mirrors/pinniped
1
0
Fork 0
mirror of https://github.com/vmware-tanzu/pinniped.git synced 2026-05-28 10:40:55 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Clarify documentation for the advertised CA bundle of the impersonation proxy

Browse Source
This commit is contained in:
Joshua Casey
2024-08-01 23:08:00 -05:00
committed by Joshua Casey
parent 46bbe5bc75
commit 1958bb8fb0
25 changed files with 150 additions and 59 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
apis/concierge/config/v1alpha1/types_credentialissuer.go.tmpl
View File

@@ -83,16 +83,16 @@ const (
)
// ImpersonationProxyTLSSpec contains information about how the Concierge impersonation proxy should
// serve TLS.
// serve TLS and what CA bundle to advertise for TLS verification.
//
// If CertificateAuthorityData is not provided, the Concierge impersonation proxy will check the secret
// for a field called "ca.crt", which will be used as the CertificateAuthorityData.
// for a field called "ca.crt", which will be used as the CA bundle to advertise for TLS verification.
//
// If neither CertificateAuthorityData nor ca.crt is provided, no CA bundle will be advertised for
// the impersonation proxy endpoint.
type ImpersonationProxyTLSSpec struct {
// X.509 Certificate Authority (base64-encoded PEM bundle).
// Used to advertise the CA bundle for the impersonation proxy endpoint.
// Used to advertise the CA bundle for TLS verification.
//
// +optional
CertificateAuthorityData string `json:"certificateAuthorityData,omitempty"`
@@ -100,6 +100,9 @@ type ImpersonationProxyTLSSpec struct {
// SecretName is the name of a Secret in the same namespace, of type `kubernetes.io/tls`, which contains
// the TLS serving certificate for the Concierge impersonation proxy endpoint.
//
// If CertificateAuthorityData is not provided, the Concierge impersonation proxy will check this secret for
// a field called "ca.crt", which will be used as the CA bundle to advertise for TLS verification.
//
// +kubebuilder:validation:MinLength=1
SecretName string `json:"secretName,omitempty"`
}

6
deploy/concierge/config.concierge.pinniped.dev_credentialissuers.yaml
View File

@@ -115,12 +115,16 @@ spec:
certificateAuthorityData:
description: |-
X.509 Certificate Authority (base64-encoded PEM bundle).
Used to advertise the CA bundle for the impersonation proxy endpoint.
Used to advertise the CA bundle for TLS verification.
type: string
secretName:
description: |-
SecretName is the name of a Secret in the same namespace, of type `kubernetes.io/tls`, which contains
the TLS serving certificate for the Concierge impersonation proxy endpoint.
If CertificateAuthorityData is not provided, the Concierge impersonation proxy will check this secret for
a field called "ca.crt", which will be used as the CA bundle to advertise for TLS verification.
minLength: 1
type: string
type: object

10
generated/1.25/README.adoc generated
View File

@@ -622,11 +622,11 @@ If this field is empty, the impersonation proxy will generate its own TLS certif
==== ImpersonationProxyTLSSpec
ImpersonationProxyTLSSpec contains information about how the Concierge impersonation proxy should
serve TLS.
serve TLS and what CA bundle to advertise for TLS verification.
If CertificateAuthorityData is not provided, the Concierge impersonation proxy will check the secret
for a field called "ca.crt", which will be used as the CertificateAuthorityData.
for a field called "ca.crt", which will be used as the CA bundle to advertise for TLS verification.
If neither CertificateAuthorityData nor ca.crt is provided, no CA bundle will be advertised for
@@ -641,9 +641,13 @@ the impersonation proxy endpoint.
|===
| Field | Description
| *`certificateAuthorityData`* __string__ | X.509 Certificate Authority (base64-encoded PEM bundle). +
Used to advertise the CA bundle for the impersonation proxy endpoint. +
Used to advertise the CA bundle for TLS verification. +
| *`secretName`* __string__ | SecretName is the name of a Secret in the same namespace, of type `kubernetes.io/tls`, which contains +
the TLS serving certificate for the Concierge impersonation proxy endpoint. +
If CertificateAuthorityData is not provided, the Concierge impersonation proxy will check this secret for +
a field called "ca.crt", which will be used as the CA bundle to advertise for TLS verification. +
|===

