2020-08-31 21:06:28 +00:00
---
apiVersion : apiextensions.k8s.io/v1
kind : CustomResourceDefinition
metadata :
annotations :
controller-gen.kubebuilder.io/version : v0.4.0
creationTimestamp : null
2020-11-02 21:39:43 +00:00
name : credentialissuers.config.concierge.pinniped.dev
2020-08-31 21:06:28 +00:00
spec :
2020-10-30 20:09:14 +00:00
group : config.concierge.pinniped.dev
2020-08-31 21:06:28 +00:00
names :
2020-11-12 22:24:25 +00:00
categories :
- pinniped
2020-11-02 21:39:43 +00:00
kind : CredentialIssuer
listKind : CredentialIssuerList
plural : credentialissuers
singular : credentialissuer
2021-02-09 21:21:17 +00:00
scope : Cluster
2020-08-31 21:06:28 +00:00
versions :
- name : v1alpha1
schema :
openAPIV3Schema :
2021-05-12 02:23:43 +00:00
description : CredentialIssuer describes the configuration and status of the
Pinniped Concierge credential issuer.
2020-08-31 21:06:28 +00:00
properties :
apiVersion :
description : 'APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values. More info : https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type : string
kind :
description : 'Kind is a string value representing the REST resource this
object represents. Servers may infer this from the endpoint the client
submits requests to. Cannot be updated. In CamelCase. More info : https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type : string
metadata :
type : object
2021-05-14 16:55:12 +00:00
spec :
default :
impersonationProxy :
mode : disabled
service :
type : LoadBalancer
description : Spec describes the intended configuration of the Concierge.
properties :
impersonationProxy :
default :
mode : disabled
service :
type : LoadBalancer
description : ImpersonationProxy describes the intended configuration
of the Concierge impersonation proxy.
properties :
externalEndpoint :
description : "ExternalEndpoint describes the HTTPS endpoint where
the proxy will be exposed. If the proxy is enabled and this
field is not set, a Service of type LoadBalancer will be automatically
provisioned and its external name will be advertised. \n Setting
this field disables the automatic creation of this LoadBalancer
Service."
type : string
mode :
default : disabled
description : 'Mode configures whether the impersonation proxy
should be started : - "disabled" explicitly disables the impersonation
proxy. This is the default. - "enabled" explicitly enables the
impersonation proxy. - "auto" enables or disables the impersonation
proxy based upon the cluster in which it is running.'
enum :
- auto
- enabled
- disabled
type : string
service :
default :
type : LoadBalancer
description : Service describes the configuraiton
properties :
annotations :
additionalProperties :
type : string
description : Annotations specifies zero or more key/value
pairs to set as annotations on the provisioned Service.
type : object
loadBalancerIP :
description : LoadBalancerIP specifies the IP address to set
in the spec.loadBalancerIP field of the provisioned Service.
This is not supported on all cloud providers.
maxLength : 255
minLength : 1
type : string
type :
default : LoadBalancer
description : "Type specifies the type of Service to provision
for the impersonation proxy. \n If the type is \"None\",
then the \"spec.impersonationProxy.externalEndpoint\" field
must be set to a non-empty value so that the Concierge can
properly advertise the endpoint in the CredentialIssuer's
status."
enum :
- LoadBalancer
- ClusterIP
- None
type : string
type : object
required :
- mode
- service
type : object
required :
- impersonationProxy
type : object
2020-08-31 21:06:28 +00:00
status :
2021-05-14 16:55:12 +00:00
description : CredentialIssuerStatus describes the status of the Concierge.
2020-08-31 21:06:28 +00:00
properties :
kubeConfigInfo :
description : Information needed to form a valid Pinniped-based kubeconfig
2021-03-01 22:17:04 +00:00
using this credential issuer. This field is deprecated and will
be removed in a future version.
2020-08-31 21:06:28 +00:00
properties :
certificateAuthorityData :
description : The K8s API server CA bundle.
minLength : 1
type : string
server :
description : The K8s API server URL.
minLength : 1
pattern : ^https://|^http://
type : string
required :
- certificateAuthorityData
- server
type : object
strategies :
description : List of integration strategies that were attempted by
Pinniped.
items :
2021-05-12 02:23:43 +00:00
description : CredentialIssuerStrategy describes the status of an
integration strategy that was attempted by Pinniped.
2020-08-31 21:06:28 +00:00
properties :
2021-03-01 22:17:04 +00:00
frontend :
description : Frontend describes how clients can connect using
this strategy.
properties :
2021-03-02 22:06:19 +00:00
impersonationProxyInfo :
description : ImpersonationProxyInfo describes the parameters
for the impersonation proxy on this Concierge. This field
is only set when Type is "ImpersonationProxy".
properties :
certificateAuthorityData :
description : CertificateAuthorityData is the base64-encoded
PEM CA bundle of the impersonation proxy.
minLength : 1
type : string
2021-03-12 19:23:24 +00:00
endpoint :
2021-03-02 22:06:19 +00:00
description : Endpoint is the HTTPS endpoint of the impersonation
proxy.
minLength : 1
pattern : ^https://
type : string
required :
- certificateAuthorityData
2021-03-12 19:23:24 +00:00
- endpoint
2021-03-02 22:06:19 +00:00
type : object
2021-03-01 22:17:04 +00:00
tokenCredentialRequestInfo :
description : TokenCredentialRequestAPIInfo describes the
parameters for the TokenCredentialRequest API on this
Concierge. This field is only set when Type is "TokenCredentialRequestAPI".
properties :
certificateAuthorityData :
2021-03-03 00:00:49 +00:00
description : CertificateAuthorityData is the base64-encoded
Kubernetes API server CA bundle.
2021-03-01 22:17:04 +00:00
minLength : 1
type : string
server :
description : Server is the Kubernetes API server URL.
minLength : 1
pattern : ^https://|^http://
type : string
required :
- certificateAuthorityData
- server
type : object
type :
description : Type describes which frontend mechanism clients
can use with a strategy.
enum :
- TokenCredentialRequestAPI
2021-03-03 20:30:21 +00:00
- ImpersonationProxy
2021-03-01 22:17:04 +00:00
type : string
required :
- type
type : object
2020-08-31 21:06:28 +00:00
lastUpdateTime :
description : When the status was last checked.
format : date-time
type : string
message :
description : Human-readable description of the current status.
minLength : 1
type : string
reason :
description : Reason for the current status.
enum :
2021-03-03 20:30:21 +00:00
- Listening
- Pending
- Disabled
- ErrorDuringSetup
2020-08-31 21:06:28 +00:00
- CouldNotFetchKey
2021-03-03 20:30:21 +00:00
- CouldNotGetClusterInfo
- FetchedKey
2020-08-31 21:06:28 +00:00
type : string
status :
description : Status of the attempted integration strategy.
enum :
- Success
- Error
type : string
type :
description : Type of integration attempted.
enum :
- KubeClusterSigningCertificate
2021-03-03 20:30:21 +00:00
- ImpersonationProxy
2020-08-31 21:06:28 +00:00
type : string
required :
- lastUpdateTime
- message
- reason
- status
- type
type : object
type : array
required :
- strategies
type : object
type : object
served : true
storage : true
2021-02-10 22:49:21 +00:00
subresources :
status : {}
2020-08-31 21:06:28 +00:00
status :
acceptedNames :
kind : ""
plural : ""
conditions : [ ]
storedVersions : [ ]
