Update comment in FederationDomainTLSSpec
This commit is contained in:
parent
25d20d4081
commit
bdabdf0f42
@ -31,8 +31,9 @@ type FederationDomainTLSSpec struct {
|
|||||||
// SNI requests do not include port numbers, so all issuers with the same DNS hostname must use the same
|
// SNI requests do not include port numbers, so all issuers with the same DNS hostname must use the same
|
||||||
// SecretName value even if they have different port numbers.
|
// SecretName value even if they have different port numbers.
|
||||||
//
|
//
|
||||||
// SecretName is not required when you would like to use only the HTTP endpoints (e.g. when terminating TLS at an
|
// SecretName is not required when you would like to use only the HTTP endpoints (e.g. when the HTTP listener is
|
||||||
// Ingress). It is also not required when you would like all requests to this OIDC Provider's HTTPS endpoints to
|
// configured to listen on loopback interfaces or UNIX domain sockets for traffic from a service mesh sidecar).
|
||||||
|
// It is also not required when you would like all requests to this OIDC Provider's HTTPS endpoints to
|
||||||
// use the default TLS certificate, which is configured elsewhere.
|
// use the default TLS certificate, which is configured elsewhere.
|
||||||
//
|
//
|
||||||
// When your Issuer URL's host is an IP address, then this field is ignored. SNI does not work for IP addresses.
|
// When your Issuer URL's host is an IP address, then this field is ignored. SNI does not work for IP addresses.
|
||||||
|
@ -76,12 +76,13 @@ spec:
|
|||||||
so all issuers with the same DNS hostname must use the same
|
so all issuers with the same DNS hostname must use the same
|
||||||
SecretName value even if they have different port numbers. \n
|
SecretName value even if they have different port numbers. \n
|
||||||
SecretName is not required when you would like to use only the
|
SecretName is not required when you would like to use only the
|
||||||
HTTP endpoints (e.g. when terminating TLS at an Ingress). It
|
HTTP endpoints (e.g. when the HTTP listener is configured to
|
||||||
is also not required when you would like all requests to this
|
listen on loopback interfaces or UNIX domain sockets for traffic
|
||||||
OIDC Provider's HTTPS endpoints to use the default TLS certificate,
|
from a service mesh sidecar). It is also not required when you
|
||||||
which is configured elsewhere. \n When your Issuer URL's host
|
would like all requests to this OIDC Provider's HTTPS endpoints
|
||||||
is an IP address, then this field is ignored. SNI does not work
|
to use the default TLS certificate, which is configured elsewhere.
|
||||||
for IP addresses."
|
\n When your Issuer URL's host is an IP address, then this field
|
||||||
|
is ignored. SNI does not work for IP addresses."
|
||||||
type: string
|
type: string
|
||||||
type: object
|
type: object
|
||||||
required:
|
required:
|
||||||
|
2
generated/1.17/README.adoc
generated
2
generated/1.17/README.adoc
generated
@ -538,7 +538,7 @@ FederationDomainTLSSpec is a struct that describes the TLS configuration for an
|
|||||||
| *`secretName`* __string__ | SecretName is an optional name of a Secret in the same namespace, of type `kubernetes.io/tls`, which contains the TLS serving certificate for the HTTPS endpoints served by this FederationDomain. When provided, the TLS Secret named here must contain keys named `tls.crt` and `tls.key` that contain the certificate and private key to use for TLS.
|
| *`secretName`* __string__ | SecretName is an optional name of a Secret in the same namespace, of type `kubernetes.io/tls`, which contains the TLS serving certificate for the HTTPS endpoints served by this FederationDomain. When provided, the TLS Secret named here must contain keys named `tls.crt` and `tls.key` that contain the certificate and private key to use for TLS.
|
||||||
Server Name Indication (SNI) is an extension to the Transport Layer Security (TLS) supported by all major browsers.
|
Server Name Indication (SNI) is an extension to the Transport Layer Security (TLS) supported by all major browsers.
|
||||||
SecretName is required if you would like to use different TLS certificates for issuers of different hostnames. SNI requests do not include port numbers, so all issuers with the same DNS hostname must use the same SecretName value even if they have different port numbers.
|
SecretName is required if you would like to use different TLS certificates for issuers of different hostnames. SNI requests do not include port numbers, so all issuers with the same DNS hostname must use the same SecretName value even if they have different port numbers.
|
||||||
SecretName is not required when you would like to use only the HTTP endpoints (e.g. when terminating TLS at an Ingress). It is also not required when you would like all requests to this OIDC Provider's HTTPS endpoints to use the default TLS certificate, which is configured elsewhere.
|
SecretName is not required when you would like to use only the HTTP endpoints (e.g. when the HTTP listener is configured to listen on loopback interfaces or UNIX domain sockets for traffic from a service mesh sidecar). It is also not required when you would like all requests to this OIDC Provider's HTTPS endpoints to use the default TLS certificate, which is configured elsewhere.