9
generated/1.25/apis/concierge/config/v1alpha1/types_credentialissuer.go generated
View File

@@ -83,16 +83,16 @@ const (
)
// ImpersonationProxyTLSSpec contains information about how the Concierge impersonation proxy should
// serve TLS.
// serve TLS and what CA bundle to advertise for TLS verification.
//
// If CertificateAuthorityData is not provided, the Concierge impersonation proxy will check the secret
// for a field called "ca.crt", which will be used as the CertificateAuthorityData.
// for a field called "ca.crt", which will be used as the CA bundle to advertise for TLS verification.
//
// If neither CertificateAuthorityData nor ca.crt is provided, no CA bundle will be advertised for
// the impersonation proxy endpoint.
type ImpersonationProxyTLSSpec struct {
// X.509 Certificate Authority (base64-encoded PEM bundle).
// Used to advertise the CA bundle for the impersonation proxy endpoint.
// Used to advertise the CA bundle for TLS verification.
//
// +optional
CertificateAuthorityData string `json:"certificateAuthorityData,omitempty"`
@@ -100,6 +100,9 @@ type ImpersonationProxyTLSSpec struct {
// SecretName is the name of a Secret in the same namespace, of type `kubernetes.io/tls`, which contains
// the TLS serving certificate for the Concierge impersonation proxy endpoint.
//
// If CertificateAuthorityData is not provided, the Concierge impersonation proxy will check this secret for
// a field called "ca.crt", which will be used as the CA bundle to advertise for TLS verification.
//
// +kubebuilder:validation:MinLength=1
SecretName string `json:"secretName,omitempty"`
}

6
generated/1.25/crds/config.concierge.pinniped.dev_credentialissuers.yaml generated
View File

@@ -115,12 +115,16 @@ spec:
certificateAuthorityData:
description: |-
X.509 Certificate Authority (base64-encoded PEM bundle).
Used to advertise the CA bundle for the impersonation proxy endpoint.
Used to advertise the CA bundle for TLS verification.
type: string
secretName:
description: |-
SecretName is the name of a Secret in the same namespace, of type `kubernetes.io/tls`, which contains
the TLS serving certificate for the Concierge impersonation proxy endpoint.
If CertificateAuthorityData is not provided, the Concierge impersonation proxy will check this secret for
a field called "ca.crt", which will be used as the CA bundle to advertise for TLS verification.
minLength: 1
type: string
type: object

10
generated/1.26/README.adoc generated
View File

@@ -622,11 +622,11 @@ If this field is empty, the impersonation proxy will generate its own TLS certif
==== ImpersonationProxyTLSSpec
ImpersonationProxyTLSSpec contains information about how the Concierge impersonation proxy should
serve TLS.
serve TLS and what CA bundle to advertise for TLS verification.
If CertificateAuthorityData is not provided, the Concierge impersonation proxy will check the secret
for a field called "ca.crt", which will be used as the CertificateAuthorityData.
for a field called "ca.crt", which will be used as the CA bundle to advertise for TLS verification.
If neither CertificateAuthorityData nor ca.crt is provided, no CA bundle will be advertised for
@@ -641,9 +641,13 @@ the impersonation proxy endpoint.
|===
| Field | Description
| *`certificateAuthorityData`* __string__ | X.509 Certificate Authority (base64-encoded PEM bundle). +
Used to advertise the CA bundle for the impersonation proxy endpoint. +
Used to advertise the CA bundle for TLS verification. +
| *`secretName`* __string__ | SecretName is the name of a Secret in the same namespace, of type `kubernetes.io/tls`, which contains +
the TLS serving certificate for the Concierge impersonation proxy endpoint. +
If CertificateAuthorityData is not provided, the Concierge impersonation proxy will check this secret for +
a field called "ca.crt", which will be used as the CA bundle to advertise for TLS verification. +
|===

9
generated/1.26/apis/concierge/config/v1alpha1/types_credentialissuer.go generated
View File

