OSDOCS-14805: adding missing details in ESO documentation

Author: aravipra

_attributes/common-attributes.adoc

@@ -62,6 +62,8 @@ endif::[]
 :osc: OpenShift sandboxed containers
 :osc-operator: OpenShift sandboxed containers Operator
 :cert-manager-operator: cert-manager Operator for Red Hat OpenShift
+:external-secrets-operator: External Secrets Operator for Red Hat OpenShift
+:external-secrets-operator-short: External Secrets Operator
 :secondary-scheduler-operator-full: Secondary Scheduler Operator for Red Hat OpenShift
 :secondary-scheduler-operator: Secondary Scheduler Operator
 :descheduler-operator: Kube Descheduler Operator
@@ -392,9 +394,9 @@ endif::openshift-origin[]
 // Formerly on-cluster image layering
 :image-mode-os-caps: Image mode for OpenShift
 :image-mode-os-lower: image mode for OpenShift
-// Formerly on-cluster layering 
+// Formerly on-cluster layering
 :image-mode-os-on-caps: On-cluster image mode
 :image-mode-os-on-lower: on-cluster image mode
-// Formerly out-of-cluster layering 
+// Formerly out-of-cluster layering
 :image-mode-os-out-caps: Out-of-cluster image mode
 :image-mode-os-out-lower: out-of-cluster image mode

_topic_maps/_topic_map.yml

@@ -1231,6 +1231,12 @@ Topics:
     File: cert-manager-log-levels
   - Name: Uninstalling the cert-manager Operator for Red Hat OpenShift
     File: cert-manager-operator-uninstall
+- Name: External Secrets Operator for Red Hat OpenShift
+  Dir: external_secrets_operator
+  Distros: openshift-enterprise
+  Topics:
+  - Name: External Secrets Operator APIs
+    File: external-secrets-operator-api
 - Name: Viewing audit logs
   File: audit-log-view
 - Name: Configuring the audit log policy

modules/eso-bitwarden-secret.adoc

@@ -0,0 +1,23 @@
+// Module included in the following assemblies:
+//
+// * security/external_secrets_operator/external-secrets-operator-api.adoc
+
+:_mod-docs-content-type: REFERENCE
+[id="eso-bitwarden-secret_{context}"]
+= bitwardenSecretManagerProvider
+
+The `bitwardenSecretManagerProvider` enables the bitwarden secrets manager provider and
+sets up the additional service required to connect to the bitwarden server.
+
+[cols="1,1,1,1",options="header"]
+|===
+| Field
+| Description
+| Default
+| Validation
+
+| `enabled`
+| `enabled` is for enabling the bitwarden secrets manager provider, which can be indicated by setting `true` or `false`.
+| false
+| Enum: [true false] Optional: \{\}
+|===

modules/eso-cert-manager-config.adoc

@@ -0,0 +1,45 @@
+// Module included in the following assemblies:
+//
+// * security/external_secrets_operator/external-secrets-operator-api.adoc
+
+:_mod-docs-content-type: REFERENCE
+[id="eso-cert-manager-config_{context}"]
+= certManagerConfig
+
+The `certManagerConfig` configures cert-manager specifics.
+
+[cols="1,1,1,1",options="header"]
+|===
+| Field
+| Description
+| Default
+| Validation
+
+| `enabled`
+| `enabled` is for enabling the use of cert-manager for obtaining and renewing the certificates used for webhook server, instead of built-in certificates. Use `true` or `false` to indicate the preference.
+| false
+| Enum: [true false] Optional: \{\}
+
+| `addInjectorAnnotations`
+| `addInjectorAnnotations` is for adding the `cert-manager.io/inject-ca-from` annotation to the webhooks and CRDs to automatically setup webhook to the cert-manager CA. This requires CA Injector to be enabled in cert-manager. Use `true` or `false` to indicate the preference.
+| false
+| Enum: [true false] Optional: \{\}
+
+| `issuerRef` _[ObjectReference](#objectreference)_
+| `issuerRef` contains details to the referenced object used for obtaining the certificates. It must exist in the external-secrets namespace if not using a cluster-scoped cert-manager issuer.
+|
+| Required: \{\}
+
+| `certificateDuration` link:https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.31/#duration-v1-meta[Duration]
+| `certificateDuration` is the validity period of the webhook certificate.
+| 8760h
+| Optional: \{\}
+
+| `certificateRenewBefore` link:https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.31/#duration-v1-meta[Duration]
+| `certificateRenewBefore` is the ahead time to renew the webhook certificate before expiry.
+|
+| Optional: \{\}
+|===
+
+
+

