k8s.io/test-infra@v0.0.0-20240520184403-27c6b4c223d8/config/prow/cluster/kubernetes-external-secrets_crd.yaml (about) 1 --- 2 # From https://github.com/external-secrets/kubernetes-external-secrets/blob/master/charts/kubernetes-external-secrets/crds/kubernetes-client.io_externalsecrets_crd.yaml 3 apiVersion: apiextensions.k8s.io/v1 4 kind: CustomResourceDefinition 5 metadata: 6 name: externalsecrets.kubernetes-client.io 7 annotations: 8 # used in e2e testing 9 app.kubernetes.io/managed-by: helm 10 spec: 11 group: kubernetes-client.io 12 scope: Namespaced 13 14 versions: 15 - name: v1 16 served: true 17 storage: true 18 subresources: 19 status: {} 20 schema: 21 openAPIV3Schema: 22 required: 23 - spec 24 type: object 25 properties: 26 spec: 27 type: object 28 properties: 29 controllerId: 30 description: The ID of controller instance that manages this ExternalSecret. 31 This is needed in case there is more than a KES controller instances within the cluster. 32 type: string 33 type: 34 type: string 35 description: >- 36 DEPRECATED: Use spec.template.type 37 template: 38 description: Template which will be deep merged without mutating 39 any existing fields. into generated secret, can be used to 40 set for example annotations or type on the generated secret 41 type: object 42 x-kubernetes-preserve-unknown-fields: true 43 backendType: 44 description: >- 45 Determines which backend to use for fetching secrets 46 type: string 47 enum: 48 - secretsManager 49 - systemManager 50 - vault 51 - azureKeyVault 52 - gcpSecretsManager 53 - alicloudSecretsManager 54 - ibmcloudSecretsManager 55 - akeyless 56 vaultRole: 57 description: >- 58 Used by: vault 59 type: string 60 vaultMountPoint: 61 description: >- 62 Used by: vault 63 type: string 64 kvVersion: 65 description: Vault K/V version either 1 or 2, default = 2 66 type: integer 67 minimum: 1 68 maximum: 2 69 keyVaultName: 70 description: >- 71 Used by: azureKeyVault 72 type: string 73 dataFrom: 74 type: array 75 items: 76 type: string 77 dataFromWithOptions: 78 type: array 79 items: 80 type: object 81 properties: 82 key: 83 description: Secret key in backend 84 type: string 85 isBinary: 86 description: >- 87 Whether the backend secret shall be treated as binary data 88 represented by a base64-encoded string. You must set this to true 89 for any base64-encoded binary data in the backend - to ensure it 90 is not encoded in base64 again. Default is false. 91 type: boolean 92 versionStage: 93 description: >- 94 Used by: alicloudSecretsManager, secretsManager 95 type: string 96 versionId: 97 description: >- 98 Used by: secretsManager 99 type: string 100 required: 101 - key 102 data: 103 type: array 104 items: 105 type: object 106 properties: 107 key: 108 description: Secret key in backend 109 type: string 110 name: 111 description: Name set for this key in the generated secret 112 type: string 113 property: 114 description: Property to extract if secret in backend is a JSON object 115 type: string 116 isBinary: 117 description: >- 118 Whether the backend secret shall be treated as binary data 119 represented by a base64-encoded string. You must set this to true 120 for any base64-encoded binary data in the backend - to ensure it 121 is not encoded in base64 again. Default is false. 122 type: boolean 123 path: 124 description: >- 125 Path from SSM to scrape secrets 126 This will fetch all secrets and use the key from the secret as variable name 127 type: string 128 recursive: 129 description: Allow to recurse thru all child keys on a given path, default false 130 type: boolean 131 secretType: 132 description: >- 133 Used by: ibmcloudSecretsManager 134 Type of secret - one of username_password, iam_credentials or arbitrary 135 type: string 136 version: 137 description: >- 138 Used by: gcpSecretsManager 139 type: string 140 x-kubernetes-int-or-string: true 141 versionStage: 142 description: >- 143 Used by: alicloudSecretsManager, secretsManager 144 type: string 145 versionId: 146 description: >- 147 Used by: secretsManager 148 type: string 149 oneOf: 150 - required: 151 - key 152 - name 153 - required: 154 - path 155 roleArn: 156 type: string 157 description: >- 158 Used by: alicloudSecretsManager, secretsManager, systemManager 159 region: 160 type: string 161 description: >- 162 Used by: secretsManager, systemManager 163 projectId: 164 type: string 165 description: >- 166 Used by: gcpSecretsManager 167 keyByName: 168 type: boolean 169 description: >- 170 Whether to interpret the key as a secret name (if true) or ID (the default). 171 Used by: ibmcloudSecretsManager 172 oneOf: 173 - properties: 174 backendType: 175 enum: 176 - secretsManager 177 - systemManager 178 - properties: 179 backendType: 180 enum: 181 - vault 182 - properties: 183 backendType: 184 enum: 185 - azureKeyVault 186 required: 187 - keyVaultName 188 - properties: 189 backendType: 190 enum: 191 - gcpSecretsManager 192 - properties: 193 backendType: 194 enum: 195 - alicloudSecretsManager 196 - properties: 197 backendType: 198 enum: 199 - ibmcloudSecretsManager 200 - properties: 201 backendType: 202 enum: 203 - akeyless 204 anyOf: 205 - required: 206 - data 207 - required: 208 - dataFrom 209 - required: 210 - dataFromWithOptions 211 status: 212 type: object 213 properties: 214 lastSync: 215 type: string 216 status: 217 type: string 218 observedGeneration: 219 type: number 220 additionalPrinterColumns: 221 - jsonPath: .status.lastSync 222 name: Last Sync 223 type: date 224 - jsonPath: .status.status 225 name: status 226 type: string 227 - jsonPath: .metadata.creationTimestamp 228 name: Age 229 type: date 230 231 names: 232 shortNames: 233 - es 234 kind: ExternalSecret 235 plural: externalsecrets 236 singular: externalsecret