@@ -83,16 +83,16 @@ const (
)
// ImpersonationProxyTLSSpec contains information about how the Concierge impersonation proxy should
// serve TLS.
// serve TLS and what CA bundle to advertise for TLS verification.
//
// If CertificateAuthorityData is not provided, the Concierge impersonation proxy will check the secret
// for a field called "ca.crt", which will be used as the CertificateAuthorityData.
// for a field called "ca.crt", which will be used as the CA bundle to advertise for TLS verification.
//
// If neither CertificateAuthorityData nor ca.crt is provided, no CA bundle will be advertised for
// the impersonation proxy endpoint.
type ImpersonationProxyTLSSpec struct {
// X.509 Certificate Authority (base64-encoded PEM bundle).
// Used to advertise the CA bundle for the impersonation proxy endpoint.
// Used to advertise the CA bundle for TLS verification.
//
// +optional
CertificateAuthorityData string `json:"certificateAuthorityData,omitempty"`
@@ -100,6 +100,9 @@ type ImpersonationProxyTLSSpec struct {
// SecretName is the name of a Secret in the same namespace, of type `kubernetes.io/tls`, which contains
// the TLS serving certificate for the Concierge impersonation proxy endpoint.
//
// If CertificateAuthorityData is not provided, the Concierge impersonation proxy will check this secret for
// a field called "ca.crt", which will be used as the CA bundle to advertise for TLS verification.
//
// +kubebuilder:validation:MinLength=1
SecretName string `json:"secretName,omitempty"`
}

6
generated/1.26/crds/config.concierge.pinniped.dev_credentialissuers.yaml generated
View File

@@ -115,12 +115,16 @@ spec:
certificateAuthorityData:
description: |-
X.509 Certificate Authority (base64-encoded PEM bundle).
Used to advertise the CA bundle for the impersonation proxy endpoint.
Used to advertise the CA bundle for TLS verification.
type: string
secretName:
description: |-
SecretName is the name of a Secret in the same namespace, of type `kubernetes.io/tls`, which contains
the TLS serving certificate for the Concierge impersonation proxy endpoint.
If CertificateAuthorityData is not provided, the Concierge impersonation proxy will check this secret for
a field called "ca.crt", which will be used as the CA bundle to advertise for TLS verification.
minLength: 1
type: string
type: object

10
generated/1.27/README.adoc generated
View File

@@ -622,11 +622,11 @@ If this field is empty, the impersonation proxy will generate its own TLS certif
==== ImpersonationProxyTLSSpec
ImpersonationProxyTLSSpec contains information about how the Concierge impersonation proxy should
serve TLS.
serve TLS and what CA bundle to advertise for TLS verification.
If CertificateAuthorityData is not provided, the Concierge impersonation proxy will check the secret
for a field called "ca.crt", which will be used as the CertificateAuthorityData.
for a field called "ca.crt", which will be used as the CA bundle to advertise for TLS verification.
If neither CertificateAuthorityData nor ca.crt is provided, no CA bundle will be advertised for
@@ -641,9 +641,13 @@ the impersonation proxy endpoint.
|===
| Field | Description
| *`certificateAuthorityData`* __string__ | X.509 Certificate Authority (base64-encoded PEM bundle). +
Used to advertise the CA bundle for the impersonation proxy endpoint. +
Used to advertise the CA bundle for TLS verification. +
| *`secretName`* __string__ | SecretName is the name of a Secret in the same namespace, of type `kubernetes.io/tls`, which contains +
the TLS serving certificate for the Concierge impersonation proxy endpoint. +
If CertificateAuthorityData is not provided, the Concierge impersonation proxy will check this secret for +
a field called "ca.crt", which will be used as the CA bundle to advertise for TLS verification. +
|===

9
generated/1.27/apis/concierge/config/v1alpha1/types_credentialissuer.go generated
View File