modules/eso-conditional-status.adoc

@@ -0,0 +1,20 @@
+// Module included in the following assemblies:
+//
+// * security/external_secrets_operator/external-secrets-operator-api.adoc
+
+:_mod-docs-content-type: CONCEPT
+[id="eso-conditional-status_{context}"]
+= conditionalStatus
+
+[cols="1,1,1,1",options="header"]
+|===
+| Field
+| Description
+| Default
+| Validation
+
+| `conditions` link:https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.31/#condition-v1-meta[Condition]
+| conditions holds information of the current state of deployment.
+|
+|
+|===

modules/eso-controller-config.adoc

@@ -0,0 +1,27 @@
+// Module included in the following assemblies:
+//
+// * security/external_secrets_operator/external-secrets-operator-api.adoc
+
+:_mod-docs-content-type: REFERENCE
+[id="eso-controller-config_{context}"]
+= controllerConfig
+
+The controllerConfig configures the operator to set the default values for installing external-secrets.
+
+[cols="1,1,1,1",options="header"]
+|===
+| Field
+| Description
+| Default
+| Validation
+
+| `namespace` _string_
+| namespace configures the namespace for installing the external-secret operand.
+| external-secrets
+| Optional
+
+| `labels` _object (keys:string, values:string)_
+| applies labels to all resources created for the external-secrets deployment.
+|
+| Optional
+|===

modules/eso-external-secrets-config.adoc

@@ -0,0 +1,62 @@
+// Module included in the following assemblies:
+//
+// * security/external_secrets_operator/external-secrets-operator-api.adoc
+
+:_mod-docs-content-type: REFERENCE
+[id="eso-external-secrets-config_{context}"]
+= externalSecretsConfig
+
+The externalSecretsConfig configures the behavior of external-secrets.
+
+[cols="1,1,1,1",options="header"]
+|===
+| Field
+| Description
+| Default
+| Validation
+
+| `logLevel` _integer_
+| logLevel supports value range as per link:https://github.com/kubernetes/community/blob/master/contributors/devel/sig-instrumentation/logging.md#what-method-to-use[kubernetes logging guidelines].
+| 1
+| Maximum: 5 Minimum: 1 Optional:
+
+| `operatingNamespace` _string_
+| operatingNamespace restricts the external-secrets operations to the provided namespace. Enabling this field implicitly disables `ClusterSecretStore` and `ClusterExternalSecret`.
+|
+| Optional
+
+| `bitwardenSecretManagerProvider`
+| bitwardenSecretManagerProvider enables the bitwarden secrets manager provider and sets up the additional service required for connecting to the bitwarden server.
+|
+| Optional
+
+| `webhookConfig`
+| webhookConfig configures webhook specifics of the external-secrets.
+|
+|
+
+| `certManagerConfig`
+| CertManagerConfig configures cert-manager specifics used to generate certificates for the webhook and bitwarden-sdk-server components.
+|
+|Optional
+
+| `resources` link:https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.31/#resourcerequirements-v1-core[_ResourceRequirements_]
+| resources defines the resource requirements. Cannot be updated. For more information, see link:https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/[]
+|
+| Optional
+
+| `affinity` link:https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.31/#affinity-v1-core[_Affinity_]
+| affinity sets the scheduling affinity rules. For more information, see link:https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/[]
+|
+| Optional
+
+| `tolerations` link:https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.31/#toleration-v1-core[_Toleration_] _array_
+| tolerations sets the pod tolerations. For more information, see link:https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/[]
+|
+| Optional
+
+| `nodeSelector` _object (keys:string, values:string)_
+| nodeSelector defines the scheduling criteria by using node labels. For more information, see link:https://kubernetes.io/docs/concepts/configuration/assign-pod-node/[]
+|
+| Optional
+|===

modules/eso-external-secrets-list.adoc

@@ -0,0 +1,37 @@
+// Module included in the following assemblies:
+//
+// * security/external_secrets_operator/external-secrets-operator-api.adoc
+
+:_mod-docs-content-type: REFERENCE
+[id="eso-external-secrets-list_{context}"]
+= externalSecretsList
+
+The externalSecretsList stores a list of externalSecrets objects.
+
+[cols="1,1,1,1",options="header"]
+|===
+| Field
+| Description
+| Default
+| Validation
+
+| `apiVersion` _string_
+| `operator.openshift.io/v1alpha1`
+|
+|
+
+| `kind` _string_
+| `externalSecretsList`
+|
+|
+
+| `metadata` link:https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.31/#listmeta-v1-meta[_ListMeta_]
+| Refer to Kubernetes API documentation for details about the `metadata` fields.
+|
+|
+
+| `items` _array_
+|
+|
+|
+|===

