Merge pull request #405 from enj/enj/i/cluster_scope_concierge

Cluster scope all concierge APIs

apis/concierge/authentication/v1alpha1/types_jwt.go.tmpl

@@ -57,9 +57,11 @@ type JWTTokenClaims struct {
 // signature, existence of claims, etc.) and extract the username and groups from the token.
 //
 // +genclient
+// +genclient:nonNamespaced
 // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
-// +kubebuilder:resource:categories=pinniped;pinniped-authenticator;pinniped-authenticators
+// +kubebuilder:resource:categories=pinniped;pinniped-authenticator;pinniped-authenticators,scope=Cluster
 // +kubebuilder:printcolumn:name="Issuer",type=string,JSONPath=`.spec.issuer`
+// +kubebuilder:subresource:status
 type JWTAuthenticator struct {
 	metav1.TypeMeta   `json:",inline"`
 	metav1.ObjectMeta `json:"metadata,omitempty"`

apis/concierge/authentication/v1alpha1/types_webhook.go.tmpl

@@ -29,9 +29,11 @@ type WebhookAuthenticatorSpec struct {
 
 // WebhookAuthenticator describes the configuration of a webhook authenticator.
 // +genclient
+// +genclient:nonNamespaced
 // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
-// +kubebuilder:resource:categories=pinniped;pinniped-authenticator;pinniped-authenticators
+// +kubebuilder:resource:categories=pinniped;pinniped-authenticator;pinniped-authenticators,scope=Cluster
 // +kubebuilder:printcolumn:name="Endpoint",type=string,JSONPath=`.spec.endpoint`
+// +kubebuilder:subresource:status
 type WebhookAuthenticator struct {
 	metav1.TypeMeta   `json:",inline"`
 	metav1.ObjectMeta `json:"metadata,omitempty"`

apis/concierge/config/v1alpha1/types_credentialissuer.go.tmpl

@@ -67,13 +67,16 @@ type CredentialIssuerStrategy struct {
 
 // Describes the configuration status of a Pinniped credential issuer.
 // +genclient
+// +genclient:nonNamespaced
 // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
-// +kubebuilder:resource:categories=pinniped
+// +kubebuilder:resource:categories=pinniped,scope=Cluster
+// +kubebuilder:subresource:status
 type CredentialIssuer struct {
 	metav1.TypeMeta   `json:",inline"`
 	metav1.ObjectMeta `json:"metadata,omitempty"`
 
 	// Status of the credential issuer.
+	// +optional
 	Status CredentialIssuerStatus `json:"status"`
 }
 

apis/concierge/login/types_token.go.tmpl

@@ -27,7 +27,6 @@ type TokenCredentialRequestStatus struct {
 }
 
 // TokenCredentialRequest submits an IDP-specific credential to Pinniped in exchange for a cluster-specific credential.
-// +genclient
 // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
 type TokenCredentialRequest struct {
 	metav1.TypeMeta

apis/concierge/login/v1alpha1/types_token.go.tmpl

@@ -30,6 +30,7 @@ type TokenCredentialRequestStatus struct {
 
 // TokenCredentialRequest submits an IDP-specific credential to Pinniped in exchange for a cluster-specific credential.
 // +genclient
+// +genclient:nonNamespaced
 // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
 type TokenCredentialRequest struct {
 	metav1.TypeMeta   `json:",inline"`

apis/supervisor/config/v1alpha1/types_federationdomain.go.tmpl

@@ -109,6 +109,7 @@ type FederationDomainStatus struct {
 // +genclient
 // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
 // +kubebuilder:resource:categories=pinniped
+// +kubebuilder:subresource:status
 type FederationDomain struct {
 	metav1.TypeMeta   `json:",inline"`
 	metav1.ObjectMeta `json:"metadata,omitempty"`

cmd/pinniped-supervisor/main.go

@@ -175,8 +175,8 @@ func startControllers(
 						secretCache.SetTokenHMACKey(federationDomainIssuer, symmetricKey)
 					},
 				),
-				func(fd *configv1alpha1.FederationDomain) *corev1.LocalObjectReference {
+				func(fd *configv1alpha1.FederationDomainStatus) *corev1.LocalObjectReference {
-					return &fd.Status.Secrets.TokenSigningKey
+					return &fd.Secrets.TokenSigningKey
 				},
 				kubeClient,
 				pinnipedClient,
@@ -198,8 +198,8 @@ func startControllers(
 						secretCache.SetStateEncoderHashKey(federationDomainIssuer, symmetricKey)
 					},
 				),
-				func(fd *configv1alpha1.FederationDomain) *corev1.LocalObjectReference {
+				func(fd *configv1alpha1.FederationDomainStatus) *corev1.LocalObjectReference {
-					return &fd.Status.Secrets.StateSigningKey
+					return &fd.Secrets.StateSigningKey
 				},
 				kubeClient,
 				pinnipedClient,
@@ -221,8 +221,8 @@ func startControllers(
 						secretCache.SetStateEncoderBlockKey(federationDomainIssuer, symmetricKey)
 					},
 				),
-				func(fd *configv1alpha1.FederationDomain) *corev1.LocalObjectReference {
+				func(fd *configv1alpha1.FederationDomainStatus) *corev1.LocalObjectReference {
-					return &fd.Status.Secrets.StateEncryptionKey
+					return &fd.Secrets.StateEncryptionKey
 				},
 				kubeClient,
 				pinnipedClient,

cmd/pinniped/cmd/cobra_util.go

@@ -22,3 +22,9 @@ func mustMarkHidden(cmd *cobra.Command, flags ...string) {
 		}
 	}
 }
+
+func mustMarkDeprecated(cmd *cobra.Command, flag, usageMessage string) {
+	if err := cmd.Flags().MarkDeprecated(flag, usageMessage); err != nil {
+		panic(err)
+	}
+}

cmd/pinniped/cmd/kubeconfig.go

@@ -74,7 +74,6 @@ type getKubeconfigOIDCParams struct {
 
 type getKubeconfigConciergeParams struct {
 	disabled          bool
-	namespace         string
 	authenticatorName string
 	authenticatorType string
 	apiGroupSuffix    string
@@ -91,13 +90,14 @@ type getKubeconfigParams struct {
 
 func kubeconfigCommand(deps kubeconfigDeps) *cobra.Command {
 	var (
-		cmd = cobra.Command{
+		cmd = &cobra.Command{
 			Args:         cobra.NoArgs,
 			Use:          "kubeconfig",
 			Short:        "Generate a Pinniped-based kubeconfig for a cluster",
 			SilenceUsage: true,
 		}
 		flags     getKubeconfigParams
+		namespace string // unused now
 	)
 
 	f := cmd.Flags()
@@ -105,7 +105,7 @@ func kubeconfigCommand(deps kubeconfigDeps) *cobra.Command {
 	f.StringVar(&flags.staticTokenEnvName, "static-token-env", "", "Instead of doing an OIDC-based login, read a static token from the environment")
 
 	f.BoolVar(&flags.concierge.disabled, "no-concierge", false, "Generate a configuration which does not use the concierge, but sends the credential to the cluster directly")
-	f.StringVar(&flags.concierge.namespace, "concierge-namespace", "pinniped-concierge", "Namespace in which the concierge was installed")
+	f.StringVar(&namespace, "concierge-namespace", "pinniped-concierge", "Namespace in which the concierge was installed")
 	f.StringVar(&flags.concierge.authenticatorType, "concierge-authenticator-type", "", "Concierge authenticator type (e.g., 'webhook', 'jwt') (default: autodiscover)")
 	f.StringVar(&flags.concierge.authenticatorName, "concierge-authenticator-name", "", "Concierge authenticator name (default: autodiscover)")
 	f.StringVar(&flags.concierge.apiGroupSuffix, "concierge-api-group-suffix", "pinniped.dev", "Concierge API group suffix")
@@ -122,10 +122,13 @@ func kubeconfigCommand(deps kubeconfigDeps) *cobra.Command {
 	f.StringVar(&flags.kubeconfigPath, "kubeconfig", os.Getenv("KUBECONFIG"), "Path to kubeconfig file")
 	f.StringVar(&flags.kubeconfigContextOverride, "kubeconfig-context", "", "Kubeconfig context name (default: current active context)")
 
-	mustMarkHidden(&cmd, "oidc-debug-session-cache")
+	mustMarkHidden(cmd, "oidc-debug-session-cache")
+
+	mustMarkDeprecated(cmd, "concierge-namespace", "not needed anymore")
+	mustMarkHidden(cmd, "concierge-namespace")
 
 	cmd.RunE = func(cmd *cobra.Command, args []string) error { return runGetKubeconfig(cmd.OutOrStdout(), deps, flags) }
-	return &cmd
+	return cmd
 }
 
 //nolint:funlen
@@ -170,7 +173,6 @@ func runGetKubeconfig(out io.Writer, deps kubeconfigDeps, flags getKubeconfigPar
 	if !flags.concierge.disabled {
 		authenticator, err := lookupAuthenticator(
 			clientset,
-			flags.concierge.namespace,
 			flags.concierge.authenticatorType,
 			flags.concierge.authenticatorName,
 		)
@@ -260,7 +262,7 @@ func configureConcierge(authenticator metav1.Object, flags *getKubeconfigParams,
 		if *oidcCABundle == "" && auth.Spec.TLS != nil && auth.Spec.TLS.CertificateAuthorityData != "" {
 			decoded, err := base64.StdEncoding.DecodeString(auth.Spec.TLS.CertificateAuthorityData)
 			if err != nil {
-				return fmt.Errorf("tried to autodiscover --oidc-ca-bundle, but JWTAuthenticator %s/%s has invalid spec.tls.certificateAuthorityData: %w", auth.Namespace, auth.Name, err)
+				return fmt.Errorf("tried to autodiscover --oidc-ca-bundle, but JWTAuthenticator %s has invalid spec.tls.certificateAuthorityData: %w", auth.Name, err)
 			}
 			*oidcCABundle = string(decoded)
 		}
@@ -270,7 +272,6 @@ func configureConcierge(authenticator metav1.Object, flags *getKubeconfigParams,
 	execConfig.Args = append(execConfig.Args,
 		"--enable-concierge",
 		"--concierge-api-group-suffix="+flags.concierge.apiGroupSuffix,
-		"--concierge-namespace="+flags.concierge.namespace,
 		"--concierge-authenticator-name="+flags.concierge.authenticatorName,
 		"--concierge-authenticator-type="+flags.concierge.authenticatorType,
 		"--concierge-endpoint="+v1Cluster.Server,
@@ -306,7 +307,7 @@ func newExecKubeconfig(cluster *clientcmdapi.Cluster, execConfig *clientcmdapi.E
 	}
 }
 
-func lookupAuthenticator(clientset conciergeclientset.Interface, namespace, authType, authName string) (metav1.Object, error) {
+func lookupAuthenticator(clientset conciergeclientset.Interface, authType, authName string) (metav1.Object, error) {
 	ctx, cancelFunc := context.WithTimeout(context.Background(), time.Second*20)
 	defer cancelFunc()
 
@@ -314,9 +315,9 @@ func lookupAuthenticator(clientset conciergeclientset.Interface, namespace, auth
 	if authName != "" && authType != "" {
 		switch strings.ToLower(authType) {
 		case "webhook":
-			return clientset.AuthenticationV1alpha1().WebhookAuthenticators(namespace).Get(ctx, authName, metav1.GetOptions{})
+			return clientset.AuthenticationV1alpha1().WebhookAuthenticators().Get(ctx, authName, metav1.GetOptions{})
 		case "jwt":
-			return clientset.AuthenticationV1alpha1().JWTAuthenticators(namespace).Get(ctx, authName, metav1.GetOptions{})
+			return clientset.AuthenticationV1alpha1().JWTAuthenticators().Get(ctx, authName, metav1.GetOptions{})
 		default:
 			return nil, fmt.Errorf(`invalid authenticator type %q, supported values are "webhook" and "jwt"`, authType)
 		}
@@ -324,11 +325,11 @@ func lookupAuthenticator(clientset conciergeclientset.Interface, namespace, auth
 
 	// Otherwise list all the available authenticators and hope there's just a single one.
 
-	jwtAuths, err := clientset.AuthenticationV1alpha1().JWTAuthenticators(namespace).List(ctx, metav1.ListOptions{})
+	jwtAuths, err := clientset.AuthenticationV1alpha1().JWTAuthenticators().List(ctx, metav1.ListOptions{})
 	if err != nil {
 		return nil, fmt.Errorf("failed to list JWTAuthenticator objects for autodiscovery: %w", err)
 	}
-	webhooks, err := clientset.AuthenticationV1alpha1().WebhookAuthenticators(namespace).List(ctx, metav1.ListOptions{})
+	webhooks, err := clientset.AuthenticationV1alpha1().WebhookAuthenticators().List(ctx, metav1.ListOptions{})
 	if err != nil {
 		return nil, fmt.Errorf("failed to list WebhookAuthenticator objects for autodiscovery: %w", err)
 	}
@@ -341,10 +342,10 @@ func lookupAuthenticator(clientset conciergeclientset.Interface, namespace, auth
 		results = append(results, &webhooks.Items[i])
 	}
 	if len(results) == 0 {
-		return nil, fmt.Errorf("no authenticators were found in namespace %q (try setting --concierge-namespace)", namespace)
+		return nil, fmt.Errorf("no authenticators were found")
 	}
 	if len(results) > 1 {
-		return nil, fmt.Errorf("multiple authenticators were found in namespace %q, so the --concierge-authenticator-type/--concierge-authenticator-name flags must be specified", namespace)
+		return nil, fmt.Errorf("multiple authenticators were found, so the --concierge-authenticator-type/--concierge-authenticator-name flags must be specified")
 	}
 	return results[0], nil
 }

cmd/pinniped/cmd/kubeconfig_test.go

@@ -61,7 +61,6 @@ func TestGetKubeconfig(t *testing.T) {
 				      --concierge-api-group-suffix string     Concierge API group suffix (default "pinniped.dev")
 				      --concierge-authenticator-name string   Concierge authenticator name (default: autodiscover)
 				      --concierge-authenticator-type string   Concierge authenticator type (e.g., 'webhook', 'jwt') (default: autodiscover)
-				      --concierge-namespace string            Namespace in which the concierge was installed (default "pinniped-concierge")
 				  -h, --help                                  help for kubeconfig
 				      --kubeconfig string                     Path to kubeconfig file
 				      --kubeconfig-context string             Kubeconfig context name (default: current active context)
@@ -210,34 +209,32 @@ func TestGetKubeconfig(t *testing.T) {
 			},
 			wantError: true,
 			wantStderr: here.Doc(`
-				Error: no authenticators were found in namespace "pinniped-concierge" (try setting --concierge-namespace)
+				Error: no authenticators were found
 			`),
 		},
 		{
 			name: "fail to autodetect authenticator, multiple found",
 			args: []string{
 				"--kubeconfig", "./testdata/kubeconfig.yaml",
-				"--concierge-namespace", "test-namespace",
 			},
 			conciergeObjects: []runtime.Object{
-				&conciergev1alpha1.JWTAuthenticator{ObjectMeta: metav1.ObjectMeta{Name: "test-authenticator-1", Namespace: "test-namespace"}},
+				&conciergev1alpha1.JWTAuthenticator{ObjectMeta: metav1.ObjectMeta{Name: "test-authenticator-1"}},
-				&conciergev1alpha1.JWTAuthenticator{ObjectMeta: metav1.ObjectMeta{Name: "test-authenticator-2", Namespace: "test-namespace"}},
+				&conciergev1alpha1.JWTAuthenticator{ObjectMeta: metav1.ObjectMeta{Name: "test-authenticator-2"}},
-				&conciergev1alpha1.WebhookAuthenticator{ObjectMeta: metav1.ObjectMeta{Name: "test-authenticator-3", Namespace: "test-namespace"}},
+				&conciergev1alpha1.WebhookAuthenticator{ObjectMeta: metav1.ObjectMeta{Name: "test-authenticator-3"}},
-				&conciergev1alpha1.WebhookAuthenticator{ObjectMeta: metav1.ObjectMeta{Name: "test-authenticator-4", Namespace: "test-namespace"}},
+				&conciergev1alpha1.WebhookAuthenticator{ObjectMeta: metav1.ObjectMeta{Name: "test-authenticator-4"}},
 			},
 			wantError: true,
 			wantStderr: here.Doc(`
-				Error: multiple authenticators were found in namespace "test-namespace", so the --concierge-authenticator-type/--concierge-authenticator-name flags must be specified
+				Error: multiple authenticators were found, so the --concierge-authenticator-type/--concierge-authenticator-name flags must be specified
 			`),
 		},
 		{
 			name: "autodetect webhook authenticator, missing --oidc-issuer",
 			args: []string{
 				"--kubeconfig", "./testdata/kubeconfig.yaml",
-				"--concierge-namespace", "test-namespace",
 			},
 			conciergeObjects: []runtime.Object{
-				&conciergev1alpha1.WebhookAuthenticator{ObjectMeta: metav1.ObjectMeta{Name: "test-authenticator", Namespace: "test-namespace"}},
+				&conciergev1alpha1.WebhookAuthenticator{ObjectMeta: metav1.ObjectMeta{Name: "test-authenticator"}},
 			},
 			wantError: true,
 			wantStderr: here.Doc(`
@@ -248,11 +245,10 @@ func TestGetKubeconfig(t *testing.T) {
 			name: "autodetect JWT authenticator, invalid TLS bundle",
 			args: []string{
 				"--kubeconfig", "./testdata/kubeconfig.yaml",
-				"--concierge-namespace", "test-namespace",
 			},
 			conciergeObjects: []runtime.Object{
 				&conciergev1alpha1.JWTAuthenticator{
-					ObjectMeta: metav1.ObjectMeta{Name: "test-authenticator", Namespace: "test-namespace"},
+					ObjectMeta: metav1.ObjectMeta{Name: "test-authenticator"},
 					Spec: conciergev1alpha1.JWTAuthenticatorSpec{
 						TLS: &conciergev1alpha1.TLSSpec{
 							CertificateAuthorityData: "invalid-base64",
@@ -262,19 +258,18 @@ func TestGetKubeconfig(t *testing.T) {
 			},
 			wantError: true,
 			wantStderr: here.Doc(`
-				Error: tried to autodiscover --oidc-ca-bundle, but JWTAuthenticator test-namespace/test-authenticator has invalid spec.tls.certificateAuthorityData: illegal base64 data at input byte 7
+				Error: tried to autodiscover --oidc-ca-bundle, but JWTAuthenticator test-authenticator has invalid spec.tls.certificateAuthorityData: illegal base64 data at input byte 7
 			`),
 		},
 		{
 			name: "invalid static token flags",
 			args: []string{
 				"--kubeconfig", "./testdata/kubeconfig.yaml",
-				"--concierge-namespace", "test-namespace",
 				"--static-token", "test-token",
 				"--static-token-env", "TEST_TOKEN",
 			},
 			conciergeObjects: []runtime.Object{
-				&conciergev1alpha1.WebhookAuthenticator{ObjectMeta: metav1.ObjectMeta{Name: "test-authenticator", Namespace: "test-namespace"}},
+				&conciergev1alpha1.WebhookAuthenticator{ObjectMeta: metav1.ObjectMeta{Name: "test-authenticator"}},
 			},
 			wantError: true,
 			wantStderr: here.Doc(`
@@ -295,11 +290,10 @@ func TestGetKubeconfig(t *testing.T) {
 			name: "valid static token",
 			args: []string{
 				"--kubeconfig", "./testdata/kubeconfig.yaml",
-				"--concierge-namespace", "test-namespace",
 				"--static-token", "test-token",
 			},
 			conciergeObjects: []runtime.Object{
-				&conciergev1alpha1.WebhookAuthenticator{ObjectMeta: metav1.ObjectMeta{Name: "test-authenticator", Namespace: "test-namespace"}},
+				&conciergev1alpha1.WebhookAuthenticator{ObjectMeta: metav1.ObjectMeta{Name: "test-authenticator"}},
 			},
 			wantStdout: here.Doc(`
         		apiVersion: v1
@@ -326,7 +320,6 @@ func TestGetKubeconfig(t *testing.T) {
         		      - static
         		      - --enable-concierge
         		      - --concierge-api-group-suffix=pinniped.dev
-        		      - --concierge-namespace=test-namespace
         		      - --concierge-authenticator-name=test-authenticator
         		      - --concierge-authenticator-type=webhook
         		      - --concierge-endpoint=https://fake-server-url-value
@@ -341,11 +334,10 @@ func TestGetKubeconfig(t *testing.T) {
 			name: "valid static token from env var",
 			args: []string{
 				"--kubeconfig", "./testdata/kubeconfig.yaml",
-				"--concierge-namespace", "test-namespace",
 				"--static-token-env", "TEST_TOKEN",
 			},
 			conciergeObjects: []runtime.Object{
-				&conciergev1alpha1.WebhookAuthenticator{ObjectMeta: metav1.ObjectMeta{Name: "test-authenticator", Namespace: "test-namespace"}},
+				&conciergev1alpha1.WebhookAuthenticator{ObjectMeta: metav1.ObjectMeta{Name: "test-authenticator"}},
 			},
 			wantStdout: here.Doc(`
         		apiVersion: v1
@@ -372,7 +364,6 @@ func TestGetKubeconfig(t *testing.T) {
         		      - static
         		      - --enable-concierge
         		      - --concierge-api-group-suffix=pinniped.dev
-        		      - --concierge-namespace=test-namespace
         		      - --concierge-authenticator-name=test-authenticator
         		      - --concierge-authenticator-type=webhook
         		      - --concierge-endpoint=https://fake-server-url-value
@@ -390,7 +381,7 @@ func TestGetKubeconfig(t *testing.T) {
 			},
 			conciergeObjects: []runtime.Object{
 				&conciergev1alpha1.JWTAuthenticator{
-					ObjectMeta: metav1.ObjectMeta{Name: "test-authenticator", Namespace: "pinniped-concierge"},
+					ObjectMeta: metav1.ObjectMeta{Name: "test-authenticator"},
 					Spec: conciergev1alpha1.JWTAuthenticatorSpec{
 						Issuer:   "https://example.com/issuer",
 						Audience: "test-audience",
@@ -425,7 +416,6 @@ func TestGetKubeconfig(t *testing.T) {
         		      - oidc
         		      - --enable-concierge
         		      - --concierge-api-group-suffix=pinniped.dev
-        		      - --concierge-namespace=pinniped-concierge
         		      - --concierge-authenticator-name=test-authenticator
         		      - --concierge-authenticator-type=jwt
         		      - --concierge-endpoint=https://fake-server-url-value
@@ -457,7 +447,7 @@ func TestGetKubeconfig(t *testing.T) {
 			},
 			conciergeObjects: []runtime.Object{
 				&conciergev1alpha1.WebhookAuthenticator{
-					ObjectMeta: metav1.ObjectMeta{Name: "test-authenticator", Namespace: "pinniped-concierge"},
+					ObjectMeta: metav1.ObjectMeta{Name: "test-authenticator"},
 				},
 			},
 			wantStdout: here.Docf(`
@@ -485,7 +475,6 @@ func TestGetKubeconfig(t *testing.T) {
         		      - oidc
         		      - --enable-concierge
         		      - --concierge-api-group-suffix=tuna.io
-        		      - --concierge-namespace=pinniped-concierge
         		      - --concierge-authenticator-name=test-authenticator
         		      - --concierge-authenticator-type=webhook
         		      - --concierge-endpoint=https://fake-server-url-value

cmd/pinniped/cmd/login_oidc.go

@@ -59,7 +59,6 @@ type oidcLoginFlags struct {
 	debugSessionCache          bool
 	requestAudience            string
 	conciergeEnabled           bool
-	conciergeNamespace         string
 	conciergeAuthenticatorType string
 	conciergeAuthenticatorName string
 	conciergeEndpoint          string
@@ -69,13 +68,14 @@ type oidcLoginFlags struct {
 
 func oidcLoginCommand(deps oidcLoginCommandDeps) *cobra.Command {
 	var (
-		cmd = cobra.Command{
+		cmd = &cobra.Command{
 			Args:         cobra.NoArgs,
 			Use:          "oidc --issuer ISSUER",
 			Short:        "Login using an OpenID Connect provider",
 			SilenceUsage: true,
 		}
 		flags              oidcLoginFlags
+		conciergeNamespace string // unused now
 	)
 	cmd.Flags().StringVar(&flags.issuer, "issuer", "", "OpenID Connect issuer URL")
 	cmd.Flags().StringVar(&flags.clientID, "client-id", "pinniped-cli", "OpenID Connect client ID")
@@ -88,17 +88,21 @@ func oidcLoginCommand(deps oidcLoginCommandDeps) *cobra.Command {
 	cmd.Flags().BoolVar(&flags.debugSessionCache, "debug-session-cache", false, "Print debug logs related to the session cache")
 	cmd.Flags().StringVar(&flags.requestAudience, "request-audience", "", "Request a token with an alternate audience using RFC8693 token exchange")
 	cmd.Flags().BoolVar(&flags.conciergeEnabled, "enable-concierge", false, "Exchange the OIDC ID token with the Pinniped concierge during login")
-	cmd.Flags().StringVar(&flags.conciergeNamespace, "concierge-namespace", "pinniped-concierge", "Namespace in which the concierge was installed")
+	cmd.Flags().StringVar(&conciergeNamespace, "concierge-namespace", "pinniped-concierge", "Namespace in which the concierge was installed")
 	cmd.Flags().StringVar(&flags.conciergeAuthenticatorType, "concierge-authenticator-type", "", "Concierge authenticator type (e.g., 'webhook', 'jwt')")
 	cmd.Flags().StringVar(&flags.conciergeAuthenticatorName, "concierge-authenticator-name", "", "Concierge authenticator name")
 	cmd.Flags().StringVar(&flags.conciergeEndpoint, "concierge-endpoint", "", "API base for the Pinniped concierge endpoint")
 	cmd.Flags().StringVar(&flags.conciergeCABundle, "concierge-ca-bundle-data", "", "CA bundle to use when connecting to the concierge")
 	cmd.Flags().StringVar(&flags.conciergeAPIGroupSuffix, "concierge-api-group-suffix", "pinniped.dev", "Concierge API group suffix")
 