@@ -83,16 +83,16 @@ const (
)
// ImpersonationProxyTLSSpec contains information about how the Concierge impersonation proxy should
// serve TLS.
// serve TLS and what CA bundle to advertise for TLS verification.
//
// If CertificateAuthorityData is not provided, the Concierge impersonation proxy will check the secret
// for a field called "ca.crt", which will be used as the CertificateAuthorityData.
// for a field called "ca.crt", which will be used as the CA bundle to advertise for TLS verification.
//
// If neither CertificateAuthorityData nor ca.crt is provided, no CA bundle will be advertised for
// the impersonation proxy endpoint.
type ImpersonationProxyTLSSpec struct {
// X.509 Certificate Authority (base64-encoded PEM bundle).
// Used to advertise the CA bundle for the impersonation proxy endpoint.
// Used to advertise the CA bundle for TLS verification.
//
// +optional
CertificateAuthorityData string `json:"certificateAuthorityData,omitempty"`
@@ -100,6 +100,9 @@ type ImpersonationProxyTLSSpec struct {
// SecretName is the name of a Secret in the same namespace, of type `kubernetes.io/tls`, which contains
// the TLS serving certificate for the Concierge impersonation proxy endpoint.
//
// If CertificateAuthorityData is not provided, the Concierge impersonation proxy will check this secret for
// a field called "ca.crt", which will be used as the CA bundle to advertise for TLS verification.
//
// +kubebuilder:validation:MinLength=1
SecretName string `json:"secretName,omitempty"`
}

6
generated/1.27/crds/config.concierge.pinniped.dev_credentialissuers.yaml generated
View File

@@ -115,12 +115,16 @@ spec:
certificateAuthorityData:
description: |-
X.509 Certificate Authority (base64-encoded PEM bundle).
Used to advertise the CA bundle for the impersonation proxy endpoint.
Used to advertise the CA bundle for TLS verification.
type: string
secretName:
description: |-
SecretName is the name of a Secret in the same namespace, of type `kubernetes.io/tls`, which contains
the TLS serving certificate for the Concierge impersonation proxy endpoint.
If CertificateAuthorityData is not provided, the Concierge impersonation proxy will check this secret for
a field called "ca.crt", which will be used as the CA bundle to advertise for TLS verification.
minLength: 1
type: string
type: object

10
generated/1.28/README.adoc generated
View File

@@ -622,11 +622,11 @@ If this field is empty, the impersonation proxy will generate its own TLS certif
==== ImpersonationProxyTLSSpec
ImpersonationProxyTLSSpec contains information about how the Concierge impersonation proxy should
serve TLS.
serve TLS and what CA bundle to advertise for TLS verification.
If CertificateAuthorityData is not provided, the Concierge impersonation proxy will check the secret
for a field called "ca.crt", which will be used as the CertificateAuthorityData.
for a field called "ca.crt", which will be used as the CA bundle to advertise for TLS verification.
If neither CertificateAuthorityData nor ca.crt is provided, no CA bundle will be advertised for
@@ -641,9 +641,13 @@ the impersonation proxy endpoint.
|===
| Field | Description
| *`certificateAuthorityData`* __string__ | X.509 Certificate Authority (base64-encoded PEM bundle). +
Used to advertise the CA bundle for the impersonation proxy endpoint. +
Used to advertise the CA bundle for TLS verification. +
| *`secretName`* __string__ | SecretName is the name of a Secret in the same namespace, of type `kubernetes.io/tls`, which contains +
the TLS serving certificate for the Concierge impersonation proxy endpoint. +
If CertificateAuthorityData is not provided, the Concierge impersonation proxy will check this secret for +
a field called "ca.crt", which will be used as the CA bundle to advertise for TLS verification. +
|===

9
generated/1.28/apis/concierge/config/v1alpha1/types_credentialissuer.go generated
View File

