Documentation ¶
Overview ¶
Package v1beta1 contains resources for external-secrets +kubebuilder:object:generate=true +groupName=external-secrets.io +versionName=v1beta1
Index ¶
- Constants
- Variables
- type ExternalSecret
- type ExternalSecretConditionType
- type ExternalSecretConversionStrategy
- type ExternalSecretCreationPolicy
- type ExternalSecretData
- type ExternalSecretDataFromRemoteRef
- type ExternalSecretDataRemoteRef
- type ExternalSecretDeletionPolicy
- type ExternalSecretFind
- type ExternalSecretList
- type ExternalSecretSpec
- type ExternalSecretStatus
- type ExternalSecretStatusCondition
- type ExternalSecretTarget
- type ExternalSecretTemplate
- type ExternalSecretTemplateMetadata
- type FindName
- type SecretStoreRef
- type TemplateEngineVersion
- type TemplateFrom
- type TemplateRef
- type TemplateRefItem
Constants ¶
const ( // ConditionReasonSecretSynced indicates that the secrets was synced. ConditionReasonSecretSynced = "SecretSynced" // ConditionReasonSecretSyncedError indicates that there was an error syncing the secret. ConditionReasonSecretSyncedError = "SecretSyncedError" // ConditionReasonSecretDeleted indicates that the secret has been deleted. ConditionReasonSecretDeleted = "SecretDeleted" ReasonInvalidStoreRef = "InvalidStoreRef" ReasonProviderClientConfig = "InvalidProviderClientConfig" ReasonUpdateFailed = "UpdateFailed" ReasonUpdated = "Updated" ReasonDeleted = "Deleted" )
const ( Group = "external-secrets.io" Version = "v1beta1" )
Package type metadata.
const (
// AnnotationDataHash is used to ensure consistency.
AnnotationDataHash = "reconcile.external-secrets.io/data-hash"
)
Variables ¶
var ( // SchemeGroupVersion is group version used to register these objects. SchemeGroupVersion = schema.GroupVersion{Group: Group, Version: Version} // SchemeBuilder is used to add go types to the GroupVersionKind scheme. SchemeBuilder = &scheme.Builder{GroupVersion: SchemeGroupVersion} AddToScheme = SchemeBuilder.AddToScheme )
var ( ExtSecretKind = reflect.TypeOf(ExternalSecret{}).Name() ExtSecretGroupKind = schema.GroupKind{Group: Group, Kind: ExtSecretKind}.String() ExtSecretKindAPIVersion = ExtSecretKind + "." + SchemeGroupVersion.String() ExtSecretGroupVersionKind = SchemeGroupVersion.WithKind(ExtSecretKind) )
ExternalSecret type metadata.
Functions ¶
This section is empty.
Types ¶
type ExternalSecret ¶
type ExternalSecret struct { metav1.TypeMeta `json:",inline"` metav1.ObjectMeta `json:"metadata,omitempty"` Spec ExternalSecretSpec `json:"spec,omitempty"` Status ExternalSecretStatus `json:"status,omitempty"` }
+kubebuilder:object:root=true +kubebuilder:storageversion ExternalSecret is the Schema for the external-secrets API. +kubebuilder:subresource:status +kubebuilder:resource:scope=Namespaced,categories={externalsecrets},shortName=es +kubebuilder:printcolumn:name="Store",type=string,JSONPath=`.spec.secretStoreRef.name` +kubebuilder:printcolumn:name="Refresh Interval",type=string,JSONPath=`.spec.refreshInterval` +kubebuilder:printcolumn:name="Status",type=string,JSONPath=`.status.conditions[?(@.type=="Ready")].reason`
func (*ExternalSecret) DeepCopy ¶
func (in *ExternalSecret) DeepCopy() *ExternalSecret
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ExternalSecret.
func (*ExternalSecret) DeepCopyInto ¶
func (in *ExternalSecret) DeepCopyInto(out *ExternalSecret)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*ExternalSecret) DeepCopyObject ¶
func (in *ExternalSecret) DeepCopyObject() runtime.Object
DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
type ExternalSecretConditionType ¶
type ExternalSecretConditionType string
const ( ExternalSecretReady ExternalSecretConditionType = "Ready" ExternalSecretDeleted ExternalSecretConditionType = "Deleted" )
type ExternalSecretConversionStrategy ¶
type ExternalSecretConversionStrategy string
const ( ExternalSecretConversionDefault ExternalSecretConversionStrategy = "Default" ExternalSecretConversionUnicode ExternalSecretConversionStrategy = "Unicode" )
type ExternalSecretCreationPolicy ¶
type ExternalSecretCreationPolicy string
ExternalSecretCreationPolicy defines rules on how to create the resulting Secret. +kubebuilder:validation:Enum=Owner;Orphan;Merge;None
const ( // Owner creates the Secret and sets .metadata.ownerReferences to the ExternalSecret resource. CreatePolicyOwner ExternalSecretCreationPolicy = "Owner" // Orphan creates the Secret and does not set the ownerReference. // I.e. it will be orphaned after the deletion of the ExternalSecret. CreatePolicyOrphan ExternalSecretCreationPolicy = "Orphan" // Merge does not create the Secret, but merges the data fields to the Secret. CreatePolicyMerge ExternalSecretCreationPolicy = "Merge" // None does not create a Secret (future use with injector). CreatePolicyNone ExternalSecretCreationPolicy = "None" )
type ExternalSecretData ¶
type ExternalSecretData struct { SecretKey string `json:"secretKey"` RemoteRef ExternalSecretDataRemoteRef `json:"remoteRef"` }
ExternalSecretData defines the connection between the Kubernetes Secret key (spec.data.<key>) and the Provider data.
