mirror of https://github.com/nold360/heqet.git
nold
1 year ago
parent
05e1b80b5f
commit
579a06386a
6 changed files with 474 additions and 85 deletions
@ -0,0 +1,220 @@ |
||||
--- |
||||
# Source: vault-secrets-operator/templates/custom-resource-definition.yaml |
||||
apiVersion: apiextensions.k8s.io/v1 |
||||
kind: CustomResourceDefinition |
||||
metadata: |
||||
annotations: |
||||
controller-gen.kubebuilder.io/version: v0.3.0 |
||||
creationTimestamp: null |
||||
name: vaultsecrets.ricoberger.de |
||||
labels: |
||||
app.kubernetes.io/name: vault-secrets-operator |
||||
helm.sh/chart: vault-secrets-operator-1.14.2 |
||||
app.kubernetes.io/instance: vault-secrets-operator |
||||
app.kubernetes.io/managed-by: Helm |
||||
spec: |
||||
group: ricoberger.de |
||||
names: |
||||
kind: VaultSecret |
||||
listKind: VaultSecretList |
||||
plural: vaultsecrets |
||||
singular: vaultsecret |
||||
scope: Namespaced |
||||
versions: |
||||
- additionalPrinterColumns: |
||||
- description: Indicates if the secret was created/updated successfully |
||||
jsonPath: .status.conditions[?(@.type=="SecretCreated")].status |
||||
name: Succeeded |
||||
type: string |
||||
- description: Reason for the current status |
||||
jsonPath: .status.conditions[?(@.type=="SecretCreated")].reason |
||||
name: Reason |
||||
type: string |
||||
- description: Message with more information, regarding the current status |
||||
jsonPath: .status.conditions[?(@.type=="SecretCreated")].message |
||||
name: Message |
||||
type: string |
||||
- description: Time when the condition was updated the last time |
||||
jsonPath: .status.conditions[?(@.type=="SecretCreated")].lastTransitionTime |
||||
name: Last Transition |
||||
type: date |
||||
- description: Time when this VaultSecret was created |
||||
jsonPath: .metadata.creationTimestamp |
||||
name: Age |
||||
type: date |
||||
name: v1alpha1 |
||||
schema: |
||||
openAPIV3Schema: |
||||
description: VaultSecret is the Schema for the vaultsecrets API |
||||
properties: |
||||
apiVersion: |
||||
description: 'APIVersion defines the versioned schema of this representation |
||||
of an object. Servers should convert recognized schemas to the latest |
||||
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' |
||||
type: string |
||||
kind: |
||||
description: 'Kind is a string value representing the REST resource this |
||||
object represents. Servers may infer this from the endpoint the client |
||||
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' |
||||
type: string |
||||
metadata: |
||||
type: object |
||||
spec: |
||||
description: VaultSecretSpec defines the desired state of VaultSecret |
||||
properties: |
||||
isBinary: |
||||
description: isBinary is a flag indicates if data stored in vault |
||||
is binary data. Since vault does not store binary data natively, |
||||
the binary data is stored as base64 encoded. However, same data |
||||
get encoded again when operator stored them as secret in k8s which |
||||
caused the data to get double encoded. This flag will skip the base64 |
||||
encode which is needed for string data to avoid the double encode |
||||
problem. |
||||
type: boolean |
||||
keys: |
||||
description: Keys is an array of Keys, which should be included in |
||||
the Kubernetes secret. If the Keys field is ommitted all keys from |
||||
the Vault secret will be included in the Kubernetes secret. |
||||
items: |
||||
type: string |
||||
type: array |
||||
path: |
||||
description: Path is the path of the corresponding secret in Vault. |
||||
type: string |
||||
reconcileStrategy: |
||||
description: ReconcileStrategy defines the strategy for reconcilation. |
||||
The default value is "Replace", which replaces any existing data |
||||
keys in a secret with the loaded keys from Vault. The second valid |
||||
value is "Merge" wiche merges the loaded keys from Vault with the |
||||
existing keys in a secret. Duplicated keys will be replaced with |
||||
the value from Vault. Other values are not valid for this field. |
||||
type: string |
||||
secretEngine: |
||||
description: SecretEngine specifies the type of the Vault secret engine |
||||
in which the secret is stored. Currently the 'KV Secrets Engine |
||||
- Version 1' and 'KV Secrets Engine - Version 2' are supported. |
||||
The value must be 'kv'. If the value is omitted or an other values |
||||
is used the Vault Secrets Operator will try to use the KV secret |
||||
engine. |
||||
type: string |
||||
templates: |
||||
additionalProperties: |
||||
type: string |
||||
description: Templates, if not empty will be run through the the Go |
||||
templating engine, with `.Secrets` being mapped to the list of secrets |
||||
received from Vault. When omitted set, all secrets will be added |
||||
as key/val pairs under Secret.data. |
||||
type: object |