@@ -83,16 +83,16 @@ const (
)
// ImpersonationProxyTLSSpec contains information about how the Concierge impersonation proxy should
// serve TLS.
// serve TLS and what CA bundle to advertise for TLS verification.
//
// If CertificateAuthorityData is not provided, the Concierge impersonation proxy will check the secret
// for a field called "ca.crt", which will be used as the CertificateAuthorityData.
// for a field called "ca.crt", which will be used as the CA bundle to advertise for TLS verification.
//
// If neither CertificateAuthorityData nor ca.crt is provided, no CA bundle will be advertised for
// the impersonation proxy endpoint.
type ImpersonationProxyTLSSpec struct {
// X.509 Certificate Authority (base64-encoded PEM bundle).
// Used to advertise the CA bundle for the impersonation proxy endpoint.
// Used to advertise the CA bundle for TLS verification.
//
// +optional
CertificateAuthorityData string `json:"certificateAuthorityData,omitempty"`
@@ -100,6 +100,9 @@ type ImpersonationProxyTLSSpec struct {
// SecretName is the name of a Secret in the same namespace, of type `kubernetes.io/tls`, which contains
// the TLS serving certificate for the Concierge impersonation proxy endpoint.
//
// If CertificateAuthorityData is not provided, the Concierge impersonation proxy will check this secret for
// a field called "ca.crt", which will be used as the CA bundle to advertise for TLS verification.
//
// +kubebuilder:validation:MinLength=1
SecretName string `json:"secretName,omitempty"`
}

6
generated/1.28/crds/config.concierge.pinniped.dev_credentialissuers.yaml generated
View File

@@ -115,12 +115,16 @@ spec:
certificateAuthorityData:
description: |-
X.509 Certificate Authority (base64-encoded PEM bundle).
Used to advertise the CA bundle for the impersonation proxy endpoint.
Used to advertise the CA bundle for TLS verification.
type: string
secretName:
description: |-
SecretName is the name of a Secret in the same namespace, of type `kubernetes.io/tls`, which contains
the TLS serving certificate for the Concierge impersonation proxy endpoint.
If CertificateAuthorityData is not provided, the Concierge impersonation proxy will check this secret for
a field called "ca.crt", which will be used as the CA bundle to advertise for TLS verification.
minLength: 1
type: string
type: object

10
generated/1.29/README.adoc generated
View File

@@ -622,11 +622,11 @@ If this field is empty, the impersonation proxy will generate its own TLS certif
==== ImpersonationProxyTLSSpec
ImpersonationProxyTLSSpec contains information about how the Concierge impersonation proxy should
serve TLS.
serve TLS and what CA bundle to advertise for TLS verification.
If CertificateAuthorityData is not provided, the Concierge impersonation proxy will check the secret
for a field called "ca.crt", which will be used as the CertificateAuthorityData.
for a field called "ca.crt", which will be used as the CA bundle to advertise for TLS verification.
If neither CertificateAuthorityData nor ca.crt is provided, no CA bundle will be advertised for
@@ -641,9 +641,13 @@ the impersonation proxy endpoint.
|===
| Field | Description
| *`certificateAuthorityData`* __string__ | X.509 Certificate Authority (base64-encoded PEM bundle). +
Used to advertise the CA bundle for the impersonation proxy endpoint. +
Used to advertise the CA bundle for TLS verification. +
| *`secretName`* __string__ | SecretName is the name of a Secret in the same namespace, of type `kubernetes.io/tls`, which contains +
the TLS serving certificate for the Concierge impersonation proxy endpoint. +
If CertificateAuthorityData is not provided, the Concierge impersonation proxy will check this secret for +
a field called "ca.crt", which will be used as the CA bundle to advertise for TLS verification. +
|===

9
generated/1.29/apis/concierge/config/v1alpha1/types_credentialissuer.go generated
View File

