diff --git a/apis/concierge/config/v1alpha1/types_credentialissuer.go.tmpl b/apis/concierge/config/v1alpha1/types_credentialissuer.go.tmpl index d1cb160ba..1e869247a 100644 --- a/apis/concierge/config/v1alpha1/types_credentialissuer.go.tmpl +++ b/apis/concierge/config/v1alpha1/types_credentialissuer.go.tmpl @@ -1,4 +1,4 @@ -// Copyright 2020-2022 the Pinniped contributors. All Rights Reserved. +// Copyright 2020-2023 the Pinniped contributors. All Rights Reserved. // SPDX-License-Identifier: Apache-2.0 package v1alpha1 @@ -80,6 +80,22 @@ const ( ImpersonationProxyServiceTypeNone = ImpersonationProxyServiceType("None") ) +// ImpersonationProxyTLSSpec contains information about how the Concierge impersonation proxy should +// serve TLS. +type ImpersonationProxyTLSSpec struct { + // X.509 Certificate Authority (base64-encoded PEM bundle). + // Used to advertise the CA bundle for the impersonation proxy endpoint. + // + // +optional + CertificateAuthorityData string `json:"certificateAuthorityData,omitempty"` + + // SecretName is the name of a Secret in the same namespace, of type `kubernetes.io/tls`, which contains + // the TLS serving certificate for the Concierge impersonation proxy endpoint. + // + // +kubebuilder:validation:MinLength=1 + SecretName string `json:"secretName,omitempty"` +} + // ImpersonationProxySpec describes the intended configuration of the Concierge impersonation proxy. type ImpersonationProxySpec struct { // Mode configures whether the impersonation proxy should be started: @@ -100,6 +116,11 @@ type ImpersonationProxySpec struct { // // +optional ExternalEndpoint string `json:"externalEndpoint,omitempty"` + + // TLS contains information about how the Concierge impersonation proxy should serve TLS. + // + // +optional + TLS *ImpersonationProxyTLSSpec `json:"tls,omitempty"` } // ImpersonationProxyServiceSpec describes how the Concierge should provision a Service to expose the impersonation proxy. diff --git a/deploy/concierge/config.concierge.pinniped.dev_credentialissuers.yaml b/deploy/concierge/config.concierge.pinniped.dev_credentialissuers.yaml index faa2b6d32..76b3a3db2 100644 --- a/deploy/concierge/config.concierge.pinniped.dev_credentialissuers.yaml +++ b/deploy/concierge/config.concierge.pinniped.dev_credentialissuers.yaml @@ -103,6 +103,23 @@ spec: - None type: string type: object + tls: + description: TLS contains information about how the Concierge + impersonation proxy should serve TLS. + properties: + certificateAuthorityData: + description: X.509 Certificate Authority (base64-encoded PEM + bundle). Used to advertise the CA bundle for the impersonation + proxy endpoint. + type: string + secretName: + description: SecretName is the name of a Secret in the same + namespace, of type `kubernetes.io/tls`, which contains the + TLS serving certificate for the Concierge impersonation + proxy endpoint. + minLength: 1 + type: string + type: object required: - mode - service diff --git a/generated/1.17/README.adoc b/generated/1.17/README.adoc index 78ee0c31b..3fef5a09e 100644 --- a/generated/1.17/README.adoc +++ b/generated/1.17/README.adoc @@ -568,6 +568,25 @@ ImpersonationProxySpec describes the intended configuration of the Concierge imp | *`service`* __xref:{anchor_prefix}-go-pinniped-dev-generated-1-17-apis-concierge-config-v1alpha1-impersonationproxyservicespec[$$ImpersonationProxyServiceSpec$$]__ | Service describes the configuration of the Service provisioned to expose the impersonation proxy to clients. | *`externalEndpoint`* __string__ | ExternalEndpoint describes the HTTPS endpoint where the proxy will be exposed. If not set, the proxy will be served using the external name of the LoadBalancer service or the cluster service DNS name. This field must be non-empty when spec.impersonationProxy.service.type is "None". +| *`tls`* __xref:{anchor_prefix}-go-pinniped-dev-generated-1-17-apis-concierge-config-v1alpha1-impersonationproxytlsspec[$$ImpersonationProxyTLSSpec$$]__ | TLS contains information about how the Concierge impersonation proxy should serve TLS. +|=== + + +[id="{anchor_prefix}-go-pinniped-dev-generated-1-17-apis-concierge-config-v1alpha1-impersonationproxytlsspec"] +==== ImpersonationProxyTLSSpec + +ImpersonationProxyTLSSpec contains information about how the Concierge impersonation proxy should serve TLS. + +.Appears In: +**** +- xref:{anchor_prefix}-go-pinniped-dev-generated-1-17-apis-concierge-config-v1alpha1-impersonationproxyspec[$$ImpersonationProxySpec$$] +**** + +[cols="25a,75a", options="header"] +|=== +| Field | Description +| *`certificateAuthorityData`* __string__ | X.509 Certificate Authority (base64-encoded PEM bundle). Used to advertise the CA bundle for the impersonation proxy endpoint. +| *`secretName`* __string__ | SecretName is the name of a Secret in the same namespace, of type `kubernetes.io/tls`, which contains the TLS serving certificate for the Concierge impersonation proxy endpoint. |=== diff --git a/generated/1.17/apis/concierge/config/v1alpha1/types_credentialissuer.go b/generated/1.17/apis/concierge/config/v1alpha1/types_credentialissuer.go index d1cb160ba..1e869247a 100644 --- a/generated/1.17/apis/concierge/config/v1alpha1/types_credentialissuer.go +++ b/generated/1.17/apis/concierge/config/v1alpha1/types_credentialissuer.go @@ -1,4 +1,4 @@ -// Copyright 2020-2022 the Pinniped contributors. All Rights Reserved. +// Copyright 2020-2023 the Pinniped contributors. All Rights Reserved. // SPDX-License-Identifier: Apache-2.0 package v1alpha1 @@ -80,6 +80,22 @@ const ( ImpersonationProxyServiceTypeNone = ImpersonationProxyServiceType("None") ) +// ImpersonationProxyTLSSpec contains information about how the Concierge impersonation proxy should +// serve TLS. +type ImpersonationProxyTLSSpec struct { + // X.509 Certificate Authority (base64-encoded PEM bundle). + // Used to advertise the CA bundle for the impersonation proxy endpoint. + // + // +optional + CertificateAuthorityData string `json:"certificateAuthorityData,omitempty"` + + // SecretName is the name of a Secret in the same namespace, of type `kubernetes.io/tls`, which contains + // the TLS serving certificate for the Concierge impersonation proxy endpoint. + // + // +kubebuilder:validation:MinLength=1 + SecretName string `json:"secretName,omitempty"` +} + // ImpersonationProxySpec describes the intended configuration of the Concierge impersonation proxy. type ImpersonationProxySpec struct { // Mode configures whether the impersonation proxy should be started: @@ -100,6 +116,11 @@ type ImpersonationProxySpec struct { // // +optional ExternalEndpoint string `json:"externalEndpoint,omitempty"` + + // TLS contains information about how the Concierge impersonation proxy should serve TLS. + // + // +optional + TLS *ImpersonationProxyTLSSpec `json:"tls,omitempty"` } // ImpersonationProxyServiceSpec describes how