func (*ExternalSecretData) DeepCopy ¶
func (in *ExternalSecretData) DeepCopy() *ExternalSecretData
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ExternalSecretData.
func (*ExternalSecretData) DeepCopyInto ¶
func (in *ExternalSecretData) DeepCopyInto(out *ExternalSecretData)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type ExternalSecretDataFromRemoteRef ¶
type ExternalSecretDataFromRemoteRef struct { // Used to extract multiple key/value pairs from one secret // +optional Extract *ExternalSecretDataRemoteRef `json:"extract,omitempty"` // Used to find secrets based on tags or regular expressions // +optional Find *ExternalSecretFind `json:"find,omitempty"` }
+kubebuilder:validation:MinProperties=1 +kubebuilder:validation:MaxProperties=1
func (*ExternalSecretDataFromRemoteRef) DeepCopy ¶
func (in *ExternalSecretDataFromRemoteRef) DeepCopy() *ExternalSecretDataFromRemoteRef
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ExternalSecretDataFromRemoteRef.
func (*ExternalSecretDataFromRemoteRef) DeepCopyInto ¶
func (in *ExternalSecretDataFromRemoteRef) DeepCopyInto(out *ExternalSecretDataFromRemoteRef)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type ExternalSecretDataRemoteRef ¶
type ExternalSecretDataRemoteRef struct { // Key is the key used in the Provider, mandatory Key string `json:"key"` // Used to select a specific version of the Provider value, if supported // +optional Version string `json:"version,omitempty"` // +optional // Used to select a specific property of the Provider value (if a map), if supported Property string `json:"property,omitempty"` // +optional // Used to define a conversion Strategy // +kubebuilder:default="Default" ConversionStrategy ExternalSecretConversionStrategy `json:"conversionStrategy,omitempty"` }
ExternalSecretDataRemoteRef defines Provider data location.
func (*ExternalSecretDataRemoteRef) DeepCopy ¶
func (in *ExternalSecretDataRemoteRef) DeepCopy() *ExternalSecretDataRemoteRef
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ExternalSecretDataRemoteRef.
func (*ExternalSecretDataRemoteRef) DeepCopyInto ¶
func (in *ExternalSecretDataRemoteRef) DeepCopyInto(out *ExternalSecretDataRemoteRef)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type ExternalSecretDeletionPolicy ¶
type ExternalSecretDeletionPolicy string
ExternalSecretDeletionPolicy defines rules on how to delete the resulting Secret. +kubebuilder:validation:Enum=Delete;Merge;Retain
const ( // Delete deletes the secret if all provider secrets are deleted. // If a secret gets deleted on the provider side and is not accessible // anymore this is not considered an error and the ExternalSecret // does not go into SecretSyncedError status. DeletionPolicyDelete ExternalSecretDeletionPolicy = "Delete" // Merge removes keys in the secret, but not the secret itself. // If a secret gets deleted on the provider side and is not accessible // anymore this is not considered an error and the ExternalSecret // does not go into SecretSyncedError status. DeletionPolicyMerge ExternalSecretDeletionPolicy = "Merge" // Retain will retain the secret if all provider secrets have been deleted. // If a provider secret does not exist the ExternalSecret gets into the // SecretSyncedError status. DeletionPolicyRetain ExternalSecretDeletionPolicy = "Retain" )
type ExternalSecretFind ¶
type ExternalSecretFind struct { // A root path to start the find operations. // +optional Path *string `json:"path,omitempty"` // Finds secrets based on the name. // +optional Name *FindName `json:"name,omitempty"` // Find secrets based on tags. // +optional Tags map[string]string `json:"tags,omitempty"` // +optional // Used to define a conversion Strategy // +kubebuilder:default="Default" ConversionStrategy ExternalSecretConversionStrategy `json:"conversionStrategy,omitempty"` }
func (*ExternalSecretFind) DeepCopy ¶
func (in *ExternalSecretFind) DeepCopy() *ExternalSecretFind
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ExternalSecretFind.
