2020-08-31 21:06:28 +00:00
---
apiVersion : apiextensions.k8s.io/v1
kind : CustomResourceDefinition
metadata :
annotations :
controller-gen.kubebuilder.io/version : v0.4.0
creationTimestamp : null
2020-11-02 21:39:43 +00:00
name : credentialissuers.config.concierge.pinniped.dev
2020-08-31 21:06:28 +00:00
spec :
2020-10-30 20:09:14 +00:00
group : config.concierge.pinniped.dev
2020-08-31 21:06:28 +00:00
names :
2020-11-12 22:24:25 +00:00
categories :
- pinniped
2020-11-02 21:39:43 +00:00
kind : CredentialIssuer
listKind : CredentialIssuerList
plural : credentialissuers
singular : credentialissuer
2021-02-09 21:21:17 +00:00
scope : Cluster
2020-08-31 21:06:28 +00:00
versions :
- name : v1alpha1
schema :
openAPIV3Schema :
2021-05-12 02:23:43 +00:00
description : CredentialIssuer describes the configuration and status of the
Pinniped Concierge credential issuer.
2020-08-31 21:06:28 +00:00
properties :
apiVersion :
description : 'APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values. More info : https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type : string
kind :
description : 'Kind is a string value representing the REST resource this
object represents. Servers may infer this from the endpoint the client
submits requests to. Cannot be updated. In CamelCase. More info : https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type : string
metadata :
type : object
2021-05-14 16:55:12 +00:00
spec :
description : Spec describes the intended configuration of the Concierge.
properties :
impersonationProxy :
description : ImpersonationProxy describes the intended configuration
of the Concierge impersonation proxy.
properties :
externalEndpoint :
description : "ExternalEndpoint describes the HTTPS endpoint where
2021-05-19 16:39:53 +00:00
the proxy will be exposed. If not set, the proxy will be served
using the external name of the LoadBalancer service or the cluster
service DNS name. \n This field must be non-empty when spec.impersonationProxy.service.mode
is \"None\"."
2021-05-14 16:55:12 +00:00
type : string
mode :
description : 'Mode configures whether the impersonation proxy
should be started : - "disabled" explicitly disables the impersonation
proxy. This is the default. - "enabled" explicitly enables the
impersonation proxy. - "auto" enables or disables the impersonation
proxy based upon the cluster in which it is running.'
enum :
- auto
- enabled
- disabled
type : string
service :
default :
type : LoadBalancer
2021-05-19 16:39:53 +00:00
description : Service describes the configuration of the Service
provisioned to expose the impersonation proxy to clients.
2021-05-14 16:55:12 +00:00
properties :
annotations :
additionalProperties :
type : string
description : Annotations specifies zero or more key/value
pairs to set as annotations on the provisioned Service.
type : object
loadBalancerIP :
description : LoadBalancerIP specifies the IP address to set
in the spec.loadBalancerIP field of the provisioned Service.
This is not supported on all cloud providers.
maxLength : 255
minLength : 1
type : string
type :
default : LoadBalancer
description : "Type specifies the type of Service to provision
for the impersonation proxy. \n If the type is \"None\",
then the \"spec.impersonationProxy.externalEndpoint\" field
must be set to a non-empty value so that the Concierge can
properly advertise the endpoint in the CredentialIssuer's
status."
enum :
- LoadBalancer
- ClusterIP
- None
type : string
type : object
required :
- mode
- service
type : object
required :
- impersonationProxy
type : object
2020-08-31 21:06:28 +00:00
status :
2021-05-14 16:55:12 +00:00
description : CredentialIssuerStatus describes the status of the Concierge.
2020-08-31 21:06:28 +00:00
properties :
kubeConfigInfo :
description : Information needed to form a valid Pinniped-based kubeconfig
2021-03-01 22:17:04 +00:00
using this credential issuer. This field is deprecated and will
be removed in a future version.
2020-08-31 21:06:28 +00:00
properties :
certificateAuthorityData :
description : The K8s API server CA bundle.
minLength : 1
type : string
server :
description : The K8s API server URL.
minLength : 1
pattern : ^https://|^http://
type : string
required :
- certificateAuthorityData
- server
type : object
strategies :
description : List of integration strategies that were attempted by
Pinniped.
items :
2021-05-12 02:23:43 +00:00
description : CredentialIssuerStrategy describes the status of an
integration strategy that was attempted by Pinniped.
2020-08-31 21:06:28 +00:00
properties :
2021-03-01 22:17:04 +00:00
frontend :
description : Frontend describes how clients can connect using
this strategy.
properties :
2021-03-02 22:06:19 +00:00
impersonationProxyInfo :
description : ImpersonationProxyInfo describes the parameters
for the impersonation proxy on this Concierge. This field
is only set when Type is "ImpersonationProxy".
properties :
certificateAuthorityData :
description : CertificateAuthorityData is the base64-encoded
PEM CA bundle of the impersonation proxy.
minLength : 1
type : string
2021-03-12 19:23:24 +00:00
endpoint :
2021-03-02 22:06:19 +00:00
description : Endpoint is the HTTPS endpoint of the impersonation
proxy.
minLength : 1
pattern : ^https://
type : string
required :
- certificateAuthorityData
2021-03-12 19:23:24 +00:00
- endpoint
2021-03-02 22:06:19 +00:00
type : object
2021-03-01 22:17:04 +00:00
tokenCredentialRequestInfo :
description : TokenCredentialRequestAPIInfo describes the
parameters for the TokenCredentialRequest API on this
Concierge. This field is only set when Type is "TokenCredentialRequestAPI".
properties :
certificateAuthorityData :
2021-03-03 00:00:49 +00:00
description : CertificateAuthorityData is the base64-encoded
Kubernetes API server CA bundle.
2021-03-01 22:17:04 +00:00
minLength : 1
type : string
server :
description : Server is the Kubernetes API server URL.
minLength : 1
pattern : ^https://|^http://
type : string
required :
- certificateAuthorityData
- server
type : object
type :
description : Type describes which frontend mechanism clients
can use with a strategy.
enum :
- TokenCredentialRequestAPI
2021-03-03 20:30:21 +00:00
- ImpersonationProxy
2021-03-01 22:17:04 +00:00
type : string
required :
- type
type : object
2020-08-31 21:06:28 +00:00
lastUpdateTime :
description : When the status was last checked.
format : date-time
type : string
message :
description : Human-readable description of the current status.
minLength : 1
type : string
reason :
description : Reason for the current status.
enum :
2021-03-03 20:30:21 +00:00
- Listening
- Pending
- Disabled
- ErrorDuringSetup
2020-08-31 21:06:28 +00:00
- CouldNotFetchKey
2021-03-03 20:30:21 +00:00
- CouldNotGetClusterInfo
- FetchedKey
2020-08-31 21:06:28 +00:00
type : string
status :
description : Status of the attempted integration strategy.
enum :
- Success
- Error
type : string
type :
description : Type of integration attempted.
enum :
- KubeClusterSigningCertificate
2021-03-03 20:30:21 +00:00
- ImpersonationProxy
2020-08-31 21:06:28 +00:00
type : string
required :
- lastUpdateTime
- message
- reason
- status
- type
type : object
type : array
required :
- strategies
type : object
type : object
served : true
storage : true
2021-02-10 22:49:21 +00:00
subresources :
status : {}
2020-08-31 21:06:28 +00:00
status :
acceptedNames :
kind : ""
plural : ""
conditions : [ ]
storedVersions : [ ]
