2020-08-31 21:06:28 +00:00
---
apiVersion : apiextensions.k8s.io/v1
kind : CustomResourceDefinition
metadata :
annotations :
2022-03-08 19:27:05 +00:00
controller-gen.kubebuilder.io/version : v0.8.0
2020-08-31 21:06:28 +00:00
creationTimestamp : null
2020-11-02 21:39:43 +00:00
name : credentialissuers.config.concierge.pinniped.dev
2020-08-31 21:06:28 +00:00
spec :
2020-10-30 20:09:14 +00:00
group : config.concierge.pinniped.dev
2020-08-31 21:06:28 +00:00
names :
2020-11-12 22:24:25 +00:00
categories :
- pinniped
2020-11-02 21:39:43 +00:00
kind : CredentialIssuer
listKind : CredentialIssuerList
plural : credentialissuers
singular : credentialissuer
2021-02-09 21:21:17 +00:00
scope : Cluster
2020-08-31 21:06:28 +00:00
versions :
2021-09-20 19:47:39 +00:00
- additionalPrinterColumns :
- jsonPath : .spec.impersonationProxy.mode
name : ProxyMode
type : string
2021-09-21 19:01:30 +00:00
- jsonPath : .status.strategies[?(@.status == "Success")].type
name : DefaultStrategy
type : string
2021-09-20 19:47:39 +00:00
- jsonPath : .metadata.creationTimestamp
name : Age
type : date
name : v1alpha1
2020-08-31 21:06:28 +00:00
schema :
openAPIV3Schema :
2021-05-12 02:23:43 +00:00
description : CredentialIssuer describes the configuration and status of the
Pinniped Concierge credential issuer.
2020-08-31 21:06:28 +00:00
properties :
apiVersion :
description : 'APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values. More info : https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type : string
kind :
description : 'Kind is a string value representing the REST resource this
object represents. Servers may infer this from the endpoint the client
submits requests to. Cannot be updated. In CamelCase. More info : https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type : string
metadata :
type : object
2021-05-14 16:55:12 +00:00
spec :
description : Spec describes the intended configuration of the Concierge.
properties :
impersonationProxy :
description : ImpersonationProxy describes the intended configuration
of the Concierge impersonation proxy.
properties :
externalEndpoint :
description : "ExternalEndpoint describes the HTTPS endpoint where
2021-05-19 16:39:53 +00:00
the proxy will be exposed. If not set, the proxy will be served
using the external name of the LoadBalancer service or the cluster
2021-07-09 16:00:38 +00:00
service DNS name. \n This field must be non-empty when spec.impersonationProxy.service.type
2021-05-19 16:39:53 +00:00
is \"None\"."
2021-05-14 16:55:12 +00:00
type : string
mode :
description : 'Mode configures whether the impersonation proxy
should be started : - "disabled" explicitly disables the impersonation
proxy. This is the default. - "enabled" explicitly enables the
impersonation proxy. - "auto" enables or disables the impersonation
proxy based upon the cluster in which it is running.'
enum :
- auto
- enabled
- disabled
type : string
service :
default :
type : LoadBalancer
2021-05-19 16:39:53 +00:00
description : Service describes the configuration of the Service
provisioned to expose the impersonation proxy to clients.
2021-05-14 16:55:12 +00:00
properties :
annotations :
additionalProperties :
type : string
description : Annotations specifies zero or more key/value
pairs to set as annotations on the provisioned Service.
type : object
loadBalancerIP :
description : LoadBalancerIP specifies the IP address to set
in the spec.loadBalancerIP field of the provisioned Service.
This is not supported on all cloud providers.
maxLength : 255
minLength : 1
type : string
type :
default : LoadBalancer
description : "Type specifies the type of Service to provision
for the impersonation proxy. \n If the type is \"None\",
then the \"spec.impersonationProxy.externalEndpoint\" field
must be set to a non-empty value so that the Concierge can
properly advertise the endpoint in the CredentialIssuer's
status."
enum :
- LoadBalancer
- ClusterIP
- None
type : string
type : object
2023-07-20 17:06:09 +00:00
tls :
2023-08-01 18:29:43 +00:00
description : "TLS contains information about how the Concierge
impersonation proxy should serve TLS. \n If this field is empty,
the impersonation proxy will generate its own TLS certificate."
