165 lines
6.8 KiB
YAML
165 lines
6.8 KiB
YAML
|
|
---
|
|
apiVersion: apiextensions.k8s.io/v1
|
|
kind: CustomResourceDefinition
|
|
metadata:
|
|
annotations:
|
|
controller-gen.kubebuilder.io/version: v0.4.0
|
|
creationTimestamp: null
|
|
name: credentialissuers.config.concierge.pinniped.dev
|
|
spec:
|
|
group: config.concierge.pinniped.dev
|
|
names:
|
|
categories:
|
|
- pinniped
|
|
kind: CredentialIssuer
|
|
listKind: CredentialIssuerList
|
|
plural: credentialissuers
|
|
singular: credentialissuer
|
|
scope: Cluster
|
|
versions:
|
|
- name: v1alpha1
|
|
schema:
|
|
openAPIV3Schema:
|
|
description: Describes the configuration status of a Pinniped credential issuer.
|
|
properties:
|
|
apiVersion:
|
|
description: 'APIVersion defines the versioned schema of this representation
|
|
of an object. Servers should convert recognized schemas to the latest
|
|
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
|
|
type: string
|
|
kind:
|
|
description: 'Kind is a string value representing the REST resource this
|
|
object represents. Servers may infer this from the endpoint the client
|
|
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
|
|
type: string
|
|
metadata:
|
|
type: object
|
|
status:
|
|
description: Status of the credential issuer.
|
|
properties:
|
|
kubeConfigInfo:
|
|
description: Information needed to form a valid Pinniped-based kubeconfig
|
|
using this credential issuer. This field is deprecated and will
|
|
be removed in a future version.
|
|
properties:
|
|
certificateAuthorityData:
|
|
description: The K8s API server CA bundle.
|
|
minLength: 1
|
|
type: string
|
|
server:
|
|
description: The K8s API server URL.
|
|
minLength: 1
|
|
pattern: ^https://|^http://
|
|
type: string
|
|
required:
|
|
- certificateAuthorityData
|
|
- server
|
|
type: object
|
|
strategies:
|
|
description: List of integration strategies that were attempted by
|
|
Pinniped.
|
|
items:
|
|
description: Status of an integration strategy that was attempted
|
|
by Pinniped.
|
|
properties:
|
|
frontend:
|
|
description: Frontend describes how clients can connect using
|
|
this strategy.
|
|
properties:
|
|
impersonationProxyInfo:
|
|
description: ImpersonationProxyInfo describes the parameters
|
|
for the impersonation proxy on this Concierge. This field
|
|
is only set when Type is "ImpersonationProxy".
|
|
properties:
|
|
certificateAuthorityData:
|
|
description: CertificateAuthorityData is the base64-encoded
|
|
PEM CA bundle of the impersonation proxy.
|
|
minLength: 1
|
|
type: string
|
|
server:
|
|
description: Endpoint is the HTTPS endpoint of the impersonation
|
|
proxy.
|
|
minLength: 1
|
|
pattern: ^https://
|
|
type: string
|
|
required:
|
|
- certificateAuthorityData
|
|
- server
|
|
type: object
|
|
tokenCredentialRequestInfo:
|
|
description: TokenCredentialRequestAPIInfo describes the
|
|
parameters for the TokenCredentialRequest API on this
|
|
Concierge. This field is only set when Type is "TokenCredentialRequestAPI".
|
|
properties:
|
|
certificateAuthorityData:
|
|
description: CertificateAuthorityData is the base64-encoded
|
|
Kubernetes API server CA bundle.
|
|
minLength: 1
|
|
type: string
|
|
server:
|
|
description: Server is the Kubernetes API server URL.
|
|
minLength: 1
|
|
pattern: ^https://|^http://
|
|
type: string
|
|
required:
|
|
- certificateAuthorityData
|
|
- server
|
|
type: object
|
|
type:
|
|
description: Type describes which frontend mechanism clients
|
|
can use with a strategy.
|
|
enum:
|
|
- TokenCredentialRequestAPI
|
|
type: string
|
|
required:
|
|
- type
|
|
type: object
|
|
lastUpdateTime:
|
|
description: When the status was last checked.
|
|
format: date-time
|
|
type: string
|
|
message:
|
|
description: Human-readable description of the current status.
|
|
minLength: 1
|
|
type: string
|
|
reason:
|
|
description: Reason for the current status.
|
|
enum:
|
|
- FetchedKey
|
|
- CouldNotFetchKey
|
|
type: string
|
|
status:
|
|
description: Status of the attempted integration strategy.
|
|
enum:
|
|
- Success
|
|
- Error
|
|
type: string
|
|
type:
|
|
description: Type of integration attempted.
|
|
enum:
|
|
- KubeClusterSigningCertificate
|
|
type: string
|
|
required:
|
|
- lastUpdateTime
|
|
- message
|
|
- reason
|
|
- status
|
|
- type
|
|
type: object
|
|
type: array
|
|
required:
|
|
- strategies
|
|
type: object
|
|
type: object
|
|
served: true
|
|
storage: true
|
|
subresources:
|
|
status: {}
|
|
status:
|
|
acceptedNames:
|
|
kind: ""
|
|
plural: ""
|
|
conditions: []
|
|
storedVersions: []
|