Merge pull request #94101 from aravipra/OSDOCS-14805

OSDOCS#14805: adding API section

Author: snarayan-redhat

_topic_maps/_topic_map.yml

@@ -1263,6 +1263,8 @@ Topics:
     File: external-secrets-operator-monitoring
   - Name: Uninstalling the External Secrets Operator
     File: external-secrets-operator-uninstall
+  - Name: External Secrets Operator APIs
+    File: external-secrets-operator-api
 - Name: Viewing audit logs
   File: audit-log-view
 - Name: Configuring the audit log policy

modules/eso-bitwarden-secret.adoc

@@ -0,0 +1,31 @@
+// Module included in the following assemblies:
+//
+// * security/external_secrets_operator/external-secrets-operator-api.adoc
+
+:_mod-docs-content-type: REFERENCE
+[id="eso-bitwarden-secret_{context}"]
+= bitwardenSecretManagerProvider
+
+The `bitwardenSecretManagerProvider` field enables the bitwarden secrets manager provider and sets up the additional service required to connect to the bitwarden server.
+
+[cols="1,1,1,1,1",options="header"]
+|===
+| Field
+| Type
+| Description
+| Default
+| Validation
+
+| `enabled`
+| _string_
+| `enabled` field enables the `bitwardenSecretManagerProvider`. you can set this field to `true` or `false`.
+| false
+| enum: [true false] +
+Optional
+
+| `secretRef`
+| _SecretReference_
+| `SecretRef` specifies the kubernetes secret that contains the TLS key pair for the bitwarden server. If this reference is not provided and `certManagerConfig` field is configured, the issuer defined in `certManagerConfig` generates the required certificate. The secret must use `tls.crt` for certificate, `tls.key` for the private key, and `ca.crt` for CA certificate.
+|
+| Optional
+|===

modules/eso-cert-manager-config.adoc

@@ -0,0 +1,50 @@
+// Module included in the following assemblies:
+//
+// * security/external_secrets_operator/external-secrets-operator-api.adoc
+
+:_mod-docs-content-type: REFERENCE
+[id="eso-cert-manager-config_{context}"]
+= certManagerConfig
+
+The `certManagerConfig` field configures the `cert-manager` Operator settings.
+
+[cols="1,1,1,1,1",options="header"]
+|===
+| Field
+| Type
+| Description
+| Default
+| Validation
+
+| `enabled`
+| _string_
+| `enabled` specifies whether cert-manager must obtain and renew certificates for the webhook server instead of using built-in certificates. Set this field to `true` or `false`.
+| false
+| enum: [true false] +
+Required
+
+| `addInjectorAnnotations`
+| _string_
+| `addInjectorAnnotations` adds the `cert-manager.io/inject-ca-from` annotation to the webhooks and custom resource definitions (CRDs) to automatically configure the webhook with the `cert-manager` Operator certificate authority (CA). This requires CA Injector to be enabled in `cert-manager` Operator. Set this field to `true` or `false`.
+| false
+| enum: [true false] +
+Optional
+
+| `issuerRef`
+| _ObjectReference_
+| `issuerRef` contains details of the referenced object used for obtaining certificates. The object must exist in the `external-secrets` namespace unless a cluster-scoped `cert-manager` Operator issuer is used.
+|
+| Required
+
+| `certificateDuration`
+| link:https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.31/#duration-v1-meta[_Duration_]
+| `certificateDuration` sets the validity period of the webhook certificate.
+| 8760h
+| Optional
+
+| `certificateRenewBefore`
+| link:https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.31/#duration-v1-meta[_Duration_]
+| `certificateRenewBefore` sets the ahead time to renew the webhook certificate before expiry.
+| 30m
+| Optional
+|===

