Merge pull request #37 from siddhibhor-56/sbhor-eso-106

openshift-merge-bot[bot] · web-flow · commit 394946f163ba · 2025-06-18T13:25:54.000Z
ESO-106: Adds sample CR's for example purpose
diff --git a/bundle/manifests/external-secrets-operator.clusterserviceversion.yaml b/bundle/manifests/external-secrets-operator.clusterserviceversion.yaml
@@ -4,6 +4,178 @@ metadata:
   annotations:
     alm-examples: |-
       [
+        {
+          "apiVersion": "external-secrets.io/v1alpha1",
+          "kind": "PushSecret",
+          "metadata": {
+            "annotations": {
+              "external-secrets.io/example": "true"
+            },
+            "name": "pushsecret-sample",
+            "namespace": "external-secrets"
+          },
+          "spec": {
+            "config": {
+              "gcp": {
+                "projectID": "openshift-sample-project",
+                "secret": {
+                  "name": "test",
+                  "replicationPolicy": "automatic",
+                  "version": "latest"
+                }
+              }
+            },
+            "secretStoreRefs": [
+              {
+                "kind": "ClusterSecretStore",
+                "name": "gcp-cluster-secretstore"
+              }
+            ],
+            "selector": {
+              "secret": {
+                "name": "gcp-secret-k8s"
+              }
+            }
+          }
+        },
+        {
+          "apiVersion": "external-secrets.io/v1beta1",
+          "kind": "ClusterExternalSecret",
+          "metadata": {
+            "annotations": {
+              "external-secrets.io/example": "true"
+            },
+            "name": "secret-cluster"
+          },
+          "spec": {
+            "externalSecretSpec": {
+              "data": [
+                {
+                  "remoteRef": {
+                    "key": "gcp-secret",
+                    "version": "latest"
+                  },
+                  "secretKey": "key"
+                }
+              ],
+              "refreshInterval": "1h",
+              "secretStoreRef": {
+                "kind": "ClusterSecretStore",
+                "name": "gcp-cluster-secretstore"
+              },
+              "target": {
+                "creationPolicy": "Owner",
+                "name": "gcp-secret-k8s"
+              }
+            },
+            "namespaceSelector": {
+              "matchLabels": {
+                "app.kubernetes.io/managed-by": "external-secrets-operator"
+              }
+            }
+          }
+        },
+        {
+          "apiVersion": "external-secrets.io/v1beta1",
+          "kind": "ClusterSecretStore",
+          "metadata": {
+            "annotations": {
+              "external-secrets.io/example": "true"
+            },
+            "name": "gcp-cluster-secretstore"
+          },
+          "spec": {
+            "provider": {
+              "gcpsm": {
+                "auth": {
+                  "secretRef": {
+                    "secretAccessKeySecretRef": {
+                      "key": "secret-access-key.json",
+                      "name": "gcp-creds",
+                      "namespace": "external-secrets"
+                    }
+                  }
+                },
+                "projectID": "openshift-sample-project"
+              }
+            }
+          }
+        },
+        {
+          "apiVersion": "external-secrets.io/v1beta1",
+          "kind": "ExternalSecret",
+          "metadata": {
+            "annotations": {
+              "external-secrets.io/example": "true"
+            },
+            "name": "gcp-secret",
+            "namespace": "external-secrets"
+          },
+          "spec": {
+            "data": [
+              {
+                "remoteRef": {
+                  "key": "gcp-secret",
+                  "version": "latest"
+                },
+                "secretKey": "Key"
+              }
+            ],
+            "refreshInterval": "1h",
+            "secretStoreRef": {
+              "kind": "SecretStore",
+              "name": "secretstore"
+            },
