openshift
diff --git a/‎_attributes/common-attributes.adoc
Lines changed: 4 additions & 2 deletions b/‎_attributes/common-attributes.adoc
Lines changed: 4 additions & 2 deletions
diff --git a/‎_topic_maps/_topic_map.yml
Lines changed: 6 additions & 0 deletions b/‎_topic_maps/_topic_map.yml
Lines changed: 6 additions & 0 deletions
diff --git a/‎modules/eso-bitwarden-secret.adoc
Lines changed: 23 additions & 0 deletions b/‎modules/eso-bitwarden-secret.adoc
Lines changed: 23 additions & 0 deletions
diff --git a/‎modules/eso-cert-manager-config.adoc
Lines changed: 45 additions & 0 deletions b/‎modules/eso-cert-manager-config.adoc
Lines changed: 45 additions & 0 deletions
diff --git a/‎modules/eso-conditional-status.adoc
Lines changed: 20 additions & 0 deletions b/‎modules/eso-conditional-status.adoc
Lines changed: 20 additions & 0 deletions
diff --git a/‎modules/eso-controller-config.adoc
Lines changed: 27 additions & 0 deletions b/‎modules/eso-controller-config.adoc
Lines changed: 27 additions & 0 deletions
diff --git a/‎modules/eso-external-secrets-config.adoc
Lines changed: 57 additions & 0 deletions b/‎modules/eso-external-secrets-config.adoc
Lines changed: 57 additions & 0 deletions
diff --git a/‎modules/eso-external-secrets-list.adoc
Lines changed: 37 additions & 0 deletions b/‎modules/eso-external-secrets-list.adoc
Lines changed: 37 additions & 0 deletions
diff --git a/‎modules/eso-external-secrets-manager-list.adoc
Lines changed: 38 additions & 0 deletions b/‎modules/eso-external-secrets-manager-list.adoc
Lines changed: 38 additions & 0 deletions
diff --git a/‎modules/eso-external-secrets-manager-spec.adoc
Lines changed: 27 additions & 0 deletions b/‎modules/eso-external-secrets-manager-spec.adoc
Lines changed: 27 additions & 0 deletions
diff --git a/‎modules/eso-external-secrets-manager.adoc
Lines changed: 41 additions & 0 deletions b/‎modules/eso-external-secrets-manager.adoc
Lines changed: 41 additions & 0 deletions
diff --git a/‎modules/eso-external-secrets-spec.adoc
Lines changed: 27 additions & 0 deletions b/‎modules/eso-external-secrets-spec.adoc
Lines changed: 27 additions & 0 deletions
@@ -62,6 +62,8 @@ endif::[]
 :osc: OpenShift sandboxed containers
 :osc-operator: OpenShift sandboxed containers Operator
 :cert-manager-operator: cert-manager Operator for Red Hat OpenShift
+:external-secrets-operator: External Secrets Operator for Red Hat OpenShift
+:external-secrets-operator-short: External Secrets Operator
 :secondary-scheduler-operator-full: Secondary Scheduler Operator for Red Hat OpenShift
 :secondary-scheduler-operator: Secondary Scheduler Operator
 :descheduler-operator: Kube Descheduler Operator
@@ -392,9 +394,9 @@ endif::openshift-origin[]
 // Formerly on-cluster image layering
 :image-mode-os-caps: Image mode for OpenShift
 :image-mode-os-lower: image mode for OpenShift
-// Formerly on-cluster layering 
+// Formerly on-cluster layering
 :image-mode-os-on-caps: On-cluster image mode
 :image-mode-os-on-lower: on-cluster image mode
-// Formerly out-of-cluster layering 
+// Formerly out-of-cluster layering
 :image-mode-os-out-caps: Out-of-cluster image mode
 :image-mode-os-out-lower: out-of-cluster image mode
@@ -1231,6 +1231,12 @@ Topics:
     File: cert-manager-log-levels
   - Name: Uninstalling the cert-manager Operator for Red Hat OpenShift
     File: cert-manager-operator-uninstall
+- Name: External Secrets Operator for Red Hat OpenShift
+  Dir: external_secrets_operator
+  Distros: openshift-enterprise
+  Topics:
+  - Name: External Secrets Operator APIs
+    File: external-secrets-operator-api
 - Name: Viewing audit logs
   File: audit-log-view
 - Name: Configuring the audit log policy
 
@@ -0,0 +1,23 @@
+// Module included in the following assemblies:
+//
+// * security/external_secrets_operator/external-secrets-operator-api.adoc
+
+:_mod-docs-content-type: CONCEPT
+[id="eso-bitwarden-secret_{context}"]
+= bitwardenSecretManagerProvider
+
+The `bitwardenSecretManagerProvider` enables the bitwarden secrets manager provider and
+sets up the additional service required to connect to the bitwarden server.
+
+[cols="1,1,1,1",options="header"]
+|===
+| Field
+| Description
+| Default
+| Validation
+
+| `enabled`
+| `enabled` is for enabling the bitwarden secrets manager provider, which can be indicated by setting `true` or `false`.
