Update comment in FederationDomainTLSSpec

This commit is contained in:
Ryan Richard 2022-04-05 09:53:22 -07:00
parent 25d20d4081
commit bdabdf0f42
24 changed files with 90 additions and 73 deletions

View File

@ -31,8 +31,9 @@ type FederationDomainTLSSpec struct {
// SNI requests do not include port numbers, so all issuers with the same DNS hostname must use the same // SNI requests do not include port numbers, so all issuers with the same DNS hostname must use the same
// SecretName value even if they have different port numbers. // SecretName value even if they have different port numbers.
// //
// SecretName is not required when you would like to use only the HTTP endpoints (e.g. when terminating TLS at an // SecretName is not required when you would like to use only the HTTP endpoints (e.g. when the HTTP listener is
// Ingress). It is also not required when you would like all requests to this OIDC Provider's HTTPS endpoints to // configured to listen on loopback interfaces or UNIX domain sockets for traffic from a service mesh sidecar).
// It is also not required when you would like all requests to this OIDC Provider's HTTPS endpoints to
// use the default TLS certificate, which is configured elsewhere. // use the default TLS certificate, which is configured elsewhere.
// //
// When your Issuer URL's host is an IP address, then this field is ignored. SNI does not work for IP addresses. // When your Issuer URL's host is an IP address, then this field is ignored. SNI does not work for IP addresses.

View File

@ -76,12 +76,13 @@ spec:
so all issuers with the same DNS hostname must use the same so all issuers with the same DNS hostname must use the same
SecretName value even if they have different port numbers. \n SecretName value even if they have different port numbers. \n
SecretName is not required when you would like to use only the SecretName is not required when you would like to use only the
HTTP endpoints (e.g. when terminating TLS at an Ingress). It HTTP endpoints (e.g. when the HTTP listener is configured to
is also not required when you would like all requests to this listen on loopback interfaces or UNIX domain sockets for traffic
OIDC Provider's HTTPS endpoints to use the default TLS certificate, from a service mesh sidecar). It is also not required when you
which is configured elsewhere. \n When your Issuer URL's host would like all requests to this OIDC Provider's HTTPS endpoints
is an IP address, then this field is ignored. SNI does not work to use the default TLS certificate, which is configured elsewhere.
for IP addresses." \n When your Issuer URL's host is an IP address, then this field
is ignored. SNI does not work for IP addresses."
type: string type: string
type: object type: object
required: required:

View File

@ -538,7 +538,7 @@ FederationDomainTLSSpec is a struct that describes the TLS configuration for an
| *`secretName`* __string__ | SecretName is an optional name of a Secret in the same namespace, of type `kubernetes.io/tls`, which contains the TLS serving certificate for the HTTPS endpoints served by this FederationDomain. When provided, the TLS Secret named here must contain keys named `tls.crt` and `tls.key` that contain the certificate and private key to use for TLS. | *`secretName`* __string__ | SecretName is an optional name of a Secret in the same namespace, of type `kubernetes.io/tls`, which contains the TLS serving certificate for the HTTPS endpoints served by this FederationDomain. When provided, the TLS Secret named here must contain keys named `tls.crt` and `tls.key` that contain the certificate and private key to use for TLS.
Server Name Indication (SNI) is an extension to the Transport Layer Security (TLS) supported by all major browsers. Server Name Indication (SNI) is an extension to the Transport Layer Security (TLS) supported by all major browsers.
SecretName is required if you would like to use different TLS certificates for issuers of different hostnames. SNI requests do not include port numbers, so all issuers with the same DNS hostname must use the same SecretName value even if they have different port numbers. SecretName is required if you would like to use different TLS certificates for issuers of different hostnames. SNI requests do not include port numbers, so all issuers with the same DNS hostname must use the same SecretName value even if they have different port numbers.
SecretName is not required when you would like to use only the HTTP endpoints (e.g. when terminating TLS at an Ingress). It is also not required when you would like all requests to this OIDC Provider's HTTPS endpoints to use the default TLS certificate, which is configured elsewhere. SecretName is not required when you would like to use only the HTTP endpoints (e.g. when the HTTP listener is configured to listen on loopback interfaces or UNIX domain sockets for traffic from a service mesh sidecar). It is also not required when you would like all requests to this OIDC Provider's HTTPS endpoints to use the default TLS certificate, which is configured elsewhere.
When your Issuer URL's host is an IP address, then this field is ignored. SNI does not work for IP addresses. When your Issuer URL's host is an IP address, then this field is ignored. SNI does not work for IP addresses.
|=== |===

