Cluster Generator
ClusterGenerator
is a generator wrapper that is available to configure a generator
cluster-wide. The purpose of this generator is that the user doesn't have to redefine
the generator in every namespace. They could define it once in the cluster and then reference that
in the consuming ExternalSecret
.
Limitations
- The generator will continue to create objects in the same namespace as the referencing ExternalSecret (ES) object. This behavior is subject to change in future updates.
- The objects referenced within the ClusterGenerator must also reside in the same namespace as the ES object that references them. This is due to the inherent, namespace-scoped nature of the embedded generator types.
Example Manifest
apiVersion: generators.external-secrets.io/v1alpha1
kind: ClusterGenerator
metadata:
name: cluster-gen
spec:
kind: Password
generator:
# Further specs are available:
# acrAccessTokenSpec:
# ecrRAuthorizationTokenSpec:
# fakeSpec:
# gcrAccessTokenSpec:
# githubAccessTokenSpec:
# stsSessionTokenSpec:
# uuidSpec:
# vaultDynamicSecretSpec:
# webhookSpec:
passwordSpec:
length: 42
digits: 5
symbols: 5
symbolCharacters: "-_$@"
noUpper: false
allowRepeat: true
Example ExternalSecret
that references the Cluster generator:
apiVersion: external-secrets.io/v1
kind: ExternalSecret
metadata:
name: "cluster-secret"
spec:
refreshInterval: "1h"
target:
name: cluster-secret
dataFrom:
- sourceRef:
generatorRef:
apiVersion: generators.external-secrets.io/v1alpha1
kind: ClusterGenerator
name: "cluster-gen"