-	mustMarkHidden(&cmd, "debug-session-cache")
+	mustMarkHidden(cmd, "debug-session-cache")
-	mustMarkRequired(&cmd, "issuer")
+	mustMarkRequired(cmd, "issuer")
 	cmd.RunE = func(cmd *cobra.Command, args []string) error { return runOIDCLogin(cmd, deps, flags) }
-	return &cmd
+
+	mustMarkDeprecated(cmd, "concierge-namespace", "not needed anymore")
+	mustMarkHidden(cmd, "concierge-namespace")
+
+	return cmd
 }
 
 func runOIDCLogin(cmd *cobra.Command, deps oidcLoginCommandDeps, flags oidcLoginFlags) error {
@@ -133,7 +137,6 @@ func runOIDCLogin(cmd *cobra.Command, deps oidcLoginCommandDeps, flags oidcLogin
 	if flags.conciergeEnabled {
 		var err error
 		concierge, err = conciergeclient.New(
-			conciergeclient.WithNamespace(flags.conciergeNamespace),
 			conciergeclient.WithEndpoint(flags.conciergeEndpoint),
 			conciergeclient.WithBase64CABundle(flags.conciergeCABundle),
 			conciergeclient.WithAuthenticator(flags.conciergeAuthenticatorType, flags.conciergeAuthenticatorName),

cmd/pinniped/cmd/login_oidc_test.go

@@ -65,7 +65,6 @@ func TestLoginOIDCCommand(t *testing.T) {
 				      --concierge-authenticator-type string   Concierge authenticator type (e.g., 'webhook', 'jwt')
 				      --concierge-ca-bundle-data string       CA bundle to use when connecting to the concierge
 				      --concierge-endpoint string             API base for the Pinniped concierge endpoint
-				      --concierge-namespace string            Namespace in which the concierge was installed (default "pinniped-concierge")
 				      --enable-concierge                      Exchange the OIDC ID token with the Pinniped concierge during login
 				  -h, --help                                  help for oidc
 				      --issuer string                         OpenID Connect issuer URL
@@ -186,7 +185,6 @@ func TestLoginOIDCCommand(t *testing.T) {
 				"--ca-bundle-data", base64.StdEncoding.EncodeToString(testCA.Bundle()),
 				"--ca-bundle", testCABundlePath,
 				"--enable-concierge",
-				"--concierge-namespace", "test-namespace",
 				"--concierge-authenticator-type", "webhook",
 				"--concierge-authenticator-name", "test-authenticator",
 				"--concierge-endpoint", "https://127.0.0.1:1234/",

cmd/pinniped/cmd/login_static.go

@@ -41,7 +41,6 @@ type staticLoginParams struct {
 	staticToken                string
 	staticTokenEnvName         string
 	conciergeEnabled           bool
-	conciergeNamespace         string
 	conciergeAuthenticatorType string
 	conciergeAuthenticatorName string
 	conciergeEndpoint          string
@@ -51,25 +50,30 @@ type staticLoginParams struct {
 
 func staticLoginCommand(deps staticLoginDeps) *cobra.Command {
 	var (
-		cmd = cobra.Command{
+		cmd = &cobra.Command{
 			Args:         cobra.NoArgs,
 			Use:          "static [--token TOKEN] [--token-env TOKEN_NAME]",
 			Short:        "Login using a static token",
 			SilenceUsage: true,
 		}
 		flags              staticLoginParams
+		conciergeNamespace string // unused now
 	)
 	cmd.Flags().StringVar(&flags.staticToken, "token", "", "Static token to present during login")
 	cmd.Flags().StringVar(&flags.staticTokenEnvName, "token-env", "", "Environment variable containing a static token")
 	cmd.Flags().BoolVar(&flags.conciergeEnabled, "enable-concierge", false, "Exchange the token with the Pinniped concierge during login")
-	cmd.Flags().StringVar(&flags.conciergeNamespace, "concierge-namespace", "pinniped-concierge", "Namespace in which the concierge was installed")
+	cmd.Flags().StringVar(&conciergeNamespace, "concierge-namespace", "pinniped-concierge", "Namespace in which the concierge was installed")
 	cmd.Flags().StringVar(&flags.conciergeAuthenticatorType, "concierge-authenticator-type", "", "Concierge authenticator type (e.g., 'webhook', 'jwt')")
 	cmd.Flags().StringVar(&flags.conciergeAuthenticatorName, "concierge-authenticator-name", "", "Concierge authenticator name")
 	cmd.Flags().StringVar(&flags.conciergeEndpoint, "concierge-endpoint", "", "API base for the Pinniped concierge endpoint")
 	cmd.Flags().StringVar(&flags.conciergeCABundle, "concierge-ca-bundle-data", "", "CA bundle to use when connecting to the concierge")
 	cmd.Flags().StringVar(&flags.conciergeAPIGroupSuffix, "concierge-api-group-suffix", "pinniped.dev", "Concierge API group suffix")
 	cmd.RunE = func(cmd *cobra.Command, args []string) error { return runStaticLogin(cmd.OutOrStdout(), deps, flags) }
-	return &cmd
+
+	mustMarkDeprecated(cmd, "concierge-namespace", "not needed anymore")
+	mustMarkHidden(cmd, "concierge-namespace")
+
+	return cmd
 }
 
 func runStaticLogin(out io.Writer, deps staticLoginDeps, flags staticLoginParams) error {
@@ -81,7 +85,6 @@ func runStaticLogin(out io.Writer, deps staticLoginDeps, flags staticLoginParams
 	if flags.conciergeEnabled {
 		var err error
 		concierge, err = conciergeclient.New(
-			conciergeclient.WithNamespace(flags.conciergeNamespace),
 			conciergeclient.WithEndpoint(flags.conciergeEndpoint),
 			conciergeclient.WithBase64CABundle(flags.conciergeCABundle),
 			conciergeclient.WithAuthenticator(flags.conciergeAuthenticatorType, flags.conciergeAuthenticatorName),

cmd/pinniped/cmd/login_static_test.go

@@ -56,7 +56,6 @@ func TestLoginStaticCommand(t *testing.T) {
 				      --concierge-authenticator-type string   Concierge authenticator type (e.g., 'webhook', 'jwt')
 				      --concierge-ca-bundle-data string       CA bundle to use when connecting to the concierge
 				      --concierge-endpoint string             API base for the Pinniped concierge endpoint
-				      --concierge-namespace string            Namespace in which the concierge was installed (default "pinniped-concierge")
 				      --enable-concierge                      Exchange the token with the Pinniped concierge during login
 				  -h, --help                                  help for static
 				      --token string                          Static token to present during login

deploy/concierge/authentication.concierge.pinniped.dev_jwtauthenticators.yaml

@@ -18,7 +18,7 @@ spec:
     listKind: JWTAuthenticatorList
     plural: jwtauthenticators
     singular: jwtauthenticator
-  scope: Namespaced
+  scope: Cluster
   versions:
   - additionalPrinterColumns:
     - jsonPath: .spec.issuer
@@ -161,7 +161,8 @@ spec:
         type: object
     served: true
     storage: true
-    subresources: {}
+    subresources:
+      status: {}
 status:
   acceptedNames:
     kind: ""

deploy/concierge/authentication.concierge.pinniped.dev_webhookauthenticators.yaml

@@ -18,7 +18,7 @@ spec:
     listKind: WebhookAuthenticatorList
     plural: webhookauthenticators
     singular: webhookauthenticator
-  scope: Namespaced
+  scope: Cluster
   versions:
   - additionalPrinterColumns:
     - jsonPath: .spec.endpoint
@@ -137,7 +137,8 @@ spec:
         type: object
     served: true
     storage: true
-    subresources: {}
+    subresources:
+      status: {}
 status:
   acceptedNames:
     kind: ""

deploy/concierge/config.concierge.pinniped.dev_credentialissuers.yaml

@@ -16,7 +16,7 @@ spec:
     listKind: CredentialIssuerList
     plural: credentialissuers
     singular: credentialissuer
-  scope: Namespaced
+  scope: Cluster
   versions:
   - name: v1alpha1
     schema:
@@ -98,11 +98,11 @@ spec:
             required:
             - strategies
             type: object
-        required:
-        - status
         type: object
     served: true
     storage: true
+    subresources:
+      status: {}
 status:
   acceptedNames:
     kind: ""

deploy/concierge/rbac.yaml

@@ -17,7 +17,7 @@ rules:
     verbs: [ get, list, watch ]
   - apiGroups: [ apiregistration.k8s.io ]
     resources: [ apiservices ]
-    verbs: [ create, get, list, patch, update, watch ]
+    verbs: [ get, list, patch, update, watch ]
   - apiGroups: [ admissionregistration.k8s.io ]
     resources: [ validatingwebhookconfigurations, mutatingwebhookconfigurations ]
     verbs: [ get, list, watch ]
@@ -31,6 +31,18 @@ rules:
     resources: [ securitycontextconstraints ]
     verbs: [ use ]
     resourceNames: [ nonroot ]
+  - apiGroups:
+      - #@ pinnipedDevAPIGroupWithPrefix("config.concierge")
+    resources: [ credentialissuers ]
+    verbs: [ get, list, watch, create ]
+  - apiGroups:
+      - #@ pinnipedDevAPIGroupWithPrefix("config.concierge")
+    resources: [ credentialissuers/status ]
+    verbs: [get, patch, update]
+  - apiGroups:
+      - #@ pinnipedDevAPIGroupWithPrefix("authentication.concierge")
+    resources: [ jwtauthenticators, webhookauthenticators ]
+    verbs: [ get, list, watch ]
 ---
 kind: ClusterRoleBinding
 apiVersion: rbac.authorization.k8s.io/v1
@@ -69,11 +81,6 @@ rules:
   - apiGroups: [ "" ]
     resources: [ pods/exec ]
     verbs: [ create ]
-  - apiGroups:
-      - #@ pinnipedDevAPIGroupWithPrefix("config.concierge")
-      - #@ pinnipedDevAPIGroupWithPrefix("authentication.concierge")
-    resources: [ "*" ]
-    verbs: [ create, get, list, update, watch ]
   - apiGroups: [apps]
     resources: [replicasets,deployments]
     verbs: [get]

deploy/supervisor/config.supervisor.pinniped.dev_federationdomains.yaml

@@ -150,6 +150,8 @@ spec:
         type: object
     served: true
     storage: true
+    subresources:
+      status: {}
 status:
   acceptedNames:
     kind: ""

deploy/supervisor/rbac.yaml

@@ -19,7 +19,11 @@ rules:
   - apiGroups:
       - #@ pinnipedDevAPIGroupWithPrefix("config.supervisor")
     resources: [federationdomains]
-    verbs: [update, get, list, watch]
+    verbs: [get, list, watch]
+  - apiGroups:
+      - #@ pinnipedDevAPIGroupWithPrefix("config.supervisor")
+    resources: [federationdomains/status]
+    verbs: [get, patch, update]
   - apiGroups:
       - #@ pinnipedDevAPIGroupWithPrefix("idp.supervisor")
     resources: [oidcidentityproviders]

generated/1.17/apis/concierge/authentication/v1alpha1/types_jwt.go

@@ -57,9 +57,11 @@ type JWTTokenClaims struct {
 // signature, existence of claims, etc.) and extract the username and groups from the token.
 //
 // +genclient
+// +genclient:nonNamespaced
 // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
-// +kubebuilder:resource:categories=pinniped;pinniped-authenticator;pinniped-authenticators
+// +kubebuilder:resource:categories=pinniped;pinniped-authenticator;pinniped-authenticators,scope=Cluster
 // +kubebuilder:printcolumn:name="Issuer",type=string,JSONPath=`.spec.issuer`
+// +kubebuilder:subresource:status
 type JWTAuthenticator struct {
 	metav1.TypeMeta   `json:",inline"`
 	metav1.ObjectMeta `json:"metadata,omitempty"`

generated/1.17/apis/concierge/authentication/v1alpha1/types_webhook.go

@@ -29,9 +29,11 @@ type WebhookAuthenticatorSpec struct {
 
 // WebhookAuthenticator describes the configuration of a webhook authenticator.
 // +genclient
+// +genclient:nonNamespaced
 // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
-// +kubebuilder:resource:categories=pinniped;pinniped-authenticator;pinniped-authenticators
+// +kubebuilder:resource:categories=pinniped;pinniped-authenticator;pinniped-authenticators,scope=Cluster
 // +kubebuilder:printcolumn:name="Endpoint",type=string,JSONPath=`.spec.endpoint`
+// +kubebuilder:subresource:status
 type WebhookAuthenticator struct {
 	metav1.TypeMeta   `json:",inline"`
 	metav1.ObjectMeta `json:"metadata,omitempty"`

generated/1.17/apis/concierge/config/v1alpha1/types_credentialissuer.go

@@ -67,13 +67,16 @@ type CredentialIssuerStrategy struct {
 
 // Describes the configuration status of a Pinniped credential issuer.
 // +genclient
+// +genclient:nonNamespaced
 // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
-// +kubebuilder:resource:categories=pinniped
+// +kubebuilder:resource:categories=pinniped,scope=Cluster
+// +kubebuilder:subresource:status
 type CredentialIssuer struct {
 	metav1.TypeMeta   `json:",inline"`
 	metav1.ObjectMeta `json:"metadata,omitempty"`
 
 	// Status of the credential issuer.
+	// +optional
 	Status CredentialIssuerStatus `json:"status"`
 }
 

generated/1.17/apis/concierge/login/types_token.go

@@ -27,7 +27,6 @@ type TokenCredentialRequestStatus struct {
 }
 
 // TokenCredentialRequest submits an IDP-specific credential to Pinniped in exchange for a cluster-specific credential.
-// +genclient
 // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
 type TokenCredentialRequest struct {
 	metav1.TypeMeta

generated/1.17/apis/concierge/login/v1alpha1/types_token.go

@@ -30,6 +30,7 @@ type TokenCredentialRequestStatus struct {
 
 // TokenCredentialRequest submits an IDP-specific credential to Pinniped in exchange for a cluster-specific credential.
 // +genclient
+// +genclient:nonNamespaced
 // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
 type TokenCredentialRequest struct {
 	metav1.TypeMeta   `json:",inline"`

generated/1.17/apis/supervisor/config/v1alpha1/types_federationdomain.go

@@ -109,6 +109,7 @@ type FederationDomainStatus struct {
 // +genclient
 // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
 // +kubebuilder:resource:categories=pinniped
+// +kubebuilder:subresource:status
 type FederationDomain struct {
 	metav1.TypeMeta   `json:",inline"`
 	metav1.ObjectMeta `json:"metadata,omitempty"`

generated/1.17/client/concierge/clientset/versioned/typed/authentication/v1alpha1/authentication_client.go

@@ -22,12 +22,12 @@ type AuthenticationV1alpha1Client struct {
 	restClient rest.Interface
 }
 
-func (c *AuthenticationV1alpha1Client) JWTAuthenticators(namespace string) JWTAuthenticatorInterface {
+func (c *AuthenticationV1alpha1Client) JWTAuthenticators() JWTAuthenticatorInterface {
-	return newJWTAuthenticators(c, namespace)
+	return newJWTAuthenticators(c)
 }
 
-func (c *AuthenticationV1alpha1Client) WebhookAuthenticators(namespace string) WebhookAuthenticatorInterface {
+func (c *AuthenticationV1alpha1Client) WebhookAuthenticators() WebhookAuthenticatorInterface {
-	return newWebhookAuthenticators(c, namespace)
+	return newWebhookAuthenticators(c)
 }
 
 // NewForConfig creates a new AuthenticationV1alpha1Client for the given config.

generated/1.17/client/concierge/clientset/versioned/typed/authentication/v1alpha1/fake/fake_authentication_client.go

@@ -15,12 +15,12 @@ type FakeAuthenticationV1alpha1 struct {
 	*testing.Fake
 }
 
-func (c *FakeAuthenticationV1alpha1) JWTAuthenticators(namespace string) v1alpha1.JWTAuthenticatorInterface {
+func (c *FakeAuthenticationV1alpha1) JWTAuthenticators() v1alpha1.JWTAuthenticatorInterface {
-	return &FakeJWTAuthenticators{c, namespace}
+	return &FakeJWTAuthenticators{c}
 }
 
-func (c *FakeAuthenticationV1alpha1) WebhookAuthenticators(namespace string) v1alpha1.WebhookAuthenticatorInterface {
+func (c *FakeAuthenticationV1alpha1) WebhookAuthenticators() v1alpha1.WebhookAuthenticatorInterface {
-	return &FakeWebhookAuthenticators{c, namespace}
+	return &FakeWebhookAuthenticators{c}
 }
 
 // RESTClient returns a RESTClient that is used to communicate

generated/1.17/client/concierge/clientset/versioned/typed/authentication/v1alpha1/fake/fake_jwtauthenticator.go

@@ -18,7 +18,6 @@ import (
 // FakeJWTAuthenticators implements JWTAuthenticatorInterface
 type FakeJWTAuthenticators struct {
 	Fake *FakeAuthenticationV1alpha1
-	ns   string
 }
 
 var jwtauthenticatorsResource = schema.GroupVersionResource{Group: "authentication.concierge.pinniped.dev", Version: "v1alpha1", Resource: "jwtauthenticators"}
@@ -28,8 +27,7 @@ var jwtauthenticatorsKind = schema.GroupVersionKind{Group: "authentication.conci
 // Get takes name of the jWTAuthenticator, and returns the corresponding jWTAuthenticator object, and an error if there is any.
 func (c *FakeJWTAuthenticators) Get(name string, options v1.GetOptions) (result *v1alpha1.JWTAuthenticator, err error) {
 	obj, err := c.Fake.
-		Invokes(testing.NewGetAction(jwtauthenticatorsResource, c.ns, name), &v1alpha1.JWTAuthenticator{})
+		Invokes(testing.NewRootGetAction(jwtauthenticatorsResource, name), &v1alpha1.JWTAuthenticator{})
-
 	if obj == nil {
 		return nil, err
 	}
@@ -39,8 +37,7 @@ func (c *FakeJWTAuthenticators) Get(name string, options v1.GetOptions) (result
 // List takes label and field selectors, and returns the list of JWTAuthenticators that match those selectors.
 func (c *FakeJWTAuthenticators) List(opts v1.ListOptions) (result *v1alpha1.JWTAuthenticatorList, err error) {
 	obj, err := c.Fake.
-		Invokes(testing.NewListAction(jwtauthenticatorsResource, jwtauthenticatorsKind, c.ns, opts), &v1alpha1.JWTAuthenticatorList{})
+		Invokes(testing.NewRootListAction(jwtauthenticatorsResource, jwtauthenticatorsKind, opts), &v1alpha1.JWTAuthenticatorList{})
-
 	if obj == nil {
 		return nil, err
 	}
@@ -61,15 +58,13 @@ func (c *FakeJWTAuthenticators) List(opts v1.ListOptions) (result *v1alpha1.JWTA
 // Watch returns a watch.Interface that watches the requested jWTAuthenticators.
 func (c *FakeJWTAuthenticators) Watch(opts v1.ListOptions) (watch.Interface, error) {
 	return c.Fake.
-		InvokesWatch(testing.NewWatchAction(jwtauthenticatorsResource, c.ns, opts))
+		InvokesWatch(testing.NewRootWatchAction(jwtauthenticatorsResource, opts))
-
 }
 
 // Create takes the representation of a jWTAuthenticator and creates it.  Returns the server's representation of the jWTAuthenticator, and an error, if there is any.
 func (c *FakeJWTAuthenticators) Create(jWTAuthenticator *v1alpha1.JWTAuthenticator) (result *v1alpha1.JWTAuthenticator, err error) {
 	obj, err := c.Fake.
-		Invokes(testing.NewCreateAction(jwtauthenticatorsResource, c.ns, jWTAuthenticator), &v1alpha1.JWTAuthenticator{})
+		Invokes(testing.NewRootCreateAction(jwtauthenticatorsResource, jWTAuthenticator), &v1alpha1.JWTAuthenticator{})
-
 	if obj == nil {
 		return nil, err
 	}
@@ -79,8 +74,7 @@ func (c *FakeJWTAuthenticators) Create(jWTAuthenticator *v1alpha1.JWTAuthenticat
 // Update takes the representation of a jWTAuthenticator and updates it. Returns the server's representation of the jWTAuthenticator, and an error, if there is any.
 func (c *FakeJWTAuthenticators) Update(jWTAuthenticator *v1alpha1.JWTAuthenticator) (result *v1alpha1.JWTAuthenticator, err error) {
 	obj, err := c.Fake.
-		Invokes(testing.NewUpdateAction(jwtauthenticatorsResource, c.ns, jWTAuthenticator), &v1alpha1.JWTAuthenticator{})
+		Invokes(testing.NewRootUpdateAction(jwtauthenticatorsResource, jWTAuthenticator), &v1alpha1.JWTAuthenticator{})
-
 	if obj == nil {
 		return nil, err
 	}
@@ -91,8 +85,7 @@ func (c *FakeJWTAuthenticators) Update(jWTAuthenticator *v1alpha1.JWTAuthenticat
 // Add a +genclient:noStatus comment above the type to avoid generating UpdateStatus().
 func (c *FakeJWTAuthenticators) UpdateStatus(jWTAuthenticator *v1alpha1.JWTAuthenticator) (*v1alpha1.JWTAuthenticator, error) {
 	obj, err := c.Fake.
-		Invokes(testing.NewUpdateSubresourceAction(jwtauthenticatorsResource, "status", c.ns, jWTAuthenticator), &v1alpha1.JWTAuthenticator{})
+		Invokes(testing.NewRootUpdateSubresourceAction(jwtauthenticatorsResource, "status", jWTAuthenticator), &v1alpha1.JWTAuthenticator{})
-
 	if obj == nil {
 		return nil, err
 	}
@@ -102,14 +95,13 @@ func (c *FakeJWTAuthenticators) UpdateStatus(jWTAuthenticator *v1alpha1.JWTAuthe
 // Delete takes name of the jWTAuthenticator and deletes it. Returns an error if one occurs.
 func (c *FakeJWTAuthenticators) Delete(name string, options *v1.DeleteOptions) error {
 	_, err := c.Fake.
-		Invokes(testing.NewDeleteAction(jwtauthenticatorsResource, c.ns, name), &v1alpha1.JWTAuthenticator{})
+		Invokes(testing.NewRootDeleteAction(jwtauthenticatorsResource, name), &v1alpha1.JWTAuthenticator{})
-
 	return err
 }
 
 // DeleteCollection deletes a collection of objects.
 func (c *FakeJWTAuthenticators) DeleteCollection(options *v1.DeleteOptions, listOptions v1.ListOptions) error {
-	action := testing.NewDeleteCollectionAction(jwtauthenticatorsResource, c.ns, listOptions)
+	action := testing.NewRootDeleteCollectionAction(jwtauthenticatorsResource, listOptions)
 
 	_, err := c.Fake.Invokes(action, &v1alpha1.JWTAuthenticatorList{})
 	return err
@@ -118,8 +110,7 @@ func (c *FakeJWTAuthenticators) DeleteCollection(options *v1.DeleteOptions, list
 // Patch applies the patch and returns the patched jWTAuthenticator.
 func (c *FakeJWTAuthenticators) Patch(name string, pt types.PatchType, data []byte, subresources ...string) (result *v1alpha1.JWTAuthenticator, err error) {
 	obj, err := c.Fake.
-		Invokes(testing.NewPatchSubresourceAction(jwtauthenticatorsResource, c.ns, name, pt, data, subresources...), &v1alpha1.JWTAuthenticator{})
+		Invokes(testing.NewRootPatchSubresourceAction(jwtauthenticatorsResource, name, pt, data, subresources...), &v1alpha1.JWTAuthenticator{})
-
 	if obj == nil {
 		return nil, err
 	}

generated/1.17/client/concierge/clientset/versioned/typed/authentication/v1alpha1/fake/fake_webhookauthenticator.go

@@ -18,7 +18,6 @@ import (
 // FakeWebhookAuthenticators implements WebhookAuthenticatorInterface
 type FakeWebhookAuthenticators struct {
 	Fake *FakeAuthenticationV1alpha1
-	ns   string
 }
 
 var webhookauthenticatorsResource = schema.GroupVersionResource{Group: "authentication.concierge.pinniped.dev", Version: "v1alpha1", Resource: "webhookauthenticators"}
@@ -28,8 +27,7 @@ var webhookauthenticatorsKind = schema.GroupVersionKind{Group: "authentication.c
 // Get takes name of the webhookAuthenticator, and returns the corresponding webhookAuthenticator object, and an error if there is any.
 func (c *FakeWebhookAuthenticators) Get(name string, options v1.GetOptions) (result *v1alpha1.WebhookAuthenticator, err error) {
 	obj, err := c.Fake.
-		Invokes(testing.NewGetAction(webhookauthenticatorsResource, c.ns, name), &v1alpha1.WebhookAuthenticator{})
+		Invokes(testing.NewRootGetAction(webhookauthenticatorsResource, name), &v1alpha1.WebhookAuthenticator{})
-
 	if obj == nil {
 		return nil, err
 	}
@@ -39,8 +37,7 @@ func (c *FakeWebhookAuthenticators) Get(name string, options v1.GetOptions) (res
 // List takes label and field selectors, and returns the list of WebhookAuthenticators that match those selectors.
 func (c *FakeWebhookAuthenticators) List(opts v1.ListOptions) (result *v1alpha1.WebhookAuthenticatorList, err error) {
 	obj, err := c.Fake.
-		Invokes(testing.NewListAction(webhookauthenticatorsResource, webhookauthenticatorsKind, c.ns, opts), &v1alpha1.WebhookAuthenticatorList{})
+		Invokes(testing.NewRootListAction(webhookauthenticatorsResource, webhookauthenticatorsKind, opts), &v1alpha1.WebhookAuthenticatorList{})
-
 	if obj == nil {
 		return nil, err
 	}
@@ -61,15 +58,13 @@ func (c *FakeWebhookAuthenticators) List(opts v1.ListOptions) (result *v1alpha1.
 // Watch returns a watch.Interface that watches the requested webhookAuthenticators.
 func (c *FakeWebhookAuthenticators) Watch(opts v1.ListOptions) (watch.Interface, error) {
 	return c.Fake.
-		InvokesWatch(testing.NewWatchAction(webhookauthenticatorsResource, c.ns, opts))
+		InvokesWatch(testing.NewRootWatchAction(webhookauthenticatorsResource, opts))
-
 }
 
 // Create takes the representation of a webhookAuthenticator and creates it.  Returns the server's representation of the webhookAuthenticator, and an error, if there is any.
 func (c *FakeWebhookAuthenticators) Create(webhookAuthenticator *v1alpha1.WebhookAuthenticator) (result *v1alpha1.WebhookAuthenticator, err error) {
 	obj, err := c.Fake.
-		Invokes(testing.NewCreateAction(webhookauthenticatorsResource, c.ns, webhookAuthenticator), &v1alpha1.WebhookAuthenticator{})
+		Invokes(testing.NewRootCreateAction(webhookauthenticatorsResource, webhookAuthenticator), &v1alpha1.WebhookAuthenticator{})
-
 	if obj == nil {
 		return nil, err
 	}
@@ -79,8 +74,7 @@ func (c *FakeWebhookAuthenticators) Create(webhookAuthenticator *v1alpha1.Webhoo
 // Update takes the representation of a webhookAuthenticator and updates it. Returns the server's representation of the webhookAuthenticator, and an error, if there is any.
 func (c *FakeWebhookAuthenticators) Update(webhookAuthenticator *v1alpha1.WebhookAuthenticator) (result *v1alpha1.WebhookAuthenticator, err error) {
 	obj, err := c.Fake.
-		Invokes(testing.NewUpdateAction(webhookauthenticatorsResource, c.ns, webhookAuthenticator), &v1alpha1.WebhookAuthenticator{})
+		Invokes(testing.NewRootUpdateAction(webhookauthenticatorsResource, webhookAuthenticator), &v1alpha1.WebhookAuthenticator{})
-
 	if obj == nil {
 		return nil, err
 	}
@@ -91,8 +85,7 @@ func (c *FakeWebhookAuthenticators) Update(webhookAuthenticator *v1alpha1.Webhoo
 // Add a +genclient:noStatus comment above the type to avoid generating UpdateStatus().
 func (c *FakeWebhookAuthenticators) UpdateStatus(webhookAuthenticator *v1alpha1.WebhookAuthenticator) (*v1alpha1.WebhookAuthenticator, error) {
 	obj, err := c.Fake.
-		Invokes(testing.NewUpdateSubresourceAction(webhookauthenticatorsResource, "status", c.ns, webhookAuthenticator), &v1alpha1.WebhookAuthenticator{})
+		Invokes(testing.NewRootUpdateSubresourceAction(webhookauthenticatorsResource, "status", webhookAuthenticator), &v1alpha1.WebhookAuthenticator{})
-
 	if obj == nil {
 		return nil, err
 	}
@@ -102,14 +95,13 @@ func (c *FakeWebhookAuthenticators) UpdateStatus(webhookAuthenticator *v1alpha1.
 // Delete takes name of the webhookAuthenticator and deletes it. Returns an error if one occurs.
 func (c *FakeWebhookAuthenticators) Delete(name string, options *v1.DeleteOptions) error {
 	_, err := c.Fake.
-		Invokes(testing.NewDeleteAction(webhookauthenticatorsResource, c.ns, name), &v1alpha1.WebhookAuthenticator{})
+		Invokes(testing.NewRootDeleteAction(webhookauthenticatorsResource, name), &v1alpha1.WebhookAuthenticator{})
-
 	return err
 }
 
