Skip to content

Commit

Permalink
chore: updated auto generated K8s manifests
Browse files Browse the repository at this point in the history
  • Loading branch information
leonsteinhaeuser committed Aug 15, 2023
1 parent 9e9024b commit 170daa7
Show file tree
Hide file tree
Showing 3 changed files with 365 additions and 0 deletions.
270 changes: 270 additions & 0 deletions config/crd/bases/passbolt.tagesspiegel.de_passboltsecrets.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,270 @@
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.12.0
name: passboltsecrets.passbolt.tagesspiegel.de
spec:
group: passbolt.tagesspiegel.de
names:
kind: PassboltSecret
listKind: PassboltSecretList
plural: passboltsecrets
singular: passboltsecret
scope: Namespaced
versions:
- additionalPrinterColumns:
- jsonPath: .status.syncStatus
name: Sync Status
type: string
- jsonPath: .status.lastSync
name: Last Sync
type: string
name: v1alpha1
schema:
openAPIV3Schema:
description: PassboltSecret is the Schema for the passboltsecrets API
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this
object represents. Servers may infer this from the endpoint the client
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
metadata:
type: object
spec:
description: PassboltSecretSpec defines the desired state of PassboltSecret
properties:
leaveOnDelete:
default: true
description: LeaveOnDelete defines if the secret should be deleted
from Kubernetes when the PassboltSecret is deleted.
type: boolean
secrets:
description: Secrets is a list of secrets to be fetched from passbolt.
items:
description: SecretSpec defines the secret mapping between passbolt
and kubernetes.
properties:
kubernetesSecretKey:
description: KubernetesSecretKey is the key in the kubernetes
secret where the passbolt secret will be stored.
type: string
passboltSecret:
description: Name of the secret in passbolt
properties:
field:
default: password
description: Field is the field in the passbolt secret to
be read.
enum:
- username
- password
- uri
type: string
name:
description: Name of the secret in passbolt
type: string
required:
- field
- name
type: object
required:
- kubernetesSecretKey
- passboltSecret
type: object
type: array
required:
- secrets
type: object
status:
description: PassboltSecretStatus defines the observed state of PassboltSecret
properties:
lastSync:
description: LastSync is the last time the secret was synced from
passbolt.
format: date-time
type: string
syncErrors:
description: SyncErrors is a list of errors that occurred during the
last sync.
items:
properties:
message:
description: Message is the error message.
type: string
secretKey:
description: SecretKey is the key of the secret that failed
to sync.
type: string
secretName:
description: SecretName is the name of the secret that failed
to sync.
type: string
time:
description: Time is the time the error occurred.
format: date-time
type: string
required:
- message
- secretKey
- secretName
- time
type: object
type: array
syncStatus:
default: Unknown
description: SyncStatus is the status of the last sync.
enum:
- Success
- Error
- Unknown
type: string
type: object
type: object
served: true
storage: false
subresources:
status: {}
- additionalPrinterColumns:
- jsonPath: .status.syncStatus
name: Sync Status
type: string
- jsonPath: .status.lastSync
name: Last Sync
type: string
name: v1alpha2
schema:
openAPIV3Schema:
description: PassboltSecret is the Schema for the passboltsecrets API
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this
object represents. Servers may infer this from the endpoint the client
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
metadata:
type: object
spec:
description: PassboltSecretSpec defines the desired state of PassboltSecret
properties:
leaveOnDelete:
default: true
description: LeaveOnDelete defines if the secret should be deleted
from Kubernetes when the PassboltSecret is deleted.
type: boolean
passboltSecretName:
description: PassboltSecretName is the name of the passbolt secret
name to be used as a docker config secret.
type: string
secretType:
default: Opaque
description: SecretType is the type of the secret. Defaults to Opaque.
If set to kubernetes.io/dockerconfigjson, the secret will be created
as a docker config secret. We also expect the PassboltSecretName
to be set in this case.
enum:
- Opaque
- kubernetes.io/dockerconfigjson
type: string
secrets:
description: Secrets is a list of secrets to be fetched from passbolt.
items:
description: SecretSpec defines the secret mapping between passbolt
and kubernetes.
properties:
kubernetesSecretKey:
description: KubernetesSecretKey is the key in the kubernetes
secret where the passbolt secret will be stored.
type: string
passboltSecret:
description: Name of the secret in passbolt
properties:
field:
description: Field is the field in the passbolt secret to
be read.
enum:
- username
- password
- uri
type: string
name:
description: Name of the secret in passbolt
type: string
value:
description: 'Value is the plain text value of the secret.
This field allows to set a static value or using go templating
to generate the value. Valid template variables are: -
Password - Username - URI'
type: string
required:
- name
type: object
required:
- kubernetesSecretKey
- passboltSecret
type: object
type: array
type: object
status:
description: PassboltSecretStatus defines the observed state of PassboltSecret
properties:
lastSync:
description: LastSync is the last time the secret was synced from
passbolt.
format: date-time
type: string
syncErrors:
description: SyncErrors is a list of errors that occurred during the
last sync.
items:
properties:
message:
description: Message is the error message.
type: string
secretKey:
description: SecretKey is the key of the secret that failed
to sync.
type: string
secretName:
description: SecretName is the name of the secret that failed
to sync.
type: string
time:
description: Time is the time the error occurred.
format: date-time
type: string
required:
- message
- secretKey
- secretName
- time
type: object
type: array
syncStatus:
default: Unknown
description: SyncStatus is the status of the last sync.
enum:
- Success
- Error
- Unknown
type: string
required:
- syncStatus
type: object
type: object
served: true
storage: true
subresources:
status: {}
43 changes: 43 additions & 0 deletions config/rbac/role.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,43 @@
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: manager-role
rules:
- apiGroups:
- ""
resources:
- secrets
verbs:
- create
- delete
- get
- list
- update
- watch
- apiGroups:
- passbolt.tagesspiegel.de
resources:
- passboltsecrets
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- passbolt.tagesspiegel.de
resources:
- passboltsecrets/finalizers
verbs:
- update
- apiGroups:
- passbolt.tagesspiegel.de
resources:
- passboltsecrets/status
verbs:
- get
- patch
- update
52 changes: 52 additions & 0 deletions config/webhook/manifests.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,52 @@
---
apiVersion: admissionregistration.k8s.io/v1
kind: MutatingWebhookConfiguration
metadata:
name: mutating-webhook-configuration
webhooks:
- admissionReviewVersions:
- v1
clientConfig:
service:
name: webhook-service
namespace: system
path: /mutate-passbolt-tagesspiegel-de-v1alpha2-passboltsecret
failurePolicy: Fail
name: mpassboltsecret.kb.io
rules:
- apiGroups:
- passbolt.tagesspiegel.de
apiVersions:
- v1alpha2
operations:
- CREATE
- UPDATE
resources:
- passboltsecrets
sideEffects: None
---
apiVersion: admissionregistration.k8s.io/v1
kind: ValidatingWebhookConfiguration
metadata:
name: validating-webhook-configuration
webhooks:
- admissionReviewVersions:
- v1
clientConfig:
service:
name: webhook-service
namespace: system
path: /validate-passbolt-tagesspiegel-de-v1alpha2-passboltsecret
failurePolicy: Fail
name: vpassboltsecret.kb.io
rules:
- apiGroups:
- passbolt.tagesspiegel.de
apiVersions:
- v1alpha2
operations:
- CREATE
- UPDATE
resources:
- passboltsecrets
sideEffects: None

0 comments on commit 170daa7

Please sign in to comment.