Skip to content

Cluster Generator

ClusterGenerator is a generator wrapper that is available to configure a generator cluster-wide. The purpose of this generator is that the user doesn't have to redefine the generator in every namespace. They could define it once in the cluster and then reference that in the consuming ExternalSecret.

Limitations

With this, the generator will still create objects in the namespace in which the referencing ES lives. That has not changed as of now. It will change in future modifications.

Example Manifest

apiVersion: generators.external-secrets.io/v1alpha1
kind: ClusterGenerator
metadata:
  name: cluster-gen
spec:
  kind: Password
  generator:
#    Further specs are available:
#    acrAccessTokenSpec:
#    ecrRAuthorizationTokenSpec:
#    fakeSpec:
#    gcrAccessTokenSpec:
#    githubAccessTokenSpec:
#    stsSessionTokenSpec:
#    uuidSpec:
#    vaultDynamicSecretSpec:
#    webhookSpec:
    passwordSpec:
      length: 42
      digits: 5
      symbols: 5
      symbolCharacters: "-_$@"
      noUpper: false
      allowRepeat: true

Example ExternalSecret that references the Cluster generator: 

apiVersion: external-secrets.io/v1beta1
kind: ExternalSecret
metadata:
  name: "cluster-secret"
spec:
  refreshInterval: "1h"
  target:
    name: cluster-secret
  dataFrom:
  - sourceRef:
      generatorRef:
        apiVersion: generators.external-secrets.io/v1alpha1
        kind: ClusterGenerator
        name: "cluster-gen"