ContainerImage.Pinniped/deploy/concierge/config.concierge.pinniped.d...


---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
  annotations:
    controller-gen.kubebuilder.io/version: v0.4.0
  creationTimestamp: null
  name: credentialissuers.config.concierge.pinniped.dev
spec:
  group: config.concierge.pinniped.dev
  names:
    categories:
    - pinniped
    kind: CredentialIssuer
    listKind: CredentialIssuerList
    plural: credentialissuers
    singular: credentialissuer
  scope: Cluster
  versions:
  - name: v1alpha1
    schema:
      openAPIV3Schema:
        description: Describes the configuration status of a Pinniped credential issuer.
        properties:
          apiVersion:
            description: 'APIVersion defines the versioned schema of this representation
              of an object. Servers should convert recognized schemas to the latest
              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
            type: string
          kind:
            description: 'Kind is a string value representing the REST resource this
              object represents. Servers may infer this from the endpoint the client
              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
            type: string
          metadata:
            type: object
          status:
            description: Status of the credential issuer.
            properties:
              kubeConfigInfo:
                description: Information needed to form a valid Pinniped-based kubeconfig
                  using this credential issuer. This field is deprecated and will
                  be removed in a future version.
                properties:
                  certificateAuthorityData:
                    description: The K8s API server CA bundle.
                    minLength: 1
                    type: string
                  server:
                    description: The K8s API server URL.
                    minLength: 1
                    pattern: ^https://|^http://
                    type: string
                required:
                - certificateAuthorityData
                - server
                type: object
              strategies:
                description: List of integration strategies that were attempted by
                  Pinniped.
                items:
                  description: Status of an integration strategy that was attempted
                    by Pinniped.
                  properties:
                    frontend:
                      description: Frontend describes how clients can connect using
                        this strategy.
                      properties:
                        impersonationProxyInfo:
                          description: ImpersonationProxyInfo describes the parameters
                            for the impersonation proxy on this Concierge. This field
                            is only set when Type is "ImpersonationProxy".
                          properties:
                            certificateAuthorityData:
                              description: CertificateAuthorityData is the base64-encoded
                                PEM CA bundle of the impersonation proxy.
                              minLength: 1
                              type: string
                            endpoint:
                              description: Endpoint is the HTTPS endpoint of the impersonation
                                proxy.
                              minLength: 1
                              pattern: ^https://
                              type: string
                          required:
                          - certificateAuthorityData
                          - endpoint
                          type: object
                        tokenCredentialRequestInfo:
                          description: TokenCredentialRequestAPIInfo describes the
                            parameters for the TokenCredentialRequest API on this
                            Concierge. This field is only set when Type is "TokenCredentialRequestAPI".
                          properties:
                            certificateAuthorityData:
                              description: CertificateAuthorityData is the base64-encoded
                                Kubernetes API server CA bundle.
                              minLength: 1
                              type: string
                            server:
                              description: Server is the Kubernetes API server URL.
                              minLength: 1
                              pattern: ^https://|^http://
                              type: string
                          required:
                          - certificateAuthorityData
                          - server
                          type: object
                        type:
                          description: Type describes which frontend mechanism clients
                            can use with a strategy.
                          enum:
                          - TokenCredentialRequestAPI
                          - ImpersonationProxy
                          type: string
                      required:
                      - type
                      type: object
                    lastUpdateTime:
                      description: When the status was last checked.
                      format: date-time
                      type: string
                    message:
                      description: Human-readable description of the current status.
                      minLength: 1
                      type: string
                    reason:
                      description: Reason for the current status.
                      enum:
                      - Listening
                      - Pending
                      - Disabled
                      - ErrorDuringSetup
                      - CouldNotFetchKey
                      - CouldNotGetClusterInfo
                      - FetchedKey
                      type: string
                    status:
                      description: Status of the attempted integration strategy.
                      enum:
                      - Success
                      - Error
                      type: string
                    type:
                      description: Type of integration attempted.