View File

@ -31,8 +31,9 @@ type FederationDomainTLSSpec struct {
// SNI requests do not include port numbers, so all issuers with the same DNS hostname must use the same // SNI requests do not include port numbers, so all issuers with the same DNS hostname must use the same
// SecretName value even if they have different port numbers. // SecretName value even if they have different port numbers.
// //
// SecretName is not required when you would like to use only the HTTP endpoints (e.g. when terminating TLS at an // SecretName is not required when you would like to use only the HTTP endpoints (e.g. when the HTTP listener is
// Ingress). It is also not required when you would like all requests to this OIDC Provider's HTTPS endpoints to // configured to listen on loopback interfaces or UNIX domain sockets for traffic from a service mesh sidecar).
// It is also not required when you would like all requests to this OIDC Provider's HTTPS endpoints to
// use the default TLS certificate, which is configured elsewhere. // use the default TLS certificate, which is configured elsewhere.
// //
// When your Issuer URL's host is an IP address, then this field is ignored. SNI does not work for IP addresses. // When your Issuer URL's host is an IP address, then this field is ignored. SNI does not work for IP addresses.

View File

@ -76,12 +76,13 @@ spec:
so all issuers with the same DNS hostname must use the same so all issuers with the same DNS hostname must use the same
SecretName value even if they have different port numbers. \n SecretName value even if they have different port numbers. \n
SecretName is not required when you would like to use only the SecretName is not required when you would like to use only the
HTTP endpoints (e.g. when terminating TLS at an Ingress). It HTTP endpoints (e.g. when the HTTP listener is configured to
is also not required when you would like all requests to this listen on loopback interfaces or UNIX domain sockets for traffic
OIDC Provider's HTTPS endpoints to use the default TLS certificate, from a service mesh sidecar). It is also not required when you
which is configured elsewhere. \n When your Issuer URL's host would like all requests to this OIDC Provider's HTTPS endpoints
is an IP address, then this field is ignored. SNI does not work to use the default TLS certificate, which is configured elsewhere.
for IP addresses." \n When your Issuer URL's host is an IP address, then this field
is ignored. SNI does not work for IP addresses."
type: string type: string
type: object type: object
required: required:

View File

@ -538,7 +538,7 @@ FederationDomainTLSSpec is a struct that describes the TLS configuration for an
| *`secretName`* __string__ | SecretName is an optional name of a Secret in the same namespace, of type `kubernetes.io/tls`, which contains the TLS serving certificate for the HTTPS endpoints served by this FederationDomain. When provided, the TLS Secret named here must contain keys named `tls.crt` and `tls.key` that contain the certificate and private key to use for TLS. | *`secretName`* __string__ | SecretName is an optional name of a Secret in the same namespace, of type `kubernetes.io/tls`, which contains the TLS serving certificate for the HTTPS endpoints served by this FederationDomain. When provided, the TLS Secret named here must contain keys named `tls.crt` and `tls.key` that contain the certificate and private key to use for TLS.
Server Name Indication (SNI) is an extension to the Transport Layer Security (TLS) supported by all major browsers. Server Name Indication (SNI) is an extension to the Transport Layer Security (TLS) supported by all major browsers.
SecretName is required if you would like to use different TLS certificates for issuers of different hostnames. SNI requests do not include port numbers, so all issuers with the same DNS hostname must use the same SecretName value even if they have different port numbers. SecretName is required if you would like to use different TLS certificates for issuers of different hostnames. SNI requests do not include port numbers, so all issuers with the same DNS hostname must use the same SecretName value even if they have different port numbers.
SecretName is not required when you would like to use only the HTTP endpoints (e.g. when terminating TLS at an Ingress). It is also not required when you would like all requests to this OIDC Provider's HTTPS endpoints to use the default TLS certificate, which is configured elsewhere. SecretName is not required when you would like to use only the HTTP endpoints (e.g. when the HTTP listener is configured to listen on loopback interfaces or UNIX domain sockets for traffic from a service mesh sidecar). It is also not required when you would like all requests to this OIDC Provider's HTTPS endpoints to use the default TLS certificate, which is configured elsewhere.
When your Issuer URL's host is an IP address, then this field is ignored. SNI does not work for IP addresses. When your Issuer URL's host is an IP address, then this field is ignored. SNI does not work for IP addresses.
|=== |===

View File

@ -31,8 +31,9 @@ type FederationDomainTLSSpec struct {
// SNI requests do not include port numbers, so all issuers with the same DNS hostname must use the same // SNI requests do not include port numbers, so all issuers with the same DNS hostname must use the same
// SecretName value even if they have different port numbers. // SecretName value even if they have different port numbers.
// //
// SecretName is not required when you would like to use only the HTTP endpoints (e.g. when terminating TLS at an // SecretName is not required when you would like to use only the HTTP endpoints (e.g. when the HTTP listener is
// Ingress). It is also not required when you would like all requests to this OIDC Provider's HTTPS endpoints to // configured to listen on loopback interfaces or UNIX domain sockets for traffic from a service mesh sidecar).
// It is also not required when you would like all requests to this OIDC Provider's HTTPS endpoints to
// use the default TLS certificate, which is configured elsewhere. // use the default TLS certificate, which is configured elsewhere.
// //
// When your Issuer URL's host is an IP address, then this field is ignored. SNI does not work for IP addresses. // When your Issuer URL's host is an IP address, then this field is ignored. SNI does not work for IP addresses.

View File

@ -76,12 +76,13 @@ spec:
so all issuers with the same DNS hostname must use the same so all issuers with the same DNS hostname must use the same
SecretName value even if they have different port numbers. \n SecretName value even if they have different port numbers. \n
SecretName is not required when you would like to use only the SecretName is not required when you would like to use only the
HTTP endpoints (e.g. when terminating TLS at an Ingress). It HTTP endpoints (e.g. when the HTTP listener is configured to
is also not required when you would like all requests to this listen on loopback interfaces or UNIX domain sockets for traffic
OIDC Provider's HTTPS endpoints to use the default TLS certificate, from a service mesh sidecar). It is also not required when you
which is configured elsewhere. \n When your Issuer URL's host would like all requests to this OIDC Provider's HTTPS endpoints
is an IP address, then this field is ignored. SNI does not work to use the default TLS certificate, which is configured elsewhere.
for IP addresses." \n When your Issuer URL's host is an IP address, then this field
is ignored. SNI does not work for IP addresses."
type: string type: string
type: object type: object
required: required:

View File

@ -538,7 +538,7 @@ FederationDomainTLSSpec is a struct that describes the TLS configuration for an
| *`secretName`* __string__ | SecretName is an optional name of a Secret in the same namespace, of type `kubernetes.io/tls`, which contains the TLS serving certificate for the HTTPS endpoints served by this FederationDomain. When provided, the TLS Secret named here must contain keys named `tls.crt` and `tls.key` that contain the certificate and private key to use for TLS. | *`secretName`* __string__ | SecretName is an optional name of a Secret in the same namespace, of type `kubernetes.io/tls`, which contains the TLS serving certificate for the HTTPS endpoints served by this FederationDomain. When provided, the TLS Secret named here must contain keys named `tls.crt` and `tls.key` that contain the certificate and private key to use for TLS.
Server Name Indication (SNI) is an extension to the Transport Layer Security (TLS) supported by all major browsers. Server Name Indication (SNI) is an extension to the Transport Layer Security (TLS) supported by all major browsers.
SecretName is required if you would like to use different TLS certificates for issuers of different hostnames. SNI requests do not include port numbers, so all issuers with the same DNS hostname must use the same SecretName value even if they have different port numbers. SecretName is required if you would like to use different TLS certificates for issuers of different hostnames. SNI requests do not include port numbers, so all issuers with the same DNS hostname must use the same SecretName value even if they have different port numbers.
SecretName is not required when you would like to use only the HTTP endpoints (e.g. when terminating TLS at an Ingress). It is also not required when you would like all requests to this OIDC Provider's HTTPS endpoints to use the default TLS certificate, which is configured elsewhere. SecretName is not required when you would like to use only the HTTP endpoints (e.g. when the HTTP listener is configured to listen on loopback interfaces or UNIX domain sockets for traffic from a service mesh sidecar). It is also not required when you would like all requests to this OIDC Provider's HTTPS endpoints to use the default TLS certificate, which is configured elsewhere.
When your Issuer URL's host is an IP address, then this field is ignored. SNI does not work for IP addresses. When your Issuer URL's host is an IP address, then this field is ignored. SNI does not work for IP addresses.
|=== |===