|
||||||
When your Issuer URL's host is an IP address, then this field is ignored. SNI does not work for IP addresses.
|
When your Issuer URL's host is an IP address, then this field is ignored. SNI does not work for IP addresses.
|
||||||
|===
|
|===
|
||||||
|
|
||||||
|
@ -31,8 +31,9 @@ type FederationDomainTLSSpec struct {
|
|||||||
// SNI requests do not include port numbers, so all issuers with the same DNS hostname must use the same
|
// SNI requests do not include port numbers, so all issuers with the same DNS hostname must use the same
|
||||||
// SecretName value even if they have different port numbers.
|
// SecretName value even if they have different port numbers.
|
||||||
//
|
//
|
||||||
// SecretName is not required when you would like to use only the HTTP endpoints (e.g. when terminating TLS at an
|
// SecretName is not required when you would like to use only the HTTP endpoints (e.g. when the HTTP listener is
|
||||||
// Ingress). It is also not required when you would like all requests to this OIDC Provider's HTTPS endpoints to
|
// configured to listen on loopback interfaces or UNIX domain sockets for traffic from a service mesh sidecar).
|
||||||
|
// It is also not required when you would like all requests to this OIDC Provider's HTTPS endpoints to
|
||||||
// use the default TLS certificate, which is configured elsewhere.
|
// use the default TLS certificate, which is configured elsewhere.
|
||||||
//
|
//
|
||||||
// When your Issuer URL's host is an IP address, then this field is ignored. SNI does not work for IP addresses.
|
// When your Issuer URL's host is an IP address, then this field is ignored. SNI does not work for IP addresses.
|
||||||
|
@ -76,12 +76,13 @@ spec:
|
|||||||
so all issuers with the same DNS hostname must use the same
|
so all issuers with the same DNS hostname must use the same
|
||||||
SecretName value even if they have different port numbers. \n
|
SecretName value even if they have different port numbers. \n
|
||||||
SecretName is not required when you would like to use only the
|
SecretName is not required when you would like to use only the
|
||||||
HTTP endpoints (e.g. when terminating TLS at an Ingress). It
|
HTTP endpoints (e.g. when the HTTP listener is configured to
|
||||||
is also not required when you would like all requests to this
|
listen on loopback interfaces or UNIX domain sockets for traffic
|
||||||
OIDC Provider's HTTPS endpoints to use the default TLS certificate,
|
from a service mesh sidecar). It is also not required when you
|
||||||
which is configured elsewhere. \n When your Issuer URL's host
|
would like all requests to this OIDC Provider's HTTPS endpoints
|
||||||
is an IP address, then this field is ignored. SNI does not work
|
to use the default TLS certificate, which is configured elsewhere.
|
||||||
for IP addresses."
|
\n When your Issuer URL's host is an IP address, then this field
|
||||||
|
is ignored. SNI does not work for IP addresses."
|
||||||
type: string
|
type: string
|
||||||
type: object
|
type: object
|
||||||
required:
|
required:
|
||||||
|
2
generated/1.18/README.adoc
generated
2
generated/1.18/README.adoc
generated
@ -538,7 +538,7 @@ FederationDomainTLSSpec is a struct that describes the TLS configuration for an
|
|||||||
| *`secretName`* __string__ | SecretName is an optional name of a Secret in the same namespace, of type `kubernetes.io/tls`, which contains the TLS serving certificate for the HTTPS endpoints served by this FederationDomain. When provided, the TLS Secret named here must contain keys named `tls.crt` and `tls.key` that contain the certificate and private key to use for TLS.
|
| *`secretName`* __string__ | SecretName is an optional name of a Secret in the same namespace, of type `kubernetes.io/tls`, which contains the TLS serving certificate for the HTTPS endpoints served by this FederationDomain. When provided, the TLS Secret named here must contain keys named `tls.crt` and `tls.key` that contain the certificate and private key to use for TLS.
|
||||||
Server Name Indication (SNI) is an extension to the Transport Layer Security (TLS) supported by all major browsers.
|
Server Name Indication (SNI) is an extension to the Transport Layer Security (TLS) supported by all major browsers.
|
||||||
SecretName is required if you would like to use different TLS certificates for issuers of different hostnames. SNI requests do not include port numbers, so all issuers with the same DNS hostname must use the same SecretName value even if they have different port numbers.
|
SecretName is required if you would like to use different TLS certificates for issuers of different hostnames. SNI requests do not include port numbers, so all issuers with the same DNS hostname must use the same SecretName value even if they have different port numbers.
|
||||||
SecretName is not required when you would like to use only the HTTP endpoints (e.g. when terminating TLS at an Ingress). It is also not required when you would like all requests to this OIDC Provider's HTTPS endpoints to use the default TLS certificate, which is configured elsewhere.
|
SecretName is not required when you would like to use only the HTTP endpoints (e.g. when the HTTP listener is configured to listen on loopback interfaces or UNIX domain sockets for traffic from a service mesh sidecar). It is also not required when you would like all requests to this OIDC Provider's HTTPS endpoints to use the default TLS certificate, which is configured elsewhere.