modules/eso-controller-config.adoc

@@ -0,0 +1,30 @@
+// Module included in the following assemblies:
+//
+// * security/external_secrets_operator/external-secrets-operator-api.adoc
+
+:_mod-docs-content-type: REFERENCE
+[id="eso-controller-config_{context}"]
+= controllerConfig
+
+The `controllerConfig` field configures the operator to set the default values for installing `external-secrets` operand.
+
+[cols="1,1,1,1,1",options="header"]
+|===
+| Field
+| Type
+| Description
+| Default
+| Validation
+
+| `namespace`
+| _string_
+| `namespace` configures the namespace for installing the `external-secrets` operand.
+| external-secrets
+| Optional
+
+| `labels`
+| _object (keys:string, values:string)_
+| `labels` field applies labels to all resources created for the `external-secrets` operand deployment.
+|
+| Optional
+|===

modules/eso-controller-status.adoc

@@ -0,0 +1,36 @@
+// Module included in the following assemblies:
+//
+// * security/external_secrets_operator/external-secrets-operator-api.adoc
+
+:_mod-docs-content-type: REFERENCE
+[id="eso-controller-status_{context}"]
+= controllerStatus
+
+The `controllerStatus` field contains the observed conditions of the controllers used by the Operator.
+
+[cols="1,1,1,1,1",options="header"]
+|===
+| Field
+| Type
+| Description
+| Default
+| Validation
+
+| `name`
+| _string_
+| `name` specifies the name of the controller for which the observed condition is recorded.
+|
+| Required
+
+| `conditions`
+| _array_
+| `conditions` contains information about the current state of the {external-secrets-operator-short} controllers.
+|
+|
+
+| `observedGeneration`
+| _integer_
+| `observedGeneration` represents the `.metadata.generation` on the observed resource.
+|
+| Minimum: 0
+|===

modules/eso-external-secrets-config.adoc

@@ -0,0 +1,74 @@
+// Module included in the following assemblies:
+//
+// * security/external_secrets_operator/external-secrets-operator-api.adoc
+
+:_mod-docs-content-type: REFERENCE
+[id="eso-external-secrets-config_{context}"]
+= externalSecretsConfig
+
+The `externalSecretsConfig` field configures the behavior of `external-secrets` operand.
+
+[cols="1,1,1,1,1",options="header"]
+|===
+| Field
+| Type
+| Description
+| Default
+| Validation
+
+| `logLevel`
+| _integer_
+| `logLevel` supports a range of values as defined in the link:https://github.com/kubernetes/community/blob/master/contributors/devel/sig-instrumentation/logging.md#what-method-to-use[kubernetes logging guidelines].
+| 1
+| The maximum range value is 5 +
+The minimum range value is 1 +
+Optional
+
+| `operatingNamespace`
+| _string_
+| `operatingNamespace` restricts the `external-secrets` operand operations to the provided namespace. Enabling this field disables `ClusterSecretStore` and `ClusterExternalSecret`.
+|
+| Optional
+
+| `bitwardenSecretManagerProvider`
+| _object_
+| `bitwardenSecretManagerProvider` enables the bitwarden secrets manager provider and sets up the additional service required for connecting to the bitwarden server.
+|
+| Optional
+
+| `webhookConfig`
+| _object_
+| `webhookConfig` configures webhook specifics of the `external-secrets` operand.
+|
+|
+
+| `certManagerConfig`
+| _object_
+| `certManagerConfig` configures `cert-manager` Operator settings that are used to generate certificates for the webhook and `bitwarden-sdk-server` components.
+|
+|Optional
+
+| `resources`
+| link:https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.31/#resourcerequirements-v1-core[_ResourceRequirements_]
+| `resources` defines the resource requirements. You cannot change the value of this field after setting it initially. For more information, see link:https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/[]
+|
+| Optional
+
+| `affinity`
+| link:https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.31/#affinity-v1-core[_Affinity_]
+| `affinity` sets the scheduling affinity rules. For more information, see link:https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/[]
+|
+| Optional
+
+| `tolerations`
+| link:https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.31/#toleration-v1-core[_Toleration_] _array_
+| `tolerations` sets the pod tolerations. For more information, see link:https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/[]
+|
+| Optional
+
+| `nodeSelector`
+| _object (keys:string, values:string)_
+| `nodeSelector` defines the scheduling criteria by using node labels. For more information, see link:https://kubernetes.io/docs/concepts/configuration/assign-pod-node/[]
+|
+| Optional
+|===