View File

@ -31,8 +31,9 @@ type FederationDomainTLSSpec struct {
// SNI requests do not include port numbers, so all issuers with the same DNS hostname must use the same // SNI requests do not include port numbers, so all issuers with the same DNS hostname must use the same
// SecretName value even if they have different port numbers. // SecretName value even if they have different port numbers.
// //
// SecretName is not required when you would like to use only the HTTP endpoints (e.g. when terminating TLS at an // SecretName is not required when you would like to use only the HTTP endpoints (e.g. when the HTTP listener is
// Ingress). It is also not required when you would like all requests to this OIDC Provider's HTTPS endpoints to // configured to listen on loopback interfaces or UNIX domain sockets for traffic from a service mesh sidecar).
// It is also not required when you would like all requests to this OIDC Provider's HTTPS endpoints to
// use the default TLS certificate, which is configured elsewhere. // use the default TLS certificate, which is configured elsewhere.
// //
// When your Issuer URL's host is an IP address, then this field is ignored. SNI does not work for IP addresses. // When your Issuer URL's host is an IP address, then this field is ignored. SNI does not work for IP addresses.

View File

@ -76,12 +76,13 @@ spec:
so all issuers with the same DNS hostname must use the same so all issuers with the same DNS hostname must use the same
SecretName value even if they have different port numbers. \n SecretName value even if they have different port numbers. \n
SecretName is not required when you would like to use only the SecretName is not required when you would like to use only the
HTTP endpoints (e.g. when terminating TLS at an Ingress). It HTTP endpoints (e.g. when the HTTP listener is configured to
is also not required when you would like all requests to this listen on loopback interfaces or UNIX domain sockets for traffic
OIDC Provider's HTTPS endpoints to use the default TLS certificate, from a service mesh sidecar). It is also not required when you
which is configured elsewhere. \n When your Issuer URL's host would like all requests to this OIDC Provider's HTTPS endpoints
is an IP address, then this field is ignored. SNI does not work to use the default TLS certificate, which is configured elsewhere.
for IP addresses." \n When your Issuer URL's host is an IP address, then this field
is ignored. SNI does not work for IP addresses."
type: string type: string
type: object type: object
required: required:

View File

@ -538,7 +538,7 @@ FederationDomainTLSSpec is a struct that describes the TLS configuration for an
| *`secretName`* __string__ | SecretName is an optional name of a Secret in the same namespace, of type `kubernetes.io/tls`, which contains the TLS serving certificate for the HTTPS endpoints served by this FederationDomain. When provided, the TLS Secret named here must contain keys named `tls.crt` and `tls.key` that contain the certificate and private key to use for TLS. | *`secretName`* __string__ | SecretName is an optional name of a Secret in the same namespace, of type `kubernetes.io/tls`, which contains the TLS serving certificate for the HTTPS endpoints served by this FederationDomain. When provided, the TLS Secret named here must contain keys named `tls.crt` and `tls.key` that contain the certificate and private key to use for TLS.
Server Name Indication (SNI) is an extension to the Transport Layer Security (TLS) supported by all major browsers. Server Name Indication (SNI) is an extension to the Transport Layer Security (TLS) supported by all major browsers.
SecretName is required if you would like to use different TLS certificates for issuers of different hostnames. SNI requests do not include port numbers, so all issuers with the same DNS hostname must use the same SecretName value even if they have different port numbers. SecretName is required if you would like to use different TLS certificates for issuers of different hostnames. SNI requests do not include port numbers, so all issuers with the same DNS hostname must use the same SecretName value even if they have different port numbers.
SecretName is not required when you would like to use only the HTTP endpoints (e.g. when terminating TLS at an Ingress). It is also not required when you would like all requests to this OIDC Provider's HTTPS endpoints to use the default TLS certificate, which is configured elsewhere. SecretName is not required when you would like to use only the HTTP endpoints (e.g. when the HTTP listener is configured to listen on loopback interfaces or UNIX domain sockets for traffic from a service mesh sidecar). It is also not required when you would like all requests to this OIDC Provider's HTTPS endpoints to use the default TLS certificate, which is configured elsewhere.
When your Issuer URL's host is an IP address, then this field is ignored. SNI does not work for IP addresses. When your Issuer URL's host is an IP address, then this field is ignored. SNI does not work for IP addresses.
|=== |===