modules/eso-external-secrets-manager-list.adoc

@@ -0,0 +1,38 @@
+// Module included in the following assemblies:
+//
+// * security/external_secrets_operator/external-secrets-operator-api.adoc
+
+:_mod-docs-content-type: REFERENCE
+[id="eso-external-secrets-manager-list_{context}"]
+= externalSecretsManagerList
+
+The externalSecretsManagerList stores a list of externalSecretsManager objects.
+
+
+[cols="1,1,1,1",options="header"]
+|===
+| Field
+| Description
+| Default
+| Validation
+
+| `apiVersion` _string_
+| `operator.openshift.io/v1alpha1`
+|
+|
+
+| `kind` _string_
+| `externalSecretsManagerList`
+|
+|
+
+| `metadata` link:https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.31/#listmeta-v1-meta[_ListMeta_]
+| Refer to Kubernetes API documentation for details about the `metadata` fields.
+|
+|
+
+| `items` _array_
+|
+|
+|
+|===

modules/eso-external-secrets-manager-spec.adoc

@@ -0,0 +1,27 @@
+// Module included in the following assemblies:
+//
+// * security/external_secrets_operator/external-secrets-operator-api.adoc
+
+:_mod-docs-content-type: REFERENCE
+[id="eso-external-secrets-manager-spec_{context}"]
+= externalSecretsManagerSpec
+
+The externalSecretsManagerSpec defines the desired behavior of the externalSecretsManager.
+
+[cols="1,1,1,1",options="header"]
+|===
+| Field
+| Description
+| Default
+| Validation
+
+| `globalConfig`
+| globalConfig configures the behavior of deployments that external-secrets-operator manages.
+|
+| Optional
+
+| `features` _array_
+| features enable the optional features of the Operator .
+|
+| Optional
+|===

modules/eso-external-secrets-manager.adoc

@@ -0,0 +1,46 @@
+// Module included in the following assemblies:
+//
+// * security/external_secrets_operator/external-secrets-operator-api.adoc
+
+:_mod-docs-content-type: REFERENCE
+[id="eso-external-secrets-manager_{context}"]
+= externalSecretsManager
+
+
+The externalSecretsManager defines the configuration and information for deployments managed by
+the external-secrets-operator. Set the name to `cluster` as this is a singleton object that allows only one instance of externalSecretsManager per cluster.
+
+use externalSecretsManager to configure global options and enable optional features. This serves as a centralized configuration for managing multiple controllers of the operator. The Operator automatically creates this object during installation.
+
+[cols="1,1,1,1",options="header"]
+|===
+| Field
+| Description
+| Default
+| Validation
+
+| `apiVersion` _string_
+| `operator.openshift.io/v1alpha1`
+|
+|
+
+| `kind` _string_
+| `externalSecretsManager`
+|
+|
+
+| `metadata` link:https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.31/#objectmeta-v1-meta[_ObjectMeta_]
+| Refer to Kubernetes API documentation for details about the `metadata` fields.
+|
+|
+
+| `spec`
+| `spec` is the specification of the desired behavior
+|
+|
+
+| `status`
+| Displays the most observed status of the controllers that the External Secrets Operator uses.
+|
+|
+|===

modules/eso-external-secrets-spec.adoc

@@ -0,0 +1,27 @@
+// Module included in the following assemblies:
+//
+// * security/external_secrets_operator/external-secrets-operator-api.adoc
+
+:_mod-docs-content-type: REFERENCE
+[id="eso-external-secrets-spec_{context}"]
+= externalSecretsSpec
+
+The externalSecretsSpec defines the desired behavior of the externalSecrets.
+
+[cols="1,1,1,1",options="header"]
+|===
+| Field
+| Description
+| Default
+| Validation
+
+| `externalSecretsConfig`
+| externalSecretsConfig configures the behavior of external-secrets.
+|
+| Optional
+
+| `controllerConfig`
+| controllerConfig configures the controller to set up defaults that enable external-secrets.
+|
+| Optional
+|===