2023-07-20 17:06:09 +00:00
properties :
certificateAuthorityData :
description : X.509 Certificate Authority (base64-encoded PEM
bundle). Used to advertise the CA bundle for the impersonation
proxy endpoint.
type : string
secretName :
description : SecretName is the name of a Secret in the same
namespace, of type `kubernetes.io/tls`, which contains the
TLS serving certificate for the Concierge impersonation
proxy endpoint.
minLength : 1
type : string
type : object
2021-05-14 16:55:12 +00:00
required :
- mode
- service
type : object
required :
- impersonationProxy
type : object
2020-08-31 21:06:28 +00:00
status :
2021-05-14 16:55:12 +00:00
description : CredentialIssuerStatus describes the status of the Concierge.
2020-08-31 21:06:28 +00:00
properties :
kubeConfigInfo :
description : Information needed to form a valid Pinniped-based kubeconfig
2021-03-01 22:17:04 +00:00
using this credential issuer. This field is deprecated and will
be removed in a future version.
2020-08-31 21:06:28 +00:00
properties :
certificateAuthorityData :
description : The K8s API server CA bundle.
minLength : 1
type : string
server :
description : The K8s API server URL.
minLength : 1
pattern : ^https://|^http://
type : string
required :
- certificateAuthorityData
- server
type : object
strategies :
description : List of integration strategies that were attempted by
Pinniped.
items :
2021-05-12 02:23:43 +00:00
description : CredentialIssuerStrategy describes the status of an
integration strategy that was attempted by Pinniped.
2020-08-31 21:06:28 +00:00
properties :
2021-03-01 22:17:04 +00:00
frontend :
description : Frontend describes how clients can connect using
this strategy.
properties :
2021-03-02 22:06:19 +00:00
impersonationProxyInfo :
description : ImpersonationProxyInfo describes the parameters
for the impersonation proxy on this Concierge. This field
is only set when Type is "ImpersonationProxy".
properties :
certificateAuthorityData :
description : CertificateAuthorityData is the base64-encoded
PEM CA bundle of the impersonation proxy.
minLength : 1
type : string
2021-03-12 19:23:24 +00:00
endpoint :
2021-03-02 22:06:19 +00:00
description : Endpoint is the HTTPS endpoint of the impersonation
proxy.
minLength : 1
pattern : ^https://
type : string
required :
- certificateAuthorityData
2021-03-12 19:23:24 +00:00
- endpoint
2021-03-02 22:06:19 +00:00
type : object
2021-03-01 22:17:04 +00:00
tokenCredentialRequestInfo :
description : TokenCredentialRequestAPIInfo describes the
parameters for the TokenCredentialRequest API on this
Concierge. This field is only set when Type is "TokenCredentialRequestAPI".
properties :
certificateAuthorityData :
2021-03-03 00:00:49 +00:00
description : CertificateAuthorityData is the base64-encoded
Kubernetes API server CA bundle.
2021-03-01 22:17:04 +00:00
minLength : 1
type : string
server :
description : Server is the Kubernetes API server URL.
minLength : 1
pattern : ^https://|^http://
type : string
required :
- certificateAuthorityData
- server
type : object
type :
description : Type describes which frontend mechanism clients
can use with a strategy.
enum :
- TokenCredentialRequestAPI
2021-03-03 20:30:21 +00:00
- ImpersonationProxy
2021-03-01 22:17:04 +00:00
type : string
required :
- type
type : object
2020-08-31 21:06:28 +00:00
lastUpdateTime :
description : When the status was last checked.
format : date-time
type : string
message :
description : Human-readable description of the current status.
minLength : 1
type : string
reason :
description : Reason for the current status.
enum :
2021-03-03 20:30:21 +00:00
- Listening
- Pending
- Disabled
- ErrorDuringSetup
2020-08-31 21:06:28 +00:00
- CouldNotFetchKey
2021-03-03 20:30:21 +00:00
- CouldNotGetClusterInfo
- FetchedKey
2020-08-31 21:06:28 +00:00
type : string
status :
description : Status of the attempted integration strategy.
enum :
- Success
- Error
type : string
type :
description : Type of integration attempted.
enum :
- KubeClusterSigningCertificate
2021-03-03 20:30:21 +00:00
- ImpersonationProxy
2020-08-31 21:06:28 +00:00
type : string
required :
- lastUpdateTime
- message
- reason
- status
- type
type : object
type : array
required :
- strategies
type : object
type : object
served : true
storage : true
2021-02-10 22:49:21 +00:00
subresources :
status : {}
2020-08-31 21:06:28 +00:00
status :
acceptedNames :
kind : ""
plural : ""
conditions : [ ]
storedVersions : [ ]