View File

@ -31,8 +31,9 @@ type FederationDomainTLSSpec struct {
// SNI requests do not include port numbers, so all issuers with the same DNS hostname must use the same // SNI requests do not include port numbers, so all issuers with the same DNS hostname must use the same
// SecretName value even if they have different port numbers. // SecretName value even if they have different port numbers.
// //
// SecretName is not required when you would like to use only the HTTP endpoints (e.g. when terminating TLS at an // SecretName is not required when you would like to use only the HTTP endpoints (e.g. when the HTTP listener is
// Ingress). It is also not required when you would like all requests to this OIDC Provider's HTTPS endpoints to // configured to listen on loopback interfaces or UNIX domain sockets for traffic from a service mesh sidecar).
// It is also not required when you would like all requests to this OIDC Provider's HTTPS endpoints to
// use the default TLS certificate, which is configured elsewhere. // use the default TLS certificate, which is configured elsewhere.
// //
// When your Issuer URL's host is an IP address, then this field is ignored. SNI does not work for IP addresses. // When your Issuer URL's host is an IP address, then this field is ignored. SNI does not work for IP addresses.

View File

@ -76,12 +76,13 @@ spec:
so all issuers with the same DNS hostname must use the same so all issuers with the same DNS hostname must use the same
SecretName value even if they have different port numbers. \n SecretName value even if they have different port numbers. \n
SecretName is not required when you would like to use only the SecretName is not required when you would like to use only the
HTTP endpoints (e.g. when terminating TLS at an Ingress). It HTTP endpoints (e.g. when the HTTP listener is configured to
is also not required when you would like all requests to this listen on loopback interfaces or UNIX domain sockets for traffic
OIDC Provider's HTTPS endpoints to use the default TLS certificate, from a service mesh sidecar). It is also not required when you
which is configured elsewhere. \n When your Issuer URL's host would like all requests to this OIDC Provider's HTTPS endpoints
is an IP address, then this field is ignored. SNI does not work to use the default TLS certificate, which is configured elsewhere.
for IP addresses." \n When your Issuer URL's host is an IP address, then this field
is ignored. SNI does not work for IP addresses."
type: string type: string
type: object type: object
required: required:

View File

@ -538,7 +538,7 @@ FederationDomainTLSSpec is a struct that describes the TLS configuration for an
| *`secretName`* __string__ | SecretName is an optional name of a Secret in the same namespace, of type `kubernetes.io/tls`, which contains the TLS serving certificate for the HTTPS endpoints served by this FederationDomain. When provided, the TLS Secret named here must contain keys named `tls.crt` and `tls.key` that contain the certificate and private key to use for TLS. | *`secretName`* __string__ | SecretName is an optional name of a Secret in the same namespace, of type `kubernetes.io/tls`, which contains the TLS serving certificate for the HTTPS endpoints served by this FederationDomain. When provided, the TLS Secret named here must contain keys named `tls.crt` and `tls.key` that contain the certificate and private key to use for TLS.
Server Name Indication (SNI) is an extension to the Transport Layer Security (TLS) supported by all major browsers. Server Name Indication (SNI) is an extension to the Transport Layer Security (TLS) supported by all major browsers.
SecretName is required if you would like to use different TLS certificates for issuers of different hostnames. SNI requests do not include port numbers, so all issuers with the same DNS hostname must use the same SecretName value even if they have different port numbers. SecretName is required if you would like to use different TLS certificates for issuers of different hostnames. SNI requests do not include port numbers, so all issuers with the same DNS hostname must use the same SecretName value even if they have different port numbers.
SecretName is not required when you would like to use only the HTTP endpoints (e.g. when terminating TLS at an Ingress). It is also not required when you would like all requests to this OIDC Provider's HTTPS endpoints to use the default TLS certificate, which is configured elsewhere. SecretName is not required when you would like to use only the HTTP endpoints (e.g. when the HTTP listener is configured to listen on loopback interfaces or UNIX domain sockets for traffic from a service mesh sidecar). It is also not required when you would like all requests to this OIDC Provider's HTTPS endpoints to use the default TLS certificate, which is configured elsewhere.
When your Issuer URL's host is an IP address, then this field is ignored. SNI does not work for IP addresses. When your Issuer URL's host is an IP address, then this field is ignored. SNI does not work for IP addresses.
|=== |===