func (*ExternalSecretFind) DeepCopyInto ¶
func (in *ExternalSecretFind) DeepCopyInto(out *ExternalSecretFind)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type ExternalSecretList ¶
type ExternalSecretList struct { metav1.TypeMeta `json:",inline"` metav1.ListMeta `json:"metadata,omitempty"` Items []ExternalSecret `json:"items"` }
ExternalSecretList contains a list of ExternalSecret resources.
func (*ExternalSecretList) DeepCopy ¶
func (in *ExternalSecretList) DeepCopy() *ExternalSecretList
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ExternalSecretList.
func (*ExternalSecretList) DeepCopyInto ¶
func (in *ExternalSecretList) DeepCopyInto(out *ExternalSecretList)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*ExternalSecretList) DeepCopyObject ¶
func (in *ExternalSecretList) DeepCopyObject() runtime.Object
DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
type ExternalSecretSpec ¶
type ExternalSecretSpec struct { SecretStoreRef SecretStoreRef `json:"secretStoreRef"` Target ExternalSecretTarget `json:"target"` // RefreshInterval is the amount of time before the values are read again from the SecretStore provider // Valid time units are "ns", "us" (or "µs"), "ms", "s", "m", "h" // May be set to zero to fetch and create it once. Defaults to 1h. // +kubebuilder:default="1h" RefreshInterval *metav1.Duration `json:"refreshInterval,omitempty"` // Data defines the connection between the Kubernetes Secret keys and the Provider data // +optional Data []ExternalSecretData `json:"data,omitempty"` // DataFrom is used to fetch all properties from a specific Provider data // If multiple entries are specified, the Secret keys are merged in the specified order // +optional DataFrom []ExternalSecretDataFromRemoteRef `json:"dataFrom,omitempty"` }
ExternalSecretSpec defines the desired state of ExternalSecret.
func (*ExternalSecretSpec) DeepCopy ¶
func (in *ExternalSecretSpec) DeepCopy() *ExternalSecretSpec
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ExternalSecretSpec.
func (*ExternalSecretSpec) DeepCopyInto ¶
func (in *ExternalSecretSpec) DeepCopyInto(out *ExternalSecretSpec)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type ExternalSecretStatus ¶
type ExternalSecretStatus struct { // +nullable // refreshTime is the time and date the external secret was fetched and // the target secret updated RefreshTime metav1.Time `json:"refreshTime,omitempty"` // SyncedResourceVersion keeps track of the last synced version SyncedResourceVersion string `json:"syncedResourceVersion,omitempty"` // +optional Conditions []ExternalSecretStatusCondition `json:"conditions,omitempty"` }
func (*ExternalSecretStatus) DeepCopy ¶
func (in *ExternalSecretStatus) DeepCopy() *ExternalSecretStatus
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ExternalSecretStatus.
func (*ExternalSecretStatus) DeepCopyInto ¶
func (in *ExternalSecretStatus) DeepCopyInto(out *ExternalSecretStatus)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type ExternalSecretStatusCondition ¶
type ExternalSecretStatusCondition struct { Type ExternalSecretConditionType `json:"type"` Status corev1.ConditionStatus `json:"status"` // +optional Reason string `json:"reason,omitempty"` // +optional Message string `json:"message,omitempty"` // +optional LastTransitionTime metav1.Time `json:"lastTransitionTime,omitempty"` }
func (*ExternalSecretStatusCondition) DeepCopy ¶
func (in *ExternalSecretStatusCondition) DeepCopy() *ExternalSecretStatusCondition
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ExternalSecretStatusCondition.
func (*ExternalSecretStatusCondition) DeepCopyInto ¶
func (in *ExternalSecretStatusCondition) DeepCopyInto(out *ExternalSecretStatusCondition)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type ExternalSecretTarget ¶
type ExternalSecretTarget struct { // Name defines the name of the Secret resource to be managed // This field is immutable // Defaults to the .metadata.name of the ExternalSecret resource // +optional Name string `json:"name,omitempty"` // CreationPolicy defines rules on how to create the resulting Secret // Defaults to 'Owner' // +optional // +kubebuilder:default="Owner" CreationPolicy ExternalSecretCreationPolicy `json:"creationPolicy,omitempty"` // DeletionPolicy defines rules on how to delete the resulting Secret // Defaults to 'Retain' // +optional // +kubebuilder:default="Retain" DeletionPolicy ExternalSecretDeletionPolicy `json:"deletionPolicy,omitempty"` // Template defines a blueprint for the created Secret resource. // +optional Template *ExternalSecretTemplate `json:"template,omitempty"` // Immutable defines if the final secret will be immutable // +optional Immutable bool `json:"immutable,omitempty"` }
ExternalSecretTarget defines the Kubernetes Secret to be created There can be only one target per ExternalSecret.
func (*ExternalSecretTarget) DeepCopy ¶
func (in *ExternalSecretTarget) DeepCopy() *ExternalSecretTarget
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ExternalSecretTarget.
func (*ExternalSecretTarget) DeepCopyInto ¶
func (in *ExternalSecretTarget) DeepCopyInto(out *ExternalSecretTarget)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type ExternalSecretTemplate ¶
type ExternalSecretTemplate struct { // +optional Type corev1.SecretType `json:"type,omitempty"` EngineVersion TemplateEngineVersion `json:"engineVersion,omitempty"` // +optional Metadata ExternalSecretTemplateMetadata `json:"metadata,omitempty"` // +optional Data map[string]string `json:"data,omitempty"` // +optional TemplateFrom []TemplateFrom `json:"templateFrom,omitempty"` }
ExternalSecretTemplate defines a blueprint for the created Secret resource. we can not use native corev1.Secret, it will have empty ObjectMeta values: https://github.com/kubernetes-sigs/controller-tools/issues/448
func (*ExternalSecretTemplate) DeepCopy ¶
func (in *ExternalSecretTemplate) DeepCopy() *ExternalSecretTemplate
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ExternalSecretTemplate.
func (*ExternalSecretTemplate) DeepCopyInto ¶
func (in *ExternalSecretTemplate) DeepCopyInto(out *ExternalSecretTemplate)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type ExternalSecretTemplateMetadata ¶
type ExternalSecretTemplateMetadata struct { // +optional Annotations map[string]string `json:"annotations,omitempty"` // +optional Labels map[string]string `json:"labels,omitempty"` }
ExternalSecretTemplateMetadata defines metadata fields for the Secret blueprint.
func (*ExternalSecretTemplateMetadata) DeepCopy ¶
func (in *ExternalSecretTemplateMetadata) DeepCopy() *ExternalSecretTemplateMetadata
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ExternalSecretTemplateMetadata.
func (*ExternalSecretTemplateMetadata) DeepCopyInto ¶
func (in *ExternalSecretTemplateMetadata) DeepCopyInto(out *ExternalSecretTemplateMetadata)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type FindName ¶
type FindName struct { // Finds secrets base // +optional RegExp string `json:"regexp,omitempty"` }
func (*FindName) DeepCopy ¶
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new FindName.
func (*FindName) DeepCopyInto ¶
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type SecretStoreRef ¶
type SecretStoreRef struct { // Name of the SecretStore resource Name string `json:"name"` // Kind of the SecretStore resource (SecretStore or ClusterSecretStore) // Defaults to `SecretStore` // +optional Kind string `json:"kind,omitempty"` }
SecretStoreRef defines which SecretStore to fetch the ExternalSecret data.
func (*SecretStoreRef) DeepCopy ¶
func (in *SecretStoreRef) DeepCopy() *SecretStoreRef
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SecretStoreRef.
func (*SecretStoreRef) DeepCopyInto ¶
func (in *SecretStoreRef) DeepCopyInto(out *SecretStoreRef)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type TemplateEngineVersion ¶
type TemplateEngineVersion string
const ( TemplateEngineV1 TemplateEngineVersion = "v1" TemplateEngineV2 TemplateEngineVersion = "v2" )
type TemplateFrom ¶
type TemplateFrom struct { ConfigMap *TemplateRef `json:"configMap,omitempty"` Secret *TemplateRef `json:"secret,omitempty"` }
+kubebuilder:validation:MinProperties=1 +kubebuilder:validation:MaxProperties=1
func (*TemplateFrom) DeepCopy ¶
func (in *TemplateFrom) DeepCopy() *TemplateFrom
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TemplateFrom.
func (*TemplateFrom) DeepCopyInto ¶
func (in *TemplateFrom) DeepCopyInto(out *TemplateFrom)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type TemplateRef ¶
type TemplateRef struct { Name string `json:"name"` Items []TemplateRefItem `json:"items"` }
func (*TemplateRef) DeepCopy ¶
func (in *TemplateRef) DeepCopy() *TemplateRef
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TemplateRef.
func (*TemplateRef) DeepCopyInto ¶
func (in *TemplateRef) DeepCopyInto(out *TemplateRef)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type TemplateRefItem ¶
type TemplateRefItem struct {
Key string `json:"key"`
}
func (*TemplateRefItem) DeepCopy ¶
func (in *TemplateRefItem) DeepCopy() *TemplateRefItem
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TemplateRefItem.
func (*TemplateRefItem) DeepCopyInto ¶
func (in *TemplateRefItem) DeepCopyInto(out *TemplateRefItem)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.