+| false
+| Enum: [true false] Optional: \{\}
+|===
@@ -0,0 +1,45 @@
+// Module included in the following assemblies:
+//
+// * security/external_secrets_operator/external-secrets-operator-api.adoc
+
+:_mod-docs-content-type: CONCEPT
+[id="eso-cert-manager-config_{context}"]
+= certManagerConfig
+
+The `certManagerConfig` configures cert-manager specifics.
+
+[cols="1,1,1,1",options="header"]
+|===
+| Field
+| Description
+| Default
+| Validation
+
+| `enabled`
+| `enabled` is for enabling the use of cert-manager for obtaining and renewing the certificates used for webhook server, instead of built-in certificates. Use `true` or `false` to indicate the preference.
+| false
+| Enum: [true false] Optional: \{\}
+
+| `addInjectorAnnotations`
+| `addInjectorAnnotations` is for adding the `cert-manager.io/inject-ca-from` annotation to the webhooks and CRDs to automatically setup webhook to the cert-manager CA. This requires CA Injector to be enabled in cert-manager. Use `true` or `false` to indicate the preference.
+| false
+| Enum: [true false] Optional: \{\}
+
+| `issuerRef` _[ObjectReference](#objectreference)_
+| `issuerRef` contains details to the referenced object used for obtaining the certificates. It must exist in the external-secrets namespace if not using a cluster-scoped cert-manager issuer.
+|
+| Required: \{\}
+
+| `certificateDuration` link:https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.31/#duration-v1-meta[Duration]
+| `certificateDuration` is the validity period of the webhook certificate.
+| 8760h
+| Optional: \{\}
+
+| `certificateRenewBefore` link:https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.31/#duration-v1-meta[Duration]
+| `certificateRenewBefore` is the ahead time to renew the webhook certificate before expiry.
+|
+| Optional: \{\}
+|===
+
+
+
@@ -0,0 +1,20 @@
+// Module included in the following assemblies:
+//
+// * security/external_secrets_operator/external-secrets-operator-api.adoc
+
+:_mod-docs-content-type: CONCEPT
+[id="eso-conditional-status_{context}"]
+= conditionalStatus
+
+[cols="1,1,1,1",options="header"]
+|===
+| Field
+| Description
+| Default
+| Validation
+
+| `conditions` link:https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.31/#condition-v1-meta[Condition]
+| conditions holds information of the current state of deployment.
+|
+|
+|===
@@ -0,0 +1,27 @@
+// Module included in the following assemblies:
+//
+// * security/external_secrets_operator/external-secrets-operator-api.adoc
+
+:_mod-docs-content-type: CONCEPT
+[id="eso-controller-config_{context}"]
+= controllerConfig
+
+The `controllerConfig` configures the operator to set the default values for installing `external-secrets`.
+
+[cols="1,1,1,1",options="header"]
+|===
+| Field
+| Description
+| Default
+| Validation
+
+| `namespace`
+| `namespace` is for configuring the namespace to install the external-secret operand.
+| external-secrets
+| Optional: \{\}
+
+| `labels`
+| labels to apply to all resources created for external-secrets deployment.
+|
+| Optional: \{\}
+|===
@@ -0,0 +1,57 @@
+// Module included in the following assemblies:
+//
+// * security/external_secrets_operator/external-secrets-operator-api.adoc
+
+:_mod-docs-content-type: CONCEPT
+[id="eso-external-secrets-config_{context}"]
+= externalSecretsConfig
+
+The `externalSecretsConfig` configures the behavior of `external-secrets`.
+
+[cols="1,1,1,1",options="header"]
+|===
+| Field
+| Description
+| Default
+| Validation
+
+| `logLevel`
+| logLevel supports value range as per link:https://github.com/kubernetes/community/blob/master/contributors/devel/sig-instrumentation/logging.md#what-method-to-use[kubernetes logging guidelines].
+| 1
+| Maximum: 5 Minimum: 1 Optional: \{\}
+
+| `bitwardenSecretManagerProvider`
+| `bitwardenSecretManagerProvider` is for enabling the bitwarden secrets manager provider and for setting up the additional service required for connecting with the bitwarden server.
+|
+| Optional: \{\}
+
+| `operatingNamespace`
+| `operatingNamespace` is for restricting the external-secrets operations to provided namespace. And when enabled `ClusterSecretStore` and `ClusterExternalSecret` are implicitly disabled.
+|
+| Optional: \{\}
+
+| `webhookConfig`
+| `webhookConfig` is for configuring external-secrets webhook specifics.
