From 1e4389e0688a6970d34d1d9a3ad5829154049904 Mon Sep 17 00:00:00 2001 From: Emin Aktas Date: Mon, 18 Nov 2024 00:19:03 +0300 Subject: [PATCH] feat: add sealed secrets crds Signed-off-by: Emin Aktas --- sealed-secrets/README.md | 88 +++++++++ sealed-secrets/crds/sealed-secrets.yaml | 176 ++++++++++++++++++ sealed-secrets/kcl.mod | 7 + sealed-secrets/kcl.mod.lock | 5 + .../bitnami_com_v1alpha1_sealed_secret.k | 176 ++++++++++++++++++ 5 files changed, 452 insertions(+) create mode 100644 sealed-secrets/README.md create mode 100644 sealed-secrets/crds/sealed-secrets.yaml create mode 100644 sealed-secrets/kcl.mod create mode 100644 sealed-secrets/kcl.mod.lock create mode 100644 sealed-secrets/v1alpha1/bitnami_com_v1alpha1_sealed_secret.k diff --git a/sealed-secrets/README.md b/sealed-secrets/README.md new file mode 100644 index 00000000..e3e5e16a --- /dev/null +++ b/sealed-secrets/README.md @@ -0,0 +1,88 @@ +# sealed-secrets + +## Index + +- v1alpha1 + - [BitnamiComV1alpha1SealedSecretSpec](#bitnamicomv1alpha1sealedsecretspec) + - [BitnamiComV1alpha1SealedSecretSpecTemplate](#bitnamicomv1alpha1sealedsecretspectemplate) + - [BitnamiComV1alpha1SealedSecretSpecTemplateMetadata](#bitnamicomv1alpha1sealedsecretspectemplatemetadata) + - [BitnamiComV1alpha1SealedSecretStatus](#bitnamicomv1alpha1sealedsecretstatus) + - [BitnamiComV1alpha1SealedSecretStatusConditionsItems0](#bitnamicomv1alpha1sealedsecretstatusconditionsitems0) + - [SealedSecret](#sealedsecret) + +## Schemas + +### BitnamiComV1alpha1SealedSecretSpec + +SealedSecretSpec is the specification of a SealedSecret. + +#### Attributes + +| name | type | description | default value | +| --- | --- | --- | --- | +|**data**|str|Data is deprecated and will be removed eventually. Use per-value EncryptedData instead.|| +|**encryptedData** `required`|{str:str}|encrypted data|| +|**template**|[BitnamiComV1alpha1SealedSecretSpecTemplate](#bitnamicomv1alpha1sealedsecretspectemplate)|template|| +### BitnamiComV1alpha1SealedSecretSpecTemplate + +Template defines the structure of the Secret that will be created from this sealed secret. + +#### Attributes + +| name | type | description | default value | +| --- | --- | --- | --- | +|**data**|{str:str}|Keys that should be templated using decrypted data.|| +|**immutable**|bool|Immutable, if set to true, ensures that data stored in the Secret cannot
be updated (only object metadata can be modified).
If not set to true, the field can be modified at any time.
Defaulted to nil.|| +|**metadata**|[BitnamiComV1alpha1SealedSecretSpecTemplateMetadata](#bitnamicomv1alpha1sealedsecretspectemplatemetadata)|metadata|| +|**type**|str||| +### BitnamiComV1alpha1SealedSecretSpecTemplateMetadata + +Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#metadata + +#### Attributes + +| name | type | description | default value | +| --- | --- | --- | --- | +|**annotations**|{str:str}|annotations|| +|**finalizers**|[str]|finalizers|| +|**labels**|{str:str}|labels|| +|**name**|str|name|| +|**namespace**|str|namespace|| +### BitnamiComV1alpha1SealedSecretStatus + +SealedSecretStatus is the most recently observed status of the SealedSecret. + +#### Attributes + +| name | type | description | default value | +| --- | --- | --- | --- | +|**conditions**|[[BitnamiComV1alpha1SealedSecretStatusConditionsItems0](#bitnamicomv1alpha1sealedsecretstatusconditionsitems0)]|Represents the latest available observations of a sealed secret's current state.|| +|**observedGeneration**|int|ObservedGeneration reflects the generation most recently observed by the sealed-secrets controller.|| +### BitnamiComV1alpha1SealedSecretStatusConditionsItems0 + +SealedSecretCondition describes the state of a sealed secret at a certain point. + +#### Attributes + +| name | type | description | default value | +| --- | --- | --- | --- | +|**lastTransitionTime**|str|Last time the condition transitioned from one status to another.|| +|**lastUpdateTime**|str|The last time this condition was updated.|| +|**message**|str|A human readable message indicating details about the transition.|| +|**reason**|str|The reason for the condition's last transition.|| +|**status** `required`|str|Status of the condition for a sealed secret.
