update go templates for TLSSpec for concierge and supervisor

Signed-off-by: Ashish Amarnath <ashish.amarnath@broadcom.com>
2026-01-05 13:07:14 +00:00 · 2024-06-19 14:29:43 -07:00
parent 1bb38911dc
commit 842f14af4c
2 changed files with 37 additions and 0 deletions
--- a/apis/concierge/authentication/v1alpha1/types_tls.go.tmpl
+++ b/apis/concierge/authentication/v1alpha1/types_tls.go.tmpl
@@ -3,9 +3,27 @@

 package v1alpha1

+// CABundleSource provides a source for CA bundle used for client-side TLS verification.
+type CABundleSource struct {
+	// Whether the CA bundle is being sourced from a kubernetes secret or a configmap.
+	// Secrets must be of type kubernetes.io/tls or Opaque.
+	// For configmaps, the value associated with the key is not expected to be base64 encoded.
+	// +kubebuilder:validation:Enum=Secret;ConfigMap
+	Kind string `json:"kind"`
+	// Name of the secret or configmap from which to read the CA bundle.
+	// +kubebuilder:validation:MinLength=1
+	Name string `json:"name"`
+	// Key within the secret or configmap from which to read the CA bundle.
+	// +kubebuilder:validation:MinLength=1
+	Key string `json:"key"`
+}
+
 // Configuration for configuring TLS on various authenticators.
 type TLSSpec struct {
 	// X.509 Certificate Authority (base64-encoded PEM bundle). If omitted, a default set of system roots will be trusted.
 	// +optional
 	CertificateAuthorityData string `json:"certificateAuthorityData,omitempty"`
+	// Reference to a CA bundle in a secret or a configmap.
+	// +optional
+	CertificateAuthorityDataSource *CABundleSource `json:"certificateAuthorityDataSource,omitempty"`
 }