 // DeleteCollection deletes a collection of objects.
 func (c *FakeWebhookAuthenticators) DeleteCollection(options *v1.DeleteOptions, listOptions v1.ListOptions) error {
-	action := testing.NewDeleteCollectionAction(webhookauthenticatorsResource, c.ns, listOptions)
+	action := testing.NewRootDeleteCollectionAction(webhookauthenticatorsResource, listOptions)
 
 	_, err := c.Fake.Invokes(action, &v1alpha1.WebhookAuthenticatorList{})
 	return err
@@ -118,8 +110,7 @@ func (c *FakeWebhookAuthenticators) DeleteCollection(options *v1.DeleteOptions,
 // Patch applies the patch and returns the patched webhookAuthenticator.
 func (c *FakeWebhookAuthenticators) Patch(name string, pt types.PatchType, data []byte, subresources ...string) (result *v1alpha1.WebhookAuthenticator, err error) {
 	obj, err := c.Fake.
-		Invokes(testing.NewPatchSubresourceAction(webhookauthenticatorsResource, c.ns, name, pt, data, subresources...), &v1alpha1.WebhookAuthenticator{})
+		Invokes(testing.NewRootPatchSubresourceAction(webhookauthenticatorsResource, name, pt, data, subresources...), &v1alpha1.WebhookAuthenticator{})
-
 	if obj == nil {
 		return nil, err
 	}

generated/1.17/client/concierge/clientset/versioned/typed/authentication/v1alpha1/jwtauthenticator.go

@@ -19,7 +19,7 @@ import (
 // JWTAuthenticatorsGetter has a method to return a JWTAuthenticatorInterface.
 // A group's client should implement this interface.
 type JWTAuthenticatorsGetter interface {
-	JWTAuthenticators(namespace string) JWTAuthenticatorInterface
+	JWTAuthenticators() JWTAuthenticatorInterface
 }
 
 // JWTAuthenticatorInterface has methods to work with JWTAuthenticator resources.
@@ -39,14 +39,12 @@ type JWTAuthenticatorInterface interface {
 // jWTAuthenticators implements JWTAuthenticatorInterface
 type jWTAuthenticators struct {
 	client rest.Interface
-	ns     string
 }
 
 // newJWTAuthenticators returns a JWTAuthenticators
-func newJWTAuthenticators(c *AuthenticationV1alpha1Client, namespace string) *jWTAuthenticators {
+func newJWTAuthenticators(c *AuthenticationV1alpha1Client) *jWTAuthenticators {
 	return &jWTAuthenticators{
 		client: c.RESTClient(),
-		ns:     namespace,
 	}
 }
 
@@ -54,7 +52,6 @@ func newJWTAuthenticators(c *AuthenticationV1alpha1Client, namespace string) *jW
 func (c *jWTAuthenticators) Get(name string, options v1.GetOptions) (result *v1alpha1.JWTAuthenticator, err error) {
 	result = &v1alpha1.JWTAuthenticator{}
 	err = c.client.Get().
-		Namespace(c.ns).
 		Resource("jwtauthenticators").
 		Name(name).
 		VersionedParams(&options, scheme.ParameterCodec).
@@ -71,7 +68,6 @@ func (c *jWTAuthenticators) List(opts v1.ListOptions) (result *v1alpha1.JWTAuthe
 	}
 	result = &v1alpha1.JWTAuthenticatorList{}
 	err = c.client.Get().
-		Namespace(c.ns).
 		Resource("jwtauthenticators").
 		VersionedParams(&opts, scheme.ParameterCodec).
 		Timeout(timeout).
@@ -88,7 +84,6 @@ func (c *jWTAuthenticators) Watch(opts v1.ListOptions) (watch.Interface, error)
 	}
 	opts.Watch = true
 	return c.client.Get().
-		Namespace(c.ns).
 		Resource("jwtauthenticators").
 		VersionedParams(&opts, scheme.ParameterCodec).
 		Timeout(timeout).
@@ -99,7 +94,6 @@ func (c *jWTAuthenticators) Watch(opts v1.ListOptions) (watch.Interface, error)
 func (c *jWTAuthenticators) Create(jWTAuthenticator *v1alpha1.JWTAuthenticator) (result *v1alpha1.JWTAuthenticator, err error) {
 	result = &v1alpha1.JWTAuthenticator{}
 	err = c.client.Post().
-		Namespace(c.ns).
 		Resource("jwtauthenticators").
 		Body(jWTAuthenticator).
 		Do().
@@ -111,7 +105,6 @@ func (c *jWTAuthenticators) Create(jWTAuthenticator *v1alpha1.JWTAuthenticator)
 func (c *jWTAuthenticators) Update(jWTAuthenticator *v1alpha1.JWTAuthenticator) (result *v1alpha1.JWTAuthenticator, err error) {
 	result = &v1alpha1.JWTAuthenticator{}
 	err = c.client.Put().
-		Namespace(c.ns).
 		Resource("jwtauthenticators").
 		Name(jWTAuthenticator.Name).
 		Body(jWTAuthenticator).
@@ -126,7 +119,6 @@ func (c *jWTAuthenticators) Update(jWTAuthenticator *v1alpha1.JWTAuthenticator)
 func (c *jWTAuthenticators) UpdateStatus(jWTAuthenticator *v1alpha1.JWTAuthenticator) (result *v1alpha1.JWTAuthenticator, err error) {
 	result = &v1alpha1.JWTAuthenticator{}
 	err = c.client.Put().
-		Namespace(c.ns).
 		Resource("jwtauthenticators").
 		Name(jWTAuthenticator.Name).
 		SubResource("status").
@@ -139,7 +131,6 @@ func (c *jWTAuthenticators) UpdateStatus(jWTAuthenticator *v1alpha1.JWTAuthentic
 // Delete takes name of the jWTAuthenticator and deletes it. Returns an error if one occurs.
 func (c *jWTAuthenticators) Delete(name string, options *v1.DeleteOptions) error {
 	return c.client.Delete().
-		Namespace(c.ns).
 		Resource("jwtauthenticators").
 		Name(name).
 		Body(options).
@@ -154,7 +145,6 @@ func (c *jWTAuthenticators) DeleteCollection(options *v1.DeleteOptions, listOpti
 		timeout = time.Duration(*listOptions.TimeoutSeconds) * time.Second
 	}
 	return c.client.Delete().
-		Namespace(c.ns).
 		Resource("jwtauthenticators").
 		VersionedParams(&listOptions, scheme.ParameterCodec).
 		Timeout(timeout).
@@ -167,7 +157,6 @@ func (c *jWTAuthenticators) DeleteCollection(options *v1.DeleteOptions, listOpti
 func (c *jWTAuthenticators) Patch(name string, pt types.PatchType, data []byte, subresources ...string) (result *v1alpha1.JWTAuthenticator, err error) {
 	result = &v1alpha1.JWTAuthenticator{}
 	err = c.client.Patch(pt).
-		Namespace(c.ns).
 		Resource("jwtauthenticators").
 		SubResource(subresources...).
 		Name(name).

generated/1.17/client/concierge/clientset/versioned/typed/authentication/v1alpha1/webhookauthenticator.go

@@ -19,7 +19,7 @@ import (
 // WebhookAuthenticatorsGetter has a method to return a WebhookAuthenticatorInterface.
 // A group's client should implement this interface.
 type WebhookAuthenticatorsGetter interface {
-	WebhookAuthenticators(namespace string) WebhookAuthenticatorInterface
+	WebhookAuthenticators() WebhookAuthenticatorInterface
 }
 
 // WebhookAuthenticatorInterface has methods to work with WebhookAuthenticator resources.
@@ -39,14 +39,12 @@ type WebhookAuthenticatorInterface interface {
 // webhookAuthenticators implements WebhookAuthenticatorInterface
 type webhookAuthenticators struct {
 	client rest.Interface
-	ns     string
 }
 
 // newWebhookAuthenticators returns a WebhookAuthenticators
-func newWebhookAuthenticators(c *AuthenticationV1alpha1Client, namespace string) *webhookAuthenticators {
+func newWebhookAuthenticators(c *AuthenticationV1alpha1Client) *webhookAuthenticators {
 	return &webhookAuthenticators{
 		client: c.RESTClient(),
-		ns:     namespace,
 	}
 }
 
@@ -54,7 +52,6 @@ func newWebhookAuthenticators(c *AuthenticationV1alpha1Client, namespace string)
 func (c *webhookAuthenticators) Get(name string, options v1.GetOptions) (result *v1alpha1.WebhookAuthenticator, err error) {
 	result = &v1alpha1.WebhookAuthenticator{}
 	err = c.client.Get().
-		Namespace(c.ns).
 		Resource("webhookauthenticators").
 		Name(name).
 		VersionedParams(&options, scheme.ParameterCodec).
@@ -71,7 +68,6 @@ func (c *webhookAuthenticators) List(opts v1.ListOptions) (result *v1alpha1.Webh
 	}
 	result = &v1alpha1.WebhookAuthenticatorList{}
 	err = c.client.Get().
-		Namespace(c.ns).
 		Resource("webhookauthenticators").
 		VersionedParams(&opts, scheme.ParameterCodec).
 		Timeout(timeout).
@@ -88,7 +84,6 @@ func (c *webhookAuthenticators) Watch(opts v1.ListOptions) (watch.Interface, err
 	}
 	opts.Watch = true
 	return c.client.Get().
-		Namespace(c.ns).
 		Resource("webhookauthenticators").
 		VersionedParams(&opts, scheme.ParameterCodec).
 		Timeout(timeout).
@@ -99,7 +94,6 @@ func (c *webhookAuthenticators) Watch(opts v1.ListOptions) (watch.Interface, err
 func (c *webhookAuthenticators) Create(webhookAuthenticator *v1alpha1.WebhookAuthenticator) (result *v1alpha1.WebhookAuthenticator, err error) {
 	result = &v1alpha1.WebhookAuthenticator{}
 	err = c.client.Post().
-		Namespace(c.ns).
 		Resource("webhookauthenticators").
 		Body(webhookAuthenticator).
 		Do().
@@ -111,7 +105,6 @@ func (c *webhookAuthenticators) Create(webhookAuthenticator *v1alpha1.WebhookAut
 func (c *webhookAuthenticators) Update(webhookAuthenticator *v1alpha1.WebhookAuthenticator) (result *v1alpha1.WebhookAuthenticator, err error) {
 	result = &v1alpha1.WebhookAuthenticator{}
 	err = c.client.Put().
-		Namespace(c.ns).
 		Resource("webhookauthenticators").
 		Name(webhookAuthenticator.Name).
 		Body(webhookAuthenticator).
@@ -126,7 +119,6 @@ func (c *webhookAuthenticators) Update(webhookAuthenticator *v1alpha1.WebhookAut
 func (c *webhookAuthenticators) UpdateStatus(webhookAuthenticator *v1alpha1.WebhookAuthenticator) (result *v1alpha1.WebhookAuthenticator, err error) {
 	result = &v1alpha1.WebhookAuthenticator{}
 	err = c.client.Put().
-		Namespace(c.ns).
 		Resource("webhookauthenticators").
 		Name(webhookAuthenticator.Name).
 		SubResource("status").
@@ -139,7 +131,6 @@ func (c *webhookAuthenticators) UpdateStatus(webhookAuthenticator *v1alpha1.Webh
 // Delete takes name of the webhookAuthenticator and deletes it. Returns an error if one occurs.
 func (c *webhookAuthenticators) Delete(name string, options *v1.DeleteOptions) error {
 	return c.client.Delete().
-		Namespace(c.ns).
 		Resource("webhookauthenticators").
 		Name(name).
 		Body(options).
@@ -154,7 +145,6 @@ func (c *webhookAuthenticators) DeleteCollection(options *v1.DeleteOptions, list
 		timeout = time.Duration(*listOptions.TimeoutSeconds) * time.Second
 	}
 	return c.client.Delete().
-		Namespace(c.ns).
 		Resource("webhookauthenticators").
 		VersionedParams(&listOptions, scheme.ParameterCodec).
 		Timeout(timeout).
@@ -167,7 +157,6 @@ func (c *webhookAuthenticators) DeleteCollection(options *v1.DeleteOptions, list
 func (c *webhookAuthenticators) Patch(name string, pt types.PatchType, data []byte, subresources ...string) (result *v1alpha1.WebhookAuthenticator, err error) {
 	result = &v1alpha1.WebhookAuthenticator{}
 	err = c.client.Patch(pt).
-		Namespace(c.ns).
 		Resource("webhookauthenticators").
 		SubResource(subresources...).
 		Name(name).

generated/1.17/client/concierge/clientset/versioned/typed/config/v1alpha1/config_client.go

@@ -21,8 +21,8 @@ type ConfigV1alpha1Client struct {
 	restClient rest.Interface
 }
 
-func (c *ConfigV1alpha1Client) CredentialIssuers(namespace string) CredentialIssuerInterface {
+func (c *ConfigV1alpha1Client) CredentialIssuers() CredentialIssuerInterface {
-	return newCredentialIssuers(c, namespace)
+	return newCredentialIssuers(c)
 }
 
 // NewForConfig creates a new ConfigV1alpha1Client for the given config.

generated/1.17/client/concierge/clientset/versioned/typed/config/v1alpha1/credentialissuer.go

@@ -19,7 +19,7 @@ import (
 // CredentialIssuersGetter has a method to return a CredentialIssuerInterface.
 // A group's client should implement this interface.
 type CredentialIssuersGetter interface {
-	CredentialIssuers(namespace string) CredentialIssuerInterface
+	CredentialIssuers() CredentialIssuerInterface
 }
 
 // CredentialIssuerInterface has methods to work with CredentialIssuer resources.
@@ -39,14 +39,12 @@ type CredentialIssuerInterface interface {
 // credentialIssuers implements CredentialIssuerInterface
 type credentialIssuers struct {
 	client rest.Interface
-	ns     string
 }
 
 // newCredentialIssuers returns a CredentialIssuers
-func newCredentialIssuers(c *ConfigV1alpha1Client, namespace string) *credentialIssuers {
+func newCredentialIssuers(c *ConfigV1alpha1Client) *credentialIssuers {
 	return &credentialIssuers{
 		client: c.RESTClient(),
-		ns:     namespace,
 	}
 }
 
@@ -54,7 +52,6 @@ func newCredentialIssuers(c *ConfigV1alpha1Client, namespace string) *credential
 func (c *credentialIssuers) Get(name string, options v1.GetOptions) (result *v1alpha1.CredentialIssuer, err error) {
 	result = &v1alpha1.CredentialIssuer{}
 	err = c.client.Get().
-		Namespace(c.ns).
 		Resource("credentialissuers").
 		Name(name).
 		VersionedParams(&options, scheme.ParameterCodec).
@@ -71,7 +68,6 @@ func (c *credentialIssuers) List(opts v1.ListOptions) (result *v1alpha1.Credenti
 	}
 	result = &v1alpha1.CredentialIssuerList{}
 	err = c.client.Get().
-		Namespace(c.ns).
 		Resource("credentialissuers").
 		VersionedParams(&opts, scheme.ParameterCodec).
 		Timeout(timeout).
@@ -88,7 +84,6 @@ func (c *credentialIssuers) Watch(opts v1.ListOptions) (watch.Interface, error)
 	}
 	opts.Watch = true
 	return c.client.Get().
-		Namespace(c.ns).
 		Resource("credentialissuers").
 		VersionedParams(&opts, scheme.ParameterCodec).
 		Timeout(timeout).
@@ -99,7 +94,6 @@ func (c *credentialIssuers) Watch(opts v1.ListOptions) (watch.Interface, error)
 func (c *credentialIssuers) Create(credentialIssuer *v1alpha1.CredentialIssuer) (result *v1alpha1.CredentialIssuer, err error) {
 	result = &v1alpha1.CredentialIssuer{}
 	err = c.client.Post().
-		Namespace(c.ns).
 		Resource("credentialissuers").
 		Body(credentialIssuer).
 		Do().
@@ -111,7 +105,6 @@ func (c *credentialIssuers) Create(credentialIssuer *v1alpha1.CredentialIssuer)
 func (c *credentialIssuers) Update(credentialIssuer *v1alpha1.CredentialIssuer) (result *v1alpha1.CredentialIssuer, err error) {
 	result = &v1alpha1.CredentialIssuer{}
 	err = c.client.Put().
-		Namespace(c.ns).
 		Resource("credentialissuers").
 		Name(credentialIssuer.Name).
 		Body(credentialIssuer).
@@ -126,7 +119,6 @@ func (c *credentialIssuers) Update(credentialIssuer *v1alpha1.CredentialIssuer)
 func (c *credentialIssuers) UpdateStatus(credentialIssuer *v1alpha1.CredentialIssuer) (result *v1alpha1.CredentialIssuer, err error) {
 	result = &v1alpha1.CredentialIssuer{}
 	err = c.client.Put().
-		Namespace(c.ns).
 		Resource("credentialissuers").
 		Name(credentialIssuer.Name).
 		SubResource("status").
@@ -139,7 +131,6 @@ func (c *credentialIssuers) UpdateStatus(credentialIssuer *v1alpha1.CredentialIs
 // Delete takes name of the credentialIssuer and deletes it. Returns an error if one occurs.
 func (c *credentialIssuers) Delete(name string, options *v1.DeleteOptions) error {
 	return c.client.Delete().
-		Namespace(c.ns).
 		Resource("credentialissuers").
 		Name(name).
 		Body(options).
@@ -154,7 +145,6 @@ func (c *credentialIssuers) DeleteCollection(options *v1.DeleteOptions, listOpti
 		timeout = time.Duration(*listOptions.TimeoutSeconds) * time.Second
 	}
 	return c.client.Delete().
-		Namespace(c.ns).
 		Resource("credentialissuers").
 		VersionedParams(&listOptions, scheme.ParameterCodec).
 		Timeout(timeout).
@@ -167,7 +157,6 @@ func (c *credentialIssuers) DeleteCollection(options *v1.DeleteOptions, listOpti
 func (c *credentialIssuers) Patch(name string, pt types.PatchType, data []byte, subresources ...string) (result *v1alpha1.CredentialIssuer, err error) {
 	result = &v1alpha1.CredentialIssuer{}
 	err = c.client.Patch(pt).
-		Namespace(c.ns).
 		Resource("credentialissuers").
 		SubResource(subresources...).
 		Name(name).

generated/1.17/client/concierge/clientset/versioned/typed/config/v1alpha1/fake/fake_config_client.go

@@ -15,8 +15,8 @@ type FakeConfigV1alpha1 struct {
 	*testing.Fake
 }
 
-func (c *FakeConfigV1alpha1) CredentialIssuers(namespace string) v1alpha1.CredentialIssuerInterface {
+func (c *FakeConfigV1alpha1) CredentialIssuers() v1alpha1.CredentialIssuerInterface {
-	return &FakeCredentialIssuers{c, namespace}
+	return &FakeCredentialIssuers{c}
 }
 
 // RESTClient returns a RESTClient that is used to communicate

generated/1.17/client/concierge/clientset/versioned/typed/config/v1alpha1/fake/fake_credentialissuer.go

@@ -18,7 +18,6 @@ import (
 // FakeCredentialIssuers implements CredentialIssuerInterface
 type FakeCredentialIssuers struct {
 	Fake *FakeConfigV1alpha1
-	ns   string
 }
 
 var credentialissuersResource = schema.GroupVersionResource{Group: "config.concierge.pinniped.dev", Version: "v1alpha1", Resource: "credentialissuers"}
@@ -28,8 +27,7 @@ var credentialissuersKind = schema.GroupVersionKind{Group: "config.concierge.pin
 // Get takes name of the credentialIssuer, and returns the corresponding credentialIssuer object, and an error if there is any.
 func (c *FakeCredentialIssuers) Get(name string, options v1.GetOptions) (result *v1alpha1.CredentialIssuer, err error) {
 	obj, err := c.Fake.
-		Invokes(testing.NewGetAction(credentialissuersResource, c.ns, name), &v1alpha1.CredentialIssuer{})
+		Invokes(testing.NewRootGetAction(credentialissuersResource, name), &v1alpha1.CredentialIssuer{})
-
 	if obj == nil {
 		return nil, err
 	}
@@ -39,8 +37,7 @@ func (c *FakeCredentialIssuers) Get(name string, options v1.GetOptions) (result
 // List takes label and field selectors, and returns the list of CredentialIssuers that match those selectors.
 func (c *FakeCredentialIssuers) List(opts v1.ListOptions) (result *v1alpha1.CredentialIssuerList, err error) {
 	obj, err := c.Fake.
-		Invokes(testing.NewListAction(credentialissuersResource, credentialissuersKind, c.ns, opts), &v1alpha1.CredentialIssuerList{})
+		Invokes(testing.NewRootListAction(credentialissuersResource, credentialissuersKind, opts), &v1alpha1.CredentialIssuerList{})
-
 	if obj == nil {
 		return nil, err
 	}
@@ -61,15 +58,13 @@ func (c *FakeCredentialIssuers) List(opts v1.ListOptions) (result *v1alpha1.Cred
 // Watch returns a watch.Interface that watches the requested credentialIssuers.
 func (c *FakeCredentialIssuers) Watch(opts v1.ListOptions) (watch.Interface, error) {
 	return c.Fake.
-		InvokesWatch(testing.NewWatchAction(credentialissuersResource, c.ns, opts))
+		InvokesWatch(testing.NewRootWatchAction(credentialissuersResource, opts))
-
 }
 
 // Create takes the representation of a credentialIssuer and creates it.  Returns the server's representation of the credentialIssuer, and an error, if there is any.
 func (c *FakeCredentialIssuers) Create(credentialIssuer *v1alpha1.CredentialIssuer) (result *v1alpha1.CredentialIssuer, err error) {
 	obj, err := c.Fake.
-		Invokes(testing.NewCreateAction(credentialissuersResource, c.ns, credentialIssuer), &v1alpha1.CredentialIssuer{})
+		Invokes(testing.NewRootCreateAction(credentialissuersResource, credentialIssuer), &v1alpha1.CredentialIssuer{})
-
 	if obj == nil {
 		return nil, err
 	}
@@ -79,8 +74,7 @@ func (c *FakeCredentialIssuers) Create(credentialIssuer *v1alpha1.CredentialIssu
 // Update takes the representation of a credentialIssuer and updates it. Returns the server's representation of the credentialIssuer, and an error, if there is any.
 func (c *FakeCredentialIssuers) Update(credentialIssuer *v1alpha1.CredentialIssuer) (result *v1alpha1.CredentialIssuer, err error) {
 	obj, err := c.Fake.
-		Invokes(testing.NewUpdateAction(credentialissuersResource, c.ns, credentialIssuer), &v1alpha1.CredentialIssuer{})
+		Invokes(testing.NewRootUpdateAction(credentialissuersResource, credentialIssuer), &v1alpha1.CredentialIssuer{})
-
 	if obj == nil {
 		return nil, err
 	}
@@ -91,8 +85,7 @@ func (c *FakeCredentialIssuers) Update(credentialIssuer *v1alpha1.CredentialIssu
 // Add a +genclient:noStatus comment above the type to avoid generating UpdateStatus().
 func (c *FakeCredentialIssuers) UpdateStatus(credentialIssuer *v1alpha1.CredentialIssuer) (*v1alpha1.CredentialIssuer, error) {
 	obj, err := c.Fake.
-		Invokes(testing.NewUpdateSubresourceAction(credentialissuersResource, "status", c.ns, credentialIssuer), &v1alpha1.CredentialIssuer{})
+		Invokes(testing.NewRootUpdateSubresourceAction(credentialissuersResource, "status", credentialIssuer), &v1alpha1.CredentialIssuer{})
-
 	if obj == nil {
 		return nil, err
 	}
@@ -102,14 +95,13 @@ func (c *FakeCredentialIssuers) UpdateStatus(credentialIssuer *v1alpha1.Credenti
 // Delete takes name of the credentialIssuer and deletes it. Returns an error if one occurs.
 func (c *FakeCredentialIssuers) Delete(name string, options *v1.DeleteOptions) error {
 	_, err := c.Fake.
-		Invokes(testing.NewDeleteAction(credentialissuersResource, c.ns, name), &v1alpha1.CredentialIssuer{})
+		Invokes(testing.NewRootDeleteAction(credentialissuersResource, name), &v1alpha1.CredentialIssuer{})
-
 	return err
 }
 
 // DeleteCollection deletes a collection of objects.
 func (c *FakeCredentialIssuers) DeleteCollection(options *v1.DeleteOptions, listOptions v1.ListOptions) error {
-	action := testing.NewDeleteCollectionAction(credentialissuersResource, c.ns, listOptions)
+	action := testing.NewRootDeleteCollectionAction(credentialissuersResource, listOptions)
 
 	_, err := c.Fake.Invokes(action, &v1alpha1.CredentialIssuerList{})
 	return err
@@ -118,8 +110,7 @@ func (c *FakeCredentialIssuers) DeleteCollection(options *v1.DeleteOptions, list
 // Patch applies the patch and returns the patched credentialIssuer.
 func (c *FakeCredentialIssuers) Patch(name string, pt types.PatchType, data []byte, subresources ...string) (result *v1alpha1.CredentialIssuer, err error) {
 	obj, err := c.Fake.
-		Invokes(testing.NewPatchSubresourceAction(credentialissuersResource, c.ns, name, pt, data, subresources...), &v1alpha1.CredentialIssuer{})
+		Invokes(testing.NewRootPatchSubresourceAction(credentialissuersResource, name, pt, data, subresources...), &v1alpha1.CredentialIssuer{})
-
 	if obj == nil {
 		return nil, err
 	}

generated/1.17/client/concierge/clientset/versioned/typed/login/v1alpha1/fake/fake_login_client.go

@@ -15,8 +15,8 @@ type FakeLoginV1alpha1 struct {
 	*testing.Fake
 }
 
-func (c *FakeLoginV1alpha1) TokenCredentialRequests(namespace string) v1alpha1.TokenCredentialRequestInterface {
+func (c *FakeLoginV1alpha1) TokenCredentialRequests() v1alpha1.TokenCredentialRequestInterface {
-	return &FakeTokenCredentialRequests{c, namespace}
+	return &FakeTokenCredentialRequests{c}
 }
 
 // RESTClient returns a RESTClient that is used to communicate

generated/1.17/client/concierge/clientset/versioned/typed/login/v1alpha1/fake/fake_tokencredentialrequest.go

