Gitiles
Code Review Sign In
review.vexxhost.dev / atmosphere / refs/heads/main / . / roles / secretgen_controller / templates / release.yml.tpl
blob: a976db28b69449eb4c36d7ec2b977fe74ac37fdd [file] [log] [blame] [edit]
# https://github.com/carvel-dev/secretgen-controller/releases/download/v0.16.0/release.yml
---
apiVersion: v1
kind: Namespace
metadata:
name: secretgen-controller
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
name: secretexports.secretgen.carvel.dev
spec:
group: secretgen.carvel.dev
names:
kind: SecretExport
listKind: SecretExportList
plural: secretexports
singular: secretexport
scope: Namespaced
versions:
- additionalPrinterColumns:
- description: Friendly description
jsonPath: .status.friendlyDescription
name: Description
type: string
- description: Time since creation
jsonPath: .metadata.creationTimestamp
name: Age
type: date
name: v1alpha1
schema:
openAPIV3Schema:
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this
object represents. Servers may infer this from the endpoint the client
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
metadata:
type: object
spec:
properties:
dangerousToNamespacesSelector:
items:
properties:
key:
description: Property to target the resource for the match.
It supports dot notation.
type: string
operator:
description: Type of comparison.
enum:
- In
- NotIn
- Exists
- DoesNotExist
type: string
values:
description: Values to match on the resource key using the comparison
operator.
items:
type: string
type: array
required:
- key
- operator
type: object
type: array
toNamespace:
type: string
toNamespaces:
items:
type: string
type: array
type: object
status:
properties:
conditions:
items:
properties:
message:
description: Human-readable message indicating details about
last transition.
type: string
reason:
description: Unique, this should be a short, machine understandable
string that gives the reason for condition's last transition.
If it reports "ResizeStarted" that means the underlying persistent
volume is being resized.
type: string
status:
type: string
type:
type: string
type: object
type: array
friendlyDescription:
type: string
observedGeneration:
format: int64
type: integer
observedSecretResourceVersion:
type: string
type: object
required:
- spec
type: object
served: true
storage: true
subresources:
status: {}
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
name: secretimports.secretgen.carvel.dev
spec:
group: secretgen.carvel.dev
names:
kind: SecretImport
listKind: SecretImportList
plural: secretimports
singular: secretimport
scope: Namespaced
versions:
- additionalPrinterColumns:
- description: Friendly description
jsonPath: .status.friendlyDescription
name: Description
type: string
- description: Time since creation
jsonPath: .metadata.creationTimestamp
name: Age
type: date
name: v1alpha1
schema:
openAPIV3Schema:
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this
object represents. Servers may infer this from the endpoint the client
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
metadata:
type: object
spec:
properties:
fromNamespace:
type: string
type: object
status:
properties:
conditions:
items:
properties:
message:
description: Human-readable message indicating details about
last transition.
type: string
reason:
description: Unique, this should be a short, machine understandable
string that gives the reason for condition's last transition.
If it reports "ResizeStarted" that means the underlying persistent
volume is being resized.
type: string
status:
type: string
type:
type: string
type: object
type: array
friendlyDescription:
type: string
observedGeneration:
format: int64
type: integer
type: object
required:
- spec
type: object
served: true
storage: true
subresources:
status: {}
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
name: secrettemplates.secretgen.carvel.dev
spec:
group: secretgen.carvel.dev
names:
kind: SecretTemplate
listKind: SecretTemplateList
plural: secrettemplates
singular: secrettemplate
scope: Namespaced
versions:
- additionalPrinterColumns:
- description: Friendly description
jsonPath: .status.friendlyDescription
name: Description
type: string
- description: Time since creation
jsonPath: .metadata.creationTimestamp
name: Age
type: date
name: v1alpha1
schema:
openAPIV3Schema:
description: SecretTemplate allows the construction of secrets using data
that reside in other Kubernetes resources
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this
object represents. Servers may infer this from the endpoint the client
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
metadata:
type: object
spec:
description: SecretTemplateSpec contains spec information
properties:
inputResources:
description: A list of input resources that are used to construct
a new secret. Input Resources can refer to ANY Kubernetes API. If
loading more than Secrets types ensure that `.spec.ServiceAccountName`
is set to an appropriate value. Input resources are read in the
order they are defined. An Input resource's name can be evaluated
dynamically from data in a previously evaluated input resource.
items:
description: InputResource is references a single Kubernetes resource
along with a identifying name
properties:
name:
description: The name of InputResource. This is used as the
identifying name in templating to refer to this Input Resource.
type: string
ref:
description: The reference to the Input Resource
properties:
apiVersion:
type: string
kind:
type: string
name:
description: The name of the input resource. This field
can itself contain JSONPATH syntax to load the name dynamically
from other input resources. For example this field could
be set to a static value of "my-secret" or a dynamic valid
of "$(.anotherinputresource.spec.name)".
type: string
required:
- apiVersion
- kind
- name
type: object
required:
- name
- ref
type: object
type: array
serviceAccountName:
description: The Service Account used to read InputResources. If not
specified, only Secrets can be read as InputResources.
