supervisor-generate-key: initial spike

Signed-off-by: Andrew Keesler <akeesler@vmware.com>

deploy/supervisor/config.pinniped.dev_oidcproviderconfigs.yaml

@@ -55,6 +55,17 @@ spec:
           status:
             description: Status of the OIDC provider.
             properties:
+              jwksSecret:
+                description: JWKSSecret holds the name of the secret in which this
+                  OIDC Provider's signing/verification keys are stored. If it is empty,
+                  then the signing/verification keys are either unknown or they don't
+                  exist.
+                properties:
+                  name:
+                    description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+                      TODO: Add other useful fields. apiVersion, kind, uid?'
+                    type: string
+                type: object
               lastUpdateTime:
                 description: LastUpdateTime holds the time at which the Status was
                   last updated. It is a pointer to get around some undesirable behavior

deploy/supervisor/rbac.yaml

@@ -13,6 +13,9 @@ metadata:
   labels:
     app: #@ data.values.app_name
 rules:
+  - apiGroups: [""]
+    resources: [secrets]
+    verbs: [create, get, list, patch, update, watch, delete]
   - apiGroups: [config.pinniped.dev]
     resources: [oidcproviderconfigs]
     verbs: [update, get, list, watch]