--- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: controller-gen.kubebuilder.io/version: v0.4.0 creationTimestamp: null name: credentialissuers.config.concierge.pinniped.dev spec: group: config.concierge.pinniped.dev names: categories: - pinniped kind: CredentialIssuer listKind: CredentialIssuerList plural: credentialissuers singular: credentialissuer scope: Namespaced versions: - name: v1alpha1 schema: openAPIV3Schema: description: Describes the configuration status of a Pinniped credential issuer. properties: apiVersion: description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' type: string kind: description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' type: string metadata: type: object spec: description: Spec for the credential issuer properties: impersonationProxy: properties: externalEndpoint: description: specify the external endpoint name that will route to the impersonation proxy port type: string tls: description: TLS configuration to communicate with the impersonation proxy properties: certificateAuthorityData: description: The CA that clients should validate when connecting to the impersonation proxy endpoint type: string secretName: description: The name of a secret of type "kubernetes.io/tls" that will be used to serve the endpoint type: string required: - certificateAuthorityData - secretName type: object required: - externalEndpoint - tls type: object required: - impersonationProxy type: object status: description: Status of the credential issuer. properties: kubeConfigInfo: description: Information needed to form a valid Pinniped-based kubeconfig using this credential issuer. properties: certificateAuthorityData: description: The K8s API server CA bundle. minLength: 1 type: string server: description: The K8s API server URL. minLength: 1 pattern: ^https://|^http:// type: string required: - certificateAuthorityData - server type: object strategies: description: List of integration strategies that were attempted by Pinniped. items: description: Status of an integration strategy that was attempted by Pinniped. properties: lastUpdateTime: description: When the status was last checked. format: date-time type: string message: description: Human-readable description of the current status. minLength: 1 type: string reason: description: Reason for the current status. enum: - FetchedKey - CouldNotFetchKey type: string status: description: Status of the attempted integration strategy. enum: - Success - Error type: string type: description: Type of integration attempted. enum: - KubeClusterSigningCertificate type: string required: - lastUpdateTime - message - reason - status - type type: object type: array required: - strategies type: object required: - spec - status type: object served: true storage: true status: acceptedNames: kind: "" plural: "" conditions: [] storedVersions: []