2020-01-25 19:13:41 +00:00
---
2023-01-20 19:58:30 +00:00
apiVersion : rbac.authorization.k8s.io/v1
kind : RoleBinding
metadata :
annotations : {}
labels :
name : sealed-secrets-controller
name : sealed-secrets-controller
namespace : kube-system
roleRef :
apiGroup : rbac.authorization.k8s.io
kind : Role
name : sealed-secrets-key-admin
subjects :
- kind : ServiceAccount
name : sealed-secrets-controller
namespace : kube-system
---
apiVersion : rbac.authorization.k8s.io/v1
kind : Role
metadata :
annotations : {}
labels :
name : sealed-secrets-key-admin
name : sealed-secrets-key-admin
namespace : kube-system
rules :
- apiGroups :
- ""
resources :
- secrets
verbs :
- create
- list
---
apiVersion : rbac.authorization.k8s.io/v1
kind : ClusterRoleBinding
metadata :
annotations : {}
labels :
name : sealed-secrets-controller
name : sealed-secrets-controller
roleRef :
apiGroup : rbac.authorization.k8s.io
kind : ClusterRole
name : secrets-unsealer
subjects :
- kind : ServiceAccount
name : sealed-secrets-controller
namespace : kube-system
---
apiVersion : rbac.authorization.k8s.io/v1
kind : ClusterRole
metadata :
annotations : {}
labels :
name : secrets-unsealer
name : secrets-unsealer
rules :
- apiGroups :
- bitnami.com
resources :
- sealedsecrets
verbs :
- get
- list
- watch
- apiGroups :
- bitnami.com
resources :
- sealedsecrets/status
verbs :
- update
- apiGroups :
- ""
resources :
- secrets
verbs :
- get
- list
- create
- update
- delete
- watch
- apiGroups :
- ""
resources :
- events
verbs :
- create
- patch
- apiGroups :
- ""
resources :
- namespaces
verbs :
- get
---
apiVersion : v1
kind : ServiceAccount
metadata :
annotations : {}
labels :
name : sealed-secrets-controller
name : sealed-secrets-controller
namespace : kube-system
---
apiVersion : v1
kind : Service
metadata :
annotations : {}
labels :
name : sealed-secrets-controller
name : sealed-secrets-controller
namespace : kube-system
spec :
ports :
- port : 8080
targetPort : 8080
selector :
name : sealed-secrets-controller
type : ClusterIP
---
apiVersion : rbac.authorization.k8s.io/v1
kind : RoleBinding
metadata :
annotations : {}
labels :
name : sealed-secrets-service-proxier
name : sealed-secrets-service-proxier
namespace : kube-system
roleRef :
apiGroup : rbac.authorization.k8s.io
kind : Role
name : sealed-secrets-service-proxier
subjects :
- apiGroup : rbac.authorization.k8s.io
kind : Group
name : system:authenticated
---
apiVersion : rbac.authorization.k8s.io/v1
kind : Role
metadata :
annotations : {}
labels :
name : sealed-secrets-service-proxier
name : sealed-secrets-service-proxier
namespace : kube-system
rules :
- apiGroups :
- ""
resourceNames :
- sealed-secrets-controller
resources :
- services
verbs :
- get
- apiGroups :
- ""
resourceNames :
- 'http:sealed-secrets-controller:'
- http:sealed-secrets-controller:http
- sealed-secrets-controller
resources :
- services/proxy
verbs :
- create
- get
---
2021-12-21 19:35:57 +00:00
apiVersion : apps/v1
kind : Deployment
2021-04-15 18:57:27 +00:00
metadata :
annotations : {}
labels :
2021-12-21 19:35:57 +00:00
name : sealed-secrets-controller
name : sealed-secrets-controller
2023-01-20 19:58:30 +00:00
namespace : kube-system
2021-12-21 19:35:57 +00:00
spec :
minReadySeconds : 30
replicas : 1
revisionHistoryLimit : 10
selector :
matchLabels :
name : sealed-secrets-controller
strategy :
rollingUpdate :
maxSurge : 25 %
maxUnavailable : 25 %
type : RollingUpdate
template :
metadata :
annotations : {}
labels :
name : sealed-secrets-controller
spec :
containers :
- args : [ ]
command :
- controller
env : [ ]
2023-01-20 19:58:30 +00:00
image : docker.io/bitnami/sealed-secrets-controller:v0.19.4
imagePullPolicy : IfNotPresent
2021-12-21 19:35:57 +00:00
livenessProbe :
httpGet :
path : /healthz
port : http
name : sealed-secrets-controller
ports :
- containerPort : 8080
name : http
readinessProbe :
httpGet :
path : /healthz
port : http
securityContext :