@@ -83,16 +83,16 @@ const (
)
// ImpersonationProxyTLSSpec contains information about how the Concierge impersonation proxy should
// serve TLS.
// serve TLS and what CA bundle to advertise for TLS verification.
//
// If CertificateAuthorityData is not provided, the Concierge impersonation proxy will check the secret
// for a field called "ca.crt", which will be used as the CertificateAuthorityData.
// for a field called "ca.crt", which will be used as the CA bundle to advertise for TLS verification.
//
// If neither CertificateAuthorityData nor ca.crt is provided, no CA bundle will be advertised for
// the impersonation proxy endpoint.
type ImpersonationProxyTLSSpec struct {
// X.509 Certificate Authority (base64-encoded PEM bundle).
// Used to advertise the CA bundle for the impersonation proxy endpoint.
// Used to advertise the CA bundle for TLS verification.
//
// +optional
CertificateAuthorityData string `json:"certificateAuthorityData,omitempty"`
@@ -100,6 +100,9 @@ type ImpersonationProxyTLSSpec struct {
// SecretName is the name of a Secret in the same namespace, of type `kubernetes.io/tls`, which contains
// the TLS serving certificate for the Concierge impersonation proxy endpoint.
//
// If CertificateAuthorityData is not provided, the Concierge impersonation proxy will check this secret for
// a field called "ca.crt", which will be used as the CA bundle to advertise for TLS verification.
//
// +kubebuilder:validation:MinLength=1
SecretName string `json:"secretName,omitempty"`
}

6
generated/1.29/crds/config.concierge.pinniped.dev_credentialissuers.yaml generated
View File

@@ -115,12 +115,16 @@ spec:
certificateAuthorityData:
description: |-
X.509 Certificate Authority (base64-encoded PEM bundle).
Used to advertise the CA bundle for the impersonation proxy endpoint.
Used to advertise the CA bundle for TLS verification.
type: string
secretName:
description: |-
SecretName is the name of a Secret in the same namespace, of type `kubernetes.io/tls`, which contains
the TLS serving certificate for the Concierge impersonation proxy endpoint.
If CertificateAuthorityData is not provided, the Concierge impersonation proxy will check this secret for
a field called "ca.crt", which will be used as the CA bundle to advertise for TLS verification.
minLength: 1
type: string
type: object

10
generated/1.30/README.adoc generated
View File

@@ -622,11 +622,11 @@ If this field is empty, the impersonation proxy will generate its own TLS certif
==== ImpersonationProxyTLSSpec
ImpersonationProxyTLSSpec contains information about how the Concierge impersonation proxy should
serve TLS.
serve TLS and what CA bundle to advertise for TLS verification.
If CertificateAuthorityData is not provided, the Concierge impersonation proxy will check the secret
for a field called "ca.crt", which will be used as the CertificateAuthorityData.
for a field called "ca.crt", which will be used as the CA bundle to advertise for TLS verification.
If neither CertificateAuthorityData nor ca.crt is provided, no CA bundle will be advertised for
@@ -641,9 +641,13 @@ the impersonation proxy endpoint.
|===
| Field | Description
| *`certificateAuthorityData`* __string__ | X.509 Certificate Authority (base64-encoded PEM bundle). +
Used to advertise the CA bundle for the impersonation proxy endpoint. +
Used to advertise the CA bundle for TLS verification. +
| *`secretName`* __string__ | SecretName is the name of a Secret in the same namespace, of type `kubernetes.io/tls`, which contains +
the TLS serving certificate for the Concierge impersonation proxy endpoint. +
If CertificateAuthorityData is not provided, the Concierge impersonation proxy will check this secret for +
a field called "ca.crt", which will be used as the CA bundle to advertise for TLS verification. +
|===

9
generated/1.30/apis/concierge/config/v1alpha1/types_credentialissuer.go generated
View File

@@ -83,16 +83,16 @@ const (
)
// ImpersonationProxyTLSSpec contains information about how the Concierge impersonation proxy should
// serve TLS.
// serve TLS and what CA bundle to advertise for TLS verification.
//
// If CertificateAuthorityData is not provided, the Concierge impersonation proxy will check the secret
// for a field called "ca.crt", which will be used as the CertificateAuthorityData.
// for a field called "ca.crt", which will be used as the CA bundle to advertise for TLS verification.
//
// If neither CertificateAuthorityData nor ca.crt is provided, no CA bundle will be advertised for
// the impersonation proxy endpoint.
type ImpersonationProxyTLSSpec struct {
// X.509 Certificate Authority (base64-encoded PEM bundle).
// Used to advertise the CA bundle for the impersonation proxy endpoint.
// Used to advertise the CA bundle for TLS verification.
//
// +optional
CertificateAuthorityData string `json:"certificateAuthorityData,omitempty"`
@@ -100,6 +100,9 @@ type ImpersonationProxyTLSSpec struct {
// SecretName is the name of a Secret in the same namespace, of type `kubernetes.io/tls`, which contains
// the TLS serving certificate for the Concierge impersonation proxy endpoint.
//
// If CertificateAuthorityData is not provided, the Concierge impersonation proxy will check this secret for
// a field called "ca.crt", which will be used as the CA bundle to advertise for TLS verification.
//
// +kubebuilder:validation:MinLength=1
SecretName string `json:"secretName,omitempty"`
}