|
||||||
When your Issuer URL's host is an IP address, then this field is ignored. SNI does not work for IP addresses.
|
When your Issuer URL's host is an IP address, then this field is ignored. SNI does not work for IP addresses.
|
||||||
|===
|
|===
|
||||||
|
|
||||||
|
@ -31,8 +31,9 @@ type FederationDomainTLSSpec struct {
|
|||||||
// SNI requests do not include port numbers, so all issuers with the same DNS hostname must use the same
|
// SNI requests do not include port numbers, so all issuers with the same DNS hostname must use the same
|
||||||
// SecretName value even if they have different port numbers.
|
// SecretName value even if they have different port numbers.
|
||||||
//
|
//
|
||||||
// SecretName is not required when you would like to use only the HTTP endpoints (e.g. when terminating TLS at an
|
// SecretName is not required when you would like to use only the HTTP endpoints (e.g. when the HTTP listener is
|
||||||
// Ingress). It is also not required when you would like all requests to this OIDC Provider's HTTPS endpoints to
|
// configured to listen on loopback interfaces or UNIX domain sockets for traffic from a service mesh sidecar).
|
||||||
|
// It is also not required when you would like all requests to this OIDC Provider's HTTPS endpoints to
|
||||||
// use the default TLS certificate, which is configured elsewhere.
|
// use the default TLS certificate, which is configured elsewhere.
|
||||||
//
|
//
|
||||||
// When your Issuer URL's host is an IP address, then this field is ignored. SNI does not work for IP addresses.
|
// When your Issuer URL's host is an IP address, then this field is ignored. SNI does not work for IP addresses.
|
||||||
|
@ -76,12 +76,13 @@ spec:
|
|||||||
so all issuers with the same DNS hostname must use the same
|
so all issuers with the same DNS hostname must use the same
|
||||||
SecretName value even if they have different port numbers. \n
|
SecretName value even if they have different port numbers. \n
|
||||||
SecretName is not required when you would like to use only the
|
SecretName is not required when you would like to use only the
|
||||||
HTTP endpoints (e.g. when terminating TLS at an Ingress). It
|
HTTP endpoints (e.g. when the HTTP listener is configured to
|
||||||
is also not required when you would like all requests to this
|
listen on loopback interfaces or UNIX domain sockets for traffic
|
||||||
OIDC Provider's HTTPS endpoints to use the default TLS certificate,
|
from a service mesh sidecar). It is also not required when you
|
||||||
which is configured elsewhere. \n When your Issuer URL's host
|
would like all requests to this OIDC Provider's HTTPS endpoints
|
||||||
is an IP address, then this field is ignored. SNI does not work
|
to use the default TLS certificate, which is configured elsewhere.
|
||||||
for IP addresses."
|
\n When your Issuer URL's host is an IP address, then this field
|
||||||
|
is ignored. SNI does not work for IP addresses."
|
||||||
type: string
|
type: string
|
||||||
type: object
|
type: object
|
||||||
required:
|
required:
|
||||||
|
2
generated/1.19/README.adoc
generated
2
generated/1.19/README.adoc
generated
@ -538,7 +538,7 @@ FederationDomainTLSSpec is a struct that describes the TLS configuration for an
|
|||||||
| *`secretName`* __string__ | SecretName is an optional name of a Secret in the same namespace, of type `kubernetes.io/tls`, which contains the TLS serving certificate for the HTTPS endpoints served by this FederationDomain. When provided, the TLS Secret named here must contain keys named `tls.crt` and `tls.key` that contain the certificate and private key to use for TLS.
|
| *`secretName`* __string__ | SecretName is an optional name of a Secret in the same namespace, of type `kubernetes.io/tls`, which contains the TLS serving certificate for the HTTPS endpoints served by this FederationDomain. When provided, the TLS Secret named here must contain keys named `tls.crt` and `tls.key` that contain the certificate and private key to use for TLS.
|
||||||
Server Name Indication (SNI) is an extension to the Transport Layer Security (TLS) supported by all major browsers.
|
Server Name Indication (SNI) is an extension to the Transport Layer Security (TLS) supported by all major browsers.
|
||||||
SecretName is required if you would like to use different TLS certificates for issuers of different hostnames. SNI requests do not include port numbers, so all issuers with the same DNS hostname must use the same SecretName value even if they have different port numbers.
|
SecretName is required if you would like to use different TLS certificates for issuers of different hostnames. SNI requests do not include port numbers, so all issuers with the same DNS hostname must use the same SecretName value even if they have different port numbers.
|
||||||
SecretName is not required when you would like to use only the HTTP endpoints (e.g. when terminating TLS at an Ingress). It is also not required when you would like all requests to this OIDC Provider's HTTPS endpoints to use the default TLS certificate, which is configured elsewhere.
