Version: 0.26.0

SecretSync Enterprise

It provides semantics to sync Kuberentes Secrets from management cluster to leaf clusters.

apiVersion: capi.weave.works/v1alpha1
kind: SecretSync
metadata:
  name: my-dev-secret-syncer
  namespace: default
spec:
  clusterSelector:
    matchLabels:
      environment: dev
  secretRef:
    name: my-dev-secret
  targetNamespace: my-namespace

Specification

The documentation for the api version capi.weave.works/v1alpha1

type SecretSync struct {
    metav1.TypeMeta   `json:",inline"`
    metav1.ObjectMeta `json:"metadata,omitempty"`
    Spec              SecretSyncSpec   `json:"spec,omitempty"`
    Status            SecretSyncStatus `json:"status,omitempty"`
}

// SecretSyncSpec
type SecretSyncSpec struct {
    // Label selector for Clusters. The Clusters that are
    // selected by this will be the ones affected by this SecretSync.
    // It must match the Cluster labels. This field is immutable.
    // Label selector cannot be empty.
    ClusterSelector metav1.LabelSelector `json:"clusterSelector"`
    // SecretRef specifies the Secret to be bootstrapped to the matched clusters
    // Secret must be in the same namespace of the SecretSync object
    SecretRef v1.LocalObjectReference `json:"secretRef"`
    // TargetNamespace specifies the namespace which the secret should be bootstrapped in
    // The default value is the namespace of the referenced secret
    //+optional
    TargetNamespace string `json:"targetNamespace,omitempty"`
}

// SecretSyncStatus secretsync object status
type SecretSyncStatus struct {
    // SecretVersions a map contains the ResourceVersion of the secret of each cluster
    // Cluster name is the key and secret's ResourceVersion is the value
    SecretVersions map[string]string `json:"versions"`
}

SecretSync Enterprise

Specification​

Specification