forked from premiscale/pass-operator
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathPassSecret.yaml
148 lines (144 loc) · 6.58 KB
/
PassSecret.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
name: passsecrets.secrets.premiscale.com
spec:
group: secrets.premiscale.com
scope: Namespaced
names:
kind: PassSecret
listKind: PassSecretList
plural: passsecrets
singular: passsecret
versions:
{{- if has "v1alpha1" .Values.global.versions }}
- name: v1alpha1
deprecated: false
served: true
storage: true
additionalPrinterColumns:
- name: Secret Name
type: string
jsonPath: .spec.managedSecret.metadata.name
- name: Secret Namespace
type: string
jsonPath: .spec.managedSecret.metadata.namespace
- name: Secret Type
type: string
jsonPath: .spec.managedSecret.type
- name: Age
type: date
jsonPath: .metadata.creationTimestamp
schema:
openAPIV3Schema:
x-kubernetes-embedded-resource: true
description: PassSecret is the schema for the PassOperator API.
type: object
properties:
apiVersion:
description: |+
APIVersion defines the versioned schema of this representation of an object.
Servers should convert recognized schemas to the latest internal value, and
may reject unrecognized values. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
type: string
kind:
description: |+
Kind is a string value representing the REST resource this object represents.
Servers may infer this from the endpoint the client submits requests to.
Cannot be updated. In CamelCase. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
type: string
metadata:
type: object
spec:
description: PassSecretSpec defines the desired state of a PassSecret.
type: object
properties:
encryptedData:
description: |+
Data to be contained in the secret. Can be as few as zero key-value pairs, since the K8s API accepts Secrets with no data.
type: object
minProperties: 0
# I tried to get patternProperties to work (1/20/24), but my control plane insisted it was a forbidden field.
# https://github.com/kubernetes/kubernetes/issues/59485#issuecomment-366600460
# Using the work-around I've found in Bitnami's SealedSecrets CRD for now ~
# https://github.com/bitnami-labs/sealed-secrets/blob/2ea6649b1e1cb13af055392bbe9b7699e13681d3/helm/sealed-secrets/crds/bitnami.com_sealedsecrets.yaml#L54
additionalProperties:
type: string
managedSecret:
description: Configure the managed Kubernetes secret object's fields.
type: object
properties:
apiVersion:
description: |+
APIVersion defines the versioned schema of this representation of an object.
Servers should convert recognized schemas to the latest internal value, and
may reject unrecognized values. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
type: string
kind:
description: |+
Kind is a string value representing the REST resource this object represents.
Servers may infer this from the endpoint the client submits requests to.
Cannot be updated. In CamelCase. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
type: string
metadata:
type: object
properties:
name:
description: |+
Name of the managed v1/Secrets object.
type: string
namespace:
description: |+
Namespace of the managed v1/Secrets object.
type: string
labels:
description: |+
Labels to apply to the managed v1/Secrets object.
type: object
additionalProperties:
type: string
annotations:
description: |+
Annotations to apply to the managed v1/Secrets object.
type: object
additionalProperties:
type: string
required:
- name
- namespace
type:
description: Kubernetes Secret type to create.
type: string
default: Opaque
enum:
- Opaque
- kubernetes.io/service-account-token
- kubernetes.io/dockercfg
- kubernetes.io/dockerconfigjson
- kubernetes.io/basic-auth
- kubernetes.io/ssh-auth
- kubernetes.io/tls
- bootstrap.kubernetes.io/token
immutable:
description: |+
Optionally configure whether the destination secret should be immutable.
This will raise warnings in the operator's log output as the managed
secret will have to be deleted prior to the operator being able to
update it. This is also a bit of an anti-pattern.
type: boolean
default: false
required:
- metadata
- type
required:
- encryptedData
- managedSecret
status:
description: Current state of the PassSecret on the Kubernetes cluster.
type: object
## TODO: add custom status.
{{- end }}