type: string
template:
description: A JSONPath based template that can be used to create
Secrets.
properties:
data:
additionalProperties:
type: string
description: 'Data key and value. Where key is the Secret Key
and the value is a jsonpath surrounded by $( ). The fetched
data MUST be base64 encoded. All InputResources are available
via their identifying name. For example: key1: $(.secretinput1.data.value1)
key2: $(.secretinput2.data.value2)'
type: object
metadata:
description: Metadata contains metadata for the Secret
properties:
annotations:
additionalProperties:
type: string
description: Annotations to be placed on the generated secret
type: object
labels:
additionalProperties:
type: string
description: Labels to be placed on the generated secret
type: object
type: object
stringData:
additionalProperties:
type: string
description: 'StringData key and value. Where key is the Secret
Key and the value can contain a JSONPATH syntax surrounded by
$( ). All InputResources are available via their identifying
name. For example: key1: static-text key2: $(.input1.spec.value1)
key3: combined-$(.input2.status.value2)-$(.input2.status.value3)'
type: object
type:
description: Type is the type of Kubernetes Secret
type: string
type: object
required:
- inputResources
type: object
status:
description: SecretTemplateStatus contains status information
properties:
conditions:
items:
properties:
message:
description: Human-readable message indicating details about
last transition.
type: string
reason:
description: Unique, this should be a short, machine understandable
string that gives the reason for condition's last transition.
If it reports "ResizeStarted" that means the underlying persistent
volume is being resized.
type: string
status:
type: string
type:
type: string
type: object
type: array
friendlyDescription:
type: string
observedGeneration:
format: int64
type: integer
observedSecretResourceVersion:
type: string
secret:
description: LocalObjectReference contains enough information to let
you locate the referenced object inside the same namespace.
properties:
name:
description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Add other useful fields. apiVersion, kind, uid?'
type: string
type: object
x-kubernetes-map-type: atomic
type: object
required:
- spec
type: object
served: true
storage: true
subresources:
status: {}
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
name: certificates.secretgen.k14s.io
spec:
group: secretgen.k14s.io
names:
kind: Certificate
listKind: CertificateList
plural: certificates
singular: certificate
scope: Namespaced
versions:
- additionalPrinterColumns:
- description: Friendly description
jsonPath: .status.friendlyDescription
name: Description
type: string
- description: Time since creation
jsonPath: .metadata.creationTimestamp
name: Age
type: date
name: v1alpha1
schema:
openAPIV3Schema:
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this
object represents. Servers may infer this from the endpoint the client
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
metadata:
type: object
spec:
properties:
alternativeNames:
items:
type: string
type: array
caRef:
description: LocalObjectReference contains enough information to let
you locate the referenced object inside the same namespace.
properties:
name:
description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Add other useful fields. apiVersion, kind, uid?'
type: string
type: object
x-kubernetes-map-type: atomic
commonName:
type: string
duration:
format: int64
type: integer
extendedKeyUsage:
items:
type: string
type: array
isCA:
type: boolean
organization:
type: string
secretTemplate:
properties:
metadata:
properties:
annotations:
additionalProperties:
type: string
type: object
labels:
additionalProperties:
type: string
type: object
type: object
stringData:
additionalProperties:
type: string
type: object
type:
type: string
type: object
type: object
status:
properties:
conditions:
items:
properties:
message:
description: Human-readable message indicating details about
last transition.
type: string
reason:
description: Unique, this should be a short, machine understandable
string that gives the reason for condition's last transition.
If it reports "ResizeStarted" that means the underlying persistent
volume is being resized.
type: string
status:
type: string
type:
type: string
type: object
type: array
friendlyDescription:
type: string
observedGeneration:
format: int64
type: integer
type: object
type: object
served: true
storage: true
subresources:
status: {}
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
name: passwords.secretgen.k14s.io
spec:
group: secretgen.k14s.io
names:
kind: Password
listKind: PasswordList
plural: passwords
singular: password
scope: Namespaced
versions:
- additionalPrinterColumns:
- description: Friendly description
jsonPath: .status.friendlyDescription
name: Description
type: string
- description: Time since creation
jsonPath: .metadata.creationTimestamp
name: Age
type: date
name: v1alpha1
schema:
openAPIV3Schema:
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this
object represents. Servers may infer this from the endpoint the client
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
metadata:
type: object
spec:
properties:
digits:
default: 0
type: integer
length:
default: 40
type: integer
lowercaseLetters:
default: 0
type: integer
secretTemplate:
properties:
metadata:
properties:
annotations:
additionalProperties:
type: string
type: object
labels:
additionalProperties:
type: string
type: object
type: object
stringData:
additionalProperties:
type: string
type: object
type:
type: string
type: object
symbolCharSet:
default: '!@#$%&*;.:'
type: string
symbols:
default: 0
type: integer
uppercaseLetters:
default: 0
type: integer
type: object
status:
properties:
conditions:
items:
properties:
message:
description: Human-readable message indicating details about
last transition.
type: string
reason:
description: Unique, this should be a short, machine understandable
string that gives the reason for condition's last transition.
