Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

feat: add external-secrets schemas #19

Merged
merged 1 commit into from
Mar 4, 2024
Merged

feat: add external-secrets schemas #19

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 1 addition & 0 deletions build.sh
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -84,3 +84,4 @@ crd_to_json_schema rds-controller https://raw.githubusercontent.com/aws-controll
crd_to_json_schema eck-operator https://raw.githubusercontent.com/elastic/cloud-on-k8s/1.6/deploy/eck-operator/charts/eck-operator-crds/templates/all-crds.yaml
crd_to_json_schema vault-secrets-operator https://raw.githubusercontent.com/ricoberger/vault-secrets-operator/master/charts/vault-secrets-operator/crds/crd-vaultsecret.yaml
crd_to_json_schema vpa https://raw.githubusercontent.com/kubernetes/autoscaler/master/vertical-pod-autoscaler/deploy/vpa-v1-crd-gen.yaml
crd_to_json_schema external-secrets-operator https://raw.githubusercontent.com/external-secrets/external-secrets/main/deploy/crds/bundle.yaml
155 changes: 155 additions & 0 deletions master-standalone-strict/acraccesstoken-generators-v1alpha1.json
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,155 @@
{
"description": "ACRAccessToken returns a Azure Container Registry token\nthat can be used for pushing/pulling images.\nNote: by default it will return an ACR Refresh Token with full access\n(depending on the identity).\nThis can be scoped down to the repository level using .spec.scope.\nIn case scope is defined it will return an ACR Access Token.\n\n\nSee docs: https://github.com/Azure/acr/blob/main/docs/AAD-OAuth.md",
"properties": {
"apiVersion": {
"description": "APIVersion defines the versioned schema of this representation of an object.\nServers should convert recognized schemas to the latest internal value, and\nmay reject unrecognized values.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources",
"type": "string"
},
"kind": {
"description": "Kind is a string value representing the REST resource this object represents.\nServers may infer this from the endpoint the client submits requests to.\nCannot be updated.\nIn CamelCase.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds",
"type": "string"
},
"metadata": {
"type": "object"
},
"spec": {
"description": "ACRAccessTokenSpec defines how to generate the access token\ne.g. how to authenticate and which registry to use.\nsee: https://github.com/Azure/acr/blob/main/docs/AAD-OAuth.md#overview",
"properties": {
"auth": {
"properties": {
"managedIdentity": {
"description": "ManagedIdentity uses Azure Managed Identity to authenticate with Azure.",
"properties": {
"identityId": {
"description": "If multiple Managed Identity is assigned to the pod, you can select the one to be used",
"type": "string"
}
},
"type": "object",
"additionalProperties": false
},
"servicePrincipal": {
"description": "ServicePrincipal uses Azure Service Principal credentials to authenticate with Azure.",
"properties": {
"secretRef": {
"description": "Configuration used to authenticate with Azure using static\ncredentials stored in a Kind=Secret.",
"properties": {
"clientId": {
"description": "The Azure clientId of the service principle used for authentication.",
"properties": {
"key": {
"description": "The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be\ndefaulted, in others it may be required.",
"type": "string"
},
"name": {
"description": "The name of the Secret resource being referred to.",
"type": "string"
},
"namespace": {
"description": "Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults\nto the namespace of the referent.",
"type": "string"
}
},
"type": "object",
"additionalProperties": false
},
"clientSecret": {
"description": "The Azure ClientSecret of the service principle used for authentication.",
"properties": {
"key": {
"description": "The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be\ndefaulted, in others it may be required.",
"type": "string"
},
"name": {
"description": "The name of the Secret resource being referred to.",
"type": "string"
},
"namespace": {
"description": "Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults\nto the namespace of the referent.",
"type": "string"
}
},
"type": "object",
"additionalProperties": false
}
},
"type": "object",
"additionalProperties": false
}
},
"required": [
"secretRef"
],
"type": "object",
"additionalProperties": false
},
"workloadIdentity": {
"description": "WorkloadIdentity uses Azure Workload Identity to authenticate with Azure.",
"properties": {
"serviceAccountRef": {
"description": "ServiceAccountRef specified the service account\nthat should be used when authenticating with WorkloadIdentity.",
"properties": {
"audiences": {
"description": "Audience specifies the `aud` claim for the service account token\nIf the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity\nthen this audiences will be appended to the list",
"items": {
"type": "string"
},
"type": "array"
},
"name": {
"description": "The name of the ServiceAccount resource being referred to.",
"type": "string"
},
"namespace": {
"description": "Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults\nto the namespace of the referent.",
"type": "string"
}
},
"required": [
"name"
],
"type": "object",
"additionalProperties": false
}
},
"type": "object",
"additionalProperties": false
}
},
"type": "object",
"additionalProperties": false
},
"environmentType": {
"default": "PublicCloud",
"description": "EnvironmentType specifies the Azure cloud environment endpoints to use for\nconnecting and authenticating with Azure. By default it points to the public cloud AAD endpoint.\nThe following endpoints are available, also see here: https://github.com/Azure/go-autorest/blob/main/autorest/azure/environments.go#L152\nPublicCloud, USGovernmentCloud, ChinaCloud, GermanCloud",
"enum": [
"PublicCloud",
"USGovernmentCloud",
"ChinaCloud",
"GermanCloud"
],
"type": "string"
},
"registry": {
"description": "the domain name of the ACR registry\ne.g. foobarexample.azurecr.io",
"type": "string"
},
"scope": {
"description": "Define the scope for the access token, e.g. pull/push access for a repository.\nif not provided it will return a refresh token that has full scope.\nNote: you need to pin it down to the repository level, there is no wildcard available.\n\n\nexamples:\nrepository:my-repository:pull,push\nrepository:my-repository:pull\n\n\nsee docs for details: https://docs.docker.com/registry/spec/auth/scope/",
"type": "string"
},
"tenantId": {
"description": "TenantID configures the Azure Tenant to send requests to. Required for ServicePrincipal auth type.",
"type": "string"
}
},
"required": [
"auth",
"registry"
],
"type": "object",
"additionalProperties": false
}
},
"type": "object"
}
Loading
Loading