View File

@ -31,8 +31,9 @@ type FederationDomainTLSSpec struct {
// SNI requests do not include port numbers, so all issuers with the same DNS hostname must use the same // SNI requests do not include port numbers, so all issuers with the same DNS hostname must use the same
// SecretName value even if they have different port numbers. // SecretName value even if they have different port numbers.
// //
// SecretName is not required when you would like to use only the HTTP endpoints (e.g. when terminating TLS at an // SecretName is not required when you would like to use only the HTTP endpoints (e.g. when the HTTP listener is
// Ingress). It is also not required when you would like all requests to this OIDC Provider's HTTPS endpoints to // configured to listen on loopback interfaces or UNIX domain sockets for traffic from a service mesh sidecar).
// It is also not required when you would like all requests to this OIDC Provider's HTTPS endpoints to
// use the default TLS certificate, which is configured elsewhere. // use the default TLS certificate, which is configured elsewhere.
// //
// When your Issuer URL's host is an IP address, then this field is ignored. SNI does not work for IP addresses. // When your Issuer URL's host is an IP address, then this field is ignored. SNI does not work for IP addresses.

View File

@ -76,12 +76,13 @@ spec:
so all issuers with the same DNS hostname must use the same so all issuers with the same DNS hostname must use the same
SecretName value even if they have different port numbers. \n SecretName value even if they have different port numbers. \n
SecretName is not required when you would like to use only the SecretName is not required when you would like to use only the
HTTP endpoints (e.g. when terminating TLS at an Ingress). It HTTP endpoints (e.g. when the HTTP listener is configured to
is also not required when you would like all requests to this listen on loopback interfaces or UNIX domain sockets for traffic
OIDC Provider's HTTPS endpoints to use the default TLS certificate, from a service mesh sidecar). It is also not required when you
which is configured elsewhere. \n When your Issuer URL's host would like all requests to this OIDC Provider's HTTPS endpoints
is an IP address, then this field is ignored. SNI does not work to use the default TLS certificate, which is configured elsewhere.
for IP addresses." \n When your Issuer URL's host is an IP address, then this field
is ignored. SNI does not work for IP addresses."
type: string type: string
type: object type: object
required: required:

View File

@ -538,7 +538,7 @@ FederationDomainTLSSpec is a struct that describes the TLS configuration for an
| *`secretName`* __string__ | SecretName is an optional name of a Secret in the same namespace, of type `kubernetes.io/tls`, which contains the TLS serving certificate for the HTTPS endpoints served by this FederationDomain. When provided, the TLS Secret named here must contain keys named `tls.crt` and `tls.key` that contain the certificate and private key to use for TLS. | *`secretName`* __string__ | SecretName is an optional name of a Secret in the same namespace, of type `kubernetes.io/tls`, which contains the TLS serving certificate for the HTTPS endpoints served by this FederationDomain. When provided, the TLS Secret named here must contain keys named `tls.crt` and `tls.key` that contain the certificate and private key to use for TLS.
Server Name Indication (SNI) is an extension to the Transport Layer Security (TLS) supported by all major browsers. Server Name Indication (SNI) is an extension to the Transport Layer Security (TLS) supported by all major browsers.
SecretName is required if you would like to use different TLS certificates for issuers of different hostnames. SNI requests do not include port numbers, so all issuers with the same DNS hostname must use the same SecretName value even if they have different port numbers. SecretName is required if you would like to use different TLS certificates for issuers of different hostnames. SNI requests do not include port numbers, so all issuers with the same DNS hostname must use the same SecretName value even if they have different port numbers.
SecretName is not required when you would like to use only the HTTP endpoints (e.g. when terminating TLS at an Ingress). It is also not required when you would like all requests to this OIDC Provider's HTTPS endpoints to use the default TLS certificate, which is configured elsewhere. SecretName is not required when you would like to use only the HTTP endpoints (e.g. when the HTTP listener is configured to listen on loopback interfaces or UNIX domain sockets for traffic from a service mesh sidecar). It is also not required when you would like all requests to this OIDC Provider's HTTPS endpoints to use the default TLS certificate, which is configured elsewhere.
When your Issuer URL's host is an IP address, then this field is ignored. SNI does not work for IP addresses. When your Issuer URL's host is an IP address, then this field is ignored. SNI does not work for IP addresses.
|=== |===