If it reports "ResizeStarted" that means the underlying persistent
volume is being resized.
type: string
status:
type: string
type:
type: string
type: object
type: array
friendlyDescription:
type: string
observedGeneration:
format: int64
type: integer
type: object
type: object
served: true
storage: true
subresources:
status: {}
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
name: rsakeys.secretgen.k14s.io
spec:
group: secretgen.k14s.io
names:
kind: RSAKey
listKind: RSAKeyList
plural: rsakeys
singular: rsakey
scope: Namespaced
versions:
- additionalPrinterColumns:
- description: Friendly description
jsonPath: .status.friendlyDescription
name: Description
type: string
- description: Time since creation
jsonPath: .metadata.creationTimestamp
name: Age
type: date
name: v1alpha1
schema:
openAPIV3Schema:
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this
object represents. Servers may infer this from the endpoint the client
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
metadata:
type: object
spec:
properties:
secretTemplate:
properties:
metadata:
properties:
annotations:
additionalProperties:
type: string
type: object
labels:
additionalProperties:
type: string
type: object
type: object
stringData:
additionalProperties:
type: string
type: object
type:
type: string
type: object
type: object
status:
properties:
conditions:
items:
properties:
message:
description: Human-readable message indicating details about
last transition.
type: string
reason:
description: Unique, this should be a short, machine understandable
string that gives the reason for condition's last transition.
If it reports "ResizeStarted" that means the underlying persistent
volume is being resized.
type: string
status:
type: string
type:
type: string
type: object
type: array
friendlyDescription:
type: string
observedGeneration:
format: int64
type: integer
type: object
type: object
served: true
storage: true
subresources:
status: {}
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
name: sshkeys.secretgen.k14s.io
spec:
group: secretgen.k14s.io
names:
kind: SSHKey
listKind: SSHKeyList
plural: sshkeys
singular: sshkey
scope: Namespaced
versions:
- additionalPrinterColumns:
- description: Friendly description
jsonPath: .status.friendlyDescription
name: Description
type: string
- description: Time since creation
jsonPath: .metadata.creationTimestamp
name: Age
type: date
name: v1alpha1
schema:
openAPIV3Schema:
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this
object represents. Servers may infer this from the endpoint the client
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
metadata:
type: object
spec:
properties:
secretTemplate:
properties:
metadata:
properties:
annotations:
additionalProperties:
type: string
type: object
labels:
additionalProperties:
type: string
type: object
type: object
stringData:
additionalProperties:
type: string
type: object
type:
type: string
type: object
type: object
status:
properties:
conditions:
items:
properties:
message:
description: Human-readable message indicating details about
last transition.
type: string
reason:
description: Unique, this should be a short, machine understandable
string that gives the reason for condition's last transition.
If it reports "ResizeStarted" that means the underlying persistent
volume is being resized.
type: string
status:
type: string
type:
type: string
type: object
type: array
friendlyDescription:
type: string
observedGeneration:
format: int64
type: integer
type: object
type: object
served: true
storage: true
subresources:
status: {}
---
apiVersion: apps/v1
kind: Deployment
metadata:
annotations:
kbld.k14s.io/images: |
- origins:
- local:
path: /home/runner/work/secretgen-controller/secretgen-controller
- git:
dirty: true
remoteURL: https://github.com/carvel-dev/secretgen-controller
sha: d806899d96fcb5a07ff2e38f93e37884a3db2b1d
tags:
- v0.16.0
url: ghcr.io/carvel-dev/secretgen-controller@sha256:59ec05ce5847bfd70c8e04f08b5195e918c8f6fbb947ffc91b456494a2958fd5
secretgen-controller.carvel.dev/version: v0.16.0
name: secretgen-controller
namespace: secretgen-controller
spec:
replicas: 1
revisionHistoryLimit: 0
selector:
matchLabels:
app: secretgen-controller
template:
metadata:
labels:
app: secretgen-controller
spec:
containers:
- image: "{{ atmosphere_images['secretgen_controller'] | vexxhost.kubernetes.docker_image('ref') }}"
name: secretgen-controller
resources:
requests:
cpu: 120m
memory: 100Mi
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
readOnlyRootFilesystem: true
runAsNonRoot: true
serviceAccount: secretgen-controller-sa
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: secretgen-controller-sa
namespace: secretgen-controller
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: secretgen-controller-cluster-role
rules:
- apiGroups:
- secretgen.k14s.io
resources:
- '*'
verbs:
- '*'
- apiGroups:
- secretgen.carvel.dev
resources:
- '*'
verbs:
- '*'
- apiGroups:
- ""
resources:
- secrets
verbs:
- '*'
- apiGroups:
- ""
resources:
- namespaces
verbs:
- list
- watch
- get
- apiGroups:
- ""
resources:
- serviceaccounts
verbs:
- list
- watch
- get
- apiGroups:
- ""
resources:
- serviceaccounts/token
verbs:
- create
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: secretgen-controller-cluster-role-binding
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: secretgen-controller-cluster-role
subjects:
- kind: ServiceAccount
name: secretgen-controller-sa
namespace: secretgen-controller