djpbessems/ContainerImage.Pinniped
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Add CredentialIssuer API fields for impersonation proxy.

Browse Source 
Adds a new optional `spec.impersonationProxyInfo` field to hold the URL and CA data for the impersonation proxy, as well as some additional status condition constants for describing the current status of the impersonation proxy.

Signed-off-by: Matt Moyer <moyerm@vmware.com>
This commit is contained in:
Matt Moyer 2021-02-24 10:45:25 -06:00
parent dac1c9939e
commit 96d7743eab
No known key found for this signature in database
GPG Key ID: EAE88AD172C5AE2D
1 changed files with 23 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

27
apis/concierge/config/v1alpha1/types_credentialissuer.go.tmpl
View File

@ -16,12 +16,15 @@ type StrategyReason string
const ( const (
KubeClusterSigningCertificateStrategyType = StrategyType("KubeClusterSigningCertificate") KubeClusterSigningCertificateStrategyType = StrategyType("KubeClusterSigningCertificate")
ImpersonationProxyStrategyType = StrategyType("ImpersonationProxy")
SuccessStrategyStatus = StrategyStatus("Success") SuccessStrategyStatus = StrategyStatus("Success")
ErrorStrategyStatus = StrategyStatus("Error") ErrorStrategyStatus = StrategyStatus("Error")
CouldNotFetchKeyStrategyReason = StrategyReason("CouldNotFetchKey") CouldNotFetchKeyStrategyReason = StrategyReason("CouldNotFetchKey")
FetchedKeyStrategyReason = StrategyReason("FetchedKey") FetchedKeyStrategyReason = StrategyReason("FetchedKey")
ListeningStrategyReason = StrategyReason("Listening")
DisabledStrategyReason = StrategyReason("Disabled")
) )
// Status of a credential issuer. // Status of a credential issuer.
@ -29,19 +32,35 @@ type CredentialIssuerStatus struct {
// List of integration strategies that were attempted by Pinniped. // List of integration strategies that were attempted by Pinniped.
Strategies []CredentialIssuerStrategy `json:"strategies"` Strategies []CredentialIssuerStrategy `json:"strategies"`
// Information needed to form a valid Pinniped-based kubeconfig using this credential issuer. // Information needed to form a valid Pinniped-based kubeconfig using the TokenCredentialRequest API.
// +optional // +optional
KubeConfigInfo *CredentialIssuerKubeConfigInfo `json:"kubeConfigInfo,omitempty"` KubeConfigInfo *CredentialIssuerKubeConfigInfo `json:"kubeConfigInfo,omitempty"`
// Information needed to form a valid Pinniped-based kubeconfig using the impersonation proxy.
// +optional
ImpersonationProxyInfo *CredentialIssuerImpersonationProxyInfo `json:"impersonationProxyInfo,omitempty"`
} }
// Information needed to form a valid Pinniped-based kubeconfig using this credential issuer. // Information needed to connect to the TokenCredentialRequest API on this cluster.
type CredentialIssuerKubeConfigInfo struct { type CredentialIssuerKubeConfigInfo struct {
// The K8s API server URL. // The Kubernetes API server URL.
// +kubebuilder:validation:MinLength=1 // +kubebuilder:validation:MinLength=1
// +kubebuilder:validation:Pattern=`^https://|^http://` // +kubebuilder:validation:Pattern=`^https://|^http://`
Server string `json:"server"` Server string `json:"server"`
// The K8s API server CA bundle. // The Kubernetes API server CA bundle.
// +kubebuilder:validation:MinLength=1
CertificateAuthorityData string `json:"certificateAuthorityData"`
}
// Information needed to connect to the TokenCredentialRequest API on this cluster.
type CredentialIssuerImpersonationProxyInfo struct {
// The HTTPS endpoint of the impersonation proxy.
// +kubebuilder:validation:MinLength=1
// +kubebuilder:validation:Pattern=`^https://`
Endpoint string `json:"endpoint"`
// The CA bundle to validate connections to the impersonation proxy.
// +kubebuilder:validation:MinLength=1 // +kubebuilder:validation:MinLength=1
CertificateAuthorityData string `json:"certificateAuthorityData"` CertificateAuthorityData string `json:"certificateAuthorityData"`
} }