conversion:
strategy: None
group: ricoberger.de
names:
kind: VaultSecret
listKind: VaultSecretList
plural: vaultsecrets
singular: vaultsecret
scope: Namespaced
versions:
- additionalPrinterColumns:
- description: Indicates if the secret was created/updated successfully
jsonPath: .status.conditions[?(@.type=="SecretCreated")].status
name: Succeeded
type: string
- description: Reason for the current status
jsonPath: .status.conditions[?(@.type=="SecretCreated")].reason
name: Reason
type: string
- description: Message with more information, regarding the current status
jsonPath: .status.conditions[?(@.type=="SecretCreated")].message
name: Message
type: string
- description: Time when the condition was updated the last time
jsonPath: .status.conditions[?(@.type=="SecretCreated")].lastTransitionTime
name: Last Transition
type: date
- description: Time when this VaultSecret was created
jsonPath: .metadata.creationTimestamp
name: Age
type: date
name: v1alpha1
schema:
openAPIV3Schema:
description: VaultSecret is the Schema for the vaultsecrets API
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this
object represents. Servers may infer this from the endpoint the client
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
metadata:
type: object
spec:
description: VaultSecretSpec defines the desired state of VaultSecret
properties:
isBinary:
description: isBinary is a flag indicates if data stored in vault is
binary data. Since vault does not store binary data natively, the
binary data is stored as base64 encoded. However, same data get encoded
again when operator stored them as secret in k8s which caused the
data to get double encoded. This flag will skip the base64 encode
which is needed for string data to avoid the double encode problem.
type: boolean
keys:
description: Keys is an array of Keys, which should be included in the
Kubernetes secret. If the Keys field is ommitted all keys from the
Vault secret will be included in the Kubernetes secret.
items:
type: string
type: array
path:
description: Path is the path of the corresponding secret in Vault.
type: string
reconcileStrategy:
description: ReconcileStrategy defines the strategy for reconcilation.
The default value is "Replace", which replaces any existing data keys
in a secret with the loaded keys from Vault. The second valid value
is "Merge" wiche merges the loaded keys from Vault with the existing
keys in a secret. Duplicated keys will be replaced with the value
from Vault. Other values are not valid for this field.
type: string
secretEngine:
description: SecretEngine specifies the type of the Vault secret engine
in which the secret is stored. Currently the 'KV Secrets Engine -
Version 1' and 'KV Secrets Engine - Version 2' are supported. The
value must be 'kv'. If the value is omitted or an other values is
used the Vault Secrets Operator will try to use the KV secret engine.
type: string
templates:
additionalProperties:
type: string
description: Templates, if not empty will be run through the the Go
templating engine, with `.Secrets` being mapped to the list of secrets
received from Vault. When omitted set, all secrets will be added as
key/val pairs under Secret.data.
type: object
type:
description: Type is the type of the Kubernetes secret, which will be
created by the Vault Secrets Operator.
type: string
vaultNamespace:
description: 'VaultNamespace can be used to specify the Vault namespace
for a secret. When this value is set, the X-Vault-Namespace header
will be set for the request. More information regarding namespaces
can be found in the Vault Enterprise documentation: https://www.vaultproject.io/docs/enterprise/namespaces'
type: string
vaultRole:
description: VaultRole can be used to specify the Vault role, which
should be used to get the secret from Vault. If the vaultRole property
is set a new client with the specified Vault Role will be created
and the shared client is ignored. If the operator is configured using
the token auth method this property has no effect.
type: string
version:
description: Version sets the version of the secret which should be
used. The version is only used if the KVv2 secret engine is used.
If the version is omitted the Operator uses the latest version of
the secret. If the version omitted and the VAULT_RECONCILIATION_TIME
environment variable is set, the Kubernetes secret will be updated
if the Vault secret changes.
type: integer
required:
- path
- type
type: object
status:
description: VaultSecretStatus defines the observed state of VaultSecret
properties:
conditions:
items:
description: "Condition contains details for one aspect of the current\
\ state of this API Resource. --- This struct is intended for direct\
\ use as an array at the field path .status.conditions. For example,\
\ type FooStatus struct{ // Represents the observations of a\
\ foo's current state. // Known .status.conditions.type are:\
\ \"Available\", \"Progressing\", and \"Degraded\" // +patchMergeKey=type\
\ // +patchStrategy=merge // +listType=map // +listMapKey=type\
\ Conditions []metav1.Condition `json:\"conditions,omitempty\"\
\ patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"\
` \n // other fields }"
properties:
lastTransitionTime:
description: lastTransitionTime is the last time the condition
transitioned from one status to another. This should be when
the underlying condition changed. If that is not known, then
using the time when the API field changed is acceptable.
format: date-time
type: string
message:
description: message is a human readable message indicating details
about the transition. This may be an empty string.
maxLength: 32768
type: string
observedGeneration:
description: observedGeneration represents the .metadata.generation
that the condition was set based upon. For instance, if .metadata.generation
is currently 12, but the .status.conditions[x].observedGeneration
is 9, the condition is out of date with respect to the current
state of the instance.
format: int64
minimum: 0
type: integer
reason:
description: reason contains a programmatic identifier indicating
the reason for the condition's last transition. Producers of
specific condition types may define expected values and meanings
for this field, and whether the values are considered a guaranteed
API. The value should be a CamelCase string. This field may
not be empty.
maxLength: 1024
minLength: 1
pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
type: string
status:
description: status of the condition, one of True, False, Unknown.
enum:
- 'True'
- 'False'
- Unknown
type: string
type:
description: type of condition in CamelCase or in foo.example.com/CamelCase.
--- Many .condition.type values are consistent across resources
like Available, but because arbitrary conditions can be useful
(see .node.status.conditions), the ability to deconflict is
important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)
maxLength: 316
pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
type: string
required:
- lastTransitionTime
- message
- reason
- status
- type
type: object
type: array
type: object
type: object
served: true
storage: true
subresources:
status: {}
vaultsecrets.ricoberger.de
app.kubernetes.io/instance: vault-secrets-operator
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: vault-secrets-operator
helm.sh/chart: vault-secrets-operator-1.14.5
controller-gen.kubebuilder.io/version: v0.3.0
kubectl.kubernetes.io/last-applied-configuration: {"apiVersion":"apiextensions.k8s.io/v...
Spec
Status
acceptedNames:
kind: VaultSecret
listKind: VaultSecretList
plural: vaultsecrets
singular: vaultsecret
conditions:
- lastTransitionTime: '2021-08-30T19:49:22Z'
message: no conflicts found
reason: NoConflicts
status: 'True'
type: NamesAccepted
- lastTransitionTime: '2021-08-30T19:49:23Z'
message: the initial names have been accepted
reason: InitialNamesAccepted
status: 'True'
type: Established
storedVersions:
- v1alpha1
Events
| Type | Reason | Age | From | Message |
|---|---|---|---|---|
| No events found. | ||||