                      enum:
                      - KubeClusterSigningCertificate
                      - ImpersonationProxy
                      type: string
                  required:
                  - lastUpdateTime
                  - message
                  - reason
                  - status
                  - type
                  type: object
                type: array
            required:
            - strategies
            type: object
        type: object
    served: true
    storage: true
    subresources:
      status: {}
status:
  acceptedNames:
    kind: ""
    plural: ""
  conditions: []
  storedVersions: []
Generate CRD YAML using controller-tools, update doc strings. Signed-off-by: Matt Moyer <moyerm@vmware.com> 2020-08-31 21:06:28 +00:00
			`---`
			`apiVersion: apiextensions.k8s.io/v1`
			`kind: CustomResourceDefinition`
			`metadata:`
			`annotations:`
			`controller-gen.kubebuilder.io/version: v0.4.0`
			`creationTimestamp: null`
Rename CredentialIssuerConfig to CredentialIssuer. Signed-off-by: Matt Moyer <moyerm@vmware.com> 2020-11-02 21:39:43 +00:00			`name: credentialissuers.config.concierge.pinniped.dev`
Generate CRD YAML using controller-tools, update doc strings. Signed-off-by: Matt Moyer <moyerm@vmware.com> 2020-08-31 21:06:28 +00:00			`spec:`
Split the config CRDs into two API groups. Signed-off-by: Matt Moyer <moyerm@vmware.com> 2020-10-30 20:09:14 +00:00			`group: config.concierge.pinniped.dev`
Generate CRD YAML using controller-tools, update doc strings. Signed-off-by: Matt Moyer <moyerm@vmware.com> 2020-08-31 21:06:28 +00:00			`names:`
Put all of our APIs into a "pinniped" category, and never use "all". We want to have our APIs respond to `kubectl get pinniped`, and we shouldn't use `all` because we don't think most average users should have permission to see our API types, which means if we put our types there, they would get an error from `kubectl get all`. I also added some tests to assert these properties on all `*.pinniped.dev` API resources. Signed-off-by: Matt Moyer <moyerm@vmware.com> 2020-11-12 22:24:25 +00:00			`categories:`
			`- pinniped`
Rename CredentialIssuerConfig to CredentialIssuer. Signed-off-by: Matt Moyer <moyerm@vmware.com> 2020-11-02 21:39:43 +00:00			`kind: CredentialIssuer`
			`listKind: CredentialIssuerList`
			`plural: credentialissuers`
			`singular: credentialissuer`
Generated Signed-off-by: Monis Khan <mok@vmware.com> 2021-02-09 21:21:17 +00:00			`scope: Cluster`
Generate CRD YAML using controller-tools, update doc strings. Signed-off-by: Matt Moyer <moyerm@vmware.com> 2020-08-31 21:06:28 +00:00			`versions:`
			`- name: v1alpha1`
			`schema:`
			`openAPIV3Schema:`
Put all of our APIs into a "pinniped" category, and never use "all". We want to have our APIs respond to `kubectl get pinniped`, and we shouldn't use `all` because we don't think most average users should have permission to see our API types, which means if we put our types there, they would get an error from `kubectl get all`. I also added some tests to assert these properties on all `*.pinniped.dev` API resources. Signed-off-by: Matt Moyer <moyerm@vmware.com> 2020-11-12 22:24:25 +00:00			`description: Describes the configuration status of a Pinniped credential issuer.`
Generate CRD YAML using controller-tools, update doc strings. Signed-off-by: Matt Moyer <moyerm@vmware.com> 2020-08-31 21:06:28 +00:00			`properties:`
			`apiVersion:`
			`description: 'APIVersion defines the versioned schema of this representation`
			`of an object. Servers should convert recognized schemas to the latest`
			`internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'`
