion Strategy for the secret
57 keys
58 enum:
59 - None
60 - ReverseUnicode
61 type: string
62 match:
63 description: Match a given Secret Key to be pushed to the provider.
64 properties:
65 remoteRef:
66 description: Remote Refs to push to providers.
67 properties:
68 property:
69 description: Name of the property in the resulting secret
70 type: string
71 remoteKey:
72 description: Name of the resulting provider secret.
73 type: string
74 required:
75 - remoteKey
76 type: object
77 secretKey:
78 description: Secret Key to be pushed
79 type: string
80 required:
81 - remoteRef
82 type: object
83 metadata:
84 description: |-
85 Metadata is metadata attached to the secret.
86 The structure of metadata is provider specific, please look it up in the provider documentation.
87 x-kubernetes-preserve-unknown-fields: true
88 required:
89 - match
90 type: object
91 type: array
92 deletionPolicy:
93 default: None
94 description: 'Deletion Policy to handle Secrets in the provider. Possible
95 Values: "Delete/None". Defaults to "None".'
96 enum:
97 - Delete
98 - None
99 type: string
100 refreshInterval:
101 description: The Interval to which External Secrets will try to push
102 a secret definition
103 type: string
104 secretStoreRefs:
105 items:
106 properties:
107 kind:
108 default: SecretStore
109 description: |-
110 Kind of the SecretStore resource (SecretStore or ClusterSecretStore)
111 Defaults to `SecretStore`
112 type: string
113 labelSelector:
114 description: Optionally, sync to secret stores with label selector
115 properties:
116 matchExpressions:
117 description: matchExpressions is a list of label selector
118 requirements. The requirements are ANDed.
119 items:
120 description: |-
121 A label selector requirement is a selector that contains values, a key, and an operator that
122 relates the key and values.
123 properties:
124 key:
125 description: key is the label key that the selector
126 applies to.
127 type: string
128 operator:
129 description: |-
130 operator represents a key's relationship to a set of values.
131 Valid operators are In, NotIn, Exists and DoesNotExist.
132 type: string
133 values:
134 description: |-
135 values is an array of string values. If the operator is In or NotIn,
136 the values array must be non-empty. If the operator is Exists or DoesNotExist,
137 the values array must be empty. This array is replaced during a strategic
138 merge patch.
139 items:
140 type: string
141 type: array
142 x-kubernetes-list-type: atomic
143 required:
144 - key
145 - operator
146 type: object
147 type: array
148 x-kubernetes-list-type: atomic
149 matchLabels:
150 additionalProperties:
151 type: string
152 description: |-
153 matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
154 map is equivalent to an element of matchExpressions, whose key field is "key", the
155 operator is "In", and the values array contains only "value". The requirements are ANDed.
156 type: object
157 type: object
158 x-kubernetes-map-type: atomic
159 name:
160 description: Optionally, sync to the SecretStore of the given
161 name
162 type: string
163 type: object
164 type: array
165 selector:
166 description: The Secret Selector (k8s source) for the Push Secret
167 properties:
168 secret:
169 description: Select a Secret to Push.
170 properties:
171 name:
172 description: Name of the Secret. The Secret must exist in
173 the same namespace as the PushSecret manifest.
174 type: string
175 required:
176 - name
177 type: object
178 required:
179 - secret
180 type: object
181 template:
182 description: Template defines a blueprint for the created Secret resource.
183 properties:
184 data:
185 additionalProperties:
186 type: string
187 type: object
188 engineVersion:
189 default: v2
190 description: |-
191 EngineVersion specifies the template engine version
192 that should be used to compile/execute the
193 template specified in .data and .templateFrom[].
194 enum:
195 - v1
196 - v2
197 type: string
198 mergePolicy:
199 default: Replace
200 enum:
201 - Replace
202 - Merge
203 type: string
204 metadata:
205 description: ExternalSecretTemplateMetadata defines metadata fields
206 for the Secret blueprint.
207 properties:
208 annotations:
209 additionalProperties:
210 type: string
211 type: object
212 labels:
213 additionalProperties:
214 type: string
215 type: object
216 type: object
217 templateFrom:
218 items:
219 properties:
220 configMap:
221 properties:
222 items:
223 items:
224 properties:
225 key:
226 type: string
227 templateAs:
228 default: Values
229 enum:
230 - Values
231 - KeysAndValues
232 type: string
233 required:
234 - key
235 type: object
236 type: array
237 name:
238 type: string
239 required:
240 - items
241 - name
242 type: object
243 literal:
244 type: string
245 secret:
246 properties:
247 items:
248 items:
249 properties:
250 key:
251 type: string
252 templateAs:
253 default: Values
254 enum:
255 - Values
256 - KeysAndValues
257 type: string
258 required:
259 - key
260 type: object
261 type: array
262 name:
263 type: string
264 required:
265 - items
266 - name
267 type: object
268 target:
269 default: Data
270 enum:
271 - Data
272 - Annotations
273 - Labels
274 type: string
275 type: object
276 type: array
277 type:
278 type: string
279 type: object
280 updatePolicy:
281 default: Replace
282 description: 'UpdatePolicy to handle Secrets in the provider. Possible
283 Values: "Replace/IfNotExists". Defaults to "Replace".'
284 enum:
285 - Replace
286 - IfNotExists
287 type: string
288 required:
289 - secretStoreRefs
290 - selector
291 type: object
292 status:
293 description: PushSecretStatus indicates the history of the status of PushSecret.
294 properties:
295 conditions:
296 items:
297 description: PushSecretStatusCondition indicates the status of the
298 PushSecret.
299 properties:
300 lastTransitionTime:
301 format: date-time
302 type: string
303 message:
304 type: string
305 reason:
306 type: string
307 status:
308 type: string
309 type:
310 description: PushSecretConditionType indicates the condition
311 of the PushSecret.
312 type: string
313 required:
314 - status
315 - type
316 type: object
317 type: array
318 refreshTime:
319 description: |-
320 refreshTime is the time and date the external secret was fetched and
321 the target secret updated
322 format: date-time
323 nullable: true
324 type: string
325 syncedPushSecrets:
326 additionalProperties:
327 additionalProperties:
328 properties:
329 conversionStrategy:
330 default: None
331 description: Used to define a conversion Strategy for the
332 secret keys
333 enum:
334 - None
335 - ReverseUnicode
336 type: string
337 match:
338 description: Match a given Secret Key to be pushed to the
339 provider.
340 properties:
341 remoteRef:
342 description: Remote Refs to push to providers.
343 properties:
344 property:
345 description: Name of the property in the resulting
346 secret
347 type: string
348 remoteKey:
349 description: Name of the resulting provider secret.
350 type: string
351 required:
352 - remoteKey
353 type: object
354 secretKey:
355 description: Secret Key to be pushed
356 type: string
357 required:
358 - remoteRef
359 type: object
360 metadata:
361 description: |-
362 Metadata is metadata attached to the secret.
363 The structure of metadata is provider specific, please look it up in the provider documentation.
364 x-kubernetes-preserve-unknown-fields: true
365 required:
366 - match
367 type: object
368 type: object
369 description: |-
370 Synced PushSecrets, including secrets that already exist in provider.
371 Matches secret stores to PushSecretData that was stored to that secret store.
372 type: object
373 syncedResourceVersion:
374 description: SyncedResourceVersion keeps track of the last synced
375 version.
376 type: string
377 type: object
378 type: object
379 served: true
380 storage: true
381 subresources:
382 status: {}
View as plain text