+            "target": {
+              "creationPolicy": "Owner",
+              "name": "k8s-secret"
+            }
+          }
+        },
+        {
+          "apiVersion": "external-secrets.io/v1beta1",
+          "kind": "SecretStore",
+          "metadata": {
+            "annotations": {
+              "external-secrets.io/disable-maintenance-checks": "true"
+            },
+            "name": "secretstore",
+            "namespace": "external-secrets"
+          },
+          "spec": {
+            "provider": {
+              "gcpsm": {
+                "auth": {
+                  "secretRef": {
+                    "secretAccessKeySecretRef": {
+                      "key": "secret-access-key.json",
+                      "name": "gcp-creds"
+                    }
+                  }
+                },
+                "projectID": "openshift-sample-project"
+              }
+            }
+          }
+        },
+        {
+          "apiVersion": "generators.external-secrets.io/v1alpha1",
+          "kind": "Password",
+          "metadata": {
+            "annotations": {
+              "external-secrets.io/example": "true"
+            },
+            "name": "password-sample",
+            "namespace": "external-secrets"
+          },
+          "spec": {
+            "excludeLowercase": false,
+            "excludeNumbers": false,
+            "excludeUppercase": false,
+            "includeSymbols": true,
+            "length": 20
+          }
+        },
         {
           "apiVersion": "operator.openshift.io/v1alpha1",
           "kind": "ExternalSecrets",
diff --git a/config/samples/cluster_secretstore.yaml b/config/samples/cluster_secretstore.yaml
@@ -0,0 +1,16 @@
+apiVersion: external-secrets.io/v1beta1
+kind: ClusterSecretStore
+metadata:
+  name: gcp-cluster-secretstore  # ! Replace with a unique name for your ClusterSecretStore.
+  annotations:
+    external-secrets.io/example: "true"
+spec:
+  provider:
+    gcpsm:
+      projectID: openshift-sample-project  # ! Replace with your GCP project ID.
+      auth:
+        secretRef:
+          secretAccessKeySecretRef:
+            name: gcp-creds  # ! Replace with the name of the Kubernetes Secret containing your GCP credentials.
+            key: secret-access-key.json  # ! Replace with the key in the Secret that holds the GCP service account JSON.
+            namespace: external-secrets  # ! Replace with the namespace where the above Secret is located.
diff --git a/config/samples/external_secret.yaml b/config/samples/external_secret.yaml
@@ -0,0 +1,20 @@
+apiVersion: external-secrets.io/v1beta1
+kind: ExternalSecret
+metadata:
+  name: gcp-secret  # ! Name of the ExternalSecret resource in your cluster.
+  namespace: external-secrets  # ! Replace with the namespace where this ExternalSecret should be created.
+  annotations:
+    external-secrets.io/example: "true"
+spec:
+  refreshInterval: 1h  # ! How often to sync the secret from the external provider.
+  secretStoreRef:
+    name: secretstore  # ! Replace with the name of your SecretStore or ClusterSecretStore.
+    kind: SecretStore  # ! Use 'ClusterSecretStore' if referring to a cluster-wide store.
+  target:
+    name: k8s-secret  # ! Name of the resulting Kubernetes Secret.
+    creationPolicy: Owner  # ! Determines if the secret should be created ('Owner'), adopted, or left unchanged.
+  data:
+    - secretKey: Key  # ! Key name inside the Kubernetes Secret.
+      remoteRef:
+        key: gcp-secret  # ! Name of the secret in GCP Secret Manager.
+        version: latest  # ! Replace with a specific version if needed.
diff --git a/config/samples/external_secretstore.yaml b/config/samples/external_secretstore.yaml
@@ -0,0 +1,23 @@
+apiVersion: external-secrets.io/v1beta1
+kind: ClusterExternalSecret
+metadata:
+  name: secret-cluster  # ! Name of the ClusterExternalSecret resource.
+  annotations:
+    external-secrets.io/example: "true"
+spec:
+  namespaceSelector:
+    matchLabels:
+      app.kubernetes.io/managed-by: external-secrets-operator  # ! Label used to select target namespaces. Adjust as needed.