			`type: string`
			`kind:`
			`description: 'Kind is a string value representing the REST resource this`
			`object represents. Servers may infer this from the endpoint the client`
			`submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'`
			`type: string`
			`metadata:`
			`type: object`
			`status:`
			`description: Status of the credential issuer.`
			`properties:`
			`kubeConfigInfo:`
			`description: Information needed to form a valid Pinniped-based kubeconfig`
Add generated code. Signed-off-by: Matt Moyer <moyerm@vmware.com> 2021-03-01 22:17:04 +00:00			`using this credential issuer. This field is deprecated and will`
			`be removed in a future version.`
Generate CRD YAML using controller-tools, update doc strings. Signed-off-by: Matt Moyer <moyerm@vmware.com> 2020-08-31 21:06:28 +00:00			`properties:`
			`certificateAuthorityData:`
			`description: The K8s API server CA bundle.`
			`minLength: 1`
			`type: string`
			`server:`
			`description: The K8s API server URL.`
			`minLength: 1`
			`pattern: ^https://\|^http://`
			`type: string`
			`required:`
			`- certificateAuthorityData`
			`- server`
			`type: object`
			`strategies:`
			`description: List of integration strategies that were attempted by`
			`Pinniped.`
			`items:`
			`description: Status of an integration strategy that was attempted`
			`by Pinniped.`
			`properties:`
Add generated code. Signed-off-by: Matt Moyer <moyerm@vmware.com> 2021-03-01 22:17:04 +00:00			`frontend:`
			`description: Frontend describes how clients can connect using`
			`this strategy.`
			`properties:`
Merge branch 'main' of github.com:vmware-tanzu/pinniped into impersonation-proxy This is more than an automatic merge. It also includes a rewrite of the CredentialIssuer API impersonation proxy fields using the new structure, and updates to the CLI to account for that new API. Signed-off-by: Matt Moyer <moyerm@vmware.com> 2021-03-02 22:06:19 +00:00			`impersonationProxyInfo:`
			`description: ImpersonationProxyInfo describes the parameters`
			`for the impersonation proxy on this Concierge. This field`
			`is only set when Type is "ImpersonationProxy".`
			`properties:`
			`certificateAuthorityData:`
			`description: CertificateAuthorityData is the base64-encoded`
			`PEM CA bundle of the impersonation proxy.`
			`minLength: 1`
			`type: string`
Fix a copy-paste typo in the ImpersonationProxyInfo JSON field name. Signed-off-by: Matt Moyer <moyerm@vmware.com> 2021-03-12 19:23:24 +00:00			`endpoint:`
Merge branch 'main' of github.com:vmware-tanzu/pinniped into impersonation-proxy This is more than an automatic merge. It also includes a rewrite of the CredentialIssuer API impersonation proxy fields using the new structure, and updates to the CLI to account for that new API. Signed-off-by: Matt Moyer <moyerm@vmware.com> 2021-03-02 22:06:19 +00:00			`description: Endpoint is the HTTPS endpoint of the impersonation`
			`proxy.`
			`minLength: 1`
			`pattern: ^https://`
			`type: string`
			`required:`
			`- certificateAuthorityData`
Fix a copy-paste typo in the ImpersonationProxyInfo JSON field name. Signed-off-by: Matt Moyer <moyerm@vmware.com> 2021-03-12 19:23:24 +00:00			`- endpoint`
Merge branch 'main' of github.com:vmware-tanzu/pinniped into impersonation-proxy This is more than an automatic merge. It also includes a rewrite of the CredentialIssuer API impersonation proxy fields using the new structure, and updates to the CLI to account for that new API. Signed-off-by: Matt Moyer <moyerm@vmware.com> 2021-03-02 22:06:19 +00:00			`type: object`
Add generated code. Signed-off-by: Matt Moyer <moyerm@vmware.com> 2021-03-01 22:17:04 +00:00			`tokenCredentialRequestInfo:`
