98 lines
4.0 KiB
YAML
98 lines
4.0 KiB
YAML
|
|
---
|
|
apiVersion: apiextensions.k8s.io/v1
|
|
kind: CustomResourceDefinition
|
|
metadata:
|
|
annotations:
|
|
controller-gen.kubebuilder.io/version: v0.4.0
|
|
creationTimestamp: null
|
|
name: oidcproviderconfigs.config.pinniped.dev
|
|
spec:
|
|
group: config.pinniped.dev
|
|
names:
|
|
kind: OIDCProviderConfig
|
|
listKind: OIDCProviderConfigList
|
|
plural: oidcproviderconfigs
|
|
shortNames:
|
|
- opc
|
|
singular: oidcproviderconfig
|
|
scope: Namespaced
|
|
versions:
|
|
- name: v1alpha1
|
|
schema:
|
|
openAPIV3Schema:
|
|
description: OIDCProviderConfig describes the configuration of an OIDC provider.
|
|
properties:
|
|
apiVersion:
|
|
description: 'APIVersion defines the versioned schema of this representation
|
|
of an object. Servers should convert recognized schemas to the latest
|
|
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
|
|
type: string
|
|
kind:
|
|
description: 'Kind is a string value representing the REST resource this
|
|
object represents. Servers may infer this from the endpoint the client
|
|
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
|
|
type: string
|
|
metadata:
|
|
type: object
|
|
spec:
|
|
description: Spec of the OIDC provider.
|
|
properties:
|
|
issuer:
|
|
description: "Issuer is the OIDC Provider's issuer, per the OIDC Discovery
|
|
Metadata document, as well as the identifier that it will use for
|
|
the iss claim in issued JWTs. This field will also be used as the
|
|
base URL for any endpoints used by the OIDC Provider (e.g., if your
|
|
issuer is https://example.com/foo, then your authorization endpoint
|
|
will look like https://example.com/foo/some/path/to/auth/endpoint).
|
|
\n See https://openid.net/specs/openid-connect-discovery-1_0.html#rfc.section.3
|
|
for more information."
|
|
minLength: 1
|
|
type: string
|
|
required:
|
|
- issuer
|
|
type: object
|
|
status:
|
|
description: Status of the OIDC provider.
|
|
properties:
|
|
jwksSecret:
|
|
description: JWKSSecret holds the name of the secret in which this
|
|
OIDC Provider's signing/verification keys are stored. If it is empty,
|
|
then the signing/verification keys are either unknown or they don't
|
|
exist.
|
|
properties:
|
|
name:
|
|
description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
|
|
TODO: Add other useful fields. apiVersion, kind, uid?'
|
|
type: string
|
|
type: object
|
|
lastUpdateTime:
|
|
description: LastUpdateTime holds the time at which the Status was
|
|
last updated. It is a pointer to get around some undesirable behavior
|
|
with respect to the empty metav1.Time value (see https://github.com/kubernetes/kubernetes/issues/86811).
|
|
format: date-time
|
|
type: string
|
|
message:
|
|
description: Message provides human-readable details about the Status.
|
|
type: string
|
|
status:
|
|
description: Status holds an enum that describes the state of this
|
|
OIDC Provider. Note that this Status can represent success or failure.
|
|
enum:
|
|
- Success
|
|
- Duplicate
|
|
- Invalid
|
|
type: string
|
|
type: object
|
|
required:
|
|
- spec
|
|
type: object
|
|
served: true
|
|
storage: true
|
|
status:
|
|
acceptedNames:
|
|
kind: ""
|
|
plural: ""
|
|
conditions: []
|
|
storedVersions: []
|