View File

@ -31,8 +31,9 @@ type FederationDomainTLSSpec struct {
// SNI requests do not include port numbers, so all issuers with the same DNS hostname must use the same // SNI requests do not include port numbers, so all issuers with the same DNS hostname must use the same
// SecretName value even if they have different port numbers. // SecretName value even if they have different port numbers.
// //
// SecretName is not required when you would like to use only the HTTP endpoints (e.g. when terminating TLS at an // SecretName is not required when you would like to use only the HTTP endpoints (e.g. when the HTTP listener is
// Ingress). It is also not required when you would like all requests to this OIDC Provider's HTTPS endpoints to // configured to listen on loopback interfaces or UNIX domain sockets for traffic from a service mesh sidecar).
// It is also not required when you would like all requests to this OIDC Provider's HTTPS endpoints to
// use the default TLS certificate, which is configured elsewhere. // use the default TLS certificate, which is configured elsewhere.
// //
// When your Issuer URL's host is an IP address, then this field is ignored. SNI does not work for IP addresses. // When your Issuer URL's host is an IP address, then this field is ignored. SNI does not work for IP addresses.

View File

@ -76,12 +76,13 @@ spec:
so all issuers with the same DNS hostname must use the same so all issuers with the same DNS hostname must use the same
SecretName value even if they have different port numbers. \n SecretName value even if they have different port numbers. \n
SecretName is not required when you would like to use only the SecretName is not required when you would like to use only the
HTTP endpoints (e.g. when terminating TLS at an Ingress). It HTTP endpoints (e.g. when the HTTP listener is configured to
is also not required when you would like all requests to this listen on loopback interfaces or UNIX domain sockets for traffic
OIDC Provider's HTTPS endpoints to use the default TLS certificate, from a service mesh sidecar). It is also not required when you
which is configured elsewhere. \n When your Issuer URL's host would like all requests to this OIDC Provider's HTTPS endpoints
is an IP address, then this field is ignored. SNI does not work to use the default TLS certificate, which is configured elsewhere.
for IP addresses." \n When your Issuer URL's host is an IP address, then this field
is ignored. SNI does not work for IP addresses."
type: string type: string
type: object type: object
required: required:

View File

@ -538,7 +538,7 @@ FederationDomainTLSSpec is a struct that describes the TLS configuration for an
| *`secretName`* __string__ | SecretName is an optional name of a Secret in the same namespace, of type `kubernetes.io/tls`, which contains the TLS serving certificate for the HTTPS endpoints served by this FederationDomain. When provided, the TLS Secret named here must contain keys named `tls.crt` and `tls.key` that contain the certificate and private key to use for TLS. | *`secretName`* __string__ | SecretName is an optional name of a Secret in the same namespace, of type `kubernetes.io/tls`, which contains the TLS serving certificate for the HTTPS endpoints served by this FederationDomain. When provided, the TLS Secret named here must contain keys named `tls.crt` and `tls.key` that contain the certificate and private key to use for TLS.
Server Name Indication (SNI) is an extension to the Transport Layer Security (TLS) supported by all major browsers. Server Name Indication (SNI) is an extension to the Transport Layer Security (TLS) supported by all major browsers.
SecretName is required if you would like to use different TLS certificates for issuers of different hostnames. SNI requests do not include port numbers, so all issuers with the same DNS hostname must use the same SecretName value even if they have different port numbers. SecretName is required if you would like to use different TLS certificates for issuers of different hostnames. SNI requests do not include port numbers, so all issuers with the same DNS hostname must use the same SecretName value even if they have different port numbers.
SecretName is not required when you would like to use only the HTTP endpoints (e.g. when terminating TLS at an Ingress). It is also not required when you would like all requests to this OIDC Provider's HTTPS endpoints to use the default TLS certificate, which is configured elsewhere. SecretName is not required when you would like to use only the HTTP endpoints (e.g. when the HTTP listener is configured to listen on loopback interfaces or UNIX domain sockets for traffic from a service mesh sidecar). It is also not required when you would like all requests to this OIDC Provider's HTTPS endpoints to use the default TLS certificate, which is configured elsewhere.
When your Issuer URL's host is an IP address, then this field is ignored. SNI does not work for IP addresses. When your Issuer URL's host is an IP address, then this field is ignored. SNI does not work for IP addresses.
|=== |===

