From 8ce824f71f5ac92db0492ef5137d5b3cf362095f Mon Sep 17 00:00:00 2001 From: devthejo Date: Wed, 17 May 2023 18:37:02 +0200 Subject: [PATCH] docs: + examples Signed-off-by: devthejo --- docs/secret-export.md | 25 ++++++++++++++++++++++- examples/secret-export.yml | 42 ++++++++++++++++++++++++++++++++++++++ 2 files changed, 66 insertions(+), 1 deletion(-) diff --git a/docs/secret-export.md b/docs/secret-export.md index 462db5dd5..6c2e44238 100644 --- a/docs/secret-export.md +++ b/docs/secret-export.md @@ -20,6 +20,13 @@ apiVersion: v1 kind: Namespace metadata: name: user2 +--- +apiVersion: v1 +kind: Namespace +metadata: + name: user3 + annotations: + field.cattle.io/projectId: "cluster1:project1" #! generate user-password secret upon creation --- @@ -29,7 +36,7 @@ metadata: name: user-password namespace: user1 -#! offer user-password to user2 namespace +#! offer user-password to user2 namespace and namespace with specified annotations (in this case user3) --- apiVersion: secretgen.carvel.dev/v1alpha1 kind: SecretExport @@ -38,6 +45,9 @@ metadata: namespace: user1 spec: toNamespace: user2 + toNamespaceAnnotations: + field.cattle.io/projectId: + - "cluster1:project1" #! allow user-password to be created in user2 namespace --- @@ -48,6 +58,17 @@ metadata: namespace: user2 spec: fromNamespace: user1 + +#! allow user-password to be created in namespace user3 +--- +apiVersion: secretgen.carvel.dev/v1alpha1 +kind: SecretImport +metadata: + name: user-password + namespace: user3 +spec: + fromNamespace: user1 + ``` Above configuration results in a `user-password` Secret created within `user2` namespace: @@ -75,6 +96,8 @@ SecretExport CRD allows to "offer" secrets for export. - `toNamespace` (optional; string) Destination namespace for offer. Use `*` to indicate all namespaces. - `toNamespaces` (optional; array of strings) List of destination namespaces for offer. +- `toNamespaceAnnotation` (optional; annotation map with single string value) List of destination namespaces annotations key/value for offer. +- `toNamespaceAnnotations` (optional; annotation map with array of strings value) List of destination namespaces annotations key/values for offer. ### SecretImport diff --git a/examples/secret-export.yml b/examples/secret-export.yml index 9d22fe832..7f1883b00 100644 --- a/examples/secret-export.yml +++ b/examples/secret-export.yml @@ -90,3 +90,45 @@ metadata: namespace: user3 spec: fromNamespace: user1 + +#! export user-password-multi secret from user1 to namespaces containing specific annotations +--- +apiVersion: secretgen.k14s.io/v1alpha1 +kind: Password +metadata: + name: scoped-user-password-multi + namespace: user1 +--- +apiVersion: secretgen.carvel.dev/v1alpha1 +kind: SecretExport +metadata: + name: scoped-user-password-multi + namespace: user1 +spec: + toNamespaceAnnotation: + field.cattle.io/projectId: "cluster1:project1" + toNamespaceAnnotations: + field.cattle.io/projectId: + - "cluster1:project2" +--- +apiVersion: secretgen.carvel.dev/v1alpha1 +kind: SecretImport +metadata: + name: scoped-user-password-multi + namespace: user2 + annotations: + field.cattle.io/projectId: "cluster1:project1" +spec: + fromNamespace: user1 +--- +apiVersion: secretgen.carvel.dev/v1alpha1 +kind: SecretImport +metadata: + name: scoped-user-password-multi + namespace: user3 + annotations: + field.cattle.io/projectId: "cluster1:project2" +spec: + fromNamespace: user1 + +