6
generated/1.30/crds/config.concierge.pinniped.dev_credentialissuers.yaml generated
View File

@@ -115,12 +115,16 @@ spec:
certificateAuthorityData:
description: |-
X.509 Certificate Authority (base64-encoded PEM bundle).
Used to advertise the CA bundle for the impersonation proxy endpoint.
Used to advertise the CA bundle for TLS verification.
type: string
secretName:
description: |-
SecretName is the name of a Secret in the same namespace, of type `kubernetes.io/tls`, which contains
the TLS serving certificate for the Concierge impersonation proxy endpoint.
If CertificateAuthorityData is not provided, the Concierge impersonation proxy will check this secret for
a field called "ca.crt", which will be used as the CA bundle to advertise for TLS verification.
minLength: 1
type: string
type: object

10
generated/1.31/README.adoc generated
View File

@@ -622,11 +622,11 @@ If this field is empty, the impersonation proxy will generate its own TLS certif
==== ImpersonationProxyTLSSpec
ImpersonationProxyTLSSpec contains information about how the Concierge impersonation proxy should
serve TLS.
serve TLS and what CA bundle to advertise for TLS verification.
If CertificateAuthorityData is not provided, the Concierge impersonation proxy will check the secret
for a field called "ca.crt", which will be used as the CertificateAuthorityData.
for a field called "ca.crt", which will be used as the CA bundle to advertise for TLS verification.
If neither CertificateAuthorityData nor ca.crt is provided, no CA bundle will be advertised for
@@ -641,9 +641,13 @@ the impersonation proxy endpoint.
|===
| Field | Description
| *`certificateAuthorityData`* __string__ | X.509 Certificate Authority (base64-encoded PEM bundle). +
Used to advertise the CA bundle for the impersonation proxy endpoint. +
Used to advertise the CA bundle for TLS verification. +
| *`secretName`* __string__ | SecretName is the name of a Secret in the same namespace, of type `kubernetes.io/tls`, which contains +
the TLS serving certificate for the Concierge impersonation proxy endpoint. +
If CertificateAuthorityData is not provided, the Concierge impersonation proxy will check this secret for +
a field called "ca.crt", which will be used as the CA bundle to advertise for TLS verification. +
|===

9
generated/1.31/apis/concierge/config/v1alpha1/types_credentialissuer.go generated
View File

@@ -83,16 +83,16 @@ const (
)
// ImpersonationProxyTLSSpec contains information about how the Concierge impersonation proxy should
// serve TLS.
// serve TLS and what CA bundle to advertise for TLS verification.
//
// If CertificateAuthorityData is not provided, the Concierge impersonation proxy will check the secret
// for a field called "ca.crt", which will be used as the CertificateAuthorityData.
// for a field called "ca.crt", which will be used as the CA bundle to advertise for TLS verification.
//
// If neither CertificateAuthorityData nor ca.crt is provided, no CA bundle will be advertised for
// the impersonation proxy endpoint.
type ImpersonationProxyTLSSpec struct {
// X.509 Certificate Authority (base64-encoded PEM bundle).
// Used to advertise the CA bundle for the impersonation proxy endpoint.
// Used to advertise the CA bundle for TLS verification.
//
// +optional
CertificateAuthorityData string `json:"certificateAuthorityData,omitempty"`
@@ -100,6 +100,9 @@ type ImpersonationProxyTLSSpec struct {
// SecretName is the name of a Secret in the same namespace, of type `kubernetes.io/tls`, which contains
// the TLS serving certificate for the Concierge impersonation proxy endpoint.
//
// If CertificateAuthorityData is not provided, the Concierge impersonation proxy will check this secret for
// a field called "ca.crt", which will be used as the CA bundle to advertise for TLS verification.
//
// +kubebuilder:validation:MinLength=1
SecretName string `json:"secretName,omitempty"`
}