@@ -18,7 +18,6 @@ import (
 // FakeTokenCredentialRequests implements TokenCredentialRequestInterface
 type FakeTokenCredentialRequests struct {
 	Fake *FakeLoginV1alpha1
-	ns   string
 }
 
 var tokencredentialrequestsResource = schema.GroupVersionResource{Group: "login.concierge.pinniped.dev", Version: "v1alpha1", Resource: "tokencredentialrequests"}
@@ -28,8 +27,7 @@ var tokencredentialrequestsKind = schema.GroupVersionKind{Group: "login.concierg
 // Get takes name of the tokenCredentialRequest, and returns the corresponding tokenCredentialRequest object, and an error if there is any.
 func (c *FakeTokenCredentialRequests) Get(name string, options v1.GetOptions) (result *v1alpha1.TokenCredentialRequest, err error) {
 	obj, err := c.Fake.
-		Invokes(testing.NewGetAction(tokencredentialrequestsResource, c.ns, name), &v1alpha1.TokenCredentialRequest{})
+		Invokes(testing.NewRootGetAction(tokencredentialrequestsResource, name), &v1alpha1.TokenCredentialRequest{})
-
 	if obj == nil {
 		return nil, err
 	}
@@ -39,8 +37,7 @@ func (c *FakeTokenCredentialRequests) Get(name string, options v1.GetOptions) (r
 // List takes label and field selectors, and returns the list of TokenCredentialRequests that match those selectors.
 func (c *FakeTokenCredentialRequests) List(opts v1.ListOptions) (result *v1alpha1.TokenCredentialRequestList, err error) {
 	obj, err := c.Fake.
-		Invokes(testing.NewListAction(tokencredentialrequestsResource, tokencredentialrequestsKind, c.ns, opts), &v1alpha1.TokenCredentialRequestList{})
+		Invokes(testing.NewRootListAction(tokencredentialrequestsResource, tokencredentialrequestsKind, opts), &v1alpha1.TokenCredentialRequestList{})
-
 	if obj == nil {
 		return nil, err
 	}
@@ -61,15 +58,13 @@ func (c *FakeTokenCredentialRequests) List(opts v1.ListOptions) (result *v1alpha
 // Watch returns a watch.Interface that watches the requested tokenCredentialRequests.
 func (c *FakeTokenCredentialRequests) Watch(opts v1.ListOptions) (watch.Interface, error) {
 	return c.Fake.
-		InvokesWatch(testing.NewWatchAction(tokencredentialrequestsResource, c.ns, opts))
+		InvokesWatch(testing.NewRootWatchAction(tokencredentialrequestsResource, opts))
-
 }
 
 // Create takes the representation of a tokenCredentialRequest and creates it.  Returns the server's representation of the tokenCredentialRequest, and an error, if there is any.
 func (c *FakeTokenCredentialRequests) Create(tokenCredentialRequest *v1alpha1.TokenCredentialRequest) (result *v1alpha1.TokenCredentialRequest, err error) {
 	obj, err := c.Fake.
-		Invokes(testing.NewCreateAction(tokencredentialrequestsResource, c.ns, tokenCredentialRequest), &v1alpha1.TokenCredentialRequest{})
+		Invokes(testing.NewRootCreateAction(tokencredentialrequestsResource, tokenCredentialRequest), &v1alpha1.TokenCredentialRequest{})
-
 	if obj == nil {
 		return nil, err
 	}
@@ -79,8 +74,7 @@ func (c *FakeTokenCredentialRequests) Create(tokenCredentialRequest *v1alpha1.To
 // Update takes the representation of a tokenCredentialRequest and updates it. Returns the server's representation of the tokenCredentialRequest, and an error, if there is any.
 func (c *FakeTokenCredentialRequests) Update(tokenCredentialRequest *v1alpha1.TokenCredentialRequest) (result *v1alpha1.TokenCredentialRequest, err error) {
 	obj, err := c.Fake.
-		Invokes(testing.NewUpdateAction(tokencredentialrequestsResource, c.ns, tokenCredentialRequest), &v1alpha1.TokenCredentialRequest{})
+		Invokes(testing.NewRootUpdateAction(tokencredentialrequestsResource, tokenCredentialRequest), &v1alpha1.TokenCredentialRequest{})
-
 	if obj == nil {
 		return nil, err
 	}
@@ -91,8 +85,7 @@ func (c *FakeTokenCredentialRequests) Update(tokenCredentialRequest *v1alpha1.To
 // Add a +genclient:noStatus comment above the type to avoid generating UpdateStatus().
 func (c *FakeTokenCredentialRequests) UpdateStatus(tokenCredentialRequest *v1alpha1.TokenCredentialRequest) (*v1alpha1.TokenCredentialRequest, error) {
 	obj, err := c.Fake.
-		Invokes(testing.NewUpdateSubresourceAction(tokencredentialrequestsResource, "status", c.ns, tokenCredentialRequest), &v1alpha1.TokenCredentialRequest{})
+		Invokes(testing.NewRootUpdateSubresourceAction(tokencredentialrequestsResource, "status", tokenCredentialRequest), &v1alpha1.TokenCredentialRequest{})
-
 	if obj == nil {
 		return nil, err
 	}
@@ -102,14 +95,13 @@ func (c *FakeTokenCredentialRequests) UpdateStatus(tokenCredentialRequest *v1alp
 // Delete takes name of the tokenCredentialRequest and deletes it. Returns an error if one occurs.
 func (c *FakeTokenCredentialRequests) Delete(name string, options *v1.DeleteOptions) error {
 	_, err := c.Fake.
-		Invokes(testing.NewDeleteAction(tokencredentialrequestsResource, c.ns, name), &v1alpha1.TokenCredentialRequest{})
+		Invokes(testing.NewRootDeleteAction(tokencredentialrequestsResource, name), &v1alpha1.TokenCredentialRequest{})
-
 	return err
 }
 
 // DeleteCollection deletes a collection of objects.
 func (c *FakeTokenCredentialRequests) DeleteCollection(options *v1.DeleteOptions, listOptions v1.ListOptions) error {
-	action := testing.NewDeleteCollectionAction(tokencredentialrequestsResource, c.ns, listOptions)
+	action := testing.NewRootDeleteCollectionAction(tokencredentialrequestsResource, listOptions)
 
 	_, err := c.Fake.Invokes(action, &v1alpha1.TokenCredentialRequestList{})
 	return err
@@ -118,8 +110,7 @@ func (c *FakeTokenCredentialRequests) DeleteCollection(options *v1.DeleteOptions
 // Patch applies the patch and returns the patched tokenCredentialRequest.
 func (c *FakeTokenCredentialRequests) Patch(name string, pt types.PatchType, data []byte, subresources ...string) (result *v1alpha1.TokenCredentialRequest, err error) {
 	obj, err := c.Fake.
-		Invokes(testing.NewPatchSubresourceAction(tokencredentialrequestsResource, c.ns, name, pt, data, subresources...), &v1alpha1.TokenCredentialRequest{})
+		Invokes(testing.NewRootPatchSubresourceAction(tokencredentialrequestsResource, name, pt, data, subresources...), &v1alpha1.TokenCredentialRequest{})
-
 	if obj == nil {
 		return nil, err
 	}

generated/1.17/client/concierge/clientset/versioned/typed/login/v1alpha1/login_client.go

@@ -21,8 +21,8 @@ type LoginV1alpha1Client struct {
 	restClient rest.Interface
 }
 
-func (c *LoginV1alpha1Client) TokenCredentialRequests(namespace string) TokenCredentialRequestInterface {
+func (c *LoginV1alpha1Client) TokenCredentialRequests() TokenCredentialRequestInterface {
-	return newTokenCredentialRequests(c, namespace)
+	return newTokenCredentialRequests(c)
 }
 
 // NewForConfig creates a new LoginV1alpha1Client for the given config.

generated/1.17/client/concierge/clientset/versioned/typed/login/v1alpha1/tokencredentialrequest.go

@@ -19,7 +19,7 @@ import (
 // TokenCredentialRequestsGetter has a method to return a TokenCredentialRequestInterface.
 // A group's client should implement this interface.
 type TokenCredentialRequestsGetter interface {
-	TokenCredentialRequests(namespace string) TokenCredentialRequestInterface
+	TokenCredentialRequests() TokenCredentialRequestInterface
 }
 
 // TokenCredentialRequestInterface has methods to work with TokenCredentialRequest resources.
@@ -39,14 +39,12 @@ type TokenCredentialRequestInterface interface {
 // tokenCredentialRequests implements TokenCredentialRequestInterface
 type tokenCredentialRequests struct {
 	client rest.Interface
-	ns     string
 }
 
 // newTokenCredentialRequests returns a TokenCredentialRequests
-func newTokenCredentialRequests(c *LoginV1alpha1Client, namespace string) *tokenCredentialRequests {
+func newTokenCredentialRequests(c *LoginV1alpha1Client) *tokenCredentialRequests {
 	return &tokenCredentialRequests{
 		client: c.RESTClient(),
-		ns:     namespace,
 	}
 }
 
@@ -54,7 +52,6 @@ func newTokenCredentialRequests(c *LoginV1alpha1Client, namespace string) *token
 func (c *tokenCredentialRequests) Get(name string, options v1.GetOptions) (result *v1alpha1.TokenCredentialRequest, err error) {
 	result = &v1alpha1.TokenCredentialRequest{}
 	err = c.client.Get().
-		Namespace(c.ns).
 		Resource("tokencredentialrequests").
 		Name(name).
 		VersionedParams(&options, scheme.ParameterCodec).
@@ -71,7 +68,6 @@ func (c *tokenCredentialRequests) List(opts v1.ListOptions) (result *v1alpha1.To
 	}
 	result = &v1alpha1.TokenCredentialRequestList{}
 	err = c.client.Get().
-		Namespace(c.ns).
 		Resource("tokencredentialrequests").
 		VersionedParams(&opts, scheme.ParameterCodec).
 		Timeout(timeout).
@@ -88,7 +84,6 @@ func (c *tokenCredentialRequests) Watch(opts v1.ListOptions) (watch.Interface, e
 	}
 	opts.Watch = true
 	return c.client.Get().
-		Namespace(c.ns).
 		Resource("tokencredentialrequests").
 		VersionedParams(&opts, scheme.ParameterCodec).
 		Timeout(timeout).
@@ -99,7 +94,6 @@ func (c *tokenCredentialRequests) Watch(opts v1.ListOptions) (watch.Interface, e
 func (c *tokenCredentialRequests) Create(tokenCredentialRequest *v1alpha1.TokenCredentialRequest) (result *v1alpha1.TokenCredentialRequest, err error) {
 	result = &v1alpha1.TokenCredentialRequest{}
 	err = c.client.Post().
-		Namespace(c.ns).
 		Resource("tokencredentialrequests").
 		Body(tokenCredentialRequest).
 		Do().
@@ -111,7 +105,6 @@ func (c *tokenCredentialRequests) Create(tokenCredentialRequest *v1alpha1.TokenC
 func (c *tokenCredentialRequests) Update(tokenCredentialRequest *v1alpha1.TokenCredentialRequest) (result *v1alpha1.TokenCredentialRequest, err error) {
 	result = &v1alpha1.TokenCredentialRequest{}
 	err = c.client.Put().
-		Namespace(c.ns).
 		Resource("tokencredentialrequests").
 		Name(tokenCredentialRequest.Name).
 		Body(tokenCredentialRequest).
@@ -126,7 +119,6 @@ func (c *tokenCredentialRequests) Update(tokenCredentialRequest *v1alpha1.TokenC
 func (c *tokenCredentialRequests) UpdateStatus(tokenCredentialRequest *v1alpha1.TokenCredentialRequest) (result *v1alpha1.TokenCredentialRequest, err error) {
 	result = &v1alpha1.TokenCredentialRequest{}
 	err = c.client.Put().
-		Namespace(c.ns).
 		Resource("tokencredentialrequests").
 		Name(tokenCredentialRequest.Name).
 		SubResource("status").
@@ -139,7 +131,6 @@ func (c *tokenCredentialRequests) UpdateStatus(tokenCredentialRequest *v1alpha1.
 // Delete takes name of the tokenCredentialRequest and deletes it. Returns an error if one occurs.
 func (c *tokenCredentialRequests) Delete(name string, options *v1.DeleteOptions) error {
 	return c.client.Delete().
-		Namespace(c.ns).
 		Resource("tokencredentialrequests").
 		Name(name).
 		Body(options).
@@ -154,7 +145,6 @@ func (c *tokenCredentialRequests) DeleteCollection(options *v1.DeleteOptions, li
 		timeout = time.Duration(*listOptions.TimeoutSeconds) * time.Second
 	}
 	return c.client.Delete().
-		Namespace(c.ns).
 		Resource("tokencredentialrequests").
 		VersionedParams(&listOptions, scheme.ParameterCodec).
 		Timeout(timeout).
@@ -167,7 +157,6 @@ func (c *tokenCredentialRequests) DeleteCollection(options *v1.DeleteOptions, li
 func (c *tokenCredentialRequests) Patch(name string, pt types.PatchType, data []byte, subresources ...string) (result *v1alpha1.TokenCredentialRequest, err error) {
 	result = &v1alpha1.TokenCredentialRequest{}
 	err = c.client.Patch(pt).
-		Namespace(c.ns).
 		Resource("tokencredentialrequests").
 		SubResource(subresources...).
 		Name(name).

generated/1.17/client/concierge/informers/externalversions/authentication/v1alpha1/interface.go

@@ -30,10 +30,10 @@ func New(f internalinterfaces.SharedInformerFactory, namespace string, tweakList
 
 // JWTAuthenticators returns a JWTAuthenticatorInformer.
 func (v *version) JWTAuthenticators() JWTAuthenticatorInformer {
-	return &jWTAuthenticatorInformer{factory: v.factory, namespace: v.namespace, tweakListOptions: v.tweakListOptions}
+	return &jWTAuthenticatorInformer{factory: v.factory, tweakListOptions: v.tweakListOptions}
 }
 
 // WebhookAuthenticators returns a WebhookAuthenticatorInformer.
 func (v *version) WebhookAuthenticators() WebhookAuthenticatorInformer {
-	return &webhookAuthenticatorInformer{factory: v.factory, namespace: v.namespace, tweakListOptions: v.tweakListOptions}
+	return &webhookAuthenticatorInformer{factory: v.factory, tweakListOptions: v.tweakListOptions}
 }

generated/1.17/client/concierge/informers/externalversions/authentication/v1alpha1/jwtauthenticator.go

@@ -28,33 +28,32 @@ type JWTAuthenticatorInformer interface {
 type jWTAuthenticatorInformer struct {
 	factory          internalinterfaces.SharedInformerFactory
 	tweakListOptions internalinterfaces.TweakListOptionsFunc
-	namespace        string
 }
 
 // NewJWTAuthenticatorInformer constructs a new informer for JWTAuthenticator type.
 // Always prefer using an informer factory to get a shared informer instead of getting an independent
 // one. This reduces memory footprint and number of connections to the server.
-func NewJWTAuthenticatorInformer(client versioned.Interface, namespace string, resyncPeriod time.Duration, indexers cache.Indexers) cache.SharedIndexInformer {
+func NewJWTAuthenticatorInformer(client versioned.Interface, resyncPeriod time.Duration, indexers cache.Indexers) cache.SharedIndexInformer {
-	return NewFilteredJWTAuthenticatorInformer(client, namespace, resyncPeriod, indexers, nil)
+	return NewFilteredJWTAuthenticatorInformer(client, resyncPeriod, indexers, nil)
 }
 
 // NewFilteredJWTAuthenticatorInformer constructs a new informer for JWTAuthenticator type.
 // Always prefer using an informer factory to get a shared informer instead of getting an independent
 // one. This reduces memory footprint and number of connections to the server.
-func NewFilteredJWTAuthenticatorInformer(client versioned.Interface, namespace string, resyncPeriod time.Duration, indexers cache.Indexers, tweakListOptions internalinterfaces.TweakListOptionsFunc) cache.SharedIndexInformer {
+func NewFilteredJWTAuthenticatorInformer(client versioned.Interface, resyncPeriod time.Duration, indexers cache.Indexers, tweakListOptions internalinterfaces.TweakListOptionsFunc) cache.SharedIndexInformer {
 	return cache.NewSharedIndexInformer(
 		&cache.ListWatch{
 			ListFunc: func(options v1.ListOptions) (runtime.Object, error) {
 				if tweakListOptions != nil {
 					tweakListOptions(&options)
 				}
-				return client.AuthenticationV1alpha1().JWTAuthenticators(namespace).List(options)
+				return client.AuthenticationV1alpha1().JWTAuthenticators().List(options)
 			},
 			WatchFunc: func(options v1.ListOptions) (watch.Interface, error) {
 				if tweakListOptions != nil {
 					tweakListOptions(&options)
 				}
-				return client.AuthenticationV1alpha1().JWTAuthenticators(namespace).Watch(options)
+				return client.AuthenticationV1alpha1().JWTAuthenticators().Watch(options)
 			},
 		},
 		&authenticationv1alpha1.JWTAuthenticator{},
@@ -64,7 +63,7 @@ func NewFilteredJWTAuthenticatorInformer(client versioned.Interface, namespace s
 }
 
 func (f *jWTAuthenticatorInformer) defaultInformer(client versioned.Interface, resyncPeriod time.Duration) cache.SharedIndexInformer {
-	return NewFilteredJWTAuthenticatorInformer(client, f.namespace, resyncPeriod, cache.Indexers{cache.NamespaceIndex: cache.MetaNamespaceIndexFunc}, f.tweakListOptions)
+	return NewFilteredJWTAuthenticatorInformer(client, resyncPeriod, cache.Indexers{cache.NamespaceIndex: cache.MetaNamespaceIndexFunc}, f.tweakListOptions)
 }
 
 func (f *jWTAuthenticatorInformer) Informer() cache.SharedIndexInformer {

generated/1.17/client/concierge/informers/externalversions/authentication/v1alpha1/webhookauthenticator.go

@@ -28,33 +28,32 @@ type WebhookAuthenticatorInformer interface {
 type webhookAuthenticatorInformer struct {
 	factory          internalinterfaces.SharedInformerFactory
 	tweakListOptions internalinterfaces.TweakListOptionsFunc
-	namespace        string
 }
 
 // NewWebhookAuthenticatorInformer constructs a new informer for WebhookAuthenticator type.
 // Always prefer using an informer factory to get a shared informer instead of getting an independent
 // one. This reduces memory footprint and number of connections to the server.
-func NewWebhookAuthenticatorInformer(client versioned.Interface, namespace string, resyncPeriod time.Duration, indexers cache.Indexers) cache.SharedIndexInformer {
+func NewWebhookAuthenticatorInformer(client versioned.Interface, resyncPeriod time.Duration, indexers cache.Indexers) cache.SharedIndexInformer {
-	return NewFilteredWebhookAuthenticatorInformer(client, namespace, resyncPeriod, indexers, nil)
+	return NewFilteredWebhookAuthenticatorInformer(client, resyncPeriod, indexers, nil)
 }
 
 // NewFilteredWebhookAuthenticatorInformer constructs a new informer for WebhookAuthenticator type.
 // Always prefer using an informer factory to get a shared informer instead of getting an independent
 // one. This reduces memory footprint and number of connections to the server.
-func NewFilteredWebhookAuthenticatorInformer(client versioned.Interface, namespace string, resyncPeriod time.Duration, indexers cache.Indexers, tweakListOptions internalinterfaces.TweakListOptionsFunc) cache.SharedIndexInformer {
+func NewFilteredWebhookAuthenticatorInformer(client versioned.Interface, resyncPeriod time.Duration, indexers cache.Indexers, tweakListOptions internalinterfaces.TweakListOptionsFunc) cache.SharedIndexInformer {
 	return cache.NewSharedIndexInformer(
 		&cache.ListWatch{
 			ListFunc: func(options v1.ListOptions) (runtime.Object, error) {
 				if tweakListOptions != nil {
 					tweakListOptions(&options)
 				}
-				return client.AuthenticationV1alpha1().WebhookAuthenticators(namespace).List(options)
+				return client.AuthenticationV1alpha1().WebhookAuthenticators().List(options)
 			},
 			WatchFunc: func(options v1.ListOptions) (watch.Interface, error) {
 				if tweakListOptions != nil {
 					tweakListOptions(&options)
 				}
-				return client.AuthenticationV1alpha1().WebhookAuthenticators(namespace).Watch(options)
+				return client.AuthenticationV1alpha1().WebhookAuthenticators().Watch(options)
 			},
 		},
 		&authenticationv1alpha1.WebhookAuthenticator{},
@@ -64,7 +63,7 @@ func NewFilteredWebhookAuthenticatorInformer(client versioned.Interface, namespa
 }
 
 func (f *webhookAuthenticatorInformer) defaultInformer(client versioned.Interface, resyncPeriod time.Duration) cache.SharedIndexInformer {
-	return NewFilteredWebhookAuthenticatorInformer(client, f.namespace, resyncPeriod, cache.Indexers{cache.NamespaceIndex: cache.MetaNamespaceIndexFunc}, f.tweakListOptions)
+	return NewFilteredWebhookAuthenticatorInformer(client, resyncPeriod, cache.Indexers{cache.NamespaceIndex: cache.MetaNamespaceIndexFunc}, f.tweakListOptions)
 }
 
 func (f *webhookAuthenticatorInformer) Informer() cache.SharedIndexInformer {

generated/1.17/client/concierge/informers/externalversions/config/v1alpha1/credentialissuer.go

@@ -28,33 +28,32 @@ type CredentialIssuerInformer interface {
 type credentialIssuerInformer struct {
 	factory          internalinterfaces.SharedInformerFactory
 	tweakListOptions internalinterfaces.TweakListOptionsFunc
-	namespace        string
 }
 
 // NewCredentialIssuerInformer constructs a new informer for CredentialIssuer type.
 // Always prefer using an informer factory to get a shared informer instead of getting an independent
 // one. This reduces memory footprint and number of connections to the server.
-func NewCredentialIssuerInformer(client versioned.Interface, namespace string, resyncPeriod time.Duration, indexers cache.Indexers) cache.SharedIndexInformer {
+func NewCredentialIssuerInformer(client versioned.Interface, resyncPeriod time.Duration, indexers cache.Indexers) cache.SharedIndexInformer {
-	return NewFilteredCredentialIssuerInformer(client, namespace, resyncPeriod, indexers, nil)
+	return NewFilteredCredentialIssuerInformer(client, resyncPeriod, indexers, nil)
 }
 
 // NewFilteredCredentialIssuerInformer constructs a new informer for CredentialIssuer type.
 // Always prefer using an informer factory to get a shared informer instead of getting an independent
 // one. This reduces memory footprint and number of connections to the server.
-func NewFilteredCredentialIssuerInformer(client versioned.Interface, namespace string, resyncPeriod time.Duration, indexers cache.Indexers, tweakListOptions internalinterfaces.TweakListOptionsFunc) cache.SharedIndexInformer {
+func NewFilteredCredentialIssuerInformer(client versioned.Interface, resyncPeriod time.Duration, indexers cache.Indexers, tweakListOptions internalinterfaces.TweakListOptionsFunc) cache.SharedIndexInformer {
 	return cache.NewSharedIndexInformer(
 		&cache.ListWatch{
 			ListFunc: func(options v1.ListOptions) (runtime.Object, error) {
 				if tweakListOptions != nil {
 					tweakListOptions(&options)
 				}
-				return client.ConfigV1alpha1().CredentialIssuers(namespace).List(options)
+				return client.ConfigV1alpha1().CredentialIssuers().List(options)
 			},
 			WatchFunc: func(options v1.ListOptions) (watch.Interface, error) {
 				if tweakListOptions != nil {
 					tweakListOptions(&options)
 				}
-				return client.ConfigV1alpha1().CredentialIssuers(namespace).Watch(options)
+				return client.ConfigV1alpha1().CredentialIssuers().Watch(options)
 			},
 		},
 		&configv1alpha1.CredentialIssuer{},
@@ -64,7 +63,7 @@ func NewFilteredCredentialIssuerInformer(client versioned.Interface, namespace s
 }
 
 func (f *credentialIssuerInformer) defaultInformer(client versioned.Interface, resyncPeriod time.Duration) cache.SharedIndexInformer {
-	return NewFilteredCredentialIssuerInformer(client, f.namespace, resyncPeriod, cache.Indexers{cache.NamespaceIndex: cache.MetaNamespaceIndexFunc}, f.tweakListOptions)
+	return NewFilteredCredentialIssuerInformer(client, resyncPeriod, cache.Indexers{cache.NamespaceIndex: cache.MetaNamespaceIndexFunc}, f.tweakListOptions)
 }
 
 func (f *credentialIssuerInformer) Informer() cache.SharedIndexInformer {

generated/1.17/client/concierge/informers/externalversions/config/v1alpha1/interface.go

@@ -28,5 +28,5 @@ func New(f internalinterfaces.SharedInformerFactory, namespace string, tweakList
 
 // CredentialIssuers returns a CredentialIssuerInformer.
 func (v *version) CredentialIssuers() CredentialIssuerInformer {
-	return &credentialIssuerInformer{factory: v.factory, namespace: v.namespace, tweakListOptions: v.tweakListOptions}
+	return &credentialIssuerInformer{factory: v.factory, tweakListOptions: v.tweakListOptions}
 }

generated/1.17/client/concierge/informers/externalversions/login/v1alpha1/interface.go

@@ -28,5 +28,5 @@ func New(f internalinterfaces.SharedInformerFactory, namespace string, tweakList
 
 // TokenCredentialRequests returns a TokenCredentialRequestInformer.
 func (v *version) TokenCredentialRequests() TokenCredentialRequestInformer {
-	return &tokenCredentialRequestInformer{factory: v.factory, namespace: v.namespace, tweakListOptions: v.tweakListOptions}
+	return &tokenCredentialRequestInformer{factory: v.factory, tweakListOptions: v.tweakListOptions}
 }

generated/1.17/client/concierge/informers/externalversions/login/v1alpha1/tokencredentialrequest.go

@@ -28,33 +28,32 @@ type TokenCredentialRequestInformer interface {
 type tokenCredentialRequestInformer struct {
 	factory          internalinterfaces.SharedInformerFactory
 	tweakListOptions internalinterfaces.TweakListOptionsFunc
-	namespace        string
 }
 
 // NewTokenCredentialRequestInformer constructs a new informer for TokenCredentialRequest type.
 // Always prefer using an informer factory to get a shared informer instead of getting an independent
 // one. This reduces memory footprint and number of connections to the server.
-func NewTokenCredentialRequestInformer(client versioned.Interface, namespace string, resyncPeriod time.Duration, indexers cache.Indexers) cache.SharedIndexInformer {
+func NewTokenCredentialRequestInformer(client versioned.Interface, resyncPeriod time.Duration, indexers cache.Indexers) cache.SharedIndexInformer {
-	return NewFilteredTokenCredentialRequestInformer(client, namespace, resyncPeriod, indexers, nil)
+	return NewFilteredTokenCredentialRequestInformer(client, resyncPeriod, indexers, nil)
 }
 
 // NewFilteredTokenCredentialRequestInformer constructs a new informer for TokenCredentialRequest type.
 // Always prefer using an informer factory to get a shared informer instead of getting an independent
 // one. This reduces memory footprint and number of connections to the server.
-func NewFilteredTokenCredentialRequestInformer(client versioned.Interface, namespace string, resyncPeriod time.Duration, indexers cache.Indexers, tweakListOptions internalinterfaces.TweakListOptionsFunc) cache.SharedIndexInformer {
+func NewFilteredTokenCredentialRequestInformer(client versioned.Interface, resyncPeriod time.Duration, indexers cache.Indexers, tweakListOptions internalinterfaces.TweakListOptionsFunc) cache.SharedIndexInformer {
 	return cache.NewSharedIndexInformer(
 		&cache.ListWatch{
 			ListFunc: func(options v1.ListOptions) (runtime.Object, error) {
 				if tweakListOptions != nil {
 					tweakListOptions(&options)
 				}
-				return client.LoginV1alpha1().TokenCredentialRequests(namespace).List(options)
+				return client.LoginV1alpha1().TokenCredentialRequests().List(options)
 			},
 			WatchFunc: func(options v1.ListOptions) (watch.Interface, error) {
 				if tweakListOptions != nil {
 					tweakListOptions(&options)
 				}
-				return client.LoginV1alpha1().TokenCredentialRequests(namespace).Watch(options)
+				return client.LoginV1alpha1().TokenCredentialRequests().Watch(options)
 			},
 		},
 		&loginv1alpha1.TokenCredentialRequest{},
@@ -64,7 +63,7 @@ func NewFilteredTokenCredentialRequestInformer(client versioned.Interface, names
 }
 
 func (f *tokenCredentialRequestInformer) defaultInformer(client versioned.Interface, resyncPeriod time.Duration) cache.SharedIndexInformer {
-	return NewFilteredTokenCredentialRequestInformer(client, f.namespace, resyncPeriod, cache.Indexers{cache.NamespaceIndex: cache.MetaNamespaceIndexFunc}, f.tweakListOptions)
+	return NewFilteredTokenCredentialRequestInformer(client, resyncPeriod, cache.Indexers{cache.NamespaceIndex: cache.MetaNamespaceIndexFunc}, f.tweakListOptions)
 }
 
 func (f *tokenCredentialRequestInformer) Informer() cache.SharedIndexInformer {

generated/1.17/client/concierge/listers/authentication/v1alpha1/expansion_generated.go