			`description: TokenCredentialRequestAPIInfo describes the`
			`parameters for the TokenCredentialRequest API on this`
			`Concierge. This field is only set when Type is "TokenCredentialRequestAPI".`
			`properties:`
			`certificateAuthorityData:`
Edit a comment on a type and run codegen 2021-03-03 00:00:49 +00:00			`description: CertificateAuthorityData is the base64-encoded`
			`Kubernetes API server CA bundle.`
Add generated code. Signed-off-by: Matt Moyer <moyerm@vmware.com> 2021-03-01 22:17:04 +00:00			`minLength: 1`
			`type: string`
			`server:`
			`description: Server is the Kubernetes API server URL.`
			`minLength: 1`
			`pattern: ^https://\|^http://`
			`type: string`
			`required:`
			`- certificateAuthorityData`
			`- server`
			`type: object`
			`type:`
			`description: Type describes which frontend mechanism clients`
			`can use with a strategy.`
			`enum:`
			`- TokenCredentialRequestAPI`
Add new allowed values to field validations on CredentialIssuer The new values are used by the impersonation proxy's status. 2021-03-03 20:30:21 +00:00			`- ImpersonationProxy`
Add generated code. Signed-off-by: Matt Moyer <moyerm@vmware.com> 2021-03-01 22:17:04 +00:00			`type: string`
			`required:`
			`- type`
			`type: object`
Generate CRD YAML using controller-tools, update doc strings. Signed-off-by: Matt Moyer <moyerm@vmware.com> 2020-08-31 21:06:28 +00:00			`lastUpdateTime:`
			`description: When the status was last checked.`
			`format: date-time`
			`type: string`
			`message:`
			`description: Human-readable description of the current status.`
			`minLength: 1`
			`type: string`
			`reason:`
			`description: Reason for the current status.`
			`enum:`
Add new allowed values to field validations on CredentialIssuer The new values are used by the impersonation proxy's status. 2021-03-03 20:30:21 +00:00			`- Listening`
			`- Pending`
			`- Disabled`
			`- ErrorDuringSetup`
Generate CRD YAML using controller-tools, update doc strings. Signed-off-by: Matt Moyer <moyerm@vmware.com> 2020-08-31 21:06:28 +00:00			`- CouldNotFetchKey`
Add new allowed values to field validations on CredentialIssuer The new values are used by the impersonation proxy's status. 2021-03-03 20:30:21 +00:00			`- CouldNotGetClusterInfo`
			`- FetchedKey`
Generate CRD YAML using controller-tools, update doc strings. Signed-off-by: Matt Moyer <moyerm@vmware.com> 2020-08-31 21:06:28 +00:00			`type: string`
			`status:`
			`description: Status of the attempted integration strategy.`
			`enum:`
			`- Success`
			`- Error`
			`type: string`
			`type:`
			`description: Type of integration attempted.`
			`enum:`
			`- KubeClusterSigningCertificate`
Add new allowed values to field validations on CredentialIssuer The new values are used by the impersonation proxy's status. 2021-03-03 20:30:21 +00:00			`- ImpersonationProxy`
Generate CRD YAML using controller-tools, update doc strings. Signed-off-by: Matt Moyer <moyerm@vmware.com> 2020-08-31 21:06:28 +00:00			`type: string`
			`required:`
			`- lastUpdateTime`
			`- message`
			`- reason`
			`- status`
			`- type`
			`type: object`
			`type: array`
			`required:`
			`- strategies`
			`type: object`
			`type: object`
			`served: true`
			`storage: true`
Generated Signed-off-by: Monis Khan <mok@vmware.com> 2021-02-10 22:49:21 +00:00			`subresources:`
			`status: {}`
Generate CRD YAML using controller-tools, update doc strings. Signed-off-by: Matt Moyer <moyerm@vmware.com> 2020-08-31 21:06:28 +00:00			`status:`
			`acceptedNames:`
			`kind: ""`
			`plural: ""`
			`conditions: []`
			`storedVersions: []`