|
SecretName is not required when you would like to use only the HTTP endpoints (e.g. when the HTTP listener is configured to listen on loopback interfaces or UNIX domain sockets for traffic from a service mesh sidecar). It is also not required when you would like all requests to this OIDC Provider's HTTPS endpoints to use the default TLS certificate, which is configured elsewhere.
|
||||||
When your Issuer URL's host is an IP address, then this field is ignored. SNI does not work for IP addresses.
|
When your Issuer URL's host is an IP address, then this field is ignored. SNI does not work for IP addresses.
|
||||||
|===
|
|===
|
||||||
|
|
||||||
|
@ -31,8 +31,9 @@ type FederationDomainTLSSpec struct {
|
|||||||
// SNI requests do not include port numbers, so all issuers with the same DNS hostname must use the same
|
// SNI requests do not include port numbers, so all issuers with the same DNS hostname must use the same
|
||||||
// SecretName value even if they have different port numbers.
|
// SecretName value even if they have different port numbers.
|
||||||
//
|
//
|
||||||
// SecretName is not required when you would like to use only the HTTP endpoints (e.g. when terminating TLS at an
|
// SecretName is not required when you would like to use only the HTTP endpoints (e.g. when the HTTP listener is
|
||||||
// Ingress). It is also not required when you would like all requests to this OIDC Provider's HTTPS endpoints to
|
// configured to listen on loopback interfaces or UNIX domain sockets for traffic from a service mesh sidecar).
|
||||||
|
// It is also not required when you would like all requests to this OIDC Provider's HTTPS endpoints to
|
||||||
// use the default TLS certificate, which is configured elsewhere.
|
// use the default TLS certificate, which is configured elsewhere.
|
||||||
//
|
//
|
||||||
// When your Issuer URL's host is an IP address, then this field is ignored. SNI does not work for IP addresses.
|
// When your Issuer URL's host is an IP address, then this field is ignored. SNI does not work for IP addresses.
|
||||||
|
@ -76,12 +76,13 @@ spec:
|
|||||||
so all issuers with the same DNS hostname must use the same
|
so all issuers with the same DNS hostname must use the same
|
||||||
SecretName value even if they have different port numbers. \n
|
SecretName value even if they have different port numbers. \n
|
||||||
SecretName is not required when you would like to use only the
|
SecretName is not required when you would like to use only the
|
||||||
HTTP endpoints (e.g. when terminating TLS at an Ingress). It
|
HTTP endpoints (e.g. when the HTTP listener is configured to
|
||||||
is also not required when you would like all requests to this
|
listen on loopback interfaces or UNIX domain sockets for traffic
|
||||||
OIDC Provider's HTTPS endpoints to use the default TLS certificate,
|
from a service mesh sidecar). It is also not required when you
|
||||||
which is configured elsewhere. \n When your Issuer URL's host
|
would like all requests to this OIDC Provider's HTTPS endpoints
|
||||||
is an IP address, then this field is ignored. SNI does not work
|
to use the default TLS certificate, which is configured elsewhere.
|
||||||
for IP addresses."
|
\n When your Issuer URL's host is an IP address, then this field
|
||||||
|
is ignored. SNI does not work for IP addresses."
|
||||||
type: string
|
type: string
|
||||||
type: object
|
type: object
|
||||||
required:
|
required:
|
||||||
|
2
generated/1.20/README.adoc
generated
2
generated/1.20/README.adoc
generated
@ -538,7 +538,7 @@ FederationDomainTLSSpec is a struct that describes the TLS configuration for an
|
|||||||
| *`secretName`* __string__ | SecretName is an optional name of a Secret in the same namespace, of type `kubernetes.io/tls`, which contains the TLS serving certificate for the HTTPS endpoints served by this FederationDomain. When provided, the TLS Secret named here must contain keys named `tls.crt` and `tls.key` that contain the certificate and private key to use for TLS.
|
| *`secretName`* __string__ | SecretName is an optional name of a Secret in the same namespace, of type `kubernetes.io/tls`, which contains the TLS serving certificate for the HTTPS endpoints served by this FederationDomain. When provided, the TLS Secret named here must contain keys named `tls.crt` and `tls.key` that contain the certificate and private key to use for TLS.
|
||||||
Server Name Indication (SNI) is an extension to the Transport Layer Security (TLS) supported by all major browsers.
|
Server Name Indication (SNI) is an extension to the Transport Layer Security (TLS) supported by all major browsers.
|
||||||
SecretName is required if you would like to use different TLS certificates for issuers of different hostnames. SNI requests do not include port numbers, so all issuers with the same DNS hostname must use the same SecretName value even if they have different port numbers.
|
SecretName is required if you would like to use different TLS certificates for issuers of different hostnames. SNI requests do not include port numbers, so all issuers with the same DNS hostname must use the same SecretName value even if they have different port numbers.
|
||||||
SecretName is not required when you would like to use only the HTTP endpoints (e.g. when terminating TLS at an Ingress). It is also not required when you would like all requests to this OIDC Provider's HTTPS endpoints to use the default TLS certificate, which is configured elsewhere.