@@ -9,14 +9,6 @@ package v1alpha1
 // JWTAuthenticatorLister.
 type JWTAuthenticatorListerExpansion interface{}
 
-// JWTAuthenticatorNamespaceListerExpansion allows custom methods to be added to
-// JWTAuthenticatorNamespaceLister.
-type JWTAuthenticatorNamespaceListerExpansion interface{}
-
 // WebhookAuthenticatorListerExpansion allows custom methods to be added to
 // WebhookAuthenticatorLister.
 type WebhookAuthenticatorListerExpansion interface{}
-
-// WebhookAuthenticatorNamespaceListerExpansion allows custom methods to be added to
-// WebhookAuthenticatorNamespaceLister.
-type WebhookAuthenticatorNamespaceListerExpansion interface{}

generated/1.17/client/concierge/listers/authentication/v1alpha1/jwtauthenticator.go

@@ -16,8 +16,8 @@ import (
 type JWTAuthenticatorLister interface {
 	// List lists all JWTAuthenticators in the indexer.
 	List(selector labels.Selector) (ret []*v1alpha1.JWTAuthenticator, err error)
-	// JWTAuthenticators returns an object that can list and get JWTAuthenticators.
+	// Get retrieves the JWTAuthenticator from the index for a given name.
-	JWTAuthenticators(namespace string) JWTAuthenticatorNamespaceLister
+	Get(name string) (*v1alpha1.JWTAuthenticator, error)
 	JWTAuthenticatorListerExpansion
 }
 
@@ -39,38 +39,9 @@ func (s *jWTAuthenticatorLister) List(selector labels.Selector) (ret []*v1alpha1
 	return ret, err
 }
 
-// JWTAuthenticators returns an object that can list and get JWTAuthenticators.
+// Get retrieves the JWTAuthenticator from the index for a given name.
-func (s *jWTAuthenticatorLister) JWTAuthenticators(namespace string) JWTAuthenticatorNamespaceLister {
+func (s *jWTAuthenticatorLister) Get(name string) (*v1alpha1.JWTAuthenticator, error) {
-	return jWTAuthenticatorNamespaceLister{indexer: s.indexer, namespace: namespace}
+	obj, exists, err := s.indexer.GetByKey(name)
-}
-
-// JWTAuthenticatorNamespaceLister helps list and get JWTAuthenticators.
-type JWTAuthenticatorNamespaceLister interface {
-	// List lists all JWTAuthenticators in the indexer for a given namespace.
-	List(selector labels.Selector) (ret []*v1alpha1.JWTAuthenticator, err error)
-	// Get retrieves the JWTAuthenticator from the indexer for a given namespace and name.
-	Get(name string) (*v1alpha1.JWTAuthenticator, error)
-	JWTAuthenticatorNamespaceListerExpansion
-}
-
-// jWTAuthenticatorNamespaceLister implements the JWTAuthenticatorNamespaceLister
-// interface.
-type jWTAuthenticatorNamespaceLister struct {
-	indexer   cache.Indexer
-	namespace string
-}
-
-// List lists all JWTAuthenticators in the indexer for a given namespace.
-func (s jWTAuthenticatorNamespaceLister) List(selector labels.Selector) (ret []*v1alpha1.JWTAuthenticator, err error) {
-	err = cache.ListAllByNamespace(s.indexer, s.namespace, selector, func(m interface{}) {
-		ret = append(ret, m.(*v1alpha1.JWTAuthenticator))
-	})
-	return ret, err
-}
-
-// Get retrieves the JWTAuthenticator from the indexer for a given namespace and name.
-func (s jWTAuthenticatorNamespaceLister) Get(name string) (*v1alpha1.JWTAuthenticator, error) {
-	obj, exists, err := s.indexer.GetByKey(s.namespace + "/" + name)
 	if err != nil {
 		return nil, err
 	}

generated/1.17/client/concierge/listers/authentication/v1alpha1/webhookauthenticator.go

@@ -16,8 +16,8 @@ import (
 type WebhookAuthenticatorLister interface {
 	// List lists all WebhookAuthenticators in the indexer.
 	List(selector labels.Selector) (ret []*v1alpha1.WebhookAuthenticator, err error)
-	// WebhookAuthenticators returns an object that can list and get WebhookAuthenticators.
+	// Get retrieves the WebhookAuthenticator from the index for a given name.
-	WebhookAuthenticators(namespace string) WebhookAuthenticatorNamespaceLister
+	Get(name string) (*v1alpha1.WebhookAuthenticator, error)
 	WebhookAuthenticatorListerExpansion
 }
 
@@ -39,38 +39,9 @@ func (s *webhookAuthenticatorLister) List(selector labels.Selector) (ret []*v1al
 	return ret, err
 }
 
-// WebhookAuthenticators returns an object that can list and get WebhookAuthenticators.
+// Get retrieves the WebhookAuthenticator from the index for a given name.
-func (s *webhookAuthenticatorLister) WebhookAuthenticators(namespace string) WebhookAuthenticatorNamespaceLister {
+func (s *webhookAuthenticatorLister) Get(name string) (*v1alpha1.WebhookAuthenticator, error) {
-	return webhookAuthenticatorNamespaceLister{indexer: s.indexer, namespace: namespace}
+	obj, exists, err := s.indexer.GetByKey(name)
-}
-
-// WebhookAuthenticatorNamespaceLister helps list and get WebhookAuthenticators.
-type WebhookAuthenticatorNamespaceLister interface {
-	// List lists all WebhookAuthenticators in the indexer for a given namespace.
-	List(selector labels.Selector) (ret []*v1alpha1.WebhookAuthenticator, err error)
-	// Get retrieves the WebhookAuthenticator from the indexer for a given namespace and name.
-	Get(name string) (*v1alpha1.WebhookAuthenticator, error)
-	WebhookAuthenticatorNamespaceListerExpansion
-}
-
-// webhookAuthenticatorNamespaceLister implements the WebhookAuthenticatorNamespaceLister
-// interface.
-type webhookAuthenticatorNamespaceLister struct {
-	indexer   cache.Indexer
-	namespace string
-}
-
-// List lists all WebhookAuthenticators in the indexer for a given namespace.
-func (s webhookAuthenticatorNamespaceLister) List(selector labels.Selector) (ret []*v1alpha1.WebhookAuthenticator, err error) {
-	err = cache.ListAllByNamespace(s.indexer, s.namespace, selector, func(m interface{}) {
-		ret = append(ret, m.(*v1alpha1.WebhookAuthenticator))
-	})
-	return ret, err
-}
-
-// Get retrieves the WebhookAuthenticator from the indexer for a given namespace and name.
-func (s webhookAuthenticatorNamespaceLister) Get(name string) (*v1alpha1.WebhookAuthenticator, error) {
-	obj, exists, err := s.indexer.GetByKey(s.namespace + "/" + name)
 	if err != nil {
 		return nil, err
 	}

generated/1.17/client/concierge/listers/config/v1alpha1/credentialissuer.go

@@ -16,8 +16,8 @@ import (
 type CredentialIssuerLister interface {
 	// List lists all CredentialIssuers in the indexer.
 	List(selector labels.Selector) (ret []*v1alpha1.CredentialIssuer, err error)
-	// CredentialIssuers returns an object that can list and get CredentialIssuers.
+	// Get retrieves the CredentialIssuer from the index for a given name.
-	CredentialIssuers(namespace string) CredentialIssuerNamespaceLister
+	Get(name string) (*v1alpha1.CredentialIssuer, error)
 	CredentialIssuerListerExpansion
 }
 
@@ -39,38 +39,9 @@ func (s *credentialIssuerLister) List(selector labels.Selector) (ret []*v1alpha1
 	return ret, err
 }
 
-// CredentialIssuers returns an object that can list and get CredentialIssuers.
+// Get retrieves the CredentialIssuer from the index for a given name.
-func (s *credentialIssuerLister) CredentialIssuers(namespace string) CredentialIssuerNamespaceLister {
+func (s *credentialIssuerLister) Get(name string) (*v1alpha1.CredentialIssuer, error) {
-	return credentialIssuerNamespaceLister{indexer: s.indexer, namespace: namespace}
+	obj, exists, err := s.indexer.GetByKey(name)
-}
-
-// CredentialIssuerNamespaceLister helps list and get CredentialIssuers.
-type CredentialIssuerNamespaceLister interface {
-	// List lists all CredentialIssuers in the indexer for a given namespace.
-	List(selector labels.Selector) (ret []*v1alpha1.CredentialIssuer, err error)
-	// Get retrieves the CredentialIssuer from the indexer for a given namespace and name.
-	Get(name string) (*v1alpha1.CredentialIssuer, error)
-	CredentialIssuerNamespaceListerExpansion
-}
-
-// credentialIssuerNamespaceLister implements the CredentialIssuerNamespaceLister
-// interface.
-type credentialIssuerNamespaceLister struct {
-	indexer   cache.Indexer
-	namespace string
-}
-
-// List lists all CredentialIssuers in the indexer for a given namespace.
-func (s credentialIssuerNamespaceLister) List(selector labels.Selector) (ret []*v1alpha1.CredentialIssuer, err error) {
-	err = cache.ListAllByNamespace(s.indexer, s.namespace, selector, func(m interface{}) {
-		ret = append(ret, m.(*v1alpha1.CredentialIssuer))
-	})
-	return ret, err
-}
-
-// Get retrieves the CredentialIssuer from the indexer for a given namespace and name.
-func (s credentialIssuerNamespaceLister) Get(name string) (*v1alpha1.CredentialIssuer, error) {
-	obj, exists, err := s.indexer.GetByKey(s.namespace + "/" + name)
 	if err != nil {
 		return nil, err
 	}

generated/1.17/client/concierge/listers/config/v1alpha1/expansion_generated.go

@@ -8,7 +8,3 @@ package v1alpha1
 // CredentialIssuerListerExpansion allows custom methods to be added to
 // CredentialIssuerLister.
 type CredentialIssuerListerExpansion interface{}
-
-// CredentialIssuerNamespaceListerExpansion allows custom methods to be added to
-// CredentialIssuerNamespaceLister.
-type CredentialIssuerNamespaceListerExpansion interface{}

generated/1.17/client/concierge/listers/login/v1alpha1/expansion_generated.go

@@ -8,7 +8,3 @@ package v1alpha1
 // TokenCredentialRequestListerExpansion allows custom methods to be added to
 // TokenCredentialRequestLister.
 type TokenCredentialRequestListerExpansion interface{}
-
-// TokenCredentialRequestNamespaceListerExpansion allows custom methods to be added to
-// TokenCredentialRequestNamespaceLister.
-type TokenCredentialRequestNamespaceListerExpansion interface{}

generated/1.17/client/concierge/listers/login/v1alpha1/tokencredentialrequest.go

@@ -16,8 +16,8 @@ import (
 type TokenCredentialRequestLister interface {
 	// List lists all TokenCredentialRequests in the indexer.
 	List(selector labels.Selector) (ret []*v1alpha1.TokenCredentialRequest, err error)
-	// TokenCredentialRequests returns an object that can list and get TokenCredentialRequests.
+	// Get retrieves the TokenCredentialRequest from the index for a given name.
-	TokenCredentialRequests(namespace string) TokenCredentialRequestNamespaceLister
+	Get(name string) (*v1alpha1.TokenCredentialRequest, error)
 	TokenCredentialRequestListerExpansion
 }
 
@@ -39,38 +39,9 @@ func (s *tokenCredentialRequestLister) List(selector labels.Selector) (ret []*v1
 	return ret, err
 }
 
-// TokenCredentialRequests returns an object that can list and get TokenCredentialRequests.
+// Get retrieves the TokenCredentialRequest from the index for a given name.
-func (s *tokenCredentialRequestLister) TokenCredentialRequests(namespace string) TokenCredentialRequestNamespaceLister {
+func (s *tokenCredentialRequestLister) Get(name string) (*v1alpha1.TokenCredentialRequest, error) {
-	return tokenCredentialRequestNamespaceLister{indexer: s.indexer, namespace: namespace}
+	obj, exists, err := s.indexer.GetByKey(name)
-}
-
-// TokenCredentialRequestNamespaceLister helps list and get TokenCredentialRequests.
-type TokenCredentialRequestNamespaceLister interface {
-	// List lists all TokenCredentialRequests in the indexer for a given namespace.
-	List(selector labels.Selector) (ret []*v1alpha1.TokenCredentialRequest, err error)
-	// Get retrieves the TokenCredentialRequest from the indexer for a given namespace and name.
-	Get(name string) (*v1alpha1.TokenCredentialRequest, error)
-	TokenCredentialRequestNamespaceListerExpansion
-}
-
-// tokenCredentialRequestNamespaceLister implements the TokenCredentialRequestNamespaceLister
-// interface.
-type tokenCredentialRequestNamespaceLister struct {
-	indexer   cache.Indexer
-	namespace string
-}
-
-// List lists all TokenCredentialRequests in the indexer for a given namespace.
-func (s tokenCredentialRequestNamespaceLister) List(selector labels.Selector) (ret []*v1alpha1.TokenCredentialRequest, err error) {
-	err = cache.ListAllByNamespace(s.indexer, s.namespace, selector, func(m interface{}) {
-		ret = append(ret, m.(*v1alpha1.TokenCredentialRequest))
-	})
-	return ret, err
-}
-
-// Get retrieves the TokenCredentialRequest from the indexer for a given namespace and name.
-func (s tokenCredentialRequestNamespaceLister) Get(name string) (*v1alpha1.TokenCredentialRequest, error) {
-	obj, exists, err := s.indexer.GetByKey(s.namespace + "/" + name)
 	if err != nil {
 		return nil, err
 	}

generated/1.17/crds/authentication.concierge.pinniped.dev_jwtauthenticators.yaml

@@ -18,7 +18,7 @@ spec:
     listKind: JWTAuthenticatorList
     plural: jwtauthenticators
     singular: jwtauthenticator
-  scope: Namespaced
+  scope: Cluster
   versions:
   - additionalPrinterColumns:
     - jsonPath: .spec.issuer
@@ -161,7 +161,8 @@ spec:
         type: object
     served: true
     storage: true
-    subresources: {}
+    subresources:
+      status: {}
 status:
   acceptedNames:
     kind: ""

generated/1.17/crds/authentication.concierge.pinniped.dev_webhookauthenticators.yaml

@@ -18,7 +18,7 @@ spec:
     listKind: WebhookAuthenticatorList
     plural: webhookauthenticators
     singular: webhookauthenticator
-  scope: Namespaced
+  scope: Cluster
   versions:
   - additionalPrinterColumns:
     - jsonPath: .spec.endpoint
@@ -137,7 +137,8 @@ spec:
         type: object
     served: true
     storage: true
-    subresources: {}
+    subresources:
+      status: {}
 status:
   acceptedNames:
     kind: ""

generated/1.17/crds/config.concierge.pinniped.dev_credentialissuers.yaml

@@ -16,7 +16,7 @@ spec:
     listKind: CredentialIssuerList
     plural: credentialissuers
     singular: credentialissuer
-  scope: Namespaced
+  scope: Cluster
   versions:
   - name: v1alpha1
     schema:
@@ -98,11 +98,11 @@ spec:
             required:
             - strategies
             type: object
-        required:
-        - status
         type: object
     served: true
     storage: true
+    subresources:
+      status: {}
 status:
   acceptedNames:
     kind: ""

generated/1.17/crds/config.supervisor.pinniped.dev_federationdomains.yaml

@@ -150,6 +150,8 @@ spec:
         type: object
     served: true
     storage: true
+    subresources:
+      status: {}
 status:
   acceptedNames:
     kind: ""

generated/1.18/apis/concierge/authentication/v1alpha1/types_jwt.go

@@ -57,9 +57,11 @@ type JWTTokenClaims struct {
 // signature, existence of claims, etc.) and extract the username and groups from the token.
 //
 // +genclient
+// +genclient:nonNamespaced
 // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
-// +kubebuilder:resource:categories=pinniped;pinniped-authenticator;pinniped-authenticators
+// +kubebuilder:resource:categories=pinniped;pinniped-authenticator;pinniped-authenticators,scope=Cluster
 // +kubebuilder:printcolumn:name="Issuer",type=string,JSONPath=`.spec.issuer`
+// +kubebuilder:subresource:status
 type JWTAuthenticator struct {
 	metav1.TypeMeta   `json:",inline"`
 	metav1.ObjectMeta `json:"metadata,omitempty"`

generated/1.18/apis/concierge/authentication/v1alpha1/types_webhook.go

@@ -29,9 +29,11 @@ type WebhookAuthenticatorSpec struct {
 
 // WebhookAuthenticator describes the configuration of a webhook authenticator.
 // +genclient
+// +genclient:nonNamespaced
 // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
-// +kubebuilder:resource:categories=pinniped;pinniped-authenticator;pinniped-authenticators
+// +kubebuilder:resource:categories=pinniped;pinniped-authenticator;pinniped-authenticators,scope=Cluster
 // +kubebuilder:printcolumn:name="Endpoint",type=string,JSONPath=`.spec.endpoint`
+// +kubebuilder:subresource:status
 type WebhookAuthenticator struct {
 	metav1.TypeMeta   `json:",inline"`
 	metav1.ObjectMeta `json:"metadata,omitempty"`

generated/1.18/apis/concierge/config/v1alpha1/types_credentialissuer.go

@@ -67,13 +67,16 @@ type CredentialIssuerStrategy struct {
 
 // Describes the configuration status of a Pinniped credential issuer.
 // +genclient
+// +genclient:nonNamespaced
 // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
-// +kubebuilder:resource:categories=pinniped
+// +kubebuilder:resource:categories=pinniped,scope=Cluster
+// +kubebuilder:subresource:status
 type CredentialIssuer struct {
 	metav1.TypeMeta   `json:",inline"`
 	metav1.ObjectMeta `json:"metadata,omitempty"`
 
 	// Status of the credential issuer.
+	// +optional
 	Status CredentialIssuerStatus `json:"status"`
 }
 

generated/1.18/apis/concierge/login/types_token.go

@@ -27,7 +27,6 @@ type TokenCredentialRequestStatus struct {
 }
 
 // TokenCredentialRequest submits an IDP-specific credential to Pinniped in exchange for a cluster-specific credential.
-// +genclient
 // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
 type TokenCredentialRequest struct {
 	metav1.TypeMeta

generated/1.18/apis/concierge/login/v1alpha1/types_token.go

@@ -30,6 +30,7 @@ type TokenCredentialRequestStatus struct {
 
 // TokenCredentialRequest submits an IDP-specific credential to Pinniped in exchange for a cluster-specific credential.
 // +genclient
+// +genclient:nonNamespaced
 // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
 type TokenCredentialRequest struct {
 	metav1.TypeMeta   `json:",inline"`

generated/1.18/apis/supervisor/config/v1alpha1/types_federationdomain.go

@@ -109,6 +109,7 @@ type FederationDomainStatus struct {
 // +genclient
 // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
 // +kubebuilder:resource:categories=pinniped
+// +kubebuilder:subresource:status
 type FederationDomain struct {
 	metav1.TypeMeta   `json:",inline"`
 	metav1.ObjectMeta `json:"metadata,omitempty"`

generated/1.18/client/concierge/clientset/versioned/typed/authentication/v1alpha1/authentication_client.go

@@ -22,12 +22,12 @@ type AuthenticationV1alpha1Client struct {
 	restClient rest.Interface
 }
 
-func (c *AuthenticationV1alpha1Client) JWTAuthenticators(namespace string) JWTAuthenticatorInterface {
+func (c *AuthenticationV1alpha1Client) JWTAuthenticators() JWTAuthenticatorInterface {
-	return newJWTAuthenticators(c, namespace)
+	return newJWTAuthenticators(c)
 }
 
-func (c *AuthenticationV1alpha1Client) WebhookAuthenticators(namespace string) WebhookAuthenticatorInterface {
+func (c *AuthenticationV1alpha1Client) WebhookAuthenticators() WebhookAuthenticatorInterface {
-	return newWebhookAuthenticators(c, namespace)
+	return newWebhookAuthenticators(c)
 }
 
 // NewForConfig creates a new AuthenticationV1alpha1Client for the given config.

generated/1.18/client/concierge/clientset/versioned/typed/authentication/v1alpha1/fake/fake_authentication_client.go

@@ -15,12 +15,12 @@ type FakeAuthenticationV1alpha1 struct {
 	*testing.Fake
 }
 
-func (c *FakeAuthenticationV1alpha1) JWTAuthenticators(namespace string) v1alpha1.JWTAuthenticatorInterface {
+func (c *FakeAuthenticationV1alpha1) JWTAuthenticators() v1alpha1.JWTAuthenticatorInterface {
-	return &FakeJWTAuthenticators{c, namespace}
+	return &FakeJWTAuthenticators{c}
 }
 
-func (c *FakeAuthenticationV1alpha1) WebhookAuthenticators(namespace string) v1alpha1.WebhookAuthenticatorInterface {
+func (c *FakeAuthenticationV1alpha1) WebhookAuthenticators() v1alpha1.WebhookAuthenticatorInterface {
-	return &FakeWebhookAuthenticators{c, namespace}
+	return &FakeWebhookAuthenticators{c}
 }
 
 // RESTClient returns a RESTClient that is used to communicate

generated/1.18/client/concierge/clientset/versioned/typed/authentication/v1alpha1/fake/fake_jwtauthenticator.go

@@ -20,7 +20,6 @@ import (
 // FakeJWTAuthenticators implements JWTAuthenticatorInterface
 type FakeJWTAuthenticators struct {
 	Fake *FakeAuthenticationV1alpha1
-	ns   string
 }
 
 var jwtauthenticatorsResource = schema.GroupVersionResource{Group: "authentication.concierge.pinniped.dev", Version: "v1alpha1", Resource: "jwtauthenticators"}
@@ -30,8 +29,7 @@ var jwtauthenticatorsKind = schema.GroupVersionKind{Group: "authentication.conci
 // Get takes name of the jWTAuthenticator, and returns the corresponding jWTAuthenticator object, and an error if there is any.
 func (c *FakeJWTAuthenticators) Get(ctx context.Context, name string, options v1.GetOptions) (result *v1alpha1.JWTAuthenticator, err error) {
 	obj, err := c.Fake.
-		Invokes(testing.NewGetAction(jwtauthenticatorsResource, c.ns, name), &v1alpha1.JWTAuthenticator{})
+		Invokes(testing.NewRootGetAction(jwtauthenticatorsResource, name), &v1alpha1.JWTAuthenticator{})
-
 	if obj == nil {
 		return nil, err
 	}
@@ -41,8 +39,7 @@ func (c *FakeJWTAuthenticators) Get(ctx context.Context, name string, options v1
 // List takes label and field selectors, and returns the list of JWTAuthenticators that match those selectors.
 func (c *FakeJWTAuthenticators) List(ctx context.Context, opts v1.ListOptions) (result *v1alpha1.JWTAuthenticatorList, err error) {
 	obj, err := c.Fake.
-		Invokes(testing.NewListAction(jwtauthenticatorsResource, jwtauthenticatorsKind, c.ns, opts), &v1alpha1.JWTAuthenticatorList{})
+		Invokes(testing.NewRootListAction(jwtauthenticatorsResource, jwtauthenticatorsKind, opts), &v1alpha1.JWTAuthenticatorList{})
-
 	if obj == nil {
 		return nil, err
 	}
@@ -63,15 +60,13 @@ func (c *FakeJWTAuthenticators) List(ctx context.Context, opts v1.ListOptions) (
 // Watch returns a watch.Interface that watches the requested jWTAuthenticators.
 func (c *FakeJWTAuthenticators) Watch(ctx context.Context, opts v1.ListOptions) (watch.Interface, error) {
 	return c.Fake.
-		InvokesWatch(testing.NewWatchAction(jwtauthenticatorsResource, c.ns, opts))
+		InvokesWatch(testing.NewRootWatchAction(jwtauthenticatorsResource, opts))
-
 }
 
 // Create takes the representation of a jWTAuthenticator and creates it.  Returns the server's representation of the jWTAuthenticator, and an error, if there is any.
 func (c *FakeJWTAuthenticators) Create(ctx context.Context, jWTAuthenticator *v1alpha1.JWTAuthenticator, opts v1.CreateOptions) (result *v1alpha1.JWTAuthenticator, err error) {
 	obj, err := c.Fake.
-		Invokes(testing.NewCreateAction(jwtauthenticatorsResource, c.ns, jWTAuthenticator), &v1alpha1.JWTAuthenticator{})
+		Invokes(testing.NewRootCreateAction(jwtauthenticatorsResource, jWTAuthenticator), &v1alpha1.JWTAuthenticator{})
-
 	if obj == nil {
 		return nil, err
 	}
@@ -81,8 +76,7 @@ func (c *FakeJWTAuthenticators) Create(ctx context.Context, jWTAuthenticator *v1
 // Update takes the representation of a jWTAuthenticator and updates it. Returns the server's representation of the jWTAuthenticator, and an error, if there is any.
 func (c *FakeJWTAuthenticators) Update(ctx context.Context, jWTAuthenticator *v1alpha1.JWTAuthenticator, opts v1.UpdateOptions) (result *v1alpha1.JWTAuthenticator, err error) {
 	obj, err := c.Fake.
-		Invokes(testing.NewUpdateAction(jwtauthenticatorsResource, c.ns, jWTAuthenticator), &v1alpha1.JWTAuthenticator{})
+		Invokes(testing.NewRootUpdateAction(jwtauthenticatorsResource, jWTAuthenticator), &v1alpha1.JWTAuthenticator{})
-
 	if obj == nil {
 		return nil, err
 	}
@@ -93,8 +87,7 @@ func (c *FakeJWTAuthenticators) Update(ctx context.Context, jWTAuthenticator *v1
 // Add a +genclient:noStatus comment above the type to avoid generating UpdateStatus().
 func (c *FakeJWTAuthenticators) UpdateStatus(ctx context.Context, jWTAuthenticator *v1alpha1.JWTAuthenticator, opts v1.UpdateOptions) (*v1alpha1.JWTAuthenticator, error) {
 	obj, err := c.Fake.
-		Invokes(testing.NewUpdateSubresourceAction(jwtauthenticatorsResource, "status", c.ns, jWTAuthenticator), &v1alpha1.JWTAuthenticator{})
+		Invokes(testing.NewRootUpdateSubresourceAction(jwtauthenticatorsResource, "status", jWTAuthenticator), &v1alpha1.JWTAuthenticator{})
-
 	if obj == nil {
 		return nil, err
 	}
@@ -104,14 +97,13 @@ func (c *FakeJWTAuthenticators) UpdateStatus(ctx context.Context, jWTAuthenticat
 // Delete takes name of the jWTAuthenticator and deletes it. Returns an error if one occurs.
 func (c *FakeJWTAuthenticators) Delete(ctx context.Context, name string, opts v1.DeleteOptions) error {
 	_, err := c.Fake.
-		Invokes(testing.NewDeleteAction(jwtauthenticatorsResource, c.ns, name), &v1alpha1.JWTAuthenticator{})
+		Invokes(testing.NewRootDeleteAction(jwtauthenticatorsResource, name), &v1alpha1.JWTAuthenticator{})
-
 	return err
 }
 
