chore: document kubernetes provider pushsecret type

[mhrabovcin]

Problem Statement

Adds the missing documentation about possibility to set the secret type with the Kubernetes provider on PushSecret.

Related Issue

Fixes #...

Proposed Changes

Docs change.

Checklist

• I have read the contribution guidelines
• All commits are signed with git commit --signoff
• My changes have reasonable test coverage
• All tests pass with make test
• I ensured my PR is ready for review with make reviewable

[Skarlso]

@mhrabovcin Hello. 👋 so setting a secret type is a template capability that is accessible to anything that uses templates.

I'm a bit on the fence about this. For one, it helps for sure, examples are always good. But on second, this particular feature is documented already here: https://external-secrets.io/latest/guides/common-k8s-secret-types/

And many other places. Hmm.

[mhrabovcin]

Hi @Skarlso thanks for the review. I haven't seen anywhere explicitly mentioned PushSecret behavior. I've seen the discussion here https://github.com/external-secrets/external-secrets/discussions/2728 where the same question was opened.

Please feel free to close this PR if you don't see this docs enhancement as a good fit. Thank you!

[Skarlso]

Hm, maybe it's fine to have an extra example. But the problem is then that this is specific to Kubernetes provider. But actually, it's available for ALL providers. :) You see what I mean? :)

[gusfcarvalho]

re: the docs, I think its fine to add it. This behavior (spec.template.type) changing the type of secret it is created is IIRC only a thing for kubernetes. IIRC, this wouldn't work for other providers that also have multiple types like azure Keyvault.

Re: the bigger issue: This is a feature available on a generic API that is only for kubernetes. This is a reminder for the coming v2 work this should probably change and move to the Metadata pattern.

[mhrabovcin]

I see and I am honestly not very familiar with other providers. In k8s the Secret type has a special meaning during the secret validation. I can move the docs to the common section.

Maybe there should be a note about the secret type behavior for push secrets per provider. It is quite straight forward to imagine impact of setting the secret type when ExternalSecret is created. But I could imagine that setting the secret type has different impact in different providers, some may even ignore this property.

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud