--- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: controller-gen.kubebuilder.io/version: v0.4.0 creationTimestamp: null name: credentialissuers.config.concierge.pinniped.dev spec: group: config.concierge.pinniped.dev names: categories: - pinniped kind: CredentialIssuer listKind: CredentialIssuerList plural: credentialissuers singular: credentialissuer scope: Cluster versions: - name: v1alpha1 schema: openAPIV3Schema: description: Describes the configuration status of a Pinniped credential issuer. properties: apiVersion: description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' type: string kind: description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' type: string metadata: type: object status: description: Status of the credential issuer. properties: kubeConfigInfo: description: Information needed to form a valid Pinniped-based kubeconfig using this credential issuer. This field is deprecated and will be removed in a future version. properties: certificateAuthorityData: description: The K8s API server CA bundle. minLength: 1 type: string server: description: The K8s API server URL. minLength: 1 pattern: ^https://|^http:// type: string required: - certificateAuthorityData - server type: object strategies: description: List of integration strategies that were attempted by Pinniped. items: description: Status of an integration strategy that was attempted by Pinniped. properties: frontend: description: Frontend describes how clients can connect using this strategy. properties: impersonationProxyInfo: description: ImpersonationProxyInfo describes the parameters for the impersonation proxy on this Concierge. This field is only set when Type is "ImpersonationProxy". properties: certificateAuthorityData: description: CertificateAuthorityData is the base64-encoded PEM CA bundle of the impersonation proxy. minLength: 1 type: string endpoint: description: Endpoint is the HTTPS endpoint of the impersonation proxy. minLength: 1 pattern: ^https:// type: string required: - certificateAuthorityData - endpoint type: object tokenCredentialRequestInfo: description: TokenCredentialRequestAPIInfo describes the parameters for the TokenCredentialRequest API on this Concierge. This field is only set when Type is "TokenCredentialRequestAPI". properties: certificateAuthorityData: description: CertificateAuthorityData is the base64-encoded Kubernetes API server CA bundle. minLength: 1 type: string server: description: Server is the Kubernetes API server URL. minLength: 1 pattern: ^https://|^http:// type: string required: - certificateAuthorityData - server type: object type: description: Type describes which frontend mechanism clients can use with a strategy. enum: - TokenCredentialRequestAPI - ImpersonationProxy type: string required: - type type: object lastUpdateTime: description: When the status was last checked. format: date-time type: string message: description: Human-readable description of the current status. minLength: 1 type: string reason: description: Reason for the current status. enum: - Listening - Pending - Disabled - ErrorDuringSetup - CouldNotFetchKey - CouldNotGetClusterInfo - FetchedKey type: string status: description: Status of the attempted integration strategy. enum: - Success - Error type: string type: description: Type of integration attempted. enum: - KubeClusterSigningCertificate - ImpersonationProxy type: string required: - lastUpdateTime - message - reason - status - type type: object type: array required: - strategies type: object type: object served: true storage: true subresources: status: {} status: acceptedNames: kind: "" plural: "" conditions: [] storedVersions: []