||||
type: |
||||
description: Type is the type of the Kubernetes secret, which will |
||||
be created by the Vault Secrets Operator. |
||||
type: string |
||||
vaultNamespace: |
||||
description: 'VaultNamespace can be used to specify the Vault namespace |
||||
for a secret. When this value is set, the X-Vault-Namespace header |
||||
will be set for the request. More information regarding namespaces |
||||
can be found in the Vault Enterprise documentation: https://www.vaultproject.io/docs/enterprise/namespaces' |
||||
type: string |
||||
vaultRole: |
||||
description: VaultRole can be used to specify the Vault role, which |
||||
should be used to get the secret from Vault. If the vaultRole property |
||||
is set a new client with the specified Vault Role will be created |
||||
and the shared client is ignored. If the operator is configured |
||||
using the token auth method this property has no effect. |
||||
type: string |
||||
version: |
||||
description: Version sets the version of the secret which should be |
||||
used. The version is only used if the KVv2 secret engine is used. |
||||
If the version is omitted the Operator uses the latest version of |
||||
the secret. If the version omitted and the VAULT_RECONCILIATION_TIME |
||||
environment variable is set, the Kubernetes secret will be updated |
||||
if the Vault secret changes. |
||||
type: integer |
||||
required: |
||||
- path |
||||
- type |
||||
type: object |
||||
status: |
||||
description: VaultSecretStatus defines the observed state of VaultSecret |
||||
properties: |
||||
conditions: |
||||
items: |
||||
description: "Condition contains details for one aspect of the current |
||||
state of this API Resource. --- This struct is intended for direct |
||||
use as an array at the field path .status.conditions. For example, |
||||
type FooStatus struct{ // Represents the observations of a |
||||
foo's current state. // Known .status.conditions.type are: |
||||
\"Available\", \"Progressing\", and \"Degraded\" // +patchMergeKey=type |
||||
\ // +patchStrategy=merge // +listType=map // +listMapKey=type |
||||
\ Conditions []metav1.Condition `json:\"conditions,omitempty\" |
||||
patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"` |
||||
\n // other fields }" |
||||
properties: |
||||
lastTransitionTime: |
||||
description: lastTransitionTime is the last time the condition |
||||
transitioned from one status to another. This should be when |
||||
the underlying condition changed. If that is not known, then |
||||
using the time when the API field changed is acceptable. |
||||
format: date-time |
||||
type: string |
||||
message: |
||||
description: message is a human readable message indicating |
||||
details about the transition. This may be an empty string. |
||||
maxLength: 32768 |
||||
type: string |
||||
observedGeneration: |
||||
description: observedGeneration represents the .metadata.generation |
||||
that the condition was set based upon. For instance, if .metadata.generation |
||||
is currently 12, but the .status.conditions[x].observedGeneration |
||||
is 9, the condition is out of date with respect to the current |
||||
state of the instance. |
||||
format: int64 |
||||
minimum: 0 |
||||
type: integer |
||||
reason: |
||||
description: reason contains a programmatic identifier indicating |
||||
the reason for the condition's last transition. Producers |
||||
of specific condition types may define expected values and |
||||
meanings for this field, and whether the values are considered |
||||
a guaranteed API. The value should be a CamelCase string. |
||||
This field may not be empty. |
||||
maxLength: 1024 |
||||
minLength: 1 |
||||
pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ |
||||
type: string |
||||
status: |
||||
description: status of the condition, one of True, False, Unknown. |
||||
enum: |
||||
- "True" |
||||
- "False" |
||||
- Unknown |
||||
type: string |
||||
type: |
||||
description: type of condition in CamelCase or in foo.example.com/CamelCase. |
||||
--- Many .condition.type values are consistent across resources |
||||
like Available, but because arbitrary conditions can be useful |
||||
(see .node.status.conditions), the ability to deconflict is |
||||
important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) |
||||
maxLength: 316 |
||||
pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ |
||||
type: string |
||||
required: |
||||
- lastTransitionTime |
||||
- message |
||||
- reason |
||||
- status |
||||
- type |
||||
type: object |
||||
type: array |
||||
type: object |
||||
type: object |
||||
served: true |
||||
storage: true |
||||
subresources: |
||||
status: {} |
||||
status: |
||||
acceptedNames: |
||||
kind: "" |
||||
plural: "" |
||||
conditions: [] |
||||
storedVersions: [] |
||||
Loading…
Reference in new issue