|
SecretName is not required when you would like to use only the HTTP endpoints (e.g. when the HTTP listener is configured to listen on loopback interfaces or UNIX domain sockets for traffic from a service mesh sidecar). It is also not required when you would like all requests to this OIDC Provider's HTTPS endpoints to use the default TLS certificate, which is configured elsewhere.
|
||||||
When your Issuer URL's host is an IP address, then this field is ignored. SNI does not work for IP addresses.
|
When your Issuer URL's host is an IP address, then this field is ignored. SNI does not work for IP addresses.
|
||||||
|===
|
|===
|
||||||
|
|
||||||
|
@ -31,8 +31,9 @@ type FederationDomainTLSSpec struct {
|
|||||||
// SNI requests do not include port numbers, so all issuers with the same DNS hostname must use the same
|
// SNI requests do not include port numbers, so all issuers with the same DNS hostname must use the same
|
||||||
// SecretName value even if they have different port numbers.
|
// SecretName value even if they have different port numbers.
|
||||||
//
|
//
|
||||||
// SecretName is not required when you would like to use only the HTTP endpoints (e.g. when terminating TLS at an
|
// SecretName is not required when you would like to use only the HTTP endpoints (e.g. when the HTTP listener is
|
||||||
// Ingress). It is also not required when you would like all requests to this OIDC Provider's HTTPS endpoints to
|
// configured to listen on loopback interfaces or UNIX domain sockets for traffic from a service mesh sidecar).
|
||||||
|
// It is also not required when you would like all requests to this OIDC Provider's HTTPS endpoints to
|
||||||
// use the default TLS certificate, which is configured elsewhere.
|
// use the default TLS certificate, which is configured elsewhere.
|
||||||
//
|
//
|
||||||
// When your Issuer URL's host is an IP address, then this field is ignored. SNI does not work for IP addresses.
|
// When your Issuer URL's host is an IP address, then this field is ignored. SNI does not work for IP addresses.
|
||||||
|
@ -76,12 +76,13 @@ spec:
|
|||||||
so all issuers with the same DNS hostname must use the same
|
so all issuers with the same DNS hostname must use the same
|
||||||
SecretName value even if they have different port numbers. \n
|
SecretName value even if they have different port numbers. \n
|
||||||
SecretName is not required when you would like to use only the
|
SecretName is not required when you would like to use only the
|
||||||
HTTP endpoints (e.g. when terminating TLS at an Ingress). It
|
HTTP endpoints (e.g. when the HTTP listener is configured to
|
||||||
is also not required when you would like all requests to this
|
listen on loopback interfaces or UNIX domain sockets for traffic
|
||||||
OIDC Provider's HTTPS endpoints to use the default TLS certificate,
|
from a service mesh sidecar). It is also not required when you
|
||||||
which is configured elsewhere. \n When your Issuer URL's host
|
would like all requests to this OIDC Provider's HTTPS endpoints
|
||||||
is an IP address, then this field is ignored. SNI does not work
|
to use the default TLS certificate, which is configured elsewhere.
|
||||||
for IP addresses."
|
\n When your Issuer URL's host is an IP address, then this field
|
||||||
|
is ignored. SNI does not work for IP addresses."
|
||||||
type: string
|
type: string
|
||||||
type: object
|
type: object
|
||||||
required:
|
required:
|
||||||
|
2
generated/1.21/README.adoc
generated
2
generated/1.21/README.adoc
generated
@ -538,7 +538,7 @@ FederationDomainTLSSpec is a struct that describes the TLS configuration for an
|
|||||||
| *`secretName`* __string__ | SecretName is an optional name of a Secret in the same namespace, of type `kubernetes.io/tls`, which contains the TLS serving certificate for the HTTPS endpoints served by this FederationDomain. When provided, the TLS Secret named here must contain keys named `tls.crt` and `tls.key` that contain the certificate and private key to use for TLS.
|
| *`secretName`* __string__ | SecretName is an optional name of a Secret in the same namespace, of type `kubernetes.io/tls`, which contains the TLS serving certificate for the HTTPS endpoints served by this FederationDomain. When provided, the TLS Secret named here must contain keys named `tls.crt` and `tls.key` that contain the certificate and private key to use for TLS.
|
||||||
Server Name Indication (SNI) is an extension to the Transport Layer Security (TLS) supported by all major browsers.
|
Server Name Indication (SNI) is an extension to the Transport Layer Security (TLS) supported by all major browsers.
|
||||||
SecretName is required if you would like to use different TLS certificates for issuers of different hostnames. SNI requests do not include port numbers, so all issuers with the same DNS hostname must use the same SecretName value even if they have different port numbers.
|
SecretName is required if you would like to use different TLS certificates for issuers of different hostnames. SNI requests do not include port numbers, so all issuers with the same DNS hostname must use the same SecretName value even if they have different port numbers.
|
||||||
SecretName is not required when you would like to use only the HTTP endpoints (e.g. when terminating TLS at an Ingress). It is also not required when you would like all requests to this OIDC Provider's HTTPS endpoints to use the default TLS certificate, which is configured elsewhere.
