add helm charts
This commit is contained in:
Ybehrooz
@@ -0,0 +1,138 @@
|
||||
{{- if .Values.installCRDs }}
|
||||
apiVersion: apiextensions.k8s.io/v1
|
||||
kind: CustomResourceDefinition
|
||||
metadata:
|
||||
annotations:
|
||||
{{- with .Values.crds.annotations }}
|
||||
{{- toYaml . | nindent 4}}
|
||||
{{- end }}
|
||||
{{- if and .Values.crds.conversion.enabled .Values.webhook.certManager.enabled .Values.webhook.certManager.addInjectorAnnotations }}
|
||||
cert-manager.io/inject-ca-from: {{ .Release.Namespace }}/{{ include "external-secrets.fullname" . }}-webhook
|
||||
{{- end }}
|
||||
controller-gen.kubebuilder.io/version: v0.15.0
|
||||
labels:
|
||||
external-secrets.io/component: controller
|
||||
name: gcraccesstokens.generators.external-secrets.io
|
||||
spec:
|
||||
group: generators.external-secrets.io
|
||||
names:
|
||||
categories:
|
||||
- gcraccesstoken
|
||||
kind: GCRAccessToken
|
||||
listKind: GCRAccessTokenList
|
||||
plural: gcraccesstokens
|
||||
shortNames:
|
||||
- gcraccesstoken
|
||||
singular: gcraccesstoken
|
||||
scope: Namespaced
|
||||
versions:
|
||||
- name: v1alpha1
|
||||
schema:
|
||||
openAPIV3Schema:
|
||||
description: |-
|
||||
GCRAccessToken generates an GCP access token
|
||||
that can be used to authenticate with GCR.
|
||||
properties:
|
||||
apiVersion:
|
||||
description: |-
|
||||
APIVersion defines the versioned schema of this representation of an object.
|
||||
Servers should convert recognized schemas to the latest internal value, and
|
||||
may reject unrecognized values.
|
||||
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
|
||||
type: string
|
||||
kind:
|
||||
description: |-
|
||||
Kind is a string value representing the REST resource this object represents.
|
||||
Servers may infer this from the endpoint the client submits requests to.
|
||||
Cannot be updated.
|
||||
In CamelCase.
|
||||
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
|
||||
type: string
|
||||
metadata:
|
||||
type: object
|
||||
spec:
|
||||
properties:
|
||||
auth:
|
||||
description: Auth defines the means for authenticating with GCP
|
||||
properties:
|
||||
secretRef:
|
||||
properties:
|
||||
secretAccessKeySecretRef:
|
||||
description: The SecretAccessKey is used for authentication
|
||||
properties:
|
||||
key:
|
||||
description: |-
|
||||
The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
|
||||
defaulted, in others it may be required.
|
||||
type: string
|
||||
name:
|
||||
description: The name of the Secret resource being referred to.
|
||||
type: string
|
||||
namespace:
|
||||
description: |-
|
||||
Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
|
||||
to the namespace of the referent.
|
||||
type: string
|
||||
type: object
|
||||
type: object
|
||||
workloadIdentity:
|
||||
properties:
|
||||
clusterLocation:
|
||||
type: string
|
||||
clusterName:
|
||||
type: string
|
||||
clusterProjectID:
|
||||
type: string
|
||||
serviceAccountRef:
|
||||
description: A reference to a ServiceAccount resource.
|
||||
properties:
|
||||
audiences:
|
||||
description: |-
|
||||
Audience specifies the `aud` claim for the service account token
|
||||
If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity
|
||||
then this audiences will be appended to the list
|
||||
items:
|
||||
type: string
|
||||
type: array
|
||||
name:
|
||||
description: The name of the ServiceAccount resource being referred to.
|
||||
type: string
|
||||
namespace:
|
||||
description: |-
|
||||
Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
|
||||
to the namespace of the referent.
|
||||
type: string
|
||||
required:
|
||||
- name
|
||||
type: object
|
||||
required:
|
||||
- clusterLocation
|
||||
- clusterName
|
||||
- serviceAccountRef
|
||||
type: object
|
||||
type: object
|
||||
projectID:
|
||||
description: ProjectID defines which project to use to authenticate with
|
||||
type: string
|
||||
required:
|
||||
- auth
|
||||
- projectID
|
||||
type: object
|
||||
type: object
|
||||
served: true
|
||||
storage: true
|
||||
subresources:
|
||||
status: {}
|
||||
{{- if .Values.crds.conversion.enabled }}
|
||||
conversion:
|
||||
strategy: Webhook
|
||||
webhook:
|
||||
conversionReviewVersions:
|
||||
- v1
|
||||
clientConfig:
|
||||
service:
|
||||
name: {{ include "external-secrets.fullname" . }}-webhook
|
||||
namespace: {{ .Release.Namespace | quote }}
|
||||
path: /convert
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
Reference in New Issue
Block a user