modules/eso-external-secrets-list.adoc

@@ -0,0 +1,42 @@
+// Module included in the following assemblies:
+//
+// * security/external_secrets_operator/external-secrets-operator-api.adoc
+
+:_mod-docs-content-type: REFERENCE
+[id="eso-external-secrets-list_{context}"]
+= externalSecretsList
+
+The `externalSecretsList` object fetches the list of `externalSecrets` objects.
+
+[cols="1,1,1,1,1",options="header"]
+|===
+| Field
+| Type
+| Description
+| Default
+| Validation
+
+| `apiVersion`
+| _string_
+| The `apiVersion` specifies the version of the schema in use, which is `operator.openshift.io/v1alpha1`
+|
+|
+
+| `kind`
+| _string_
+| `kind` specifies the type of the object, which is `externalSecretsList` for this API.
+|
+|
+
+| `metadata`
+| link:https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.31/#listmeta-v1-meta[_ListMeta_]
+| Refer to Kubernetes API documentation for details about the `metadata` fields.
+|
+|
+
+| `items`
+| _array_
+| `Items` contains a list of `externalSecrets` objects.
+|
+|
+|===

modules/eso-external-secrets-manager-list.adoc

@@ -0,0 +1,43 @@
+// Module included in the following assemblies:
+//
+// * security/external_secrets_operator/external-secrets-operator-api.adoc
+
+:_mod-docs-content-type: REFERENCE
+[id="eso-external-secrets-manager-list_{context}"]
+= externalSecretsManagerList
+
+The `externalSecretsManagerList` object fetches the list of `externalSecretsManager` objects.
+
+
+[cols="1,1,1,1,1",options="header"]
+|===
+| Field
+| Type
+| Description
+| Default
+| Validation
+
+| `apiVersion`
+| _string_
+| The `apiVersion` specifies the version of the schema in use, which is `operator.openshift.io/v1alpha1`.
+|
+|
+
+| `kind`
+| _string_
+| `kind` specifies the type of the object, which is `externalSecretsManagerList` for this API.
+|
+|
+
+| `metadata`
+| link:https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.31/#listmeta-v1-meta[_ListMeta_]
+| Refer to Kubernetes API documentation for details about the `metadata` fields.
+|
+|
+
+| `items`
+| _array_
+| `Items` contains a list of `externalSecretsManager` objects.
+|
+|
+|===

modules/eso-external-secrets-manager-spec.adoc

@@ -0,0 +1,30 @@
+// Module included in the following assemblies:
+//
+// * security/external_secrets_operator/external-secrets-operator-api.adoc
+
+:_mod-docs-content-type: REFERENCE
+[id="eso-external-secrets-manager-spec_{context}"]
+= externalSecretsManagerSpec
+
+The `externalSecretsManagerSpec` field defines the desired behavior of the `externalSecretsManager` object.
+
+[cols="1,1,1,1,1",options="header"]
+|===
+| Field
+| type
+| Description
+| Default
+| Validation
+
+| `globalConfig`
+| _object_
+| `globalConfig` configures the behavior of deployments that {external-secrets-operator-short} manages.
+|
+| Optional
+
+| `feature`
+| _array_
+| `feature` enables the optional features of the Operator.
+|
+| Optional
+|===

modules/eso-external-secrets-manager-status.adoc

@@ -0,0 +1,31 @@
+// Module included in the following assemblies:
+//
+// * security/external_secrets_operator/external-secrets-operator-api.adoc
+
+:_mod-docs-content-type: REFERENCE
+[id="eso-external-secrets-manager-status_{context}"]
+= externalSecretsManagerStatus
+
+The `externalSecretsManagerStatus` field shows the most recently observed status of the `externalSecretsManager` object.
+
+[cols="1,1,1,1,1",options="header"]
+|===
+| Field
+| Type
+| Description
+| Default
+| Validation
+
+| `controllerStatus`
+|  _array_
+| `controllerStatus` holds the observed conditions of the controllers used by the Operator.
+|
+|
+
+| `lastTransitionTime`
+| link:https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.32/#time-v1-meta[_Time_]
+| `lastTransitionTime` records the most recent time the status of the condition changed.
+|
+| Format: date-time +
+Type: string
+|===