 // DeleteCollection deletes a collection of objects.
 func (c *FakeJWTAuthenticators) DeleteCollection(ctx context.Context, opts v1.DeleteOptions, listOpts v1.ListOptions) error {
-	action := testing.NewDeleteCollectionAction(jwtauthenticatorsResource, c.ns, listOpts)
+	action := testing.NewRootDeleteCollectionAction(jwtauthenticatorsResource, listOpts)
 
 	_, err := c.Fake.Invokes(action, &v1alpha1.JWTAuthenticatorList{})
 	return err
@@ -120,8 +112,7 @@ func (c *FakeJWTAuthenticators) DeleteCollection(ctx context.Context, opts v1.De
 // Patch applies the patch and returns the patched jWTAuthenticator.
 func (c *FakeJWTAuthenticators) Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts v1.PatchOptions, subresources ...string) (result *v1alpha1.JWTAuthenticator, err error) {
 	obj, err := c.Fake.
-		Invokes(testing.NewPatchSubresourceAction(jwtauthenticatorsResource, c.ns, name, pt, data, subresources...), &v1alpha1.JWTAuthenticator{})
+		Invokes(testing.NewRootPatchSubresourceAction(jwtauthenticatorsResource, name, pt, data, subresources...), &v1alpha1.JWTAuthenticator{})
-
 	if obj == nil {
 		return nil, err
 	}

generated/1.18/client/concierge/clientset/versioned/typed/authentication/v1alpha1/fake/fake_webhookauthenticator.go

@@ -20,7 +20,6 @@ import (
 // FakeWebhookAuthenticators implements WebhookAuthenticatorInterface
 type FakeWebhookAuthenticators struct {
 	Fake *FakeAuthenticationV1alpha1
-	ns   string
 }
 
 var webhookauthenticatorsResource = schema.GroupVersionResource{Group: "authentication.concierge.pinniped.dev", Version: "v1alpha1", Resource: "webhookauthenticators"}
@@ -30,8 +29,7 @@ var webhookauthenticatorsKind = schema.GroupVersionKind{Group: "authentication.c
 // Get takes name of the webhookAuthenticator, and returns the corresponding webhookAuthenticator object, and an error if there is any.
 func (c *FakeWebhookAuthenticators) Get(ctx context.Context, name string, options v1.GetOptions) (result *v1alpha1.WebhookAuthenticator, err error) {
 	obj, err := c.Fake.
-		Invokes(testing.NewGetAction(webhookauthenticatorsResource, c.ns, name), &v1alpha1.WebhookAuthenticator{})
+		Invokes(testing.NewRootGetAction(webhookauthenticatorsResource, name), &v1alpha1.WebhookAuthenticator{})
-
 	if obj == nil {
 		return nil, err
 	}
@@ -41,8 +39,7 @@ func (c *FakeWebhookAuthenticators) Get(ctx context.Context, name string, option
 // List takes label and field selectors, and returns the list of WebhookAuthenticators that match those selectors.
 func (c *FakeWebhookAuthenticators) List(ctx context.Context, opts v1.ListOptions) (result *v1alpha1.WebhookAuthenticatorList, err error) {
 	obj, err := c.Fake.
-		Invokes(testing.NewListAction(webhookauthenticatorsResource, webhookauthenticatorsKind, c.ns, opts), &v1alpha1.WebhookAuthenticatorList{})
+		Invokes(testing.NewRootListAction(webhookauthenticatorsResource, webhookauthenticatorsKind, opts), &v1alpha1.WebhookAuthenticatorList{})
-
 	if obj == nil {
 		return nil, err
 	}
@@ -63,15 +60,13 @@ func (c *FakeWebhookAuthenticators) List(ctx context.Context, opts v1.ListOption
 // Watch returns a watch.Interface that watches the requested webhookAuthenticators.
 func (c *FakeWebhookAuthenticators) Watch(ctx context.Context, opts v1.ListOptions) (watch.Interface, error) {
 	return c.Fake.
-		InvokesWatch(testing.NewWatchAction(webhookauthenticatorsResource, c.ns, opts))
+		InvokesWatch(testing.NewRootWatchAction(webhookauthenticatorsResource, opts))
-
 }
 
 // Create takes the representation of a webhookAuthenticator and creates it.  Returns the server's representation of the webhookAuthenticator, and an error, if there is any.
 func (c *FakeWebhookAuthenticators) Create(ctx context.Context, webhookAuthenticator *v1alpha1.WebhookAuthenticator, opts v1.CreateOptions) (result *v1alpha1.WebhookAuthenticator, err error) {
 	obj, err := c.Fake.
-		Invokes(testing.NewCreateAction(webhookauthenticatorsResource, c.ns, webhookAuthenticator), &v1alpha1.WebhookAuthenticator{})
+		Invokes(testing.NewRootCreateAction(webhookauthenticatorsResource, webhookAuthenticator), &v1alpha1.WebhookAuthenticator{})
-
 	if obj == nil {
 		return nil, err
 	}
@@ -81,8 +76,7 @@ func (c *FakeWebhookAuthenticators) Create(ctx context.Context, webhookAuthentic
 // Update takes the representation of a webhookAuthenticator and updates it. Returns the server's representation of the webhookAuthenticator, and an error, if there is any.
 func (c *FakeWebhookAuthenticators) Update(ctx context.Context, webhookAuthenticator *v1alpha1.WebhookAuthenticator, opts v1.UpdateOptions) (result *v1alpha1.WebhookAuthenticator, err error) {
 	obj, err := c.Fake.
-		Invokes(testing.NewUpdateAction(webhookauthenticatorsResource, c.ns, webhookAuthenticator), &v1alpha1.WebhookAuthenticator{})
+		Invokes(testing.NewRootUpdateAction(webhookauthenticatorsResource, webhookAuthenticator), &v1alpha1.WebhookAuthenticator{})
-
 	if obj == nil {
 		return nil, err
 	}
@@ -93,8 +87,7 @@ func (c *FakeWebhookAuthenticators) Update(ctx context.Context, webhookAuthentic
 // Add a +genclient:noStatus comment above the type to avoid generating UpdateStatus().
 func (c *FakeWebhookAuthenticators) UpdateStatus(ctx context.Context, webhookAuthenticator *v1alpha1.WebhookAuthenticator, opts v1.UpdateOptions) (*v1alpha1.WebhookAuthenticator, error) {
 	obj, err := c.Fake.
-		Invokes(testing.NewUpdateSubresourceAction(webhookauthenticatorsResource, "status", c.ns, webhookAuthenticator), &v1alpha1.WebhookAuthenticator{})
+		Invokes(testing.NewRootUpdateSubresourceAction(webhookauthenticatorsResource, "status", webhookAuthenticator), &v1alpha1.WebhookAuthenticator{})
-
 	if obj == nil {
 		return nil, err
 	}
@@ -104,14 +97,13 @@ func (c *FakeWebhookAuthenticators) UpdateStatus(ctx context.Context, webhookAut
 // Delete takes name of the webhookAuthenticator and deletes it. Returns an error if one occurs.
 func (c *FakeWebhookAuthenticators) Delete(ctx context.Context, name string, opts v1.DeleteOptions) error {
 	_, err := c.Fake.
-		Invokes(testing.NewDeleteAction(webhookauthenticatorsResource, c.ns, name), &v1alpha1.WebhookAuthenticator{})
+		Invokes(testing.NewRootDeleteAction(webhookauthenticatorsResource, name), &v1alpha1.WebhookAuthenticator{})
-
 	return err
 }
 
 // DeleteCollection deletes a collection of objects.
 func (c *FakeWebhookAuthenticators) DeleteCollection(ctx context.Context, opts v1.DeleteOptions, listOpts v1.ListOptions) error {
-	action := testing.NewDeleteCollectionAction(webhookauthenticatorsResource, c.ns, listOpts)
+	action := testing.NewRootDeleteCollectionAction(webhookauthenticatorsResource, listOpts)
 
 	_, err := c.Fake.Invokes(action, &v1alpha1.WebhookAuthenticatorList{})
 	return err
@@ -120,8 +112,7 @@ func (c *FakeWebhookAuthenticators) DeleteCollection(ctx context.Context, opts v
 // Patch applies the patch and returns the patched webhookAuthenticator.
 func (c *FakeWebhookAuthenticators) Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts v1.PatchOptions, subresources ...string) (result *v1alpha1.WebhookAuthenticator, err error) {
 	obj, err := c.Fake.
-		Invokes(testing.NewPatchSubresourceAction(webhookauthenticatorsResource, c.ns, name, pt, data, subresources...), &v1alpha1.WebhookAuthenticator{})
+		Invokes(testing.NewRootPatchSubresourceAction(webhookauthenticatorsResource, name, pt, data, subresources...), &v1alpha1.WebhookAuthenticator{})
-
 	if obj == nil {
 		return nil, err
 	}

generated/1.18/client/concierge/clientset/versioned/typed/authentication/v1alpha1/jwtauthenticator.go

@@ -20,7 +20,7 @@ import (
 // JWTAuthenticatorsGetter has a method to return a JWTAuthenticatorInterface.
 // A group's client should implement this interface.
 type JWTAuthenticatorsGetter interface {
-	JWTAuthenticators(namespace string) JWTAuthenticatorInterface
+	JWTAuthenticators() JWTAuthenticatorInterface
 }
 
 // JWTAuthenticatorInterface has methods to work with JWTAuthenticator resources.
@@ -40,14 +40,12 @@ type JWTAuthenticatorInterface interface {
 // jWTAuthenticators implements JWTAuthenticatorInterface
 type jWTAuthenticators struct {
 	client rest.Interface
-	ns     string
 }
 
 // newJWTAuthenticators returns a JWTAuthenticators
-func newJWTAuthenticators(c *AuthenticationV1alpha1Client, namespace string) *jWTAuthenticators {
+func newJWTAuthenticators(c *AuthenticationV1alpha1Client) *jWTAuthenticators {
 	return &jWTAuthenticators{
 		client: c.RESTClient(),
-		ns:     namespace,
 	}
 }
 
@@ -55,7 +53,6 @@ func newJWTAuthenticators(c *AuthenticationV1alpha1Client, namespace string) *jW
 func (c *jWTAuthenticators) Get(ctx context.Context, name string, options v1.GetOptions) (result *v1alpha1.JWTAuthenticator, err error) {
 	result = &v1alpha1.JWTAuthenticator{}
 	err = c.client.Get().
-		Namespace(c.ns).
 		Resource("jwtauthenticators").
 		Name(name).
 		VersionedParams(&options, scheme.ParameterCodec).
@@ -72,7 +69,6 @@ func (c *jWTAuthenticators) List(ctx context.Context, opts v1.ListOptions) (resu
 	}
 	result = &v1alpha1.JWTAuthenticatorList{}
 	err = c.client.Get().
-		Namespace(c.ns).
 		Resource("jwtauthenticators").
 		VersionedParams(&opts, scheme.ParameterCodec).
 		Timeout(timeout).
@@ -89,7 +85,6 @@ func (c *jWTAuthenticators) Watch(ctx context.Context, opts v1.ListOptions) (wat
 	}
 	opts.Watch = true
 	return c.client.Get().
-		Namespace(c.ns).
 		Resource("jwtauthenticators").
 		VersionedParams(&opts, scheme.ParameterCodec).
 		Timeout(timeout).
@@ -100,7 +95,6 @@ func (c *jWTAuthenticators) Watch(ctx context.Context, opts v1.ListOptions) (wat
 func (c *jWTAuthenticators) Create(ctx context.Context, jWTAuthenticator *v1alpha1.JWTAuthenticator, opts v1.CreateOptions) (result *v1alpha1.JWTAuthenticator, err error) {
 	result = &v1alpha1.JWTAuthenticator{}
 	err = c.client.Post().
-		Namespace(c.ns).
 		Resource("jwtauthenticators").
 		VersionedParams(&opts, scheme.ParameterCodec).
 		Body(jWTAuthenticator).
@@ -113,7 +107,6 @@ func (c *jWTAuthenticators) Create(ctx context.Context, jWTAuthenticator *v1alph
 func (c *jWTAuthenticators) Update(ctx context.Context, jWTAuthenticator *v1alpha1.JWTAuthenticator, opts v1.UpdateOptions) (result *v1alpha1.JWTAuthenticator, err error) {
 	result = &v1alpha1.JWTAuthenticator{}
 	err = c.client.Put().
-		Namespace(c.ns).
 		Resource("jwtauthenticators").
 		Name(jWTAuthenticator.Name).
 		VersionedParams(&opts, scheme.ParameterCodec).
@@ -128,7 +121,6 @@ func (c *jWTAuthenticators) Update(ctx context.Context, jWTAuthenticator *v1alph
 func (c *jWTAuthenticators) UpdateStatus(ctx context.Context, jWTAuthenticator *v1alpha1.JWTAuthenticator, opts v1.UpdateOptions) (result *v1alpha1.JWTAuthenticator, err error) {
 	result = &v1alpha1.JWTAuthenticator{}
 	err = c.client.Put().
-		Namespace(c.ns).
 		Resource("jwtauthenticators").
 		Name(jWTAuthenticator.Name).
 		SubResource("status").
@@ -142,7 +134,6 @@ func (c *jWTAuthenticators) UpdateStatus(ctx context.Context, jWTAuthenticator *
 // Delete takes name of the jWTAuthenticator and deletes it. Returns an error if one occurs.
 func (c *jWTAuthenticators) Delete(ctx context.Context, name string, opts v1.DeleteOptions) error {
 	return c.client.Delete().
-		Namespace(c.ns).
 		Resource("jwtauthenticators").
 		Name(name).
 		Body(&opts).
@@ -157,7 +148,6 @@ func (c *jWTAuthenticators) DeleteCollection(ctx context.Context, opts v1.Delete
 		timeout = time.Duration(*listOpts.TimeoutSeconds) * time.Second
 	}
 	return c.client.Delete().
-		Namespace(c.ns).
 		Resource("jwtauthenticators").
 		VersionedParams(&listOpts, scheme.ParameterCodec).
 		Timeout(timeout).
@@ -170,7 +160,6 @@ func (c *jWTAuthenticators) DeleteCollection(ctx context.Context, opts v1.Delete
 func (c *jWTAuthenticators) Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts v1.PatchOptions, subresources ...string) (result *v1alpha1.JWTAuthenticator, err error) {
 	result = &v1alpha1.JWTAuthenticator{}
 	err = c.client.Patch(pt).
-		Namespace(c.ns).
 		Resource("jwtauthenticators").
 		Name(name).
 		SubResource(subresources...).

generated/1.18/client/concierge/clientset/versioned/typed/authentication/v1alpha1/webhookauthenticator.go

@@ -20,7 +20,7 @@ import (
 // WebhookAuthenticatorsGetter has a method to return a WebhookAuthenticatorInterface.
 // A group's client should implement this interface.
 type WebhookAuthenticatorsGetter interface {
-	WebhookAuthenticators(namespace string) WebhookAuthenticatorInterface
+	WebhookAuthenticators() WebhookAuthenticatorInterface
 }
 
 // WebhookAuthenticatorInterface has methods to work with WebhookAuthenticator resources.
@@ -40,14 +40,12 @@ type WebhookAuthenticatorInterface interface {
 // webhookAuthenticators implements WebhookAuthenticatorInterface
 type webhookAuthenticators struct {
 	client rest.Interface
-	ns     string
 }
 
 // newWebhookAuthenticators returns a WebhookAuthenticators
-func newWebhookAuthenticators(c *AuthenticationV1alpha1Client, namespace string) *webhookAuthenticators {
+func newWebhookAuthenticators(c *AuthenticationV1alpha1Client) *webhookAuthenticators {
 	return &webhookAuthenticators{
 		client: c.RESTClient(),
-		ns:     namespace,
 	}
 }
 
@@ -55,7 +53,6 @@ func newWebhookAuthenticators(c *AuthenticationV1alpha1Client, namespace string)
 func (c *webhookAuthenticators) Get(ctx context.Context, name string, options v1.GetOptions) (result *v1alpha1.WebhookAuthenticator, err error) {
 	result = &v1alpha1.WebhookAuthenticator{}
 	err = c.client.Get().
-		Namespace(c.ns).
 		Resource("webhookauthenticators").
 		Name(name).
 		VersionedParams(&options, scheme.ParameterCodec).
@@ -72,7 +69,6 @@ func (c *webhookAuthenticators) List(ctx context.Context, opts v1.ListOptions) (
 	}
 	result = &v1alpha1.WebhookAuthenticatorList{}
 	err = c.client.Get().
-		Namespace(c.ns).
 		Resource("webhookauthenticators").
 		VersionedParams(&opts, scheme.ParameterCodec).
 		Timeout(timeout).
@@ -89,7 +85,6 @@ func (c *webhookAuthenticators) Watch(ctx context.Context, opts v1.ListOptions)
 	}
 	opts.Watch = true
 	return c.client.Get().
-		Namespace(c.ns).
 		Resource("webhookauthenticators").
 		VersionedParams(&opts, scheme.ParameterCodec).
 		Timeout(timeout).
@@ -100,7 +95,6 @@ func (c *webhookAuthenticators) Watch(ctx context.Context, opts v1.ListOptions)
 func (c *webhookAuthenticators) Create(ctx context.Context, webhookAuthenticator *v1alpha1.WebhookAuthenticator, opts v1.CreateOptions) (result *v1alpha1.WebhookAuthenticator, err error) {
 	result = &v1alpha1.WebhookAuthenticator{}
 	err = c.client.Post().
-		Namespace(c.ns).
 		Resource("webhookauthenticators").
 		VersionedParams(&opts, scheme.ParameterCodec).
 		Body(webhookAuthenticator).
@@ -113,7 +107,6 @@ func (c *webhookAuthenticators) Create(ctx context.Context, webhookAuthenticator
 func (c *webhookAuthenticators) Update(ctx context.Context, webhookAuthenticator *v1alpha1.WebhookAuthenticator, opts v1.UpdateOptions) (result *v1alpha1.WebhookAuthenticator, err error) {
 	result = &v1alpha1.WebhookAuthenticator{}
 	err = c.client.Put().
-		Namespace(c.ns).
 		Resource("webhookauthenticators").
 		Name(webhookAuthenticator.Name).
 		VersionedParams(&opts, scheme.ParameterCodec).
@@ -128,7 +121,6 @@ func (c *webhookAuthenticators) Update(ctx context.Context, webhookAuthenticator
 func (c *webhookAuthenticators) UpdateStatus(ctx context.Context, webhookAuthenticator *v1alpha1.WebhookAuthenticator, opts v1.UpdateOptions) (result *v1alpha1.WebhookAuthenticator, err error) {
 	result = &v1alpha1.WebhookAuthenticator{}
 	err = c.client.Put().
-		Namespace(c.ns).
 		Resource("webhookauthenticators").
 		Name(webhookAuthenticator.Name).
 		SubResource("status").
@@ -142,7 +134,6 @@ func (c *webhookAuthenticators) UpdateStatus(ctx context.Context, webhookAuthent
 // Delete takes name of the webhookAuthenticator and deletes it. Returns an error if one occurs.
 func (c *webhookAuthenticators) Delete(ctx context.Context, name string, opts v1.DeleteOptions) error {
 	return c.client.Delete().
-		Namespace(c.ns).
 		Resource("webhookauthenticators").
 		Name(name).
 		Body(&opts).
@@ -157,7 +148,6 @@ func (c *webhookAuthenticators) DeleteCollection(ctx context.Context, opts v1.De
 		timeout = time.Duration(*listOpts.TimeoutSeconds) * time.Second
 	}
 	return c.client.Delete().
-		Namespace(c.ns).
 		Resource("webhookauthenticators").
 		VersionedParams(&listOpts, scheme.ParameterCodec).
 		Timeout(timeout).
@@ -170,7 +160,6 @@ func (c *webhookAuthenticators) DeleteCollection(ctx context.Context, opts v1.De
 func (c *webhookAuthenticators) Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts v1.PatchOptions, subresources ...string) (result *v1alpha1.WebhookAuthenticator, err error) {
 	result = &v1alpha1.WebhookAuthenticator{}
 	err = c.client.Patch(pt).
-		Namespace(c.ns).
 		Resource("webhookauthenticators").
 		Name(name).
 		SubResource(subresources...).

generated/1.18/client/concierge/clientset/versioned/typed/config/v1alpha1/config_client.go

@@ -21,8 +21,8 @@ type ConfigV1alpha1Client struct {
 	restClient rest.Interface
 }
 
-func (c *ConfigV1alpha1Client) CredentialIssuers(namespace string) CredentialIssuerInterface {
+func (c *ConfigV1alpha1Client) CredentialIssuers() CredentialIssuerInterface {
-	return newCredentialIssuers(c, namespace)
+	return newCredentialIssuers(c)
 }
 
 // NewForConfig creates a new ConfigV1alpha1Client for the given config.

generated/1.18/client/concierge/clientset/versioned/typed/config/v1alpha1/credentialissuer.go

@@ -20,7 +20,7 @@ import (
 // CredentialIssuersGetter has a method to return a CredentialIssuerInterface.
 // A group's client should implement this interface.
 type CredentialIssuersGetter interface {
-	CredentialIssuers(namespace string) CredentialIssuerInterface
+	CredentialIssuers() CredentialIssuerInterface
 }
 
 // CredentialIssuerInterface has methods to work with CredentialIssuer resources.
@@ -40,14 +40,12 @@ type CredentialIssuerInterface interface {
 // credentialIssuers implements CredentialIssuerInterface
 type credentialIssuers struct {
 	client rest.Interface
-	ns     string
 }
 
 // newCredentialIssuers returns a CredentialIssuers
-func newCredentialIssuers(c *ConfigV1alpha1Client, namespace string) *credentialIssuers {
+func newCredentialIssuers(c *ConfigV1alpha1Client) *credentialIssuers {
 	return &credentialIssuers{
 		client: c.RESTClient(),
-		ns:     namespace,
 	}
 }
 
@@ -55,7 +53,6 @@ func newCredentialIssuers(c *ConfigV1alpha1Client, namespace string) *credential
 func (c *credentialIssuers) Get(ctx context.Context, name string, options v1.GetOptions) (result *v1alpha1.CredentialIssuer, err error) {
 	result = &v1alpha1.CredentialIssuer{}
 	err = c.client.Get().
-		Namespace(c.ns).
 		Resource("credentialissuers").
 		Name(name).
 		VersionedParams(&options, scheme.ParameterCodec).
@@ -72,7 +69,6 @@ func (c *credentialIssuers) List(ctx context.Context, opts v1.ListOptions) (resu
 	}
 	result = &v1alpha1.CredentialIssuerList{}
 	err = c.client.Get().
-		Namespace(c.ns).
 		Resource("credentialissuers").
 		VersionedParams(&opts, scheme.ParameterCodec).
 		Timeout(timeout).
@@ -89,7 +85,6 @@ func (c *credentialIssuers) Watch(ctx context.Context, opts v1.ListOptions) (wat
 	}
 	opts.Watch = true
 	return c.client.Get().
-		Namespace(c.ns).
 		Resource("credentialissuers").
 		VersionedParams(&opts, scheme.ParameterCodec).
 		Timeout(timeout).
@@ -100,7 +95,6 @@ func (c *credentialIssuers) Watch(ctx context.Context, opts v1.ListOptions) (wat
 func (c *credentialIssuers) Create(ctx context.Context, credentialIssuer *v1alpha1.CredentialIssuer, opts v1.CreateOptions) (result *v1alpha1.CredentialIssuer, err error) {
 	result = &v1alpha1.CredentialIssuer{}
 	err = c.client.Post().
-		Namespace(c.ns).
 		Resource("credentialissuers").
 		VersionedParams(&opts, scheme.ParameterCodec).
 		Body(credentialIssuer).
@@ -113,7 +107,6 @@ func (c *credentialIssuers) Create(ctx context.Context, credentialIssuer *v1alph
 func (c *credentialIssuers) Update(ctx context.Context, credentialIssuer *v1alpha1.CredentialIssuer, opts v1.UpdateOptions) (result *v1alpha1.CredentialIssuer, err error) {
 	result = &v1alpha1.CredentialIssuer{}
 	err = c.client.Put().
-		Namespace(c.ns).
 		Resource("credentialissuers").
 		Name(credentialIssuer.Name).
 		VersionedParams(&opts, scheme.ParameterCodec).
@@ -128,7 +121,6 @@ func (c *credentialIssuers) Update(ctx context.Context, credentialIssuer *v1alph
 func (c *credentialIssuers) UpdateStatus(ctx context.Context, credentialIssuer *v1alpha1.CredentialIssuer, opts v1.UpdateOptions) (result *v1alpha1.CredentialIssuer, err error) {
 	result = &v1alpha1.CredentialIssuer{}
 	err = c.client.Put().
-		Namespace(c.ns).
 		Resource("credentialissuers").
 		Name(credentialIssuer.Name).
 		SubResource("status").
@@ -142,7 +134,6 @@ func (c *credentialIssuers) UpdateStatus(ctx context.Context, credentialIssuer *
 // Delete takes name of the credentialIssuer and deletes it. Returns an error if one occurs.
 func (c *credentialIssuers) Delete(ctx context.Context, name string, opts v1.DeleteOptions) error {
 	return c.client.Delete().
-		Namespace(c.ns).
 		Resource("credentialissuers").
 		Name(name).
 		Body(&opts).
@@ -157,7 +148,6 @@ func (c *credentialIssuers) DeleteCollection(ctx context.Context, opts v1.Delete
 		timeout = time.Duration(*listOpts.TimeoutSeconds) * time.Second
 	}
 	return c.client.Delete().
-		Namespace(c.ns).
 		Resource("credentialissuers").
 		VersionedParams(&listOpts, scheme.ParameterCodec).
 		Timeout(timeout).
@@ -170,7 +160,6 @@ func (c *credentialIssuers) DeleteCollection(ctx context.Context, opts v1.Delete
 func (c *credentialIssuers) Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts v1.PatchOptions, subresources ...string) (result *v1alpha1.CredentialIssuer, err error) {
 	result = &v1alpha1.CredentialIssuer{}
 	err = c.client.Patch(pt).
-		Namespace(c.ns).
 		Resource("credentialissuers").
 		Name(name).
 		SubResource(subresources...).

generated/1.18/client/concierge/clientset/versioned/typed/config/v1alpha1/fake/fake_config_client.go

@@ -15,8 +15,8 @@ type FakeConfigV1alpha1 struct {
 	*testing.Fake
 }
 
-func (c *FakeConfigV1alpha1) CredentialIssuers(namespace string) v1alpha1.CredentialIssuerInterface {
+func (c *FakeConfigV1alpha1) CredentialIssuers() v1alpha1.CredentialIssuerInterface {
-	return &FakeCredentialIssuers{c, namespace}
+	return &FakeCredentialIssuers{c}
 }
 
 // RESTClient returns a RESTClient that is used to communicate

generated/1.18/client/concierge/clientset/versioned/typed/config/v1alpha1/fake/fake_credentialissuer.go