+|
+|
+
+| `resources` link:https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.31/#resourcerequirements-v1-core[ResourceRequirements]
+| `resources` is for defining the resource requirements. Cannot be updated. link:https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/[]
+|
+| Optional: \{\}
+
+| `affinity` link:https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.31/#affinity-v1-core[Affinity]
+| `affinity` is for setting scheduling affinity rules. link:https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/[]
+|
+| Optional: \{\}
+
+| `tolerations` link:https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.31/#toleration-v1-core[Toleration]
+| `tolerations` is for setting the pod tolerations. link:https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/[]
+|
+| Optional: \{\}
+
+| `nodeSelector`
+| `nodeSelector` is for defining the scheduling criteria using node labels. link:https://kubernetes.io/docs/concepts/configuration/assign-pod-node/[]
+|
+| Optional: \{\}
+|===
@@ -0,0 +1,37 @@
+// Module included in the following assemblies:
+//
+// * security/external_secrets_operator/external-secrets-operator-api.adoc
+
+:_mod-docs-content-type: CONCEPT
+[id="eso-external-secrets-list_{context}"]
+= externalSecretsList
+
+The `externalSecretsList` stores a list of `ExternalSecrets` objects.
+
+[cols="1,1,1,1",options="header"]
+|===
+| Field
+| Description
+| Default
+| Validation
+
+| `apiVersion`
+| `operator.openshift.io/v1alpha1`
+|
+|
+
+| `kind`
+| `ExternalSecretsList`
+|
+|
+
+| `metadata` link:https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.31/#listmeta-v1-meta[ListMeta]
+| Refer to Kubernetes API documentation for fields of `metadata`.
+|
+|
+
+| `items`
+|
+|
+|
+|===
@@ -0,0 +1,38 @@
+// Module included in the following assemblies:
+//
+// * security/external_secrets_operator/external-secrets-operator-api.adoc
+
+:_mod-docs-content-type: CONCEPT
+[id="eso-external-secrets-manager-list_{context}"]
+= externalSecretsManagerList
+
+The `externalSecretsManagerList` stores a list of  `ExternalSecretsManager` objects.
+
+
+[cols="1,1,1,1",options="header"]
+|===
+| Field
+| Description
+| Default
+| Validation
+
+| `apiVersion`
+| `operator.openshift.io/v1alpha1`
+|
+|
+
+| `kind`
+| `ExternalSecretsManagerList`
+|
+|
+
+| `metadata` link:https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.31/#listmeta-v1-meta[ListMeta]
+| Refer to Kubernetes API documentation for fields of `metadata`.
+|
+|
+
+| `items`
+|
+|
+|
+|===
@@ -0,0 +1,27 @@
+// Module included in the following assemblies:
+//
+// * security/external_secrets_operator/external-secrets-operator-api.adoc
+
+:_mod-docs-content-type: CONCEPT
+[id="eso-external-secrets-manager-spec_{context}"]
+= externalSecretsManagerSpec
+
+The `externalSecretsManagerSpec` defines the desired behavior of the `ExternalSecretsManager`.
+
+[cols="1,1,1,1",options="header"]
+|===
+| Field
+| Description
+| Default
+| Validation
+
+| `globalConfig`
+| `globalConfig` is for configuring the behavior of deployments that are managed by external secrets-operator.
+|
+| Optional: \{\}
+
+| `features`
+| `features` is for enabling the optional operator features.
+|
+|
+|===
@@ -0,0 +1,41 @@
+// Module included in the following assemblies:
+//
+// * security/external_secrets_operator/external-secrets-operator-api.adoc
+
+:_mod-docs-content-type: CONCEPT
+[id="eso-external-secrets-manager_{context}"]
+= externalSecretsManager
+
+
+The `externalSecretsManager` defines the configuration and information for deployments managed by
+the {external-secrets-operator-short}. Set the name to `cluster` as this is a singleton object that allows only one instance per cluster.
+
+use `externalSecretsManager` to configure global options and enable optional features. This serves as a centralized configuration for managing multiple controllers of the operator. The Operator automatically creates this object during installation.
+
+[cols="1,1,1,1",options="header"]
+|===
+| Field
+| Description
+| Default
+| Validation
+
+| `apiVersion`
+|`operator.openshift.io/v1alpha1`
+|
+|
+
+| `kind`
+| `ExternalSecretsManager`
+|
+|
+
+| `metadata` link:https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.31/#objectmeta-v1-meta[ObjectMeta]
+| Refer to Kubernetes API documentation for fields of `metadata`.
+|
+|
+
+| `spec`
+| `spec`` is the specification of the desired behavior
+|
+|
+|===
@@ -0,0 +1,27 @@
+// Module included in the following assemblies:
+//
+// * security/external_secrets_operator/external-secrets-operator-api.adoc
+
+:_mod-docs-content-type: CONCEPT
+[id="eso-external-secrets-spec_{context}"]
+= externalSecretsSpec
+
+The `externalSecretsSpec` defines the desired behavior of the `ExternalSecrets`.
+
+[cols="1,1,1,1",options="header"]
+|===
+| Field
+| Description
+| Default
+| Validation
+
+| `externalSecretsConfig`
+| `externalSecretsConfig` is for configuring the external-secrets behavior.
+|
+| Optional: \{\}
+
+| `controllerConfig`
+| `controllerConfig` is for configuring the controller for setting up defaults to enable external-secrets.
+|
+| Optional: \{\}
+|===