UNPKG

@pulumi/kubernetes

Version:

[![Actions Status](https://github.com/pulumi/pulumi-kubernetes/workflows/main/badge.svg)](https://github.com/pulumi/pulumi-kubernetes/actions) [![Slack](http://www.pulumi.com/images/docs/badges/slack.svg)](https://slack.pulumi.com) [![NPM version](https:/

pulumi.com

pulumi/pulumi-kubernetes

110 lines (109 loc) 6.51 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
import * as pulumi from "@pulumi/pulumi"; import * as inputs from "../../types/input"; import * as outputs from "../../types/output"; /** * Secret holds secret data of a certain type. The total bytes of the values in the Data field must be less than MaxSecretSize bytes. * * Note: While Pulumi automatically encrypts the 'data' and 'stringData' * fields, this encryption only applies to Pulumi's context, including the state file, * the Service, the CLI, etc. Kubernetes does not encrypt Secret resources by default, * and the contents are visible to users with access to the Secret in Kubernetes using * tools like 'kubectl'. * * For more information on securing Kubernetes Secrets, see the following links: * https://kubernetes.io/docs/concepts/configuration/secret/#security-properties * https://kubernetes.io/docs/concepts/configuration/secret/#risks */ export declare class Secret extends pulumi.CustomResource { /** * Get an existing Secret resource's state with the given name, ID, and optional extra * properties used to qualify the lookup. * * @param name The _unique_ name of the resulting resource. * @param id The _unique_ provider ID of the resource to lookup. * @param opts Optional settings to control the behavior of the CustomResource. */ static get(name: string, id: pulumi.Input<pulumi.ID>, opts?: pulumi.CustomResourceOptions): Secret; /** * Returns true if the given object is an instance of Secret. This is designed to work even * when multiple copies of the Pulumi SDK have been loaded into the same process. */ static isInstance(obj: any): obj is Secret; /** * APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources */ readonly apiVersion: pulumi.Output<"v1">; /** * Data contains the secret data. Each key must consist of alphanumeric characters, '-', '_' or '.'. The serialized form of the secret data is a base64 encoded string, representing the arbitrary (possibly non-string) data value here. Described in https://tools.ietf.org/html/rfc4648#section-4 */ readonly data: pulumi.Output<{ [key: string]: string; }>; /** * Immutable, if set to true, ensures that data stored in the Secret cannot be updated (only object metadata can be modified). If not set to true, the field can be modified at any time. Defaulted to nil. */ readonly immutable: pulumi.Output<boolean>; /** * Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds */ readonly kind: pulumi.Output<"Secret">; /** * Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata */ readonly metadata: pulumi.Output<outputs.meta.v1.ObjectMeta>; /** * stringData allows specifying non-binary secret data in string form. It is provided as a write-only input field for convenience. All keys and values are merged into the data field on write, overwriting any existing values. The stringData field is never output when reading from the API. */ readonly stringData: pulumi.Output<{ [key: string]: string; }>; /** * Used to facilitate programmatic handling of secret data. More info: https://kubernetes.io/docs/concepts/configuration/secret/#secret-types */ readonly type: pulumi.Output<string>; /** * Create a Secret resource with the given unique name, arguments, and options. * * @param name The _unique_ name of the resource. * @param args The arguments to use to populate this resource's properties. * @param opts A bag of options that control this resource's behavior. */ constructor(name: string, args?: SecretArgs, opts?: pulumi.CustomResourceOptions); } /** * The set of arguments for constructing a Secret resource. */ export interface SecretArgs { /** * APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources */ apiVersion?: pulumi.Input<"v1">; /** * Data contains the secret data. Each key must consist of alphanumeric characters, '-', '_' or '.'. The serialized form of the secret data is a base64 encoded string, representing the arbitrary (possibly non-string) data value here. Described in https://tools.ietf.org/html/rfc4648#section-4 */ data?: pulumi.Input<{ [key: string]: pulumi.Input<string>; }>; /** * Immutable, if set to true, ensures that data stored in the Secret cannot be updated (only object metadata can be modified). If not set to true, the field can be modified at any time. Defaulted to nil. */ immutable?: pulumi.Input<boolean>; /** * Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds */ kind?: pulumi.Input<"Secret">; /** * Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata */ metadata?: pulumi.Input<inputs.meta.v1.ObjectMeta>; /** * stringData allows specifying non-binary secret data in string form. It is provided as a write-only input field for convenience. All keys and values are merged into the data field on write, overwriting any existing values. The stringData field is never output when reading from the API. */ stringData?: pulumi.Input<{ [key: string]: pulumi.Input<string>; }>; /** * Used to facilitate programmatic handling of secret data. More info: https://kubernetes.io/docs/concepts/configuration/secret/#secret-types */ type?: pulumi.Input<string>; }