-
-
Notifications
You must be signed in to change notification settings - Fork 752
/
clusterexternalsecret_types.go
124 lines (96 loc) · 4.78 KB
/
clusterexternalsecret_types.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
/*
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
package v1beta1
import (
corev1 "k8s.io/api/core/v1"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
)
// ClusterExternalSecretSpec defines the desired state of ClusterExternalSecret.
type ClusterExternalSecretSpec struct {
// The spec for the ExternalSecrets to be created
ExternalSecretSpec ExternalSecretSpec `json:"externalSecretSpec"`
// The name of the external secrets to be created defaults to the name of the ClusterExternalSecret
// +optional
ExternalSecretName string `json:"externalSecretName,omitempty"`
// The metadata of the external secrets to be created
// +optional
ExternalSecretMetadata ExternalSecretMetadata `json:"externalSecretMetadata,omitempty"`
// The labels to select by to find the Namespaces to create the ExternalSecrets in.
// Deprecated: Use NamespaceSelectors instead.
// +optional
NamespaceSelector *metav1.LabelSelector `json:"namespaceSelector,omitempty"`
// A list of labels to select by to find the Namespaces to create the ExternalSecrets in. The selectors are ORed.
// +optional
NamespaceSelectors []*metav1.LabelSelector `json:"namespaceSelectors,omitempty"`
// Choose namespaces by name. This field is ORed with anything that NamespaceSelectors ends up choosing.
// +optional
Namespaces []string `json:"namespaces,omitempty"`
// The time in which the controller should reconcile its objects and recheck namespaces for labels.
RefreshInterval *metav1.Duration `json:"refreshTime,omitempty"`
}
// ExternalSecretMetadata defines metadata fields for the ExternalSecret generated by the ClusterExternalSecret.
type ExternalSecretMetadata struct {
// +optional
Annotations map[string]string `json:"annotations,omitempty"`
// +optional
Labels map[string]string `json:"labels,omitempty"`
}
type ClusterExternalSecretConditionType string
const ClusterExternalSecretReady ClusterExternalSecretConditionType = "Ready"
type ClusterExternalSecretStatusCondition struct {
Type ClusterExternalSecretConditionType `json:"type"`
Status corev1.ConditionStatus `json:"status"`
// +optional
Message string `json:"message,omitempty"`
}
// ClusterExternalSecretNamespaceFailure represents a failed namespace deployment and it's reason.
type ClusterExternalSecretNamespaceFailure struct {
// Namespace is the namespace that failed when trying to apply an ExternalSecret
Namespace string `json:"namespace"`
// Reason is why the ExternalSecret failed to apply to the namespace
// +optional
Reason string `json:"reason,omitempty"`
}
// ClusterExternalSecretStatus defines the observed state of ClusterExternalSecret.
type ClusterExternalSecretStatus struct {
// ExternalSecretName is the name of the ExternalSecrets created by the ClusterExternalSecret
ExternalSecretName string `json:"externalSecretName,omitempty"`
// Failed namespaces are the namespaces that failed to apply an ExternalSecret
// +optional
FailedNamespaces []ClusterExternalSecretNamespaceFailure `json:"failedNamespaces,omitempty"`
// ProvisionedNamespaces are the namespaces where the ClusterExternalSecret has secrets
// +optional
ProvisionedNamespaces []string `json:"provisionedNamespaces,omitempty"`
// +optional
Conditions []ClusterExternalSecretStatusCondition `json:"conditions,omitempty"`
}
// +kubebuilder:object:root=true
// +kubebuilder:storageversion
// +kubebuilder:resource:scope=Cluster,categories={externalsecrets},shortName=ces
// +kubebuilder:subresource:status
// +kubebuilder:printcolumn:name="Store",type=string,JSONPath=`.spec.externalSecretSpec.secretStoreRef.name`
// +kubebuilder:printcolumn:name="Refresh Interval",type=string,JSONPath=`.spec.refreshTime`
// +kubebuilder:printcolumn:name="Ready",type=string,JSONPath=`.status.conditions[?(@.type=="Ready")].status`
// ClusterExternalSecret is the Schema for the clusterexternalsecrets API.
type ClusterExternalSecret struct {
metav1.TypeMeta `json:",inline"`
metav1.ObjectMeta `json:"metadata,omitempty"`
Spec ClusterExternalSecretSpec `json:"spec,omitempty"`
Status ClusterExternalSecretStatus `json:"status,omitempty"`
}
//+kubebuilder:object:root=true
// ClusterExternalSecretList contains a list of ClusterExternalSecret.
type ClusterExternalSecretList struct {
metav1.TypeMeta `json:",inline"`
metav1.ListMeta `json:"metadata,omitempty"`
Items []ClusterExternalSecret `json:"items"`
}