Valid values for "Synced": "True", "False", or "Unknown".|| +|**type** `required`|str||| +### SealedSecret + +SealedSecret is the K8s representation of a "sealed Secret" - a regular k8s Secret that has been sealed (encrypted) using the controller's key. + +#### Attributes + +| name | type | description | default value | +| --- | --- | --- | --- | +|**apiVersion** `required` `readOnly`|"bitnami.com/v1alpha1"|APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources|"bitnami.com/v1alpha1"| +|**kind** `required` `readOnly`|"SealedSecret"|Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds|"SealedSecret"| +|**metadata**|[ObjectMeta](#objectmeta)|metadata|| +|**spec** `required`|[BitnamiComV1alpha1SealedSecretSpec](#bitnamicomv1alpha1sealedsecretspec)|spec|| +|**status**|[BitnamiComV1alpha1SealedSecretStatus](#bitnamicomv1alpha1sealedsecretstatus)|status|| + diff --git a/sealed-secrets/crds/sealed-secrets.yaml b/sealed-secrets/crds/sealed-secrets.yaml new file mode 100644 index 00000000..dfc6fb13 --- /dev/null +++ b/sealed-secrets/crds/sealed-secrets.yaml @@ -0,0 +1,176 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + creationTimestamp: null + name: sealedsecrets.bitnami.com +spec: + group: bitnami.com + names: + kind: SealedSecret + listKind: SealedSecretList + plural: sealedsecrets + singular: sealedsecret + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .status.conditions[0].message + name: Status + type: string + - jsonPath: .status.conditions[0].status + name: Synced + type: string + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + description: |- + SealedSecret is the K8s representation of a "sealed Secret" - a + regular k8s Secret that has been sealed (encrypted) using the + controller's key. + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: SealedSecretSpec is the specification of a SealedSecret. + properties: + data: + description: Data is deprecated and will be removed eventually. Use + per-value EncryptedData instead. + format: byte + type: string + encryptedData: + additionalProperties: + type: string + type: object + x-kubernetes-preserve-unknown-fields: true + template: + description: |- + Template defines the structure of the Secret that will be + created from this sealed secret. + properties: + data: + additionalProperties: + type: string + description: Keys that should be templated using decrypted data. + nullable: true + type: object + immutable: + description: |- + Immutable, if set to true, ensures that data stored in the Secret cannot + be updated (only object metadata can be modified). + If not set to true, the field can be modified at any time. + Defaulted to nil. + type: boolean + metadata: + description: |- + Standard object's metadata. + More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#metadata + nullable: true + properties: + annotations: + additionalProperties: + type: string + type: object + finalizers: + items: + type: string + type: array + labels: + additionalProperties: + type: string + type: object + name: + type: string + namespace: + type: string + type: object + x-kubernetes-preserve-unknown-fields: true + type: + description: Used to facilitate programmatic handling of secret + data. + type: string + type: object + required: + - encryptedData + type: object + status: + description: SealedSecretStatus is the most recently observed status of + the SealedSecret. + properties: + conditions: + description: Represents the latest available observations of a sealed + secret's current state. + items: + description: SealedSecretCondition describes the state of a sealed + secret at a certain point. + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + format: date-time + type: string + lastUpdateTime: + description: The last time this condition was updated. + format: date-time + type: string + message: + description: A human readable message indicating details about + the transition. + type: string + reason: + description: The reason for the condition's last transition. + type: string + status: + description: |- + Status of the condition for a sealed secret. + Valid values for "Synced": "True", "False", or "Unknown". + type: string + type: + description: |- + Type of condition for a sealed secret. + Valid value: "Synced" + type: string + required: + - status + - type + type: object + type: array + observedGeneration: + description: ObservedGeneration reflects the generation most recently + observed by the sealed-secrets controller. + format: int64 + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: null + storedVersions: + - v1alpha1 + +--- diff --git a/sealed-secrets/kcl.mod b/sealed-secrets/kcl.mod new file mode 100644 index 00000000..c6d9c0a4 --- /dev/null +++ b/sealed-secrets/kcl.mod @@ -0,0 +1,7 @@ +[package] +name = "sealed-secrets" +edition = "v0.10.0" +version = "v0.27.2" + +[dependencies] +k8s = "1.31.2" diff --git a/sealed-secrets/kcl.mod.lock b/sealed-secrets/kcl.mod.lock new file mode 100644 index 00000000..7b4406f2 --- /dev/null +++ b/sealed-secrets/kcl.mod.lock @@ -0,0 +1,5 @@ +[dependencies] + [dependencies.k8s] + name = "k8s" + full_name = "k8s_1.31.2" + version = "1.31.2" diff --git a/sealed-secrets/v1alpha1/bitnami_com_v1alpha1_sealed_secret.k b/sealed-secrets/v1alpha1/bitnami_com_v1alpha1_sealed_secret.k new file mode 100644 index 00000000..e3a0bb77 --- /dev/null +++ b/sealed-secrets/v1alpha1/bitnami_com_v1alpha1_sealed_secret.k @@ -0,0 +1,176 @@ +""" +This file was generated by the KCL auto-gen tool. DO NOT EDIT. +Editing this file might prove futile when you re-run the KCL auto-gen generate command. +""" +import k8s.apimachinery.pkg.apis.meta.v1 + + +schema SealedSecret: + r""" + SealedSecret is the K8s representation of a "sealed Secret" - a + regular k8s Secret that has been sealed (encrypted) using the + controller's key. + + Attributes + ---------- + apiVersion : str, default is "bitnami.com/v1alpha1", required + APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + kind : str, default is "SealedSecret", required + Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + metadata : v1.ObjectMeta, default is Undefined, optional + metadata + spec : BitnamiComV1alpha1SealedSecretSpec, default is Undefined, required + spec + status : BitnamiComV1alpha1SealedSecretStatus, default is Undefined, optional + status + """ + + + apiVersion: "bitnami.com/v1alpha1" = "bitnami.com/v1alpha1" + + kind: "SealedSecret" = "SealedSecret" + + metadata?: v1.ObjectMeta + + spec: BitnamiComV1alpha1SealedSecretSpec + + status?: BitnamiComV1alpha1SealedSecretStatus + + +schema BitnamiComV1alpha1SealedSecretSpec: + r""" + SealedSecretSpec is the specification of a SealedSecret. + + Attributes + ---------- + data : str, default is Undefined, optional + Data is deprecated and will be removed eventually. Use per-value EncryptedData instead. + encryptedData : {str:str}, default is Undefined, required + encrypted data + template : BitnamiComV1alpha1SealedSecretSpecTemplate, default is Undefined, optional + template + """ + + + data?: str + + encryptedData: {str:str} + + template?: BitnamiComV1alpha1SealedSecretSpecTemplate + + +schema BitnamiComV1alpha1SealedSecretSpecTemplate: + r""" + Template defines the structure of the Secret that will be + created from this sealed secret. + + Attributes + ---------- + data : {str:str}, default is Undefined, optional + Keys that should be templated using decrypted data. + immutable : bool, default is Undefined, optional + Immutable, if set to true, ensures that data stored in the Secret cannot + be updated (only object metadata can be modified). + If not set to true, the field can be modified at any time. + Defaulted to nil. + metadata : BitnamiComV1alpha1SealedSecretSpecTemplateMetadata, default is Undefined, optional + metadata + $type : str, default is Undefined, optional + Used to facilitate programmatic handling of secret data. + """ + + + data?: {str:str} + + immutable?: bool + + metadata?: BitnamiComV1alpha1SealedSecretSpecTemplateMetadata + + $type?: str + + +schema BitnamiComV1alpha1SealedSecretSpecTemplateMetadata: + r""" + Standard object's metadata. + More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#metadata + + Attributes + ---------- + annotations : {str:str}, default is Undefined, optional + annotations + finalizers : [str], default is Undefined, optional + finalizers + labels : {str:str}, default is Undefined, optional + labels + name : str, default is Undefined, optional + name + namespace : str, default is Undefined, optional + namespace + """ + + + annotations?: {str:str} + + finalizers?: [str] + + labels?: {str:str} + + name?: str + + namespace?: str + + +schema BitnamiComV1alpha1SealedSecretStatus: + r""" + SealedSecretStatus is the most recently observed status of the SealedSecret. + + Attributes + ---------- + conditions : [BitnamiComV1alpha1SealedSecretStatusConditionsItems0], default is Undefined, optional + Represents the latest available observations of a sealed secret's current state. + observedGeneration : int, default is Undefined, optional + ObservedGeneration reflects the generation most recently observed by the sealed-secrets controller. + """ + + + conditions?: [BitnamiComV1alpha1SealedSecretStatusConditionsItems0] + + observedGeneration?: int + + +schema BitnamiComV1alpha1SealedSecretStatusConditionsItems0: + r""" + SealedSecretCondition describes the state of a sealed secret at a certain point. + + Attributes + ---------- + lastTransitionTime : str, default is Undefined, optional + Last time the condition transitioned from one status to another. + lastUpdateTime : str, default is Undefined, optional + The last time this condition was updated. + message : str, default is Undefined, optional + A human readable message indicating details about the transition. + reason : str, default is Undefined, optional + The reason for the condition's last transition. + status : str, default is Undefined, required + Status of the condition for a sealed secret. + Valid values for "Synced": "True", "False", or "Unknown". + $type : str, default is Undefined, required + Type of condition for a sealed secret. + Valid value: "Synced" + """ + + + lastTransitionTime?: str + + lastUpdateTime?: str + + message?: str + + reason?: str + + status: str + + $type: str + +