A Helm chart to set up the Openshift External Secrets Operator
| Key | Type | Default | Description |
|---|---|---|---|
| clusterGroup.isHubCluster | bool | true |
The variable that defines when a cluster is the HUB |
| global | object | depends on the individual settings | The global namespace containes some globally used variables used in patterns |
| global.clusterDomain | string | "foo.example.com" |
The DNS entry for the cluster the chart is being rendered on |
| global.hubClusterDomain | string | "hub.example.com" |
The DNS entry for the hub cluster |
| global.secretStore.backend | string | "vault" |
The backend of ESO being used in the pattern |
| ocpExternalSecrets | object | depends on the individual settings | Dictionary of all the settings to configure this chart |
| ocpExternalSecrets.caProvider | object | depends on the individual settings | This controls how ESO connects to vault and it allows to specify where the public key of the CA that signed the API endpoint to talke to the vault |
| ocpExternalSecrets.caProvider.clientCluster | object | depends on the individual settings | Where to fetch the CA that signed the vault API endpoint when on a spoke cluster |
| ocpExternalSecrets.caProvider.clientCluster.key | string | "hub-kube-root-ca.crt" |
Key of object where the CA is stored |
| ocpExternalSecrets.caProvider.clientCluster.name | string | "hub-ca" |
Name of object where the CA is stored |
| ocpExternalSecrets.caProvider.clientCluster.namespace | string | "external-secrets" |
Namespace of object where the CA is stored |
| ocpExternalSecrets.caProvider.clientCluster.type | string | "Secret" |
Type of object where the CA is stored |
| ocpExternalSecrets.caProvider.enabled | bool | true |
When set to true this uses a custom CA to talk to vault |
| ocpExternalSecrets.caProvider.hostCluster | object | depends on the individual settings | Where to fetch the CA that signed the vault API endpoint when on the hub cluster |
| ocpExternalSecrets.caProvider.hostCluster.key | string | "ca.crt" |
Key of object where the CA is stored |
| ocpExternalSecrets.caProvider.hostCluster.name | string | "kube-root-ca.crt" |
Name of object where the CA is stored |
| ocpExternalSecrets.caProvider.hostCluster.namespace | string | "external-secrets" |
Namespace of object where the CA is stored |
| ocpExternalSecrets.caProvider.hostCluster.type | string | "ConfigMap" |
Type of object where the CA is stored |
| ocpExternalSecrets.kubernetes | object | depends on the individual settings | Settings relevant when using the kubernetes backend |
| ocpExternalSecrets.kubernetes.remoteNamespace | string | "validated-patterns-secrets" |
The remote namespace used in the ClusterSecretStore |
| ocpExternalSecrets.kubernetes.server.url | string | "https://kubernetes.default" |
The URL used in the ClusterSecretStore |
| ocpExternalSecrets.rbac.rolename | string | "hub-role" |
The name of the vault role when connecting to the vault from the hub |
| ocpExternalSecrets.rbac.serviceAccount | object | depends on the individual settings | ServiceAccount configuration for external secrets |
| ocpExternalSecrets.rbac.serviceAccount.name | string | "ocp-external-secrets" |
The name of the service account used by external secrets |
| ocpExternalSecrets.rbac.serviceAccount.namespace | string | "external-secrets" |
The namespace where the service account is created |
| ocpExternalSecrets.vault | object | depends on the individual settings | Some vault configuration entries |
| ocpExternalSecrets.vault.mountPath | string | "hub" |
The vault secrets' path when connecting to it from the hub |
Autogenerated from chart metadata using helm-docs v1.14.2