|
SecretName is not required when you would like to use only the HTTP endpoints (e.g. when the HTTP listener is configured to listen on loopback interfaces or UNIX domain sockets for traffic from a service mesh sidecar). It is also not required when you would like all requests to this OIDC Provider's HTTPS endpoints to use the default TLS certificate, which is configured elsewhere.
|
||||||
When your Issuer URL's host is an IP address, then this field is ignored. SNI does not work for IP addresses.
|
When your Issuer URL's host is an IP address, then this field is ignored. SNI does not work for IP addresses.
|
||||||
|===
|
|===
|
||||||
|
|
||||||
|
@ -31,8 +31,9 @@ type FederationDomainTLSSpec struct {
|
|||||||
// SNI requests do not include port numbers, so all issuers with the same DNS hostname must use the same
|
// SNI requests do not include port numbers, so all issuers with the same DNS hostname must use the same
|
||||||
// SecretName value even if they have different port numbers.
|
// SecretName value even if they have different port numbers.
|
||||||
//
|
//
|
||||||
// SecretName is not required when you would like to use only the HTTP endpoints (e.g. when terminating TLS at an
|
// SecretName is not required when you would like to use only the HTTP endpoints (e.g. when the HTTP listener is
|
||||||
// Ingress). It is also not required when you would like all requests to this OIDC Provider's HTTPS endpoints to
|
// configured to listen on loopback interfaces or UNIX domain sockets for traffic from a service mesh sidecar).
|
||||||
|
// It is also not required when you would like all requests to this OIDC Provider's HTTPS endpoints to
|
||||||
// use the default TLS certificate, which is configured elsewhere.
|
// use the default TLS certificate, which is configured elsewhere.
|
||||||
//
|
//
|
||||||
// When your Issuer URL's host is an IP address, then this field is ignored. SNI does not work for IP addresses.
|
// When your Issuer URL's host is an IP address, then this field is ignored. SNI does not work for IP addresses.
|
||||||
|
@ -76,12 +76,13 @@ spec:
|
|||||||
so all issuers with the same DNS hostname must use the same
|
so all issuers with the same DNS hostname must use the same
|
||||||
SecretName value even if they have different port numbers. \n
|
SecretName value even if they have different port numbers. \n
|
||||||
SecretName is not required when you would like to use only the
|
SecretName is not required when you would like to use only the
|
||||||
HTTP endpoints (e.g. when terminating TLS at an Ingress). It
|
HTTP endpoints (e.g. when the HTTP listener is configured to
|
||||||
is also not required when you would like all requests to this
|
listen on loopback interfaces or UNIX domain sockets for traffic
|
||||||
OIDC Provider's HTTPS endpoints to use the default TLS certificate,
|
from a service mesh sidecar). It is also not required when you
|
||||||
which is configured elsewhere. \n When your Issuer URL's host
|
would like all requests to this OIDC Provider's HTTPS endpoints
|
||||||
is an IP address, then this field is ignored. SNI does not work
|
to use the default TLS certificate, which is configured elsewhere.
|
||||||
for IP addresses."
|
\n When your Issuer URL's host is an IP address, then this field
|
||||||
|
is ignored. SNI does not work for IP addresses."
|
||||||
type: string
|
type: string
|
||||||
type: object
|
type: object
|
||||||
required:
|
required:
|
||||||
|
2
generated/1.22/README.adoc
generated
2
generated/1.22/README.adoc
generated
@ -538,7 +538,7 @@ FederationDomainTLSSpec is a struct that describes the TLS configuration for an
|
|||||||
| *`secretName`* __string__ | SecretName is an optional name of a Secret in the same namespace, of type `kubernetes.io/tls`, which contains the TLS serving certificate for the HTTPS endpoints served by this FederationDomain. When provided, the TLS Secret named here must contain keys named `tls.crt` and `tls.key` that contain the certificate and private key to use for TLS.
|
| *`secretName`* __string__ | SecretName is an optional name of a Secret in the same namespace, of type `kubernetes.io/tls`, which contains the TLS serving certificate for the HTTPS endpoints served by this FederationDomain. When provided, the TLS Secret named here must contain keys named `tls.crt` and `tls.key` that contain the certificate and private key to use for TLS.
|
||||||
Server Name Indication (SNI) is an extension to the Transport Layer Security (TLS) supported by all major browsers.
|
Server Name Indication (SNI) is an extension to the Transport Layer Security (TLS) supported by all major browsers.
|
||||||
SecretName is required if you would like to use different TLS certificates for issuers of different hostnames. SNI requests do not include port numbers, so all issuers with the same DNS hostname must use the same SecretName value even if they have different port numbers.
|
SecretName is required if you would like to use different TLS certificates for issuers of different hostnames. SNI requests do not include port numbers, so all issuers with the same DNS hostname must use the same SecretName value even if they have different port numbers.
