1---
2apiVersion: apiextensions.k8s.io/v1
3kind: CustomResourceDefinition
4metadata:
5 annotations:
6 controller-gen.kubebuilder.io/version: (unknown)
7 name: ecrauthorizationtokens.generators.external-secrets.io
8spec:
9 group: generators.external-secrets.io
10 names:
11 categories:
12 - ecrauthorizationtoken
13 kind: ECRAuthorizationToken
14 listKind: ECRAuthorizationTokenList
15 plural: ecrauthorizationtokens
16 shortNames:
17 - ecrauthorizationtoken
18 singular: ecrauthorizationtoken
19 scope: Namespaced
20 versions:
21 - name: v1alpha1
22 schema:
23 openAPIV3Schema:
24 description: |-
25 ECRAuthorizationTokenSpec uses the GetAuthorizationToken API to retrieve an
26 authorization token.
27 The authorization token is valid for 12 hours.
28 The authorizationToken returned is a base64 encoded string that can be decoded
29 and used in a docker login command to authenticate to a registry.
30 For more information, see Registry authentication (https://docs.aws.amazon.com/AmazonECR/latest/userguide/Registries.html#registry_auth) in the Amazon Elastic Container Registry User Guide.
31 properties:
32 apiVersion:
33 description: |-
34 APIVersion defines the versioned schema of this representation of an object.
35 Servers should convert recognized schemas to the latest internal value, and
36 may reject unrecognized values.
37 More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
38 type: string
39 kind:
40 description: |-
41 Kind is a string value representing the REST resource this object represents.
42 Servers may infer this from the endpoint the client submits requests to.
43 Cannot be updated.
44 In CamelCase.
45 More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
46 type: string
47 metadata:
48 type: object
49 spec:
50 properties:
51 auth:
52 description: Auth defines how to authenticate with AWS
53 properties:
54 jwt:
55 description: Authenticate against AWS using service account tokens.
56 properties:
57 serviceAccountRef:
58 description: A reference to a ServiceAccount resource.
59 properties:
60 audiences:
61 description: |-
62 Audience specifies the `aud` claim for the service account token
63 If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity
64 then this audiences will be appended to the list
65 items:
66 type: string
67 type: array
68 name:
69 description: The name of the ServiceAccount resource being
70 referred to.
71 type: string
72 namespace:
73 description: |-
74 Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
75 to the namespace of the referent.
76 type: string
77 required:
78 - name
79 type: object
80 type: object
81 secretRef:
82 description: |-
83 AWSAuthSecretRef holds secret references for AWS credentials
84 both AccessKeyID and SecretAccessKey must be defined in order to properly authenticate.
85 properties:
86 accessKeyIDSecretRef:
87 description: The AccessKeyID is used for authentication
88 properties:
89 key:
90 description: |-
91 The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
92 defaulted, in others it may be required.
93 type: string
94 name:
95 description: The name of the Secret resource being referred
96 to.
97 type: string
98 namespace:
99 description: |-
100 Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
101 to the namespace of the referent.
102 type: string
103 type: object
104 secretAccessKeySecretRef:
105 description: The SecretAccessKey is used for authentication
106 properties:
107 key:
108 description: |-
109 The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
110 defaulted, in others it may be required.
111 type: string
112 name:
113 description: The name of the Secret resource being referred
114 to.
115 type: string
116 namespace:
117 description: |-
118 Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
119 to the namespace of the referent.
120 type: string
121 type: object
122 sessionTokenSecretRef:
123 description: |-
124 The SessionToken used for authentication
125 This must be defined if AccessKeyID and SecretAccessKey are temporary credentials
126 see: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_use-resources.html
127 properties:
128 key:
129 description: |-
130 The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
131 defaulted, in others it may be required.
132 type: string
133 name:
134 description: The name of the Secret resource being referred
135 to.
136 type: string
137 namespace:
138 description: |-
139 Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
140 to the namespace of the referent.
141 type: string
142 type: object
143 type: object
144 type: object
145 region:
146 description: Region specifies the region to operate in.
147 type: string
148 role:
149 description: |-
150 You can assume a role before making calls to the
151 desired AWS service.
152 type: string
153 required:
154 - region
155 type: object
156 type: object
157 served: true
158 storage: true
159 subresources:
160 status: {}
View as plain text