-
Notifications
You must be signed in to change notification settings - Fork 428
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
operator vault-secrets-operator (0.9.0) (#4568)
- Loading branch information
Showing
15 changed files
with
3,110 additions
and
0 deletions.
There are no files selected for viewing
115 changes: 115 additions & 0 deletions
115
operators/vault-secrets-operator/0.9.0/manifests/secrets.hashicorp.com_hcpauths.yaml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,115 @@ | ||
apiVersion: apiextensions.k8s.io/v1 | ||
kind: CustomResourceDefinition | ||
metadata: | ||
annotations: | ||
controller-gen.kubebuilder.io/version: v0.16.3 | ||
creationTimestamp: null | ||
labels: | ||
app.kubernetes.io/component: controller-manager | ||
name: hcpauths.secrets.hashicorp.com | ||
spec: | ||
group: secrets.hashicorp.com | ||
names: | ||
kind: HCPAuth | ||
listKind: HCPAuthList | ||
plural: hcpauths | ||
singular: hcpauth | ||
scope: Namespaced | ||
versions: | ||
- name: v1beta1 | ||
schema: | ||
openAPIV3Schema: | ||
description: HCPAuth is the Schema for the hcpauths API | ||
properties: | ||
apiVersion: | ||
description: |- | ||
APIVersion defines the versioned schema of this representation of an object. | ||
Servers should convert recognized schemas to the latest internal value, and | ||
may reject unrecognized values. | ||
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources | ||
type: string | ||
kind: | ||
description: |- | ||
Kind is a string value representing the REST resource this object represents. | ||
Servers may infer this from the endpoint the client submits requests to. | ||
Cannot be updated. | ||
In CamelCase. | ||
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds | ||
type: string | ||
metadata: | ||
type: object | ||
spec: | ||
description: HCPAuthSpec defines the desired state of HCPAuth | ||
properties: | ||
allowedNamespaces: | ||
description: |- | ||
AllowedNamespaces Kubernetes Namespaces which are allow-listed for use with this AuthMethod. | ||
This field allows administrators to customize which Kubernetes namespaces are authorized to | ||
use with this AuthMethod. While Vault will still enforce its own rules, this has the added | ||
configurability of restricting which HCPAuthMethods can be used by which namespaces. | ||
Accepted values: | ||
[]{"*"} - wildcard, all namespaces. | ||
[]{"a", "b"} - list of namespaces. | ||
unset - disallow all namespaces except the Operator's the HCPAuthMethod's namespace, this | ||
is the default behavior. | ||
items: | ||
type: string | ||
type: array | ||
method: | ||
default: servicePrincipal | ||
description: Method to use when authenticating to Vault. | ||
enum: | ||
- servicePrincipal | ||
type: string | ||
organizationID: | ||
description: OrganizationID of the HCP organization. | ||
type: string | ||
projectID: | ||
description: ProjectID of the HCP project. | ||
type: string | ||
servicePrincipal: | ||
description: |- | ||
ServicePrincipal provides the necessary configuration for authenticating to | ||
HCP using a service principal. For security reasons, only project-level | ||
service principals should ever be used. | ||
properties: | ||
secretRef: | ||
description: |- | ||
SecretRef is the name of a Kubernetes secret in the consumer's | ||
(VDS/VSS/PKI/HCP) namespace which provides the HCP ServicePrincipal clientID, | ||
and clientSecret. | ||
The secret data must have the following structure { | ||
"clientID": "clientID", | ||
"clientSecret": "clientSecret", | ||
} | ||
type: string | ||
required: | ||
- secretRef | ||
type: object | ||
required: | ||
- organizationID | ||
- projectID | ||
type: object | ||
status: | ||
description: HCPAuthStatus defines the observed state of HCPAuth | ||
properties: | ||
error: | ||
type: string | ||
valid: | ||
description: Valid auth mechanism. | ||
type: boolean | ||
required: | ||
- error | ||
- valid | ||
type: object | ||
type: object | ||
served: true | ||
storage: true | ||
subresources: | ||
status: {} | ||
status: | ||
acceptedNames: | ||
kind: "" | ||
plural: "" | ||
conditions: null | ||
storedVersions: null |
Oops, something went wrong.