|
||||||
SecretName is not required when you would like to use only the HTTP endpoints (e.g. when terminating TLS at an Ingress). It is also not required when you would like all requests to this OIDC Provider's HTTPS endpoints to use the default TLS certificate, which is configured elsewhere.
|
SecretName is not required when you would like to use only the HTTP endpoints (e.g. when the HTTP listener is configured to listen on loopback interfaces or UNIX domain sockets for traffic from a service mesh sidecar). It is also not required when you would like all requests to this OIDC Provider's HTTPS endpoints to use the default TLS certificate, which is configured elsewhere.
|
||||||
When your Issuer URL's host is an IP address, then this field is ignored. SNI does not work for IP addresses.
|
When your Issuer URL's host is an IP address, then this field is ignored. SNI does not work for IP addresses.
|
||||||
|===
|
|===
|
||||||
|
|
||||||
|
@ -31,8 +31,9 @@ type FederationDomainTLSSpec struct {
|
|||||||
// SNI requests do not include port numbers, so all issuers with the same DNS hostname must use the same
|
// SNI requests do not include port numbers, so all issuers with the same DNS hostname must use the same
|
||||||
// SecretName value even if they have different port numbers.
|
// SecretName value even if they have different port numbers.
|
||||||
//
|
//
|
||||||
// SecretName is not required when you would like to use only the HTTP endpoints (e.g. when terminating TLS at an
|
// SecretName is not required when you would like to use only the HTTP endpoints (e.g. when the HTTP listener is
|
||||||
// Ingress). It is also not required when you would like all requests to this OIDC Provider's HTTPS endpoints to
|
// configured to listen on loopback interfaces or UNIX domain sockets for traffic from a service mesh sidecar).
|
||||||
|
// It is also not required when you would like all requests to this OIDC Provider's HTTPS endpoints to
|
||||||
// use the default TLS certificate, which is configured elsewhere.
|
// use the default TLS certificate, which is configured elsewhere.
|
||||||
//
|
//
|
||||||
// When your Issuer URL's host is an IP address, then this field is ignored. SNI does not work for IP addresses.
|
// When your Issuer URL's host is an IP address, then this field is ignored. SNI does not work for IP addresses.
|
||||||
|
@ -76,12 +76,13 @@ spec:
|
|||||||
so all issuers with the same DNS hostname must use the same
|
so all issuers with the same DNS hostname must use the same
|
||||||
SecretName value even if they have different port numbers. \n
|
SecretName value even if they have different port numbers. \n
|
||||||
SecretName is not required when you would like to use only the
|
SecretName is not required when you would like to use only the
|
||||||
HTTP endpoints (e.g. when terminating TLS at an Ingress). It
|
HTTP endpoints (e.g. when the HTTP listener is configured to
|
||||||
is also not required when you would like all requests to this
|
listen on loopback interfaces or UNIX domain sockets for traffic
|
||||||
OIDC Provider's HTTPS endpoints to use the default TLS certificate,
|
from a service mesh sidecar). It is also not required when you
|
||||||
which is configured elsewhere. \n When your Issuer URL's host
|
would like all requests to this OIDC Provider's HTTPS endpoints
|
||||||
is an IP address, then this field is ignored. SNI does not work
|
to use the default TLS certificate, which is configured elsewhere.
|
||||||
for IP addresses."
|
\n When your Issuer URL's host is an IP address, then this field
|
||||||
|
is ignored. SNI does not work for IP addresses."
|
||||||
type: string
|
type: string
|
||||||
type: object
|
type: object
|
||||||
required:
|
required:
|
||||||
|
2
generated/1.23/README.adoc
generated
2
generated/1.23/README.adoc
generated
@ -538,7 +538,7 @@ FederationDomainTLSSpec is a struct that describes the TLS configuration for an
|
|||||||
| *`secretName`* __string__ | SecretName is an optional name of a Secret in the same namespace, of type `kubernetes.io/tls`, which contains the TLS serving certificate for the HTTPS endpoints served by this FederationDomain. When provided, the TLS Secret named here must contain keys named `tls.crt` and `tls.key` that contain the certificate and private key to use for TLS.
|
| *`secretName`* __string__ | SecretName is an optional name of a Secret in the same namespace, of type `kubernetes.io/tls`, which contains the TLS serving certificate for the HTTPS endpoints served by this FederationDomain. When provided, the TLS Secret named here must contain keys named `tls.crt` and `tls.key` that contain the certificate and private key to use for TLS.
|
||||||
Server Name Indication (SNI) is an extension to the Transport Layer Security (TLS) supported by all major browsers.
|
Server Name Indication (SNI) is an extension to the Transport Layer Security (TLS) supported by all major browsers.
|
||||||
SecretName is required if you would like to use different TLS certificates for issuers of different hostnames. SNI requests do not include port numbers, so all issuers with the same DNS hostname must use the same SecretName value even if they have different port numbers.
|
SecretName is required if you would like to use different TLS certificates for issuers of different hostnames. SNI requests do not include port numbers, so all issuers with the same DNS hostname must use the same SecretName value even if they have different port numbers.
