--- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: controller-gen.kubebuilder.io/version: v0.17.2 labels: external-secrets.io/component: controller name: clusterexternalsecrets.external-secrets.io spec: conversion: strategy: Webhook webhook: clientConfig: service: name: external-secrets-webhook namespace: external-secrets path: /convert conversionReviewVersions: - v1 group: external-secrets.io names: categories: - external-secrets kind: ClusterExternalSecret listKind: ClusterExternalSecretList plural: clusterexternalsecrets shortNames: - ces singular: clusterexternalsecret scope: Cluster versions: - additionalPrinterColumns: - jsonPath: .spec.externalSecretSpec.secretStoreRef.name name: Store type: string - jsonPath: .spec.refreshTime name: Refresh Interval type: string - jsonPath: .status.conditions[?(@.type=="Ready")].status name: Ready type: string name: v1beta1 schema: openAPIV3Schema: properties: apiVersion: type: string kind: type: string metadata: type: object spec: properties: externalSecretMetadata: properties: annotations: additionalProperties: type: string type: object labels: additionalProperties: type: string type: object type: object externalSecretName: maxLength: 253 minLength: 1 pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string externalSecretSpec: properties: data: items: properties: remoteRef: properties: conversionStrategy: default: Default enum: - Default - Unicode type: string decodingStrategy: default: None enum: - Auto - Base64 - Base64URL - None type: string key: type: string metadataPolicy: default: None enum: - None - Fetch type: string property: type: string version: type: string required: - key type: object secretKey: maxLength: 253 minLength: 1 pattern: ^[-._a-zA-Z0-9]+$ type: string sourceRef: maxProperties: 1 minProperties: 1 properties: generatorRef: properties: apiVersion: default: generators.external-secrets.io/v1alpha1 type: string kind: enum: - ACRAccessToken - ClusterGenerator - ECRAuthorizationToken - Fake - GCRAccessToken - GithubAccessToken - QuayAccessToken - Password - STSSessionToken - UUID - VaultDynamicSecret - Webhook - Grafana type: string name: maxLength: 253 minLength: 1 pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string required: - kind - name type: object storeRef: properties: kind: enum: - SecretStore - ClusterSecretStore type: string name: maxLength: 253 minLength: 1 pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string type: object type: object required: - remoteRef - secretKey type: object type: array dataFrom: items: properties: extract: properties: conversionStrategy: default: Default enum: - Default - Unicode type: string decodingStrategy: default: None enum: - Auto - Base64 - Base64URL - None type: string key: type: string metadataPolicy: default: None enum: - None - Fetch type: string property: type: string version: type: string required: - key type: object find: properties: conversionStrategy: default: Default enum: - Default - Unicode type: string decodingStrategy: default: None enum: - Auto - Base64 - Base64URL - None type: string name: properties: regexp: type: string type: object path: type: string tags: additionalProperties: type: string type: object type: object rewrite: items: properties: regexp: properties: source: type: string target: type: string required: - source - target type: object transform: properties: template: type: string required: - template type: object type: object type: array sourceRef: maxProperties: 1 minProperties: 1 properties: generatorRef: properties: apiVersion: default: generators.external-secrets.io/v1alpha1 type: string kind: enum: - ACRAccessToken - ClusterGenerator - ECRAuthorizationToken - Fake - GCRAccessToken - GithubAccessToken - QuayAccessToken - Password - STSSessionToken - UUID - VaultDynamicSecret - Webhook - Grafana type: string name: maxLength: 253 minLength: 1 pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string required: - kind - name type: object storeRef: properties: kind: enum: - SecretStore - ClusterSecretStore type: string name: maxLength: 253 minLength: 1 pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string type: object type: object type: object type: array refreshInterval: default: 1h type: string secretStoreRef: properties: kind: enum: - SecretStore - ClusterSecretStore type: string name: maxLength: 253 minLength: 1 pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string type: object target: default: creationPolicy: Owner deletionPolicy: Retain properties: creationPolicy: default: Owner enum: - Owner - Orphan - Merge - None type: string deletionPolicy: default: Retain enum: - Delete - Merge - Retain type: string immutable: type: boolean name: maxLength: 253 minLength: 1 pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string template: properties: data: additionalProperties: type: string type: object engineVersion: default: v2 enum: - v1 - v2 type: string mergePolicy: default: Replace enum: - Replace - Merge type: string metadata: properties: annotations: additionalProperties: type: string type: object labels: additionalProperties: type: string type: object type: object templateFrom: items: properties: configMap: properties: items: items: properties: key: maxLength: 253 minLength: 1 pattern: ^[-._a-zA-Z0-9]+$ type: string templateAs: default: Values enum: - Values - KeysAndValues type: string required: - key type: object type: array name: maxLength: 253 minLength: 1 pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string required: - items - name type: object literal: type: string secret: properties: items: items: properties: key: maxLength: 253 minLength: 1 pattern: ^[-._a-zA-Z0-9]+$ type: string templateAs: default: Values enum: - Values - KeysAndValues type: string required: - key type: object type: array name: maxLength: 253 minLength: 1 pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string required: - items - name type: object target: default: Data enum: - Data - Annotations - Labels type: string type: object type: array type: type: string type: object type: object type: object namespaceSelector: properties: matchExpressions: items: properties: key: type: string operator: type: string values: items: type: string type: array x-kubernetes-list-type: atomic required: - key - operator type: object type: array x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string type: object type: object x-kubernetes-map-type: atomic namespaceSelectors: items: properties: matchExpressions: items: properties: key: type: string operator: type: string values: items: type: string type: array x-kubernetes-list-type: atomic required: - key - operator type: object type: array x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string type: object type: object x-kubernetes-map-type: atomic type: array namespaces: items: maxLength: 63 minLength: 1 pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: array refreshTime: type: string required: - externalSecretSpec type: object status: properties: conditions: items: properties: message: type: string status: type: string type: type: string required: - status - type type: object type: array externalSecretName: type: string failedNamespaces: items: properties: namespace: type: string reason: type: string required: - namespace type: object type: array provisionedNamespaces: items: type: string type: array type: object type: object served: true storage: true subresources: status: {}