@@ -20,7 +20,6 @@ import (
 // FakeCredentialIssuers implements CredentialIssuerInterface
 type FakeCredentialIssuers struct {
 	Fake *FakeConfigV1alpha1
-	ns   string
 }
 
 var credentialissuersResource = schema.GroupVersionResource{Group: "config.concierge.pinniped.dev", Version: "v1alpha1", Resource: "credentialissuers"}
@@ -30,8 +29,7 @@ var credentialissuersKind = schema.GroupVersionKind{Group: "config.concierge.pin
 // Get takes name of the credentialIssuer, and returns the corresponding credentialIssuer object, and an error if there is any.
 func (c *FakeCredentialIssuers) Get(ctx context.Context, name string, options v1.GetOptions) (result *v1alpha1.CredentialIssuer, err error) {
 	obj, err := c.Fake.
-		Invokes(testing.NewGetAction(credentialissuersResource, c.ns, name), &v1alpha1.CredentialIssuer{})
+		Invokes(testing.NewRootGetAction(credentialissuersResource, name), &v1alpha1.CredentialIssuer{})
-
 	if obj == nil {
 		return nil, err
 	}
@@ -41,8 +39,7 @@ func (c *FakeCredentialIssuers) Get(ctx context.Context, name string, options v1
 // List takes label and field selectors, and returns the list of CredentialIssuers that match those selectors.
 func (c *FakeCredentialIssuers) List(ctx context.Context, opts v1.ListOptions) (result *v1alpha1.CredentialIssuerList, err error) {
 	obj, err := c.Fake.
-		Invokes(testing.NewListAction(credentialissuersResource, credentialissuersKind, c.ns, opts), &v1alpha1.CredentialIssuerList{})
+		Invokes(testing.NewRootListAction(credentialissuersResource, credentialissuersKind, opts), &v1alpha1.CredentialIssuerList{})
-
 	if obj == nil {
 		return nil, err
 	}
@@ -63,15 +60,13 @@ func (c *FakeCredentialIssuers) List(ctx context.Context, opts v1.ListOptions) (
 // Watch returns a watch.Interface that watches the requested credentialIssuers.
 func (c *FakeCredentialIssuers) Watch(ctx context.Context, opts v1.ListOptions) (watch.Interface, error) {
 	return c.Fake.
-		InvokesWatch(testing.NewWatchAction(credentialissuersResource, c.ns, opts))
+		InvokesWatch(testing.NewRootWatchAction(credentialissuersResource, opts))
-
 }
 
 // Create takes the representation of a credentialIssuer and creates it.  Returns the server's representation of the credentialIssuer, and an error, if there is any.
 func (c *FakeCredentialIssuers) Create(ctx context.Context, credentialIssuer *v1alpha1.CredentialIssuer, opts v1.CreateOptions) (result *v1alpha1.CredentialIssuer, err error) {
 	obj, err := c.Fake.
-		Invokes(testing.NewCreateAction(credentialissuersResource, c.ns, credentialIssuer), &v1alpha1.CredentialIssuer{})
+		Invokes(testing.NewRootCreateAction(credentialissuersResource, credentialIssuer), &v1alpha1.CredentialIssuer{})
-
 	if obj == nil {
 		return nil, err
 	}
@@ -81,8 +76,7 @@ func (c *FakeCredentialIssuers) Create(ctx context.Context, credentialIssuer *v1
 // Update takes the representation of a credentialIssuer and updates it. Returns the server's representation of the credentialIssuer, and an error, if there is any.
 func (c *FakeCredentialIssuers) Update(ctx context.Context, credentialIssuer *v1alpha1.CredentialIssuer, opts v1.UpdateOptions) (result *v1alpha1.CredentialIssuer, err error) {
 	obj, err := c.Fake.
-		Invokes(testing.NewUpdateAction(credentialissuersResource, c.ns, credentialIssuer), &v1alpha1.CredentialIssuer{})
+		Invokes(testing.NewRootUpdateAction(credentialissuersResource, credentialIssuer), &v1alpha1.CredentialIssuer{})
-
 	if obj == nil {
 		return nil, err
 	}
@@ -93,8 +87,7 @@ func (c *FakeCredentialIssuers) Update(ctx context.Context, credentialIssuer *v1
 // Add a +genclient:noStatus comment above the type to avoid generating UpdateStatus().
 func (c *FakeCredentialIssuers) UpdateStatus(ctx context.Context, credentialIssuer *v1alpha1.CredentialIssuer, opts v1.UpdateOptions) (*v1alpha1.CredentialIssuer, error) {
 	obj, err := c.Fake.
-		Invokes(testing.NewUpdateSubresourceAction(credentialissuersResource, "status", c.ns, credentialIssuer), &v1alpha1.CredentialIssuer{})
+		Invokes(testing.NewRootUpdateSubresourceAction(credentialissuersResource, "status", credentialIssuer), &v1alpha1.CredentialIssuer{})
-
 	if obj == nil {
 		return nil, err
 	}
@@ -104,14 +97,13 @@ func (c *FakeCredentialIssuers) UpdateStatus(ctx context.Context, credentialIssu
 // Delete takes name of the credentialIssuer and deletes it. Returns an error if one occurs.
 func (c *FakeCredentialIssuers) Delete(ctx context.Context, name string, opts v1.DeleteOptions) error {
 	_, err := c.Fake.
-		Invokes(testing.NewDeleteAction(credentialissuersResource, c.ns, name), &v1alpha1.CredentialIssuer{})
+		Invokes(testing.NewRootDeleteAction(credentialissuersResource, name), &v1alpha1.CredentialIssuer{})
-
 	return err
 }
 
 // DeleteCollection deletes a collection of objects.
 func (c *FakeCredentialIssuers) DeleteCollection(ctx context.Context, opts v1.DeleteOptions, listOpts v1.ListOptions) error {
-	action := testing.NewDeleteCollectionAction(credentialissuersResource, c.ns, listOpts)
+	action := testing.NewRootDeleteCollectionAction(credentialissuersResource, listOpts)
 
 	_, err := c.Fake.Invokes(action, &v1alpha1.CredentialIssuerList{})
 	return err
@@ -120,8 +112,7 @@ func (c *FakeCredentialIssuers) DeleteCollection(ctx context.Context, opts v1.De
 // Patch applies the patch and returns the patched credentialIssuer.
 func (c *FakeCredentialIssuers) Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts v1.PatchOptions, subresources ...string) (result *v1alpha1.CredentialIssuer, err error) {
 	obj, err := c.Fake.
-		Invokes(testing.NewPatchSubresourceAction(credentialissuersResource, c.ns, name, pt, data, subresources...), &v1alpha1.CredentialIssuer{})
+		Invokes(testing.NewRootPatchSubresourceAction(credentialissuersResource, name, pt, data, subresources...), &v1alpha1.CredentialIssuer{})
-
 	if obj == nil {
 		return nil, err
 	}

generated/1.18/client/concierge/clientset/versioned/typed/login/v1alpha1/fake/fake_login_client.go

@@ -15,8 +15,8 @@ type FakeLoginV1alpha1 struct {
 	*testing.Fake
 }
 
-func (c *FakeLoginV1alpha1) TokenCredentialRequests(namespace string) v1alpha1.TokenCredentialRequestInterface {
+func (c *FakeLoginV1alpha1) TokenCredentialRequests() v1alpha1.TokenCredentialRequestInterface {
-	return &FakeTokenCredentialRequests{c, namespace}
+	return &FakeTokenCredentialRequests{c}
 }
 
 // RESTClient returns a RESTClient that is used to communicate

generated/1.18/client/concierge/clientset/versioned/typed/login/v1alpha1/fake/fake_tokencredentialrequest.go

@@ -20,7 +20,6 @@ import (
 // FakeTokenCredentialRequests implements TokenCredentialRequestInterface
 type FakeTokenCredentialRequests struct {
 	Fake *FakeLoginV1alpha1
-	ns   string
 }
 
 var tokencredentialrequestsResource = schema.GroupVersionResource{Group: "login.concierge.pinniped.dev", Version: "v1alpha1", Resource: "tokencredentialrequests"}
@@ -30,8 +29,7 @@ var tokencredentialrequestsKind = schema.GroupVersionKind{Group: "login.concierg
 // Get takes name of the tokenCredentialRequest, and returns the corresponding tokenCredentialRequest object, and an error if there is any.
 func (c *FakeTokenCredentialRequests) Get(ctx context.Context, name string, options v1.GetOptions) (result *v1alpha1.TokenCredentialRequest, err error) {
 	obj, err := c.Fake.
-		Invokes(testing.NewGetAction(tokencredentialrequestsResource, c.ns, name), &v1alpha1.TokenCredentialRequest{})
+		Invokes(testing.NewRootGetAction(tokencredentialrequestsResource, name), &v1alpha1.TokenCredentialRequest{})
-
 	if obj == nil {
 		return nil, err
 	}
@@ -41,8 +39,7 @@ func (c *FakeTokenCredentialRequests) Get(ctx context.Context, name string, opti
 // List takes label and field selectors, and returns the list of TokenCredentialRequests that match those selectors.
 func (c *FakeTokenCredentialRequests) List(ctx context.Context, opts v1.ListOptions) (result *v1alpha1.TokenCredentialRequestList, err error) {
 	obj, err := c.Fake.
-		Invokes(testing.NewListAction(tokencredentialrequestsResource, tokencredentialrequestsKind, c.ns, opts), &v1alpha1.TokenCredentialRequestList{})
+		Invokes(testing.NewRootListAction(tokencredentialrequestsResource, tokencredentialrequestsKind, opts), &v1alpha1.TokenCredentialRequestList{})
-
 	if obj == nil {
 		return nil, err
 	}
@@ -63,15 +60,13 @@ func (c *FakeTokenCredentialRequests) List(ctx context.Context, opts v1.ListOpti
 // Watch returns a watch.Interface that watches the requested tokenCredentialRequests.
 func (c *FakeTokenCredentialRequests) Watch(ctx context.Context, opts v1.ListOptions) (watch.Interface, error) {
 	return c.Fake.
-		InvokesWatch(testing.NewWatchAction(tokencredentialrequestsResource, c.ns, opts))
+		InvokesWatch(testing.NewRootWatchAction(tokencredentialrequestsResource, opts))
-
 }
 
 // Create takes the representation of a tokenCredentialRequest and creates it.  Returns the server's representation of the tokenCredentialRequest, and an error, if there is any.
 func (c *FakeTokenCredentialRequests) Create(ctx context.Context, tokenCredentialRequest *v1alpha1.TokenCredentialRequest, opts v1.CreateOptions) (result *v1alpha1.TokenCredentialRequest, err error) {
 	obj, err := c.Fake.
-		Invokes(testing.NewCreateAction(tokencredentialrequestsResource, c.ns, tokenCredentialRequest), &v1alpha1.TokenCredentialRequest{})
+		Invokes(testing.NewRootCreateAction(tokencredentialrequestsResource, tokenCredentialRequest), &v1alpha1.TokenCredentialRequest{})
-
 	if obj == nil {
 		return nil, err
 	}
@@ -81,8 +76,7 @@ func (c *FakeTokenCredentialRequests) Create(ctx context.Context, tokenCredentia
 // Update takes the representation of a tokenCredentialRequest and updates it. Returns the server's representation of the tokenCredentialRequest, and an error, if there is any.
 func (c *FakeTokenCredentialRequests) Update(ctx context.Context, tokenCredentialRequest *v1alpha1.TokenCredentialRequest, opts v1.UpdateOptions) (result *v1alpha1.TokenCredentialRequest, err error) {
 	obj, err := c.Fake.
-		Invokes(testing.NewUpdateAction(tokencredentialrequestsResource, c.ns, tokenCredentialRequest), &v1alpha1.TokenCredentialRequest{})
+		Invokes(testing.NewRootUpdateAction(tokencredentialrequestsResource, tokenCredentialRequest), &v1alpha1.TokenCredentialRequest{})
-
 	if obj == nil {
 		return nil, err
 	}
@@ -93,8 +87,7 @@ func (c *FakeTokenCredentialRequests) Update(ctx context.Context, tokenCredentia
 // Add a +genclient:noStatus comment above the type to avoid generating UpdateStatus().
 func (c *FakeTokenCredentialRequests) UpdateStatus(ctx context.Context, tokenCredentialRequest *v1alpha1.TokenCredentialRequest, opts v1.UpdateOptions) (*v1alpha1.TokenCredentialRequest, error) {
 	obj, err := c.Fake.
-		Invokes(testing.NewUpdateSubresourceAction(tokencredentialrequestsResource, "status", c.ns, tokenCredentialRequest), &v1alpha1.TokenCredentialRequest{})
+		Invokes(testing.NewRootUpdateSubresourceAction(tokencredentialrequestsResource, "status", tokenCredentialRequest), &v1alpha1.TokenCredentialRequest{})
-
 	if obj == nil {
 		return nil, err
 	}
@@ -104,14 +97,13 @@ func (c *FakeTokenCredentialRequests) UpdateStatus(ctx context.Context, tokenCre
 // Delete takes name of the tokenCredentialRequest and deletes it. Returns an error if one occurs.
 func (c *FakeTokenCredentialRequests) Delete(ctx context.Context, name string, opts v1.DeleteOptions) error {
 	_, err := c.Fake.
-		Invokes(testing.NewDeleteAction(tokencredentialrequestsResource, c.ns, name), &v1alpha1.TokenCredentialRequest{})
+		Invokes(testing.NewRootDeleteAction(tokencredentialrequestsResource, name), &v1alpha1.TokenCredentialRequest{})
-
 	return err
 }
 
 // DeleteCollection deletes a collection of objects.
 func (c *FakeTokenCredentialRequests) DeleteCollection(ctx context.Context, opts v1.DeleteOptions, listOpts v1.ListOptions) error {
-	action := testing.NewDeleteCollectionAction(tokencredentialrequestsResource, c.ns, listOpts)
+	action := testing.NewRootDeleteCollectionAction(tokencredentialrequestsResource, listOpts)
 
 	_, err := c.Fake.Invokes(action, &v1alpha1.TokenCredentialRequestList{})
 	return err
@@ -120,8 +112,7 @@ func (c *FakeTokenCredentialRequests) DeleteCollection(ctx context.Context, opts
 // Patch applies the patch and returns the patched tokenCredentialRequest.
 func (c *FakeTokenCredentialRequests) Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts v1.PatchOptions, subresources ...string) (result *v1alpha1.TokenCredentialRequest, err error) {
 	obj, err := c.Fake.
-		Invokes(testing.NewPatchSubresourceAction(tokencredentialrequestsResource, c.ns, name, pt, data, subresources...), &v1alpha1.TokenCredentialRequest{})
+		Invokes(testing.NewRootPatchSubresourceAction(tokencredentialrequestsResource, name, pt, data, subresources...), &v1alpha1.TokenCredentialRequest{})
-
 	if obj == nil {
 		return nil, err
 	}

generated/1.18/client/concierge/clientset/versioned/typed/login/v1alpha1/login_client.go

@@ -21,8 +21,8 @@ type LoginV1alpha1Client struct {
 	restClient rest.Interface
 }
 
-func (c *LoginV1alpha1Client) TokenCredentialRequests(namespace string) TokenCredentialRequestInterface {
+func (c *LoginV1alpha1Client) TokenCredentialRequests() TokenCredentialRequestInterface {
-	return newTokenCredentialRequests(c, namespace)
+	return newTokenCredentialRequests(c)
 }
 
 // NewForConfig creates a new LoginV1alpha1Client for the given config.

generated/1.18/client/concierge/clientset/versioned/typed/login/v1alpha1/tokencredentialrequest.go

@@ -20,7 +20,7 @@ import (
 // TokenCredentialRequestsGetter has a method to return a TokenCredentialRequestInterface.
 // A group's client should implement this interface.
 type TokenCredentialRequestsGetter interface {
-	TokenCredentialRequests(namespace string) TokenCredentialRequestInterface
+	TokenCredentialRequests() TokenCredentialRequestInterface
 }
 
 // TokenCredentialRequestInterface has methods to work with TokenCredentialRequest resources.
@@ -40,14 +40,12 @@ type TokenCredentialRequestInterface interface {
 // tokenCredentialRequests implements TokenCredentialRequestInterface
 type tokenCredentialRequests struct {
 	client rest.Interface
-	ns     string
 }
 
 // newTokenCredentialRequests returns a TokenCredentialRequests
-func newTokenCredentialRequests(c *LoginV1alpha1Client, namespace string) *tokenCredentialRequests {
+func newTokenCredentialRequests(c *LoginV1alpha1Client) *tokenCredentialRequests {
 	return &tokenCredentialRequests{
 		client: c.RESTClient(),
-		ns:     namespace,
 	}
 }
 
@@ -55,7 +53,6 @@ func newTokenCredentialRequests(c *LoginV1alpha1Client, namespace string) *token
 func (c *tokenCredentialRequests) Get(ctx context.Context, name string, options v1.GetOptions) (result *v1alpha1.TokenCredentialRequest, err error) {
 	result = &v1alpha1.TokenCredentialRequest{}
 	err = c.client.Get().
-		Namespace(c.ns).
 		Resource("tokencredentialrequests").
 		Name(name).
 		VersionedParams(&options, scheme.ParameterCodec).
@@ -72,7 +69,6 @@ func (c *tokenCredentialRequests) List(ctx context.Context, opts v1.ListOptions)
 	}
 	result = &v1alpha1.TokenCredentialRequestList{}
 	err = c.client.Get().
-		Namespace(c.ns).
 		Resource("tokencredentialrequests").
 		VersionedParams(&opts, scheme.ParameterCodec).
 		Timeout(timeout).
@@ -89,7 +85,6 @@ func (c *tokenCredentialRequests) Watch(ctx context.Context, opts v1.ListOptions
 	}
 	opts.Watch = true
 	return c.client.Get().
-		Namespace(c.ns).
 		Resource("tokencredentialrequests").
 		VersionedParams(&opts, scheme.ParameterCodec).
 		Timeout(timeout).
@@ -100,7 +95,6 @@ func (c *tokenCredentialRequests) Watch(ctx context.Context, opts v1.ListOptions
 func (c *tokenCredentialRequests) Create(ctx context.Context, tokenCredentialRequest *v1alpha1.TokenCredentialRequest, opts v1.CreateOptions) (result *v1alpha1.TokenCredentialRequest, err error) {
 	result = &v1alpha1.TokenCredentialRequest{}
 	err = c.client.Post().
-		Namespace(c.ns).
 		Resource("tokencredentialrequests").
 		VersionedParams(&opts, scheme.ParameterCodec).
 		Body(tokenCredentialRequest).
@@ -113,7 +107,6 @@ func (c *tokenCredentialRequests) Create(ctx context.Context, tokenCredentialReq
 func (c *tokenCredentialRequests) Update(ctx context.Context, tokenCredentialRequest *v1alpha1.TokenCredentialRequest, opts v1.UpdateOptions) (result *v1alpha1.TokenCredentialRequest, err error) {
 	result = &v1alpha1.TokenCredentialRequest{}
 	err = c.client.Put().
-		Namespace(c.ns).
 		Resource("tokencredentialrequests").
 		Name(tokenCredentialRequest.Name).
 		VersionedParams(&opts, scheme.ParameterCodec).
@@ -128,7 +121,6 @@ func (c *tokenCredentialRequests) Update(ctx context.Context, tokenCredentialReq
 func (c *tokenCredentialRequests) UpdateStatus(ctx context.Context, tokenCredentialRequest *v1alpha1.TokenCredentialRequest, opts v1.UpdateOptions) (result *v1alpha1.TokenCredentialRequest, err error) {
 	result = &v1alpha1.TokenCredentialRequest{}
 	err = c.client.Put().
-		Namespace(c.ns).
 		Resource("tokencredentialrequests").
 		Name(tokenCredentialRequest.Name).
 		SubResource("status").
@@ -142,7 +134,6 @@ func (c *tokenCredentialRequests) UpdateStatus(ctx context.Context, tokenCredent
 // Delete takes name of the tokenCredentialRequest and deletes it. Returns an error if one occurs.
 func (c *tokenCredentialRequests) Delete(ctx context.Context, name string, opts v1.DeleteOptions) error {
 	return c.client.Delete().
-		Namespace(c.ns).
 		Resource("tokencredentialrequests").
 		Name(name).
 		Body(&opts).
@@ -157,7 +148,6 @@ func (c *tokenCredentialRequests) DeleteCollection(ctx context.Context, opts v1.
 		timeout = time.Duration(*listOpts.TimeoutSeconds) * time.Second
 	}
 	return c.client.Delete().
-		Namespace(c.ns).
 		Resource("tokencredentialrequests").
 		VersionedParams(&listOpts, scheme.ParameterCodec).
 		Timeout(timeout).
@@ -170,7 +160,6 @@ func (c *tokenCredentialRequests) DeleteCollection(ctx context.Context, opts v1.
 func (c *tokenCredentialRequests) Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts v1.PatchOptions, subresources ...string) (result *v1alpha1.TokenCredentialRequest, err error) {
 	result = &v1alpha1.TokenCredentialRequest{}
 	err = c.client.Patch(pt).
-		Namespace(c.ns).
 		Resource("tokencredentialrequests").
 		Name(name).
 		SubResource(subresources...).

generated/1.18/client/concierge/informers/externalversions/authentication/v1alpha1/interface.go

@@ -30,10 +30,10 @@ func New(f internalinterfaces.SharedInformerFactory, namespace string, tweakList
 
 // JWTAuthenticators returns a JWTAuthenticatorInformer.
 func (v *version) JWTAuthenticators() JWTAuthenticatorInformer {
-	return &jWTAuthenticatorInformer{factory: v.factory, namespace: v.namespace, tweakListOptions: v.tweakListOptions}
+	return &jWTAuthenticatorInformer{factory: v.factory, tweakListOptions: v.tweakListOptions}
 }
 
 // WebhookAuthenticators returns a WebhookAuthenticatorInformer.
 func (v *version) WebhookAuthenticators() WebhookAuthenticatorInformer {
-	return &webhookAuthenticatorInformer{factory: v.factory, namespace: v.namespace, tweakListOptions: v.tweakListOptions}
+	return &webhookAuthenticatorInformer{factory: v.factory, tweakListOptions: v.tweakListOptions}
 }

generated/1.18/client/concierge/informers/externalversions/authentication/v1alpha1/jwtauthenticator.go

@@ -29,33 +29,32 @@ type JWTAuthenticatorInformer interface {
 type jWTAuthenticatorInformer struct {
 	factory          internalinterfaces.SharedInformerFactory
 	tweakListOptions internalinterfaces.TweakListOptionsFunc
-	namespace        string
 }
 
 // NewJWTAuthenticatorInformer constructs a new informer for JWTAuthenticator type.
 // Always prefer using an informer factory to get a shared informer instead of getting an independent
 // one. This reduces memory footprint and number of connections to the server.
-func NewJWTAuthenticatorInformer(client versioned.Interface, namespace string, resyncPeriod time.Duration, indexers cache.Indexers) cache.SharedIndexInformer {
+func NewJWTAuthenticatorInformer(client versioned.Interface, resyncPeriod time.Duration, indexers cache.Indexers) cache.SharedIndexInformer {
-	return NewFilteredJWTAuthenticatorInformer(client, namespace, resyncPeriod, indexers, nil)
+	return NewFilteredJWTAuthenticatorInformer(client, resyncPeriod, indexers, nil)
 }
 
 // NewFilteredJWTAuthenticatorInformer constructs a new informer for JWTAuthenticator type.
 // Always prefer using an informer factory to get a shared informer instead of getting an independent
 // one. This reduces memory footprint and number of connections to the server.
-func NewFilteredJWTAuthenticatorInformer(client versioned.Interface, namespace string, resyncPeriod time.Duration, indexers cache.Indexers, tweakListOptions internalinterfaces.TweakListOptionsFunc) cache.SharedIndexInformer {
+func NewFilteredJWTAuthenticatorInformer(client versioned.Interface, resyncPeriod time.Duration, indexers cache.Indexers, tweakListOptions internalinterfaces.TweakListOptionsFunc) cache.SharedIndexInformer {
 	return cache.NewSharedIndexInformer(
 		&cache.ListWatch{
 			ListFunc: func(options v1.ListOptions) (runtime.Object, error) {
 				if tweakListOptions != nil {
 					tweakListOptions(&options)
 				}
-				return client.AuthenticationV1alpha1().JWTAuthenticators(namespace).List(context.TODO(), options)
+				return client.AuthenticationV1alpha1().JWTAuthenticators().List(context.TODO(), options)
 			},
 			WatchFunc: func(options v1.ListOptions) (watch.Interface, error) {
 				if tweakListOptions != nil {
 					tweakListOptions(&options)
 				}
-				return client.AuthenticationV1alpha1().JWTAuthenticators(namespace).Watch(context.TODO(), options)
+				return client.AuthenticationV1alpha1().JWTAuthenticators().Watch(context.TODO(), options)
 			},
 		},
 		&authenticationv1alpha1.JWTAuthenticator{},
@@ -65,7 +64,7 @@ func NewFilteredJWTAuthenticatorInformer(client versioned.Interface, namespace s
 }
 
 func (f *jWTAuthenticatorInformer) defaultInformer(client versioned.Interface, resyncPeriod time.Duration) cache.SharedIndexInformer {
-	return NewFilteredJWTAuthenticatorInformer(client, f.namespace, resyncPeriod, cache.Indexers{cache.NamespaceIndex: cache.MetaNamespaceIndexFunc}, f.tweakListOptions)
+	return NewFilteredJWTAuthenticatorInformer(client, resyncPeriod, cache.Indexers{cache.NamespaceIndex: cache.MetaNamespaceIndexFunc}, f.tweakListOptions)
 }
 
 func (f *jWTAuthenticatorInformer) Informer() cache.SharedIndexInformer {

generated/1.18/client/concierge/informers/externalversions/authentication/v1alpha1/webhookauthenticator.go

@@ -29,33 +29,32 @@ type WebhookAuthenticatorInformer interface {
 type webhookAuthenticatorInformer struct {
 	factory          internalinterfaces.SharedInformerFactory
 	tweakListOptions internalinterfaces.TweakListOptionsFunc
-	namespace        string
 }
 
 // NewWebhookAuthenticatorInformer constructs a new informer for WebhookAuthenticator type.
 // Always prefer using an informer factory to get a shared informer instead of getting an independent
 // one. This reduces memory footprint and number of connections to the server.
-func NewWebhookAuthenticatorInformer(client versioned.Interface, namespace string, resyncPeriod time.Duration, indexers cache.Indexers) cache.SharedIndexInformer {
+func NewWebhookAuthenticatorInformer(client versioned.Interface, resyncPeriod time.Duration, indexers cache.Indexers) cache.SharedIndexInformer {
-	return NewFilteredWebhookAuthenticatorInformer(client, namespace, resyncPeriod, indexers, nil)
+	return NewFilteredWebhookAuthenticatorInformer(client, resyncPeriod, indexers, nil)
 }
 