|
||||||
SecretName is not required when you would like to use only the HTTP endpoints (e.g. when terminating TLS at an Ingress). It is also not required when you would like all requests to this OIDC Provider's HTTPS endpoints to use the default TLS certificate, which is configured elsewhere.
|
SecretName is not required when you would like to use only the HTTP endpoints (e.g. when the HTTP listener is configured to listen on loopback interfaces or UNIX domain sockets for traffic from a service mesh sidecar). It is also not required when you would like all requests to this OIDC Provider's HTTPS endpoints to use the default TLS certificate, which is configured elsewhere.
|
||||||
When your Issuer URL's host is an IP address, then this field is ignored. SNI does not work for IP addresses.
|
When your Issuer URL's host is an IP address, then this field is ignored. SNI does not work for IP addresses.
|
||||||
|===
|
|===
|
||||||
|
|
||||||
|
@ -31,8 +31,9 @@ type FederationDomainTLSSpec struct {
|
|||||||
// SNI requests do not include port numbers, so all issuers with the same DNS hostname must use the same
|
// SNI requests do not include port numbers, so all issuers with the same DNS hostname must use the same
|
||||||
// SecretName value even if they have different port numbers.
|
// SecretName value even if they have different port numbers.
|
||||||
//
|
//
|
||||||
// SecretName is not required when you would like to use only the HTTP endpoints (e.g. when terminating TLS at an
|
// SecretName is not required when you would like to use only the HTTP endpoints (e.g. when the HTTP listener is
|
||||||
// Ingress). It is also not required when you would like all requests to this OIDC Provider's HTTPS endpoints to
|
// configured to listen on loopback interfaces or UNIX domain sockets for traffic from a service mesh sidecar).
|
||||||
|
// It is also not required when you would like all requests to this OIDC Provider's HTTPS endpoints to
|
||||||
// use the default TLS certificate, which is configured elsewhere.
|
// use the default TLS certificate, which is configured elsewhere.
|
||||||
//
|
//
|
||||||
// When your Issuer URL's host is an IP address, then this field is ignored. SNI does not work for IP addresses.
|
// When your Issuer URL's host is an IP address, then this field is ignored. SNI does not work for IP addresses.
|
||||||
|
@ -76,12 +76,13 @@ spec:
|
|||||||
so all issuers with the same DNS hostname must use the same
|
so all issuers with the same DNS hostname must use the same
|
||||||
SecretName value even if they have different port numbers. \n
|
SecretName value even if they have different port numbers. \n
|
||||||
SecretName is not required when you would like to use only the
|
SecretName is not required when you would like to use only the
|
||||||
HTTP endpoints (e.g. when terminating TLS at an Ingress). It
|
HTTP endpoints (e.g. when the HTTP listener is configured to
|
||||||
is also not required when you would like all requests to this
|
listen on loopback interfaces or UNIX domain sockets for traffic
|
||||||
OIDC Provider's HTTPS endpoints to use the default TLS certificate,
|
from a service mesh sidecar). It is also not required when you
|
||||||
which is configured elsewhere. \n When your Issuer URL's host
|
would like all requests to this OIDC Provider's HTTPS endpoints
|
||||||
is an IP address, then this field is ignored. SNI does not work
|
to use the default TLS certificate, which is configured elsewhere.
|
||||||
for IP addresses."
|
\n When your Issuer URL's host is an IP address, then this field
|
||||||
|
is ignored. SNI does not work for IP addresses."
|
||||||
type: string
|
type: string
|
||||||
type: object
|
type: object
|
||||||
required:
|
required:
|
||||||
|
@ -31,8 +31,9 @@ type FederationDomainTLSSpec struct {
|
|||||||
// SNI requests do not include port numbers, so all issuers with the same DNS hostname must use the same
|
// SNI requests do not include port numbers, so all issuers with the same DNS hostname must use the same
|
||||||
// SecretName value even if they have different port numbers.
|
// SecretName value even if they have different port numbers.
|
||||||
//
|
//
|
||||||
// SecretName is not required when you would like to use only the HTTP endpoints (e.g. when terminating TLS at an
|
// SecretName is not required when you would like to use only the HTTP endpoints (e.g. when the HTTP listener is
|
||||||
// Ingress). It is also not required when you would like all requests to this OIDC Provider's HTTPS endpoints to
|
// configured to listen on loopback interfaces or UNIX domain sockets for traffic from a service mesh sidecar).
|
||||||
|
// It is also not required when you would like all requests to this OIDC Provider's HTTPS endpoints to
|
||||||
// use the default TLS certificate, which is configured elsewhere.
|
// use the default TLS certificate, which is configured elsewhere.
|
||||||
//
|
//
|
||||||
// When your Issuer URL's host is an IP address, then this field is ignored. SNI does not work for IP addresses.
|
// When your Issuer URL's host is an IP address, then this field is ignored. SNI does not work for IP addresses.
|
||||||
|
Loading…
Reference in New Issue
Block a user