The module lifecycle stage: General Availability
The Deckhouse Kubernetes Platform installs CRDs but does not remove them when a module is disabled. If you no longer need the created CRDs, delete them.
SecretsStoreImport
Scope: Namespaced
Version: v1alpha1
-
objectspec
-
stringspec.address
Address of a Vault-compatible storage.
If the parameter is not specified, the value from ModuleConfig is used.
Pattern:
^https?://[.:0-9a-zA-Z-]+$ -
stringspec.audienceJWT token recipient audience (
audclaim in a token). -
stringspec.authPath
Authentication mount path in a Vault-compatible storage.
If the parameter is not specified, the value from ModuleConfig is used.
Pattern:
^[-_.a-zA-Z0-9]+$ -
stringspec.caCert
CA certificate in PEM format for connecting to Stronghold or Vault.
If the parameter is not specified, the value from ModuleConfig is used.
Pattern:
^-----BEGIN CERTIFICATE----- (.+ ){5} -
array of objectsspec.files
Required value
-
booleanspec.files.decodeBase64Enables decoding of a Base64-encoded secret value before saving it to a file.
Default:
false -
stringspec.files.nameFilename where the secret is written.
Pattern:
^[-_a-zA-Z0-9.]+$ -
objectspec.files.source
-
stringspec.files.source.key
Required value
Secret key name in a Vault-compatible KV store.Pattern:
^[-a-zA-Z0-9_.]+$ -
stringspec.files.source.path
Required value
Path to the secret in a Vault-compatible KV store.Pattern:
^[-a-zA-Z0-9_.\/]+$
-
-
-
stringspec.namespace
Namespace where the imported secret is created.
If the parameter is not specified, the value from ModuleConfig is used.
Pattern:
^[-_./a-zA-Z0-9]+$ -
stringspec.role
Required value
Role in a Vault-compatible storage.Pattern:
^[-_\.a-zA-Z0-9]+$ -
booleanspec.skipTLSVerifySkips verification of TLS certificates.
-
stringspec.type
Required value
Type of a mechanism for delivering secrets into the cluster.
Only the CSI type is supported at the moment.
Allowed values:
CSI
-