6
generated/1.31/crds/config.concierge.pinniped.dev_credentialissuers.yaml generated
View File

@@ -115,12 +115,16 @@ spec:
certificateAuthorityData:
description: |-
X.509 Certificate Authority (base64-encoded PEM bundle).
Used to advertise the CA bundle for the impersonation proxy endpoint.
Used to advertise the CA bundle for TLS verification.
type: string
secretName:
description: |-
SecretName is the name of a Secret in the same namespace, of type `kubernetes.io/tls`, which contains
the TLS serving certificate for the Concierge impersonation proxy endpoint.
If CertificateAuthorityData is not provided, the Concierge impersonation proxy will check this secret for
a field called "ca.crt", which will be used as the CA bundle to advertise for TLS verification.
minLength: 1
type: string
type: object

10
generated/latest/README.adoc generated
View File

@@ -622,11 +622,11 @@ If this field is empty, the impersonation proxy will generate its own TLS certif
==== ImpersonationProxyTLSSpec
ImpersonationProxyTLSSpec contains information about how the Concierge impersonation proxy should
serve TLS.
serve TLS and what CA bundle to advertise for TLS verification.
If CertificateAuthorityData is not provided, the Concierge impersonation proxy will check the secret
for a field called "ca.crt", which will be used as the CertificateAuthorityData.
for a field called "ca.crt", which will be used as the CA bundle to advertise for TLS verification.
If neither CertificateAuthorityData nor ca.crt is provided, no CA bundle will be advertised for
@@ -641,9 +641,13 @@ the impersonation proxy endpoint.
|===
| Field | Description
| *`certificateAuthorityData`* __string__ | X.509 Certificate Authority (base64-encoded PEM bundle). +
Used to advertise the CA bundle for the impersonation proxy endpoint. +
Used to advertise the CA bundle for TLS verification. +
| *`secretName`* __string__ | SecretName is the name of a Secret in the same namespace, of type `kubernetes.io/tls`, which contains +
the TLS serving certificate for the Concierge impersonation proxy endpoint. +
If CertificateAuthorityData is not provided, the Concierge impersonation proxy will check this secret for +
a field called "ca.crt", which will be used as the CA bundle to advertise for TLS verification. +
|===

9
generated/latest/apis/concierge/config/v1alpha1/types_credentialissuer.go generated
View File

@@ -83,16 +83,16 @@ const (
)
// ImpersonationProxyTLSSpec contains information about how the Concierge impersonation proxy should
// serve TLS.
// serve TLS and what CA bundle to advertise for TLS verification.
//
// If CertificateAuthorityData is not provided, the Concierge impersonation proxy will check the secret
// for a field called "ca.crt", which will be used as the CertificateAuthorityData.
// for a field called "ca.crt", which will be used as the CA bundle to advertise for TLS verification.
//
// If neither CertificateAuthorityData nor ca.crt is provided, no CA bundle will be advertised for
// the impersonation proxy endpoint.
type ImpersonationProxyTLSSpec struct {
// X.509 Certificate Authority (base64-encoded PEM bundle).
// Used to advertise the CA bundle for the impersonation proxy endpoint.
// Used to advertise the CA bundle for TLS verification.
//
// +optional
CertificateAuthorityData string `json:"certificateAuthorityData,omitempty"`
@@ -100,6 +100,9 @@ type ImpersonationProxyTLSSpec struct {
// SecretName is the name of a Secret in the same namespace, of type `kubernetes.io/tls`, which contains
// the TLS serving certificate for the Concierge impersonation proxy endpoint.
//
// If CertificateAuthorityData is not provided, the Concierge impersonation proxy will check this secret for
// a field called "ca.crt", which will be used as the CA bundle to advertise for TLS verification.
//
// +kubebuilder:validation:MinLength=1
SecretName string `json:"secretName,omitempty"`
}