View File

@ -31,8 +31,9 @@ type FederationDomainTLSSpec struct {
// SNI requests do not include port numbers, so all issuers with the same DNS hostname must use the same // SNI requests do not include port numbers, so all issuers with the same DNS hostname must use the same
// SecretName value even if they have different port numbers. // SecretName value even if they have different port numbers.
// //
// SecretName is not required when you would like to use only the HTTP endpoints (e.g. when terminating TLS at an // SecretName is not required when you would like to use only the HTTP endpoints (e.g. when the HTTP listener is
// Ingress). It is also not required when you would like all requests to this OIDC Provider's HTTPS endpoints to // configured to listen on loopback interfaces or UNIX domain sockets for traffic from a service mesh sidecar).
// It is also not required when you would like all requests to this OIDC Provider's HTTPS endpoints to
// use the default TLS certificate, which is configured elsewhere. // use the default TLS certificate, which is configured elsewhere.
// //
// When your Issuer URL's host is an IP address, then this field is ignored. SNI does not work for IP addresses. // When your Issuer URL's host is an IP address, then this field is ignored. SNI does not work for IP addresses.

View File

@ -76,12 +76,13 @@ spec:
so all issuers with the same DNS hostname must use the same so all issuers with the same DNS hostname must use the same
SecretName value even if they have different port numbers. \n SecretName value even if they have different port numbers. \n
SecretName is not required when you would like to use only the SecretName is not required when you would like to use only the
HTTP endpoints (e.g. when terminating TLS at an Ingress). It HTTP endpoints (e.g. when the HTTP listener is configured to
is also not required when you would like all requests to this listen on loopback interfaces or UNIX domain sockets for traffic
OIDC Provider's HTTPS endpoints to use the default TLS certificate, from a service mesh sidecar). It is also not required when you
which is configured elsewhere. \n When your Issuer URL's host would like all requests to this OIDC Provider's HTTPS endpoints
is an IP address, then this field is ignored. SNI does not work to use the default TLS certificate, which is configured elsewhere.
for IP addresses." \n When your Issuer URL's host is an IP address, then this field
is ignored. SNI does not work for IP addresses."
type: string type: string
type: object type: object
required: required:

View File

@ -31,8 +31,9 @@ type FederationDomainTLSSpec struct {
// SNI requests do not include port numbers, so all issuers with the same DNS hostname must use the same // SNI requests do not include port numbers, so all issuers with the same DNS hostname must use the same
// SecretName value even if they have different port numbers. // SecretName value even if they have different port numbers.
// //
// SecretName is not required when you would like to use only the HTTP endpoints (e.g. when terminating TLS at an // SecretName is not required when you would like to use only the HTTP endpoints (e.g. when the HTTP listener is
// Ingress). It is also not required when you would like all requests to this OIDC Provider's HTTPS endpoints to // configured to listen on loopback interfaces or UNIX domain sockets for traffic from a service mesh sidecar).
// It is also not required when you would like all requests to this OIDC Provider's HTTPS endpoints to
// use the default TLS certificate, which is configured elsewhere. // use the default TLS certificate, which is configured elsewhere.
// //
// When your Issuer URL's host is an IP address, then this field is ignored. SNI does not work for IP addresses. // When your Issuer URL's host is an IP address, then this field is ignored. SNI does not work for IP addresses.