readOnlyRootFilesystem : true
runAsNonRoot : true
runAsUser : 1001
stdin : false
tty : false
volumeMounts :
- mountPath : /tmp
name : tmp
imagePullSecrets : [ ]
initContainers : [ ]
securityContext :
fsGroup : 65534
serviceAccountName : sealed-secrets-controller
terminationGracePeriodSeconds : 30
volumes :
- emptyDir : {}
name : tmp
2021-04-15 18:57:27 +00:00
---
2021-12-21 19:35:57 +00:00
apiVersion : apiextensions.k8s.io/v1
kind : CustomResourceDefinition
2021-04-15 18:57:27 +00:00
metadata :
2021-12-21 19:35:57 +00:00
name : sealedsecrets.bitnami.com
spec :
group : bitnami.com
names :
kind : SealedSecret
listKind : SealedSecretList
plural : sealedsecrets
singular : sealedsecret
scope : Namespaced
versions :
- name : v1alpha1
schema :
openAPIV3Schema :
2023-01-20 19:58:30 +00:00
description : SealedSecret is the K8s representation of a "sealed Secret" -
a regular k8s Secret that has been sealed (encrypted) using the controller's
key.
2021-12-21 19:35:57 +00:00
properties :
2023-01-20 19:58:30 +00:00
apiVersion :
description : 'APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values. More info : https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type : string
kind :
description : 'Kind is a string value representing the REST resource this
object represents. Servers may infer this from the endpoint the client
submits requests to. Cannot be updated. In CamelCase. More info : https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type : string
metadata :
type : object
2021-12-21 19:35:57 +00:00
spec :
2023-01-20 19:58:30 +00:00
description : SealedSecretSpec is the specification of a SealedSecret
properties :
data :
description : Data is deprecated and will be removed eventually. Use
per-value EncryptedData instead.
format : byte
type : string
encryptedData :
additionalProperties :
type : string
type : object
x-kubernetes-preserve-unknown-fields : true
template :
description : Template defines the structure of the Secret that will
be created from this sealed secret.
properties :
data :
additionalProperties :
type : string
description : Keys that should be templated using decrypted data
nullable : true
type : object
metadata :
description: 'Standard object''s metadata. More info : https://git.k8s.io/community/contributors/devel/api-conventions.md#metadata'
nullable : true
type : object
x-kubernetes-preserve-unknown-fields : true
type :
description : Used to facilitate programmatic handling of secret
data.
type : string
type : object
required :
- encryptedData
2021-12-21 19:35:57 +00:00
type : object
status :
2023-01-20 19:58:30 +00:00
description : SealedSecretStatus is the most recently observed status of
the SealedSecret.
properties :
conditions :
description : Represents the latest available observations of a sealed
secret's current state.
items :
description : SealedSecretCondition describes the state of a sealed
secret at a certain point.
properties :
lastTransitionTime :
description : Last time the condition transitioned from one status
to another.
format : date-time
type : string
lastUpdateTime :
description : The last time this condition was updated.
format : date-time
type : string
message :
description : A human readable message indicating details about
the transition.
type : string
reason :
description : The reason for the condition's last transition.
type : string
status :
description : 'Status of the condition for a sealed secret. Valid
values for "Synced": "True", "False", or "Unknown".'
type : string
type :
description : 'Type of condition for a sealed secret. Valid value :
"Synced" '
type : string
required :
- status
- type
type : object
type : array
observedGeneration :
description : ObservedGeneration reflects the generation most recently
observed by the sealed-secrets controller.
format : int64
type : integer
type : object
required :
- spec
2021-12-21 19:35:57 +00:00
type : object
served : true
storage : true
subresources :
status : {}