+  externalSecretSpec:
+    refreshInterval: 1h  # ! Frequency to sync secrets from the external provider.
+    secretStoreRef:
+      name: gcp-cluster-secretstore  # ! Name of the ClusterSecretStore to use.
+      kind: ClusterSecretStore
+    target:
+      name: gcp-secret-k8s  # ! Name of the resulting Kubernetes Secret in each selected namespace.
+      creationPolicy: Owner  # ! Policy for creating/adopting the Kubernetes Secret.
+    data:
+      - secretKey: key  # ! Key name inside the resulting Kubernetes Secret.
+        remoteRef:
+          key: gcp-secret  # ! Name of the secret in GCP Secret Manager.
+          version: latest  # ! Replace with a specific version if needed.
diff --git a/config/samples/kustomization.yaml b/config/samples/kustomization.yaml
@@ -2,4 +2,10 @@
 resources:
 - operator_v1alpha1_externalsecrets.yaml
 - operator_v1alpha1_externalsecretsmanager.yaml
+- password.yaml
+- cluster_secretstore.yaml
+- external_secret.yaml
+- external_secretstore.yaml
+- push_secret.yaml
+- secret_store.yaml
 # +kubebuilder:scaffold:manifestskustomizesamples
diff --git a/config/samples/password.yaml b/config/samples/password.yaml
@@ -0,0 +1,13 @@
+apiVersion: generators.external-secrets.io/v1alpha1
+kind: Password
+metadata:
+  name: password-sample
+  namespace: external-secrets  # ! Replace with the namespace where the generator should be created.
+  annotations:
+    external-secrets.io/example: "true"
+spec:
+  length: 20  # ! Desired length of the generated password.
+  includeSymbols: true  # ! Set to true to include symbols (e.g., !, @, #).
+  excludeUppercase: false  # ! Set to true to exclude uppercase letters.
+  excludeLowercase: false  # ! Set to true to exclude lowercase letters.
+  excludeNumbers: false  # ! Set to true to exclude numeric characters.
diff --git a/config/samples/push_secret.yaml b/config/samples/push_secret.yaml
@@ -0,0 +1,21 @@
+apiVersion: external-secrets.io/v1alpha1
+kind: PushSecret
+metadata:
+  name: pushsecret-sample
+  namespace: external-secrets  # ! Replace with the namespace where the PushSecret should be created.
+  annotations:
+    "external-secrets.io/example": "true"
+spec:
+  secretStoreRefs:
+    - name: gcp-cluster-secretstore  # ! Replace with the name of your ClusterSecretStore.
+      kind: ClusterSecretStore
+  selector:
+    secret:
+      name: gcp-secret-k8s  # ! Replace with the name of the Kubernetes Secret you want to push to the external store.
+  config:
+    gcp:
+      projectID: openshift-sample-project  # ! Replace with your GCP project ID.
+      secret:
+        name: test  # ! Replace with the name for the secret in GCP Secret Manager.
+        version: latest  # ! You can change this to a specific version if required.
+        replicationPolicy: automatic  # ! Use "automatic" or "user-managed" based on your replication needs.
diff --git a/config/samples/secret_store.yaml b/config/samples/secret_store.yaml
@@ -0,0 +1,16 @@
+apiVersion: external-secrets.io/v1beta1
+kind: SecretStore
+metadata:
+  name: secretstore
+  namespace: external-secrets    # ! Replace this with your preferred namespace name.
+  annotations:
+    external-secrets.io/disable-maintenance-checks: "true"
+spec:
+  provider:
+    gcpsm:
+      projectID: openshift-sample-project  # ! Replace this with your GCP project ID.
+      auth:
+        secretRef:
+          secretAccessKeySecretRef:
+            name: gcp-creds             # ! Replace with the name of the Kubernetes secret that contains your GCP credentials.
+            key: secret-access-key.json # ! Replace with the key inside the secret that holds the GCP service account JSON.