 // NewFilteredWebhookAuthenticatorInformer constructs a new informer for WebhookAuthenticator type.
 // Always prefer using an informer factory to get a shared informer instead of getting an independent
 // one. This reduces memory footprint and number of connections to the server.
-func NewFilteredWebhookAuthenticatorInformer(client versioned.Interface, namespace string, resyncPeriod time.Duration, indexers cache.Indexers, tweakListOptions internalinterfaces.TweakListOptionsFunc) cache.SharedIndexInformer {
+func NewFilteredWebhookAuthenticatorInformer(client versioned.Interface, resyncPeriod time.Duration, indexers cache.Indexers, tweakListOptions internalinterfaces.TweakListOptionsFunc) cache.SharedIndexInformer {
 	return cache.NewSharedIndexInformer(
 		&cache.ListWatch{
 			ListFunc: func(options v1.ListOptions) (runtime.Object, error) {
 				if tweakListOptions != nil {
 					tweakListOptions(&options)
 				}
-				return client.AuthenticationV1alpha1().WebhookAuthenticators(namespace).List(context.TODO(), options)
+				return client.AuthenticationV1alpha1().WebhookAuthenticators().List(context.TODO(), options)
 			},
 			WatchFunc: func(options v1.ListOptions) (watch.Interface, error) {
 				if tweakListOptions != nil {
 					tweakListOptions(&options)
 				}
-				return client.AuthenticationV1alpha1().WebhookAuthenticators(namespace).Watch(context.TODO(), options)
+				return client.AuthenticationV1alpha1().WebhookAuthenticators().Watch(context.TODO(), options)
 			},
 		},
 		&authenticationv1alpha1.WebhookAuthenticator{},
@@ -65,7 +64,7 @@ func NewFilteredWebhookAuthenticatorInformer(client versioned.Interface, namespa
 }
 
 func (f *webhookAuthenticatorInformer) defaultInformer(client versioned.Interface, resyncPeriod time.Duration) cache.SharedIndexInformer {
-	return NewFilteredWebhookAuthenticatorInformer(client, f.namespace, resyncPeriod, cache.Indexers{cache.NamespaceIndex: cache.MetaNamespaceIndexFunc}, f.tweakListOptions)
+	return NewFilteredWebhookAuthenticatorInformer(client, resyncPeriod, cache.Indexers{cache.NamespaceIndex: cache.MetaNamespaceIndexFunc}, f.tweakListOptions)
 }
 
 func (f *webhookAuthenticatorInformer) Informer() cache.SharedIndexInformer {

generated/1.18/client/concierge/informers/externalversions/config/v1alpha1/credentialissuer.go

@@ -29,33 +29,32 @@ type CredentialIssuerInformer interface {
 type credentialIssuerInformer struct {
 	factory          internalinterfaces.SharedInformerFactory
 	tweakListOptions internalinterfaces.TweakListOptionsFunc
-	namespace        string
 }
 
 // NewCredentialIssuerInformer constructs a new informer for CredentialIssuer type.
 // Always prefer using an informer factory to get a shared informer instead of getting an independent
 // one. This reduces memory footprint and number of connections to the server.
-func NewCredentialIssuerInformer(client versioned.Interface, namespace string, resyncPeriod time.Duration, indexers cache.Indexers) cache.SharedIndexInformer {
+func NewCredentialIssuerInformer(client versioned.Interface, resyncPeriod time.Duration, indexers cache.Indexers) cache.SharedIndexInformer {
-	return NewFilteredCredentialIssuerInformer(client, namespace, resyncPeriod, indexers, nil)
+	return NewFilteredCredentialIssuerInformer(client, resyncPeriod, indexers, nil)
 }
 
 // NewFilteredCredentialIssuerInformer constructs a new informer for CredentialIssuer type.
 // Always prefer using an informer factory to get a shared informer instead of getting an independent
 // one. This reduces memory footprint and number of connections to the server.
-func NewFilteredCredentialIssuerInformer(client versioned.Interface, namespace string, resyncPeriod time.Duration, indexers cache.Indexers, tweakListOptions internalinterfaces.TweakListOptionsFunc) cache.SharedIndexInformer {
+func NewFilteredCredentialIssuerInformer(client versioned.Interface, resyncPeriod time.Duration, indexers cache.Indexers, tweakListOptions internalinterfaces.TweakListOptionsFunc) cache.SharedIndexInformer {
 	return cache.NewSharedIndexInformer(
 		&cache.ListWatch{
 			ListFunc: func(options v1.ListOptions) (runtime.Object, error) {
 				if tweakListOptions != nil {
 					tweakListOptions(&options)
 				}
-				return client.ConfigV1alpha1().CredentialIssuers(namespace).List(context.TODO(), options)
+				return client.ConfigV1alpha1().CredentialIssuers().List(context.TODO(), options)
 			},
 			WatchFunc: func(options v1.ListOptions) (watch.Interface, error) {
 				if tweakListOptions != nil {
 					tweakListOptions(&options)
 				}
-				return client.ConfigV1alpha1().CredentialIssuers(namespace).Watch(context.TODO(), options)
+				return client.ConfigV1alpha1().CredentialIssuers().Watch(context.TODO(), options)
 			},
 		},
 		&configv1alpha1.CredentialIssuer{},
@@ -65,7 +64,7 @@ func NewFilteredCredentialIssuerInformer(client versioned.Interface, namespace s
 }
 
 func (f *credentialIssuerInformer) defaultInformer(client versioned.Interface, resyncPeriod time.Duration) cache.SharedIndexInformer {
-	return NewFilteredCredentialIssuerInformer(client, f.namespace, resyncPeriod, cache.Indexers{cache.NamespaceIndex: cache.MetaNamespaceIndexFunc}, f.tweakListOptions)
+	return NewFilteredCredentialIssuerInformer(client, resyncPeriod, cache.Indexers{cache.NamespaceIndex: cache.MetaNamespaceIndexFunc}, f.tweakListOptions)
 }
 
 func (f *credentialIssuerInformer) Informer() cache.SharedIndexInformer {

generated/1.18/client/concierge/informers/externalversions/config/v1alpha1/interface.go

@@ -28,5 +28,5 @@ func New(f internalinterfaces.SharedInformerFactory, namespace string, tweakList
 
 // CredentialIssuers returns a CredentialIssuerInformer.
 func (v *version) CredentialIssuers() CredentialIssuerInformer {
-	return &credentialIssuerInformer{factory: v.factory, namespace: v.namespace, tweakListOptions: v.tweakListOptions}
+	return &credentialIssuerInformer{factory: v.factory, tweakListOptions: v.tweakListOptions}
 }

generated/1.18/client/concierge/informers/externalversions/login/v1alpha1/interface.go

@@ -28,5 +28,5 @@ func New(f internalinterfaces.SharedInformerFactory, namespace string, tweakList
 
 // TokenCredentialRequests returns a TokenCredentialRequestInformer.
 func (v *version) TokenCredentialRequests() TokenCredentialRequestInformer {
-	return &tokenCredentialRequestInformer{factory: v.factory, namespace: v.namespace, tweakListOptions: v.tweakListOptions}
+	return &tokenCredentialRequestInformer{factory: v.factory, tweakListOptions: v.tweakListOptions}
 }

generated/1.18/client/concierge/informers/externalversions/login/v1alpha1/tokencredentialrequest.go

@@ -29,33 +29,32 @@ type TokenCredentialRequestInformer interface {
 type tokenCredentialRequestInformer struct {
 	factory          internalinterfaces.SharedInformerFactory
 	tweakListOptions internalinterfaces.TweakListOptionsFunc
-	namespace        string
 }
 
 // NewTokenCredentialRequestInformer constructs a new informer for TokenCredentialRequest type.
 // Always prefer using an informer factory to get a shared informer instead of getting an independent
 // one. This reduces memory footprint and number of connections to the server.
-func NewTokenCredentialRequestInformer(client versioned.Interface, namespace string, resyncPeriod time.Duration, indexers cache.Indexers) cache.SharedIndexInformer {
+func NewTokenCredentialRequestInformer(client versioned.Interface, resyncPeriod time.Duration, indexers cache.Indexers) cache.SharedIndexInformer {
-	return NewFilteredTokenCredentialRequestInformer(client, namespace, resyncPeriod, indexers, nil)
+	return NewFilteredTokenCredentialRequestInformer(client, resyncPeriod, indexers, nil)
 }
 
 // NewFilteredTokenCredentialRequestInformer constructs a new informer for TokenCredentialRequest type.
 // Always prefer using an informer factory to get a shared informer instead of getting an independent
 // one. This reduces memory footprint and number of connections to the server.
-func NewFilteredTokenCredentialRequestInformer(client versioned.Interface, namespace string, resyncPeriod time.Duration, indexers cache.Indexers, tweakListOptions internalinterfaces.TweakListOptionsFunc) cache.SharedIndexInformer {
+func NewFilteredTokenCredentialRequestInformer(client versioned.Interface, resyncPeriod time.Duration, indexers cache.Indexers, tweakListOptions internalinterfaces.TweakListOptionsFunc) cache.SharedIndexInformer {
 	return cache.NewSharedIndexInformer(
 		&cache.ListWatch{
 			ListFunc: func(options v1.ListOptions) (runtime.Object, error) {
 				if tweakListOptions != nil {
 					tweakListOptions(&options)
 				}
-				return client.LoginV1alpha1().TokenCredentialRequests(namespace).List(context.TODO(), options)
+				return client.LoginV1alpha1().TokenCredentialRequests().List(context.TODO(), options)
 			},
 			WatchFunc: func(options v1.ListOptions) (watch.Interface, error) {
 				if tweakListOptions != nil {
 					tweakListOptions(&options)
 				}
-				return client.LoginV1alpha1().TokenCredentialRequests(namespace).Watch(context.TODO(), options)
+				return client.LoginV1alpha1().TokenCredentialRequests().Watch(context.TODO(), options)
 			},
 		},
 		&loginv1alpha1.TokenCredentialRequest{},
@@ -65,7 +64,7 @@ func NewFilteredTokenCredentialRequestInformer(client versioned.Interface, names
 }
 
 func (f *tokenCredentialRequestInformer) defaultInformer(client versioned.Interface, resyncPeriod time.Duration) cache.SharedIndexInformer {
-	return NewFilteredTokenCredentialRequestInformer(client, f.namespace, resyncPeriod, cache.Indexers{cache.NamespaceIndex: cache.MetaNamespaceIndexFunc}, f.tweakListOptions)
+	return NewFilteredTokenCredentialRequestInformer(client, resyncPeriod, cache.Indexers{cache.NamespaceIndex: cache.MetaNamespaceIndexFunc}, f.tweakListOptions)
 }
 
 func (f *tokenCredentialRequestInformer) Informer() cache.SharedIndexInformer {

generated/1.18/client/concierge/listers/authentication/v1alpha1/expansion_generated.go

@@ -9,14 +9,6 @@ package v1alpha1
 // JWTAuthenticatorLister.
 type JWTAuthenticatorListerExpansion interface{}
 
-// JWTAuthenticatorNamespaceListerExpansion allows custom methods to be added to
-// JWTAuthenticatorNamespaceLister.
-type JWTAuthenticatorNamespaceListerExpansion interface{}
-
 // WebhookAuthenticatorListerExpansion allows custom methods to be added to
 // WebhookAuthenticatorLister.
 type WebhookAuthenticatorListerExpansion interface{}
-
-// WebhookAuthenticatorNamespaceListerExpansion allows custom methods to be added to
-// WebhookAuthenticatorNamespaceLister.
-type WebhookAuthenticatorNamespaceListerExpansion interface{}

generated/1.18/client/concierge/listers/authentication/v1alpha1/jwtauthenticator.go

@@ -16,8 +16,8 @@ import (
 type JWTAuthenticatorLister interface {
 	// List lists all JWTAuthenticators in the indexer.
 	List(selector labels.Selector) (ret []*v1alpha1.JWTAuthenticator, err error)
-	// JWTAuthenticators returns an object that can list and get JWTAuthenticators.
+	// Get retrieves the JWTAuthenticator from the index for a given name.
-	JWTAuthenticators(namespace string) JWTAuthenticatorNamespaceLister
+	Get(name string) (*v1alpha1.JWTAuthenticator, error)
 	JWTAuthenticatorListerExpansion
 }
 
@@ -39,38 +39,9 @@ func (s *jWTAuthenticatorLister) List(selector labels.Selector) (ret []*v1alpha1
 	return ret, err
 }
 
-// JWTAuthenticators returns an object that can list and get JWTAuthenticators.
+// Get retrieves the JWTAuthenticator from the index for a given name.
-func (s *jWTAuthenticatorLister) JWTAuthenticators(namespace string) JWTAuthenticatorNamespaceLister {
+func (s *jWTAuthenticatorLister) Get(name string) (*v1alpha1.JWTAuthenticator, error) {
-	return jWTAuthenticatorNamespaceLister{indexer: s.indexer, namespace: namespace}
+	obj, exists, err := s.indexer.GetByKey(name)
-}
-
-// JWTAuthenticatorNamespaceLister helps list and get JWTAuthenticators.
-type JWTAuthenticatorNamespaceLister interface {
-	// List lists all JWTAuthenticators in the indexer for a given namespace.
-	List(selector labels.Selector) (ret []*v1alpha1.JWTAuthenticator, err error)
-	// Get retrieves the JWTAuthenticator from the indexer for a given namespace and name.
-	Get(name string) (*v1alpha1.JWTAuthenticator, error)
-	JWTAuthenticatorNamespaceListerExpansion
-}
-
-// jWTAuthenticatorNamespaceLister implements the JWTAuthenticatorNamespaceLister
-// interface.
-type jWTAuthenticatorNamespaceLister struct {
-	indexer   cache.Indexer
-	namespace string
-}
-
-// List lists all JWTAuthenticators in the indexer for a given namespace.
-func (s jWTAuthenticatorNamespaceLister) List(selector labels.Selector) (ret []*v1alpha1.JWTAuthenticator, err error) {
-	err = cache.ListAllByNamespace(s.indexer, s.namespace, selector, func(m interface{}) {
-		ret = append(ret, m.(*v1alpha1.JWTAuthenticator))
-	})
-	return ret, err
-}
-
-// Get retrieves the JWTAuthenticator from the indexer for a given namespace and name.
-func (s jWTAuthenticatorNamespaceLister) Get(name string) (*v1alpha1.JWTAuthenticator, error) {
-	obj, exists, err := s.indexer.GetByKey(s.namespace + "/" + name)
 	if err != nil {
 		return nil, err
 	}

generated/1.18/client/concierge/listers/authentication/v1alpha1/webhookauthenticator.go

@@ -16,8 +16,8 @@ import (
 type WebhookAuthenticatorLister interface {
 	// List lists all WebhookAuthenticators in the indexer.
 	List(selector labels.Selector) (ret []*v1alpha1.WebhookAuthenticator, err error)
-	// WebhookAuthenticators returns an object that can list and get WebhookAuthenticators.
+	// Get retrieves the WebhookAuthenticator from the index for a given name.
-	WebhookAuthenticators(namespace string) WebhookAuthenticatorNamespaceLister
+	Get(name string) (*v1alpha1.WebhookAuthenticator, error)
 	WebhookAuthenticatorListerExpansion
 }
 
@@ -39,38 +39,9 @@ func (s *webhookAuthenticatorLister) List(selector labels.Selector) (ret []*v1al
 	return ret, err
 }
 
-// WebhookAuthenticators returns an object that can list and get WebhookAuthenticators.
+// Get retrieves the WebhookAuthenticator from the index for a given name.
-func (s *webhookAuthenticatorLister) WebhookAuthenticators(namespace string) WebhookAuthenticatorNamespaceLister {
+func (s *webhookAuthenticatorLister) Get(name string) (*v1alpha1.WebhookAuthenticator, error) {
-	return webhookAuthenticatorNamespaceLister{indexer: s.indexer, namespace: namespace}
+	obj, exists, err := s.indexer.GetByKey(name)
-}
-
-// WebhookAuthenticatorNamespaceLister helps list and get WebhookAuthenticators.
-type WebhookAuthenticatorNamespaceLister interface {
-	// List lists all WebhookAuthenticators in the indexer for a given namespace.
-	List(selector labels.Selector) (ret []*v1alpha1.WebhookAuthenticator, err error)
-	// Get retrieves the WebhookAuthenticator from the indexer for a given namespace and name.
-	Get(name string) (*v1alpha1.WebhookAuthenticator, error)
-	WebhookAuthenticatorNamespaceListerExpansion
-}
-
-// webhookAuthenticatorNamespaceLister implements the WebhookAuthenticatorNamespaceLister
-// interface.
-type webhookAuthenticatorNamespaceLister struct {
-	indexer   cache.Indexer
-	namespace string
-}
-
-// List lists all WebhookAuthenticators in the indexer for a given namespace.
-func (s webhookAuthenticatorNamespaceLister) List(selector labels.Selector) (ret []*v1alpha1.WebhookAuthenticator, err error) {
-	err = cache.ListAllByNamespace(s.indexer, s.namespace, selector, func(m interface{}) {
-		ret = append(ret, m.(*v1alpha1.WebhookAuthenticator))
-	})
-	return ret, err
-}
-
-// Get retrieves the WebhookAuthenticator from the indexer for a given namespace and name.
-func (s webhookAuthenticatorNamespaceLister) Get(name string) (*v1alpha1.WebhookAuthenticator, error) {
-	obj, exists, err := s.indexer.GetByKey(s.namespace + "/" + name)
 	if err != nil {
 		return nil, err
 	}

generated/1.18/client/concierge/listers/config/v1alpha1/credentialissuer.go

@@ -16,8 +16,8 @@ import (
 type CredentialIssuerLister interface {
 	// List lists all CredentialIssuers in the indexer.
 	List(selector labels.Selector) (ret []*v1alpha1.CredentialIssuer, err error)
-	// CredentialIssuers returns an object that can list and get CredentialIssuers.
+	// Get retrieves the CredentialIssuer from the index for a given name.
-	CredentialIssuers(namespace string) CredentialIssuerNamespaceLister
+	Get(name string) (*v1alpha1.CredentialIssuer, error)
 	CredentialIssuerListerExpansion
 }
 
@@ -39,38 +39,9 @@ func (s *credentialIssuerLister) List(selector labels.Selector) (ret []*v1alpha1
 	return ret, err
 }
 
-// CredentialIssuers returns an object that can list and get CredentialIssuers.
+// Get retrieves the CredentialIssuer from the index for a given name.
-func (s *credentialIssuerLister) CredentialIssuers(namespace string) CredentialIssuerNamespaceLister {
+func (s *credentialIssuerLister) Get(name string) (*v1alpha1.CredentialIssuer, error) {
-	return credentialIssuerNamespaceLister{indexer: s.indexer, namespace: namespace}
+	obj, exists, err := s.indexer.GetByKey(name)
-}
-
-// CredentialIssuerNamespaceLister helps list and get CredentialIssuers.
-type CredentialIssuerNamespaceLister interface {
-	// List lists all CredentialIssuers in the indexer for a given namespace.
-	List(selector labels.Selector) (ret []*v1alpha1.CredentialIssuer, err error)
-	// Get retrieves the CredentialIssuer from the indexer for a given namespace and name.
-	Get(name string) (*v1alpha1.CredentialIssuer, error)
-	CredentialIssuerNamespaceListerExpansion
-}
-
-// credentialIssuerNamespaceLister implements the CredentialIssuerNamespaceLister
-// interface.
-type credentialIssuerNamespaceLister struct {
-	indexer   cache.Indexer
-	namespace string
-}
-
-// List lists all CredentialIssuers in the indexer for a given namespace.
-func (s credentialIssuerNamespaceLister) List(selector labels.Selector) (ret []*v1alpha1.CredentialIssuer, err error) {
-	err = cache.ListAllByNamespace(s.indexer, s.namespace, selector, func(m interface{}) {
-		ret = append(ret, m.(*v1alpha1.CredentialIssuer))
-	})
-	return ret, err
-}
-
-// Get retrieves the CredentialIssuer from the indexer for a given namespace and name.
-func (s credentialIssuerNamespaceLister) Get(name string) (*v1alpha1.CredentialIssuer, error) {
-	obj, exists, err := s.indexer.GetByKey(s.namespace + "/" + name)
 	if err != nil {
 		return nil, err
 	}

generated/1.18/client/concierge/listers/config/v1alpha1/expansion_generated.go

@@ -8,7 +8,3 @@ package v1alpha1
 // CredentialIssuerListerExpansion allows custom methods to be added to
 // CredentialIssuerLister.
 type CredentialIssuerListerExpansion interface{}
-
-// CredentialIssuerNamespaceListerExpansion allows custom methods to be added to
-// CredentialIssuerNamespaceLister.
-type CredentialIssuerNamespaceListerExpansion interface{}

generated/1.18/client/concierge/listers/login/v1alpha1/expansion_generated.go

@@ -8,7 +8,3 @@ package v1alpha1
 // TokenCredentialRequestListerExpansion allows custom methods to be added to
 // TokenCredentialRequestLister.
 type TokenCredentialRequestListerExpansion interface{}
-
-// TokenCredentialRequestNamespaceListerExpansion allows custom methods to be added to
-// TokenCredentialRequestNamespaceLister.
-type TokenCredentialRequestNamespaceListerExpansion interface{}

generated/1.18/client/concierge/listers/login/v1alpha1/tokencredentialrequest.go

@@ -16,8 +16,8 @@ import (
 type TokenCredentialRequestLister interface {
 	// List lists all TokenCredentialRequests in the indexer.
 	List(selector labels.Selector) (ret []*v1alpha1.TokenCredentialRequest, err error)
-	// TokenCredentialRequests returns an object that can list and get TokenCredentialRequests.
+	// Get retrieves the TokenCredentialRequest from the index for a given name.
-	TokenCredentialRequests(namespace string) TokenCredentialRequestNamespaceLister
+	Get(name string) (*v1alpha1.TokenCredentialRequest, error)
 	TokenCredentialRequestListerExpansion
 }
 
@@ -39,38 +39,9 @@ func (s *tokenCredentialRequestLister) List(selector labels.Selector) (ret []*v1
 	return ret, err
 }
 
-// TokenCredentialRequests returns an object that can list and get TokenCredentialRequests.
+// Get retrieves the TokenCredentialRequest from the index for a given name.
-func (s *tokenCredentialRequestLister) TokenCredentialRequests(namespace string) TokenCredentialRequestNamespaceLister {
+func (s *tokenCredentialRequestLister) Get(name string) (*v1alpha1.TokenCredentialRequest, error) {
-	return tokenCredentialRequestNamespaceLister{indexer: s.indexer, namespace: namespace}
+	obj, exists, err := s.indexer.GetByKey(name)
-}
-
-// TokenCredentialRequestNamespaceLister helps list and get TokenCredentialRequests.
-type TokenCredentialRequestNamespaceLister interface {
-	// List lists all TokenCredentialRequests in the indexer for a given namespace.
-	List(selector labels.Selector) (ret []*v1alpha1.TokenCredentialRequest, err error)
-	// Get retrieves the TokenCredentialRequest from the indexer for a given namespace and name.
-	Get(name string) (*v1alpha1.TokenCredentialRequest, error)
-	TokenCredentialRequestNamespaceListerExpansion
-}
-
-// tokenCredentialRequestNamespaceLister implements the TokenCredentialRequestNamespaceLister
-// interface.
-type tokenCredentialRequestNamespaceLister struct {
-	indexer   cache.Indexer
-	namespace string
-}
-
-// List lists all TokenCredentialRequests in the indexer for a given namespace.
-func (s tokenCredentialRequestNamespaceLister) List(selector labels.Selector) (ret []*v1alpha1.TokenCredentialRequest, err error) {
-	err = cache.ListAllByNamespace(s.indexer, s.namespace, selector, func(m interface{}) {
-		ret = append(ret, m.(*v1alpha1.TokenCredentialRequest))
-	})
-	return ret, err
-}
-
-// Get retrieves the TokenCredentialRequest from the indexer for a given namespace and name.
-func (s tokenCredentialRequestNamespaceLister) Get(name string) (*v1alpha1.TokenCredentialRequest, error) {
-	obj, exists, err := s.indexer.GetByKey(s.namespace + "/" + name)
 	if err != nil {
 		return nil, err
 	}

generated/1.18/crds/authentication.concierge.pinniped.dev_jwtauthenticators.yaml

@@ -18,7 +18,7 @@ spec:
     listKind: JWTAuthenticatorList
     plural: jwtauthenticators
     singular: jwtauthenticator
-  scope: Namespaced
+  scope: Cluster
   versions:
   - additionalPrinterColumns:
     - jsonPath: .spec.issuer
@@ -161,7 +161,8 @@ spec:
         type: object
     served: true
     storage: true
-    subresources: {}
+    subresources:
+      status: {}
 status:
   acceptedNames:
     kind: ""

generated/1.18/crds/authentication.concierge.pinniped.dev_webhookauthenticators.yaml

@@ -18,7 +18,7 @@ spec:
     listKind: WebhookAuthenticatorList
     plural: webhookauthenticators
     singular: webhookauthenticator
-  scope: Namespaced
+  scope: Cluster
   versions:
   - additionalPrinterColumns:
     - jsonPath: .spec.endpoint
@@ -137,7 +137,8 @@ spec:
         type: object
     served: true
     storage: true
-    subresources: {}
+    subresources:
+      status: {}
 status:
   acceptedNames:
     kind: ""

generated/1.18/crds/config.concierge.pinniped.dev_credentialissuers.yaml

@@ -16,7 +16,7 @@ spec:
     listKind: CredentialIssuerList
     plural: credentialissuers
     singular: credentialissuer
-  scope: Namespaced
+  scope: Cluster
   versions:
   - name: v1alpha1
     schema:
@@ -98,11 +98,11 @@ spec:
             required:
             - strategies
             type: object
-        required:
-        - status
         type: object
     served: true
     storage: true
+    subresources:
+      status: {}
 status:
   acceptedNames:
     kind: ""

generated/1.18/crds/config.supervisor.pinniped.dev_federationdomains.yaml

@@ -150,6 +150,8 @@ spec:
         type: object
     served: true
     storage: true
+    subresources:
+      status: {}
 status:
   acceptedNames:
     kind: ""

generated/1.19/apis/concierge/authentication/v1alpha1/types_jwt.go

@@ -57,9 +57,11 @@ type JWTTokenClaims struct {
 // signature, existence of claims, etc.) and extract the username and groups from the token.
 //
 // +genclient
+// +genclient:nonNamespaced
 // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
-// +kubebuilder:resource:categories=pinniped;pinniped-authenticator;pinniped-authenticators
+// +kubebuilder:resource:categories=pinniped;pinniped-authenticator;pinniped-authenticators,scope=Cluster
 // +kubebuilder:printcolumn:name="Issuer",type=string,JSONPath=`.spec.issuer`
+// +kubebuilder:subresource:status
 type JWTAuthenticator struct {
 	metav1.TypeMeta   `json:",inline"`
 	metav1.ObjectMeta `json:"metadata,omitempty"`

generated/1.19/apis/concierge/authentication/v1alpha1/types_webhook.go

@@ -29,9 +29,11 @@ type WebhookAuthenticatorSpec struct {
 
 // WebhookAuthenticator describes the configuration of a webhook authenticator.
 // +genclient
+// +genclient:nonNamespaced
 // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
-// +kubebuilder:resource:categories=pinniped;pinniped-authenticator;pinniped-authenticators
+// +kubebuilder:resource:categories=pinniped;pinniped-authenticator;pinniped-authenticators,scope=Cluster
 // +kubebuilder:printcolumn:name="Endpoint",type=string,JSONPath=`.spec.endpoint`
+// +kubebuilder:subresource:status
 type WebhookAuthenticator struct {
 	metav1.TypeMeta   `json:",inline"`
 	metav1.ObjectMeta `json:"metadata,omitempty"`

generated/1.19/apis/concierge/config/v1alpha1/types_credentialissuer.go

@@ -67,13 +67,16 @@ type CredentialIssuerStrategy struct {
 
 // Describes the configuration status of a Pinniped credential issuer.
 // +genclient
+// +genclient:nonNamespaced
 // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
-// +kubebuilder:resource:categories=pinniped
+// +kubebuilder:resource:categories=pinniped,scope=Cluster
+// +kubebuilder:subresource:status
 type CredentialIssuer struct {
 	metav1.TypeMeta   `json:",inline"`
 	metav1.ObjectMeta `json:"metadata,omitempty"`
 
 	// Status of the credential issuer.
+	// +optional
 	Status CredentialIssuerStatus `json:"status"`
 }
 

generated/1.19/apis/concierge/login/types_token.go

@@ -27,7 +27,6 @@ type TokenCredentialRequestStatus struct {
 }
 
 // TokenCredentialRequest submits an IDP-specific credential to Pinniped in exchange for a cluster-specific credential.
-// +genclient
 // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
 type TokenCredentialRequest struct {
 	metav1.TypeMeta