the Concierge should provision a Service to expose the impersonation proxy. diff --git a/generated/1.17/apis/concierge/config/v1alpha1/zz_generated.deepcopy.go b/generated/1.17/apis/concierge/config/v1alpha1/zz_generated.deepcopy.go index 1d2678dea..d4a01ba48 100644 --- a/generated/1.17/apis/concierge/config/v1alpha1/zz_generated.deepcopy.go +++ b/generated/1.17/apis/concierge/config/v1alpha1/zz_generated.deepcopy.go @@ -229,6 +229,11 @@ func (in *ImpersonationProxyServiceSpec) DeepCopy() *ImpersonationProxyServiceSp func (in *ImpersonationProxySpec) DeepCopyInto(out *ImpersonationProxySpec) { *out = *in in.Service.DeepCopyInto(&out.Service) + if in.TLS != nil { + in, out := &in.TLS, &out.TLS + *out = new(ImpersonationProxyTLSSpec) + **out = **in + } return } @@ -242,6 +247,22 @@ func (in *ImpersonationProxySpec) DeepCopy() *ImpersonationProxySpec { return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ImpersonationProxyTLSSpec) DeepCopyInto(out *ImpersonationProxyTLSSpec) { + *out = *in + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ImpersonationProxyTLSSpec. +func (in *ImpersonationProxyTLSSpec) DeepCopy() *ImpersonationProxyTLSSpec { + if in == nil { + return nil + } + out := new(ImpersonationProxyTLSSpec) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *TokenCredentialRequestAPIInfo) DeepCopyInto(out *TokenCredentialRequestAPIInfo) { *out = *in diff --git a/generated/1.17/crds/config.concierge.pinniped.dev_credentialissuers.yaml b/generated/1.17/crds/config.concierge.pinniped.dev_credentialissuers.yaml index faa2b6d32..76b3a3db2 100644 --- a/generated/1.17/crds/config.concierge.pinniped.dev_credentialissuers.yaml +++ b/generated/1.17/crds/config.concierge.pinniped.dev_credentialissuers.yaml @@ -103,6 +103,23 @@ spec: - None type: string type: object + tls: + description: TLS contains information about how the Concierge + impersonation proxy should serve TLS. + properties: + certificateAuthorityData: + description: X.509 Certificate Authority (base64-encoded PEM + bundle). Used to advertise the CA bundle for the impersonation + proxy endpoint. + type: string + secretName: + description: SecretName is the name of a Secret in the same + namespace, of type `kubernetes.io/tls`, which contains the + TLS serving certificate for the Concierge impersonation + proxy endpoint. + minLength: 1 + type: string + type: object required: - mode - service diff --git a/generated/1.18/README.adoc b/generated/1.18/README.adoc index 06536d63c..f68201ae5 100644 --- a/generated/1.18/README.adoc +++ b/generated/1.18/README.adoc @@ -568,6 +568,25 @@ ImpersonationProxySpec describes the intended configuration of the Concierge imp | *`service`* __xref:{anchor_prefix}-go-pinniped-dev-generated-1-18-apis-concierge-config-v1alpha1-impersonationproxyservicespec[$$ImpersonationProxyServiceSpec$$]__ | Service describes the configuration of the Service provisioned to expose the impersonation proxy to clients. | *`externalEndpoint`* __string__ | ExternalEndpoint describes the HTTPS endpoint where the proxy will be exposed. If not set, the proxy will be served using the external name of the LoadBalancer service or the cluster service DNS name. This field must be non-empty when spec.impersonationProxy.service.type is "None". +| *`tls`* __xref:{anchor_prefix}-go-pinniped-dev-generated-1-18-apis-concierge-config-v1alpha1-impersonationproxytlsspec[$$ImpersonationProxyTLSSpec$$]__ | TLS contains information about how the Concierge impersonation proxy should serve TLS. +|=== + + +[id="{anchor_prefix}-go-pinniped-dev-generated-1-18-apis-concierge-config-v1alpha1-impersonationproxytlsspec"] +==== ImpersonationProxyTLSSpec + +ImpersonationProxyTLSSpec contains information about how the Concierge impersonation proxy should serve TLS. + +.Appears In: +**** +- xref:{anchor_prefix}-go-pinniped-dev-generated-1-18-apis-concierge-config-v1alpha1-impersonationproxyspec[$$ImpersonationProxySpec$$] +**** + +[cols="25a,75a", options="header"] +|=== +| Field | Description +| *`certificateAuthorityData`* __string__ | X.509 Certificate Authority (base64-encoded PEM bundle). Used to advertise the CA bundle for the impersonation proxy endpoint. +| *`secretName`* __string__ | SecretName is the name of a Secret in the same namespace, of type `kubernetes.io/tls`, which contains the TLS serving certificate for the Concierge impersonation proxy endpoint. |=== diff --git a/generated/1.18/apis/concierge/config/v1alpha1/types_credentialissuer.go b/generated/1.18/apis/concierge/config/v1alpha1/types_credentialissuer.go index d1cb160ba..1e869247a 100644 --- a/generated/1.18/apis/concierge/config/v1alpha1/types_credentialissuer.go +++ b/generated/1.18/apis/concierge/config/v1alpha1/types_credentialissuer.go @@ -1,4 +1,4 @@ -// Copyright 2020-2022 the Pinniped contributors. All Rights Reserved. +// Copyright 2020-2023 the Pinniped contributors. All Rights Reserved. // SPDX-License-Identifier: Apache-2.0 package v1alpha1 @@ -80,6 +80,22 @@ const ( ImpersonationProxyServiceTypeNone = ImpersonationProxyServiceType("None") ) +// ImpersonationProxyTLSSpec contains information about how the Concierge impersonation proxy should +// serve TLS. +type ImpersonationProxyTLSSpec struct { + // X.509 Certificate Authority (base64-encoded PEM bundle). + // Used to advertise the CA bundle for the impersonation proxy endpoint. + // + // +optional + CertificateAuthorityData string `json:"certificateAuthorityData,omitempty"` + + // SecretName is the name of a Secret in the same namespace, of type `kubernetes.io/tls`, which contains + // the TLS serving certificate for the Concierge impersonation proxy endpoint. + // + // +kubebuilder:validation:MinLength=1 + SecretName string `json:"secretName,omitempty"` +} + // ImpersonationProxySpec describes the intended configuration of the Concierge impersonation proxy. type ImpersonationProxySpec struct { // Mode configures whether the impersonation proxy should be started: @@ -100,6 +116,11 @@ type ImpersonationProxySpec struct { // // +optional ExternalEndpoint string `json:"externalEndpoint,omitempty"` + + // TLS contains information about how the Concierge impersonation proxy should serve TLS. + // + // +optional + TLS *ImpersonationProxyTLSSpec `json:"tls,omitempty"` } // ImpersonationProxyServiceSpec describes how the Concierge should provision a Service to expose the impersonation proxy. diff --git a/generated/1.18/apis/concierge/config/v1alpha1/zz_generated.deepcopy.go b/generated/1.18/apis/concierge/config/v1alpha1/zz_generated.deepcopy.go index 1d2678dea..d4a01ba48 100644 --- a/generated/1.18/apis/concierge/config/v1alpha1/zz_generated.deepcopy.go +++ b/generated/1.18/apis/concierge/config/v1alpha1/zz_generated.deepcopy.go @@ -229,6 +229,11 @@ func (in *ImpersonationProxyServiceSpec) DeepCopy() *ImpersonationProxyServiceSp func (in *ImpersonationProxySpec) DeepCopyInto(out *ImpersonationProxySpec) { *out = *in in.Service.DeepCopyInto(&out.Service) + if in.TLS != nil { + in, out := &in.TLS, &out.TLS + *out = new(ImpersonationProxyTLSSpec) + **out = **in + } return } @@ -242,6 +247,22 @@ func (in *ImpersonationProxySpec) DeepCopy() *ImpersonationProxySpec { return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ImpersonationProxyTLSSpec) DeepCopyInto(out *ImpersonationProxyTLSSpec) { + *out = *in + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ImpersonationProxyTLSSpec. +func (in *ImpersonationProxyTLSSpec) DeepCopy() *ImpersonationProxyTLSSpec { + if in == nil { + return nil + } + out := new(ImpersonationProxyTLSSpec) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *TokenCredentialRequestAPIInfo) DeepCopyInto(out *TokenCredentialRequestAPIInfo) { *out = *in diff --git a/generated/1.18/crds/config.concierge.pinniped.dev_credentialissuers.yaml b/generated/1.18/crds/config.concierge.pinniped.dev_credentialissuers.yaml index faa2b6d32..76b3a3db2 100644 --- a/generated/1.18/crds/config.concierge.pinniped.dev_credentialissuers.yaml +++ b/generated/1.18/crds/config.concierge.pinniped.dev_credentialissuers.yaml @@ -103,6 +103,23 @@ spec: - None type: string type: object + tls: + description: TLS contains information about how the Concierge + impersonation proxy should serve TLS. + properties: + certificateAuthorityData: + description: X.509 Certificate Authority (base64-encoded PEM + bundle). Used to advertise the CA bundle for the impersonation + proxy endpoint. + type: string + secretName: + description: SecretName is the name of a Secret in the same + namespace, of type `kubernetes.io/tls`, which contains the + TLS serving certificate for the Concierge impersonation + proxy endpoint. + minLength: 1 + type: string + type: object required: - mode - service diff --git a/generated/1.19/README.adoc b/generated/1.19/README.adoc index abafdbf0a..192ffaa79 100644 --- a/generated/1.19/README.adoc +++ b/generated/1.19/README.adoc @@ -568,6 +568,25 @@ ImpersonationProxySpec describes the intended configuration of the Concierge imp | *`service`* __xref:{anchor_prefix}-go-pinniped-dev-generated-1-19-apis-concierge-config-v1alpha1-impersonationproxyservicespec[$$ImpersonationProxyServiceSpec$$]__ | Service describes the configuration of the Service provisioned to expose the impersonation proxy to clients. | *`externalEndpoint`* __string__ | ExternalEndpoint describes the HTTPS endpoint where the proxy will be exposed. If not set, the proxy will be served using the external name of the LoadBalancer service or the cluster service DNS name. This field must be non-empty when spec.impersonationProxy.service.type is "None". +| *`tls`* __xref:{anchor_prefix}-go-pinniped-dev-generated-1-19-apis-concierge-config-v1alpha1-impersonationproxytlsspec[$$ImpersonationProxyTLSSpec$$]__ | TLS contains information about how the Concierge impersonation proxy should serve TLS. +|=== + + +[id="{anchor_prefix}-go-pinniped-dev-generated-1-19-apis-concierge-config-v1alpha1-impersonationproxytlsspec"] +==== ImpersonationProxyTLSSpec + +ImpersonationProxyTLSSpec contains information about how the Concierge impersonation proxy should serve TLS. + +.Appears In: +**** +- xref:{anchor_prefix}-go-pinniped-dev-generated-1-19-apis-concierge-config-v1alpha1-impersonationproxyspec[$$ImpersonationProxySpec$$] +**** + +[cols="25a,75a", options="header"] +|=== +| Field | Description +| *`certificateAuthorityData`* __string__ | X.509 Certificate Authority (base64-encoded PEM bundle). Used to advertise the CA bundle for the impersonation proxy endpoint. +| *`secretName`* __string__ | SecretName is the name of a Secret in the same namespace, of type `kubernetes.io/tls`, which contains the TLS serving certificate for the Concierge impersonation proxy endpoint. |=== diff --git a/generated/1.19/apis/concierge/config/v1alpha1/types_credentialissuer.go b/generated/1.19/apis/concierge/config/v1alpha1/types_credentialissuer.go index d1cb160ba..1e869247a 100644 --- a/generated/1.19/apis/concierge/config/v1alpha1/types_credentialissuer.go +++ b/generated/1.19/apis/concierge/config/v1alpha1/types_credentialissuer.go @@ -1,4 +1,4 @@ -// Copyright 2020-2022 the Pinniped contributors. All Rights Reserved. +// Copyright 2020-2023 the Pinniped contributors. All Rights Reserved. // SPDX-License-Identifier: Apache-2.0 package v1alpha1 @@ -80,6 +80,22 @@ const ( ImpersonationProxyServiceTypeNone = ImpersonationProxyServiceType("None") ) +// ImpersonationProxyTLSSpec contains information about how the Concierge impersonation proxy should +// serve TLS. +type ImpersonationProxyTLSSpec struct { + // X.509 Certificate Authority (base64-encoded PEM bundle). + // Used to advertise the CA bundle for the impersonation proxy endpoint. + // + // +optional + CertificateAuthorityData string `json:"certificateAuthorityData,omitempty"` + + // SecretName is the name of a Secret in the same namespace, of type `kubernetes.io/tls`, which contains + // the TLS serving certificate for the Concierge impersonation proxy endpoint. + // + // +kubebuilder:validation:MinLength=1 + SecretName string `json:"secretName,omitempty"` +} + // ImpersonationProxySpec describes the intended configuration of the Concierge impersonation proxy. type ImpersonationProxySpec struct { // Mode configures whether the impersonation proxy should be started: @@ -100,6 +116,11 @@ type ImpersonationProxySpec struct { // // +optional ExternalEndpoint string `json:"externalEndpoint,omitempty"` + + // TLS contains information about how the Concierge impersonation proxy should serve TLS. + // + // +optional + TLS *ImpersonationProxyTLSSpec `json:"tls,omitempty"` } // ImpersonationProxyServiceSpec describes how the Concierge should provision a Service to expose the impersonation proxy. diff --git a/generated/1.19/apis/concierge/config/v1alpha1/zz_generated.deepcopy.go b/generated/1.19/apis/concierge/config/v1alpha1/zz_generated.deepcopy.go index 1d2678dea..d4a01ba48 100644 --- a/generated/1.19/apis/concierge/config/v1alpha1/zz_generated.deepcopy.go +++ b/generated/1.19/apis/concierge/config/v1alpha1/zz_generated.deepcopy.go @@ -229,6 +229,11 @@ func (in *ImpersonationProxyServiceSpec) DeepCopy() *ImpersonationProxyServiceSp func (in *ImpersonationProxySpec) DeepCopyInto(out *ImpersonationProxySpec) { *out = *in in.Service.DeepCopyInto(&out.Service) + if in.TLS != nil { + in, out := &in.TLS, &out.TLS + *out = new(ImpersonationProxyTLSSpec) + **out = **in + } return } @@ -242,6 +247,22 @@ func (in *ImpersonationProxySpec) DeepCopy() *ImpersonationProxySpec { return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ImpersonationProxyTLSSpec) DeepCopyInto(out *ImpersonationProxyTLSSpec) { + *out = *in + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ImpersonationProxyTLSSpec. +func (in *ImpersonationProxyTLSSpec) DeepCopy() *ImpersonationProxyTLSSpec { + if in == nil { + return nil + } + out := new(ImpersonationProxyTLSSpec) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *TokenCredentialRequestAPIInfo) DeepCopyInto(out *TokenCredentialRequestAPIInfo) { *out = *in diff --git a/generated/1.19/crds/config.concierge.pinniped.dev_credentialissuers.yaml b/generated/1.19/crds/config.concierge.pinniped.dev_credentialissuers.yaml index faa2b6d32..76b3a3db2 100644 --- a/generated/1.19/crds/config.concierge.pinniped.dev_credentialissuers.yaml +++ b/generated/1.19/crds/config.concierge.pinniped.dev_credentialissuers.yaml @@ -103,6 +103,23 @@ spec: - None type: string type: object + tls: + description: TLS contains information about how the Concierge + impersonation proxy should serve TLS. + properties: + certificateAuthorityData: + description: X.509 Certificate Authority (base64-encoded PEM + bundle). Used to advertise the CA bundle for the impersonation + proxy endpoint. + type: string + secretName: + description: SecretName is the name of a Secret in the same + namespace, of type `kubernetes.io/tls`, which contains the + TLS serving certificate for the Concierge impersonation + proxy endpoint. + minLength: 1 + type: string + type: object required: - mode - service diff --git a/generated/1.20/README.adoc b/generated/1.20/README.adoc index 56e3bb2be..4bc125c32 100644 --- a/generated/1.20/README.adoc +++ b/generated/1.20/README.adoc @@ -568,6 +568,25 @@ ImpersonationProxySpec describes the intended configuration of the Concierge imp | *`service`* __xref:{anchor_prefix}-go-pinniped-dev-generated-1-20-apis-concierge-config-v1alpha1-impersonationproxyservicespec[$$ImpersonationProxyServiceSpec$$]__ | Service describes the configuration of the Service provisioned to expose the impersonation proxy to clients. | *`externalEndpoint`* __string__ | ExternalEndpoint describes the HTTPS endpoint where the proxy will be exposed. If not set, the proxy will be served using the external name of the LoadBalancer service or the cluster service DNS name. This field must be non-empty when spec.impersonationProxy.service.type is "None". +| *`tls`* __xref:{anchor_prefix}-go-pinniped-dev-generated-1-20-apis-concierge-config-v1alpha1-impersonationproxytlsspec[$$ImpersonationProxyTLSSpec$$]__ | TLS contains information about how the Concierge impersonation proxy should serve TLS. +|=== + + +[id="{anchor_prefix}-go-pinniped-dev-generated-1-20-apis-concierge-config-v1alpha1-impersonationproxytlsspec"] +==== ImpersonationProxyTLSSpec + +ImpersonationProxyTLSSpec contains information about how the Concierge impersonation proxy should serve TLS. + +.Appears In: +**** +- xref:{anchor_prefix}-go-pinniped-dev-generated-1-20-apis-concierge-config-v1alpha1-impersonationproxyspec[$$ImpersonationProxySpec$$] +**** + +[cols="25a,75a", options="header"] +|=== +| Field | Description +| *`certificateAuthorityData`* __string__ | X.509 Certificate Authority (base64-encoded PEM bundle). Used to advertise the CA bundle for the impersonation proxy endpoint. +| *`secretName`* __string__ | SecretName is the name of a Secret in the same namespace, of type `kubernetes.io/tls`, which contains the TLS serving certificate for the Concierge impersonation proxy endpoint. |=== diff --git a/generated/1.20/apis/concierge/config/v1alpha1/types_credentialissuer.go b/generated/1.20/apis/concierge/config/v1alpha1/types_credentialissuer.go index d1cb160ba..1e869247a 100644 --- a/generated/1.20/apis/concierge/config/v1alpha1/types_credentialissuer.go +++ b/generated/1.20/apis/concierge/config/v1alpha1/types_credentialissuer.go @@ -1,4 +1,4 @@ -// Copyright 2020-2022 the Pinniped contributors. All Rights Reserved. +// Copyright 2020-2023 the Pinniped contributors. All Rights Reserved. // SPDX-License-Identifier: Apache-2.0 package v1alpha1 @@ -80,6 +80,22 @@ const ( ImpersonationProxyServiceTypeNone = ImpersonationProxyServiceType("None") ) +// ImpersonationProxyTLSSpec contains information about how the Concierge impersonation proxy should +// serve TLS. +type ImpersonationProxyTLSSpec struct { + // X.509 Certificate Authority (base64-encoded PEM bundle). + // Used to advertise the CA bundle for the impersonation proxy endpoint. + // + // +optional + CertificateAuthorityData string `json:"certificateAuthorityData,omitempty"` + + // SecretName is the name of a Secret in the same namespace, of type `kubernetes.io/tls`, which contains + // the TLS serving certificate for the Concierge impersonation proxy endpoint. + // + // +kubebuilder:validation:MinLength=1 + SecretName string `json:"secretName,omitempty"` +} + // ImpersonationProxySpec describes the intended configuration of the Concierge impersonation proxy. type ImpersonationProxySpec struct { // Mode configures whether the impersonation proxy should be started: @@ -100,6 +116,11 @@ type ImpersonationProxySpec struct { // // +optional ExternalEndpoint string `json:"externalEndpoint,omitempty"` + + // TLS contains information about how the Concierge impersonation proxy should serve TLS. + // + // +optional + TLS *ImpersonationProxyTLSSpec `json:"tls,omitempty"` } // ImpersonationProxyServiceSpec describes how the Concierge should provision a Service to expose the impersonation proxy. diff --git a/generated/1.20/apis/concierge/config/v1alpha1/zz_generated.deepcopy.go b/generated/1.20/apis/concierge/config/v1alpha1/zz_generated.deepcopy.go index 1d2678dea..d4a01ba48 100644 --- a/generated/1.20/apis/concierge/config/v1alpha1/zz_generated.deepcopy.go +++ b/generated/1.20/apis/concierge/config/v1alpha1/zz_generated.deepcopy.go @@ -229,6 +229,11 @@ func (in *ImpersonationProxyServiceSpec) DeepCopy() *ImpersonationProxyServiceSp func (in *ImpersonationProxySpec) DeepCopyInto(out *ImpersonationProxySpec) { *out = *in in.Service.DeepCopyInto(&out.Service) + if in.TLS != nil { + in, out := &in.TLS, &out.TLS + *out = new(ImpersonationProxyTLSSpec) + **out = **in + } return } @@ -242,6 +247,22 @@ func (in *ImpersonationProxySpec) DeepCopy() *ImpersonationProxySpec { return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ImpersonationProxyTLSSpec) DeepCopyInto(out *ImpersonationProxyTLSSpec) { + *out = *in + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ImpersonationProxyTLSSpec. +func (in *ImpersonationProxyTLSSpec) DeepCopy() *ImpersonationProxyTLSSpec { + if in == nil { + return nil + } + out := new(ImpersonationProxyTLSSpec) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *TokenCredentialRequestAPIInfo) DeepCopyInto(out *TokenCredentialRequestAPIInfo) { *out = *in diff --git a/generated/1.20/crds/config.concierge.pinniped.dev_credentialissuers.yaml b/generated/1.20/crds/config.concierge.pinniped.dev_credentialissuers.yaml index faa2b6d32..76b3a3db2 100644 --- a/generated/1.20/crds/config.concierge.pinniped.dev_credentialissuers.yaml +++ b/generated/1.20/crds/config.concierge.pinniped.dev_credentialissuers.yaml @@ -103,6 +103,23 @@ spec: - None type: string type: object + tls: + description: TLS contains information about how the Concierge + impersonation proxy should serve TLS. + properties: + certificateAuthorityData: + description: X.509 Certificate Authority (base64-encoded PEM + bundle). Used to advertise the CA bundle for the impersonation + proxy endpoint. + type: string + secretName: + description: SecretName is the name of a Secret in the same + namespace, of type `kubernetes.io/tls`, which contains the + TLS serving certificate for the Concierge impersonation + proxy endpoint. + minLength: 1 + type: string + type: object required: - mode - service diff --git a/generated/1.21/README.adoc b/generated/1.21/README.adoc index 3a8e90363..1c9167e15 100644 --- a/generated/1.21/README.adoc +++ b/generated/1.21/README.adoc @@ -568,6 +568,25 @@ ImpersonationProxySpec describes the intended configuration of the Concierge imp | *`service`* __xref:{anchor_prefix}-go-pinniped-dev-generated-1-21-apis-concierge-config-v1alpha1-impersonationproxyservicespec[$$ImpersonationProxyServiceSpec$$]__ | Service describes the configuration of the Service provisioned to expose the impersonation proxy to clients. | *`externalEndpoint`* __string__ | ExternalEndpoint describes the HTTPS endpoint where the proxy will be exposed. If not set, the proxy will be served using the external name of the LoadBalancer service or the cluster service DNS name. This field must be non-empty when spec.impersonationProxy.service.type is "None". +| *`tls`* __xref:{anchor_prefix}-go-pinniped-dev-generated-1-21-apis-concierge-config-v1alpha1-impersonationproxytlsspec[$$ImpersonationProxyTLSSpec$$]__ | TLS contains information about how the Concierge impersonation proxy should serve TLS. +|=== + + +[id="{anchor_prefix}-go-pinniped-dev-generated-1-21-apis-concierge-config-v1alpha1-impersonationproxytlsspec"] +==== ImpersonationProxyTLSSpec + +ImpersonationProxyTLSSpec contains information about how the Concierge impersonation proxy should serve TLS. + +.Appears In: +**** +- xref:{anchor_prefix}-go-pinniped-dev-generated-1-21-apis-concierge-config-v1alpha1-impersonationproxyspec[$$ImpersonationProxySpec$$] +**** + +[cols="25a,75a", options="header"] +|=== +| Field | Description +| *`certificateAuthorityData`* __string__ | X.509 Certificate Authority (base64-encoded PEM bundle). Used to advertise the CA bundle for the impersonation proxy endpoint. +| *`secretName`* __string__ | SecretName is the name of a Secret in the same namespace, of type `kubernetes.io/tls`, which contains the TLS serving certificate for the Concierge impersonation proxy endpoint. |=== diff --git a/generated/1.21/apis/concierge/config/v1alpha1/types_credentialissuer.go b/generated/1.21/apis/concierge/config/v1alpha1/types_credentialissuer.go index d1cb160ba..1e869247a 100644 --- a/generated/1.21/apis/concierge/config/v1alpha1/types_credentialissuer.go +++ b/generated/1.21/apis/concierge/config/v1alpha1/types_credentialissuer.go @@ -1,4 +1,4 @@ -// Copyright 2020-2022 the Pinniped contributors. All Rights Reserved. +// Copyright 2020-2023 the Pinniped contributors. All Rights Reserved. // SPDX-License-Identifier: Apache-2.0 package v1alpha1 @@ -80,6 +80,22 @@ const ( ImpersonationProxyServiceTypeNone = ImpersonationProxyServiceType("None") ) +// ImpersonationProxyTLSSpec contains information about how the Concierge impersonation proxy should +// serve TLS. +type ImpersonationProxyTLSSpec struct { + // X.509 Certificate Authority (base64-encoded PEM bundle). + // Used to advertise the CA bundle for the impersonation proxy endpoint. + // + // +optional + CertificateAuthorityData string `json:"certificateAuthorityData,omitempty"` + + // SecretName is the name of a Secret in the same namespace, of type `kubernetes.io/tls`, which contains + // the TLS serving certificate for the Concierge impersonation proxy endpoint. + // + // +kubebuilder:validation:MinLength=1 + SecretName string `json:"secretName,omitempty"` +} + // ImpersonationProxySpec describes the intended configuration of the Concierge impersonation proxy. type ImpersonationProxySpec struct { // Mode configures whether the impersonation proxy should be started: @@ -100,6 +116,11 @@ type ImpersonationProxySpec struct { // // +optional ExternalEndpoint string `json:"externalEndpoint,omitempty"` + + // TLS contains information about how the Concierge impersonation proxy should serve TLS. + // + // +optional + TLS *ImpersonationProxyTLSSpec `json:"tls,omitempty"` } // ImpersonationProxyServiceSpec describes how the Concierge should provision a Service to expose the impersonation proxy. diff --git a/generated/1.21/apis/concierge/config/v1alpha1/zz_generated.deepcopy.go b/generated/1.21/apis/concierge/config/v1alpha1/zz_generated.deepcopy.go index 1d2678dea..d4a01ba48 100644 --- a/generated/1.21/apis/concierge/config/v1alpha1/zz_generated.deepcopy.go +++ b/generated/1.21/apis/concierge/config/v1alpha1/zz_generated.deepcopy.go @@ -229,6 +229,11 @@ func (in *ImpersonationProxyServiceSpec) DeepCopy() *ImpersonationProxyServiceSp func (in *ImpersonationProxySpec) DeepCopyInto(out *ImpersonationProxySpec) { *out = *in in.Service.DeepCopyInto(&out.Service) + if in.TLS != nil { + in, out := &in.TLS, &out.TLS + *out = new(ImpersonationProxyTLSSpec) + **out = **in + } return } @@ -242,6 +247,22 @@ func (in *ImpersonationProxySpec) DeepCopy() *ImpersonationProxySpec { return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ImpersonationProxyTLSSpec) DeepCopyInto(out *ImpersonationProxyTLSSpec) { + *out = *in + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ImpersonationProxyTLSSpec. +func (in *ImpersonationProxyTLSSpec) DeepCopy() *ImpersonationProxyTLSSpec { + if in == nil { + return nil + } + out := new(ImpersonationProxyTLSSpec) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *TokenCredentialRequestAPIInfo) DeepCopyInto(out *TokenCredentialRequestAPIInfo) { *out = *in diff --git a/generated/1.21/crds/config.concierge.pinniped.dev_credentialissuers.yaml b/generated/1.21/crds/config.concierge.pinniped.dev_credentialissuers.yaml index faa2b6d32..76b3a3db2 100644 --- a/generated/1.21/crds/config.concierge.pinniped.dev_credentialissuers.yaml +++ b/generated/1.21/crds/config.concierge.pinniped.dev_credentialissuers.yaml @@ -103,6 +103,23 @@ spec: - None type: string type: object + tls: + description: TLS contains information about how the Concierge + impersonation proxy should serve TLS. + properties: + certificateAuthorityData: + description: X.509 Certificate Authority (base64-encoded PEM + bundle). Used to advertise the CA bundle for the impersonation + proxy endpoint. + type: string + secretName: + description: SecretName is the name of a Secret in the same + namespace, of type `kubernetes.io/tls`, which contains the + TLS serving certificate for the Concierge impersonation + proxy endpoint. + minLength: 1 + type: string + type: object required: - mode - service diff --git a/generated/1.22/README.adoc b/generated/1.22/README.adoc index d73354676..6b6f46cc6 100644 --- a/generated/1.22/README.adoc +++ b/generated/1.22/README.adoc @@ -568,6 +568,25 @@ ImpersonationProxySpec describes the intended configuration of the Concierge imp | *`service`* __xref:{anchor_prefix}-go-pinniped-dev-generated-1-22-apis-concierge-config-v1alpha1-impersonationproxyservicespec[$$ImpersonationProxyServiceSpec$$]__ | Service describes the configuration of the Service provisioned to expose the impersonation proxy to clients. | *`externalEndpoint`* __string__ | ExternalEndpoint describes the HTTPS endpoint where the proxy will be exposed. If not set, the proxy will be served using the external name of the LoadBalancer service or the cluster service DNS name. This field must be non-empty when spec.impersonationProxy.service.type is "None". +| *`tls`* __xref:{anchor_prefix}-go-pinniped-dev-generated-1-22-apis-concierge-config-v1alpha1-impersonationproxytlsspec[$$ImpersonationProxyTLSSpec$$]__ | TLS contains information about how the Concierge impersonation proxy should serve TLS. +|=== + + +[id="{anchor_prefix}-go-pinniped-dev-generated-1-22-apis-concierge-config-v1alpha1-impersonationproxytlsspec"] +==== ImpersonationProxyTLSSpec + +ImpersonationProxyTLSSpec contains information about how the Concierge impersonation proxy should serve TLS. + +.Appears In: +**** +- xref:{anchor_prefix}-go-pinniped-dev-generated-1-22-apis-concierge-config-v1alpha1-impersonationproxyspec[$$ImpersonationProxySpec$$] +**** + +[cols="25a,75a", options="header"] +|=== +| Field | Description +| *`certificateAuthorityData`* __string__ | X.509 Certificate Authority (base64-encoded PEM bundle). Used to advertise the CA bundle for the impersonation proxy endpoint. +| *`secretName`* __string__ | SecretName is the name of a Secret in the same namespace, of type `kubernetes.io/tls`, which contains the TLS serving certificate for the Concierge impersonation proxy endpoint. |=== diff --git a/generated/1.22/apis/concierge/config/v1alpha1/types_credentialissuer.go b/generated/1.22/apis/concierge/config/v1alpha1/types_credentialissuer.go index d1cb160ba..1e869247a 100644 --- a/generated/1.22/apis/concierge/config/v1alpha1/types_credentialissuer.go +++ b/generated/1.22/apis/concierge/config/v1alpha1/types_credentialissuer.go @@ -1,4 +1,4 @@ -// Copyright 2020-2022 the Pinniped contributors. All Rights Reserved. +// Copyright 2020-2023 the Pinniped contributors. All Rights Reserved. // SPDX-License-Identifier: Apache-2.0 package v1alpha1 @@ -80,6 +80,22 @@ const ( ImpersonationProxyServiceTypeNone = ImpersonationProxyServiceType("None") ) +// ImpersonationProxyTLSSpec contains information about how the Concierge impersonation proxy should +// serve TLS. +type ImpersonationProxyTLSSpec struct { + // X.509 Certificate Authority (base64-encoded PEM bundle). + // Used to advertise the CA bundle for the impersonation proxy endpoint. + // + // +optional + CertificateAuthorityData string `json:"certificateAuthorityData,omitempty"` + + // SecretName is the name of a Secret in the same namespace, of type `kubernetes.io/tls`, which contains + // the TLS serving certificate for the Concierge impersonation proxy endpoint. + // + // +kubebuilder:validation:MinLength=1 + SecretName string `json:"secretName,omitempty"` +} + // ImpersonationProxySpec describes the intended configuration of the Concierge impersonation proxy. type ImpersonationProxySpec struct { // Mode configures whether the impersonation proxy should be started: @@ -100,6 +116,11 @@ type ImpersonationProxySpec struct { // // +optional ExternalEndpoint string `json:"externalEndpoint,omitempty"` + + // TLS contains information about how the Concierge impersonation proxy should serve TLS. + // + // +optional + TLS *ImpersonationProxyTLSSpec `json:"tls,omitempty"` } // ImpersonationProxyServiceSpec describes how the Concierge should provision a Service to expose the impersonation proxy. diff --git a/generated/1.22/apis/concierge/config/v1alpha1/zz_generated.deepcopy.go b/generated/1.22/apis/concierge/config/v1alpha1/zz_generated.deepcopy.go index 1d2678dea..d4a01ba48 100644 --- a/generated/1.22/apis/concierge/config/v1alpha1/zz_generated.deepcopy.go +++ b/generated/1.22/apis/concierge/config/v1alpha1/zz_generated.deepcopy.go @@ -229,6 +229,11 @@ func (in *ImpersonationProxyServiceSpec) DeepCopy() *ImpersonationProxyServiceSp func (in *ImpersonationProxySpec) DeepCopyInto(out *ImpersonationProxySpec) { *out = *in in.Service.DeepCopyInto(&out.Service) + if in.TLS != nil { + in, out := &in.TLS, &out.TLS + *out = new(ImpersonationProxyTLSSpec) + **out = **in + } return } @@ -242,6 +247,22 @@ func (in *ImpersonationProxySpec) DeepCopy() *ImpersonationProxySpec { return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ImpersonationProxyTLSSpec) DeepCopyInto(out *ImpersonationProxyTLSSpec) { + *out = *in + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ImpersonationProxyTLSSpec. +func (in *ImpersonationProxyTLSSpec) DeepCopy() *ImpersonationProxyTLSSpec { + if in == nil { + return nil + } + out := new(ImpersonationProxyTLSSpec) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *TokenCredentialRequestAPIInfo) DeepCopyInto(out *TokenCredentialRequestAPIInfo) { *out = *in diff --git a/generated/1.22/crds/config.concierge.pinniped.dev_credentialissuers.yaml b/generated/1.22/crds/config.concierge.pinniped.dev_credentialissuers.yaml index faa2b6d32..76b3a3db2 100644 --- a/generated/1.22/crds/config.concierge.pinniped.dev_credentialissuers.yaml +++ b/generated/1.22/crds/config.concierge.pinniped.dev_credentialissuers.yaml @@ -103,6 +103,23 @@ spec: - None type: string type: object + tls: + description: TLS contains information about how the Concierge + impersonation proxy should serve TLS. + properties: + certificateAuthorityData: + description: X.509 Certificate Authority (base64-encoded PEM + bundle). Used to advertise the CA bundle for the impersonation + proxy endpoint. + type: string + secretName: + description: SecretName is the name of a Secret in the same + namespace, of type `kubernetes.io/tls`, which contains the + TLS serving certificate for the Concierge impersonation + proxy endpoint. + minLength: 1 + type: string + type: object required: - mode - service diff --git a/generated/1.23/README.adoc b/generated/1.23/README.adoc index c08364bcc..caf71a7a6 100644 --- a/generated/1.23/README.adoc +++ b/generated/1.23/README.adoc @@ -568,6 +568,25 @@ ImpersonationProxySpec describes the intended configuration of the Concierge imp | *`service`* __xref:{anchor_prefix}-go-pinniped-dev-generated-1-23-apis-concierge-config-v1alpha1-impersonationproxyservicespec[$$ImpersonationProxyServiceSpec$$]__ | Service describes the configuration of the Service provisioned to expose the impersonation proxy to clients. | *`externalEndpoint`* __string__ | ExternalEndpoint describes the HTTPS endpoint where the proxy will be exposed. If not set, the proxy will be served using the external name of the LoadBalancer service or the cluster service DNS name. This field must be non-empty when spec.impersonationProxy.service.type is "None". +| *`tls`* __xref:{anchor_prefix}-go-pinniped-dev-generated-1-23-apis-concierge-config-v1alpha1-impersonationproxytlsspec[$$ImpersonationProxyTLSSpec$$]__ | TLS contains information about how the Concierge impersonation proxy should serve TLS. +|=== + + +[id="{anchor_prefix}-go-pinniped-dev-generated-1-23-apis-concierge-config-v1alpha1-impersonationproxytlsspec"] +==== ImpersonationProxyTLSSpec + +ImpersonationProxyTLSSpec contains information about how the Concierge impersonation proxy should serve TLS. + +.Appears In: +**** +- xref:{anchor_prefix}-go-pinniped-dev-generated-1-23-apis-concierge-config-v1alpha1-impersonationproxyspec[$$ImpersonationProxySpec$$] +**** + +[cols="25a,75a", options="header"] +|=== +| Field | Description +| *`certificateAuthorityData`* __string__ | X.509 Certificate Authority (base64-encoded PEM bundle). Used to advertise the CA bundle for the impersonation proxy endpoint. +| *`secretName`* __string__ | SecretName is the name of a Secret in the same namespace, of type `kubernetes.io/tls`, which contains the TLS serving certificate for the Concierge impersonation proxy endpoint. |=== diff --git a/generated/1.23/apis/concierge/config/v1alpha1/types_credentialissuer.go b/generated/1.23/apis/concierge/config/v1alpha1/types_credentialissuer.go index d1cb160ba..1e869247a 100644 --- a/generated/1.23/apis/concierge/config/v1alpha1/types_credentialissuer.go +++ b/generated/1.23/apis/concierge/config/v1alpha1/types_credentialissuer.go @@ -1,4 +1,4 @@ -// Copyright 2020-2022 the Pinniped contributors. All Rights Reserved. +// Copyright 2020-2023 the Pinniped contributors. All Rights Reserved. // SPDX-License-Identifier: Apache-2.0 package v1alpha1 @@ -80,6 +80,22 @@ const ( ImpersonationProxyServiceTypeNone = ImpersonationProxyServiceType("None") ) +// ImpersonationProxyTLSSpec contains information about how the Concierge impersonation proxy should +// serve TLS. +type ImpersonationProxyTLSSpec struct { + // X.509 Certificate Authority (base64-encoded PEM bundle). + // Used to advertise the CA bundle for the impersonation proxy endpoint. + // + // +optional + CertificateAuthorityData string `json:"certificateAuthorityData,omitempty"` + + // SecretName is the name of a Secret in the same namespace, of type `kubernetes.io/tls`, which contains + // the TLS serving certificate for the Concierge impersonation proxy endpoint. + // + // +kubebuilder:validation:MinLength=1 + SecretName string `json:"secretName,omitempty"` +} + // ImpersonationProxySpec describes the intended configuration of the Concierge impersonation proxy. type ImpersonationProxySpec struct { // Mode configures whether the impersonation proxy should be started: @@ -100,6 +116,11 @@ type ImpersonationProxySpec struct { // // +optional ExternalEndpoint string `json:"externalEndpoint,omitempty"` + + // TLS contains information about how the Concierge impersonation proxy should serve TLS. + // + // +optional + TLS *ImpersonationProxyTLSSpec `json:"tls,omitempty"` } // ImpersonationProxyServiceSpec describes how the Concierge should provision a Service to expose the impersonation proxy. diff --git a/generated/1.23/apis/concierge/config/v1alpha1/zz_generated.deepcopy.go b/generated/1.23/apis/concierge/config/v1alpha1/zz_generated.deepcopy.go index 1d2678dea..d4a01ba48 100644 --- a/generated/1.23/apis/concierge/config/v1alpha1/zz_generated.deepcopy.go +++ b/generated/1.23/apis/concierge/config/v1alpha1/zz_generated.deepcopy.go @@ -229,6 +229,11 @@ func (in *ImpersonationProxyServiceSpec) DeepCopy() *ImpersonationProxyServiceSp func (in *ImpersonationProxySpec) DeepCopyInto(out *ImpersonationProxySpec) { *out = *in in.Service.DeepCopyInto(&out.Service) + if in.TLS != nil { + in, out := &in.TLS, &out.TLS + *out = new(ImpersonationProxyTLSSpec) + **out = **in + } return } @@ -242,6 +247,22 @@ func (in *ImpersonationProxySpec) DeepCopy() *ImpersonationProxySpec { return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ImpersonationProxyTLSSpec) DeepCopyInto(out *ImpersonationProxyTLSSpec) { + *out = *in + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ImpersonationProxyTLSSpec. +func (in *ImpersonationProxyTLSSpec) DeepCopy() *ImpersonationProxyTLSSpec { + if in == nil { + return nil + } + out := new(ImpersonationProxyTLSSpec) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *TokenCredentialRequestAPIInfo) DeepCopyInto(out *TokenCredentialRequestAPIInfo) { *out = *in diff --git a/generated/1.23/crds/config.concierge.pinniped.dev_credentialissuers.yaml b/generated/1.23/crds/config.concierge.pinniped.dev_credentialissuers.yaml index faa2b6d32..76b3a3db2 100644 --- a/generated/1.23/crds/config.concierge.pinniped.dev_credentialissuers.yaml +++ b/generated/1.23/crds/config.concierge.pinniped.dev_credentialissuers.yaml @@ -103,6 +103,23 @@ spec: - None type: string type: object + tls: + description: TLS contains information about how the Concierge + impersonation proxy should serve TLS. + properties: + certificateAuthorityData: + description: X.509 Certificate Authority (base64-encoded PEM + bundle). Used to advertise the CA bundle for the impersonation + proxy endpoint. + type: string + secretName: + description: SecretName is the name of a Secret in the same + namespace, of type `kubernetes.io/tls`, which contains the + TLS serving certificate for the Concierge impersonation + proxy endpoint. + minLength: 1 + type: string + type: object required: - mode - service diff --git a/generated/1.24/README.adoc b/generated/1.24/README.adoc index 128e88a6e..c0efdc4c7 100644 --- a/generated/1.24/README.adoc +++ b/generated/1.24/README.adoc @@ -568,6 +568,25 @@ ImpersonationProxySpec describes the intended configuration of the Concierge imp | *`service`* __xref:{anchor_prefix}-go-pinniped-dev-generated-1-24-apis-concierge-config-v1alpha1-impersonationproxyservicespec[$$ImpersonationProxyServiceSpec$$]__ | Service describes the configuration of the Service provisioned to expose the impersonation proxy to clients. | *`externalEndpoint`* __string__ | ExternalEndpoint describes the HTTPS endpoint where the proxy will be exposed. If not set, the proxy will be served using the external name of the LoadBalancer service or the cluster service DNS name. This field must be non-empty when spec.impersonationProxy.service.type is "None". +| *`tls`* __xref:{anchor_prefix}-go-pinniped-dev-generated-1-24-apis-concierge-config-v1alpha1-impersonationproxytlsspec[$$ImpersonationProxyTLSSpec$$]__ | TLS contains information about how the Concierge impersonation proxy should serve TLS. +|=== + + +[id="{anchor_prefix}-go-pinniped-dev-generated-1-24-apis-concierge-config-v1alpha1-impersonationproxytlsspec"] +==== ImpersonationProxyTLSSpec + +ImpersonationProxyTLSSpec contains information about how the Concierge impersonation proxy should serve TLS. + +.Appears In: +**** +- xref:{anchor_prefix}-go-pinniped-dev-generated-1-24-apis-concierge-config-v1alpha1-impersonationproxyspec[$$ImpersonationProxySpec$$] +**** + +[cols="25a,75a", options="header"] +|=== +| Field | Description +| *`certificateAuthorityData`* __string__ | X.509 Certificate Authority (base64-encoded PEM bundle). Used to advertise the CA bundle for the impersonation proxy endpoint. +| *`secretName`* __string__ | SecretName is the name of a Secret in the same namespace, of type `kubernetes.io/tls`, which contains the TLS serving certificate for the Concierge impersonation proxy endpoint. |=== diff --git a/generated/1.24/apis/concierge/config/v1alpha1/types_credentialissuer.go b/generated/1.24/apis/concierge/config/v1alpha1/types_credentialissuer.go index d1cb160ba..1e869247a 100644 --- a/generated/1.24/apis/concierge/config/v1alpha1/types_credentialissuer.go +++ b/generated/1.24/apis/concierge/config/v1alpha1/types_credentialissuer.go @@ -1,4 +1,4 @@ -// Copyright 2020-2022 the Pinniped contributors. All Rights Reserved. +// Copyright 2020-2023 the Pinniped contributors. All Rights Reserved. // SPDX-License-Identifier: Apache-2.0 package v1alpha1 @@ -80,6 +80,22 @@ const ( ImpersonationProxyServiceTypeNone = ImpersonationProxyServiceType("None") ) +// ImpersonationProxyTLSSpec contains information about how the Concierge impersonation proxy should +// serve TLS. +type ImpersonationProxyTLSSpec struct { + // X.509 Certificate Authority (base64-encoded PEM bundle). + // Used to advertise the CA bundle for the impersonation proxy endpoint. + // + // +optional + CertificateAuthorityData string `json:"certificateAuthorityData,omitempty"` + + // SecretName is the name of a Secret in the same namespace, of type `kubernetes.io/tls`, which contains + // the TLS serving certificate for the Concierge impersonation proxy endpoint. + // + // +kubebuilder:validation:MinLength=1 + SecretName string `json:"secretName,omitempty"` +} + // ImpersonationProxySpec describes the intended configuration of the Concierge impersonation proxy. type ImpersonationProxySpec struct { // Mode configures whether the impersonation proxy should be started: @@ -100,6 +116,11 @@ type ImpersonationProxySpec struct { // // +optional ExternalEndpoint string `json:"externalEndpoint,omitempty"` + + // TLS contains information about how the Concierge impersonation proxy should serve TLS. + // + // +optional + TLS *ImpersonationProxyTLSSpec `json:"tls,omitempty"` } // ImpersonationProxyServiceSpec describes how the Concierge should provision a Service to expose the impersonation proxy. diff --git a/generated/1.24/apis/concierge/config/v1alpha1/zz_generated.deepcopy.go b/generated/1.24/apis/concierge/config/v1alpha1/zz_generated.deepcopy.go index 1d2678dea..d4a01ba48 100644 --- a/generated/1.24/apis/concierge/config/v1alpha1/zz_generated.deepcopy.go +++ b/generated/1.24/apis/concierge/config/v1alpha1/zz_generated.deepcopy.go @@ -229,6 +229,11 @@ func (in *ImpersonationProxyServiceSpec) DeepCopy() *ImpersonationProxyServiceSp func (in *ImpersonationProxySpec) DeepCopyInto(out *ImpersonationProxySpec) { *out = *in in.Service.DeepCopyInto(&out.Service) + if in.TLS != nil { + in, out := &in.TLS, &out.TLS + *out = new(ImpersonationProxyTLSSpec) + **out = **in + } return } @@ -242,6 +247,22 @@ func (in *ImpersonationProxySpec) DeepCopy() *ImpersonationProxySpec { return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ImpersonationProxyTLSSpec) DeepCopyInto(out *ImpersonationProxyTLSSpec) { + *out = *in + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ImpersonationProxyTLSSpec. +func (in *ImpersonationProxyTLSSpec) DeepCopy() *ImpersonationProxyTLSSpec { + if in == nil { + return nil + } + out := new(ImpersonationProxyTLSSpec) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *TokenCredentialRequestAPIInfo) DeepCopyInto(out *TokenCredentialRequestAPIInfo) { *out = *in diff --git a/generated/1.24/crds/config.concierge.pinniped.dev_credentialissuers.yaml b/generated/1.24/crds/config.concierge.pinniped.dev_credentialissuers.yaml index faa2b6d32..76b3a3db2 100644 --- a/generated/1.24/crds/config.concierge.pinniped.dev_credentialissuers.yaml +++ b/generated/1.24/crds/config.concierge.pinniped.dev_credentialissuers.yaml @@ -103,6 +103,23 @@ spec: - None type: string type: object + tls: + description: TLS contains information about how the Concierge + impersonation proxy should serve TLS. + properties: + certificateAuthorityData: + description: X.509 Certificate Authority (base64-encoded PEM + bundle). Used to advertise the CA bundle for the impersonation + proxy endpoint. + type: string + secretName: + description: SecretName is the name of a Secret in the same + namespace, of type `kubernetes.io/tls`, which contains the + TLS serving certificate for the Concierge impersonation + proxy endpoint. + minLength: 1 + type: string + type: object required: - mode - service diff --git a/generated/1.25/README.adoc b/generated/1.25/README.adoc index 314d1c119..15332b46c 100644 --- a/generated/1.25/README.adoc +++ b/generated/1.25/README.adoc @@ -566,6 +566,25 @@ ImpersonationProxySpec describes the intended configuration of the Concierge imp | *`service`* __xref:{anchor_prefix}-go-pinniped-dev-generated-1-25-apis-concierge-config-v1alpha1-impersonationproxyservicespec[$$ImpersonationProxyServiceSpec$$]__ | Service describes the configuration of the Service provisioned to expose the impersonation proxy to clients. | *`externalEndpoint`* __string__ | ExternalEndpoint describes the HTTPS endpoint where the proxy will be exposed. If not set, the proxy will be served using the external name of the LoadBalancer service or the cluster service DNS name. This field must be non-empty when spec.impersonationProxy.service.type is "None". +| *`tls`* __xref:{anchor_prefix}-go-pinniped-dev-generated-1-25-apis-concierge-config-v1alpha1-impersonationproxytlsspec[$$ImpersonationProxyTLSSpec$$]__ | TLS contains information about how the Concierge impersonation proxy should serve TLS. +|=== + + +[id="{anchor_prefix}-go-pinniped-dev-generated-1-25-apis-concierge-config-v1alpha1-impersonationproxytlsspec"] +==== ImpersonationProxyTLSSpec + +ImpersonationProxyTLSSpec contains information about how the Concierge impersonation proxy should serve TLS. + +.Appears In: +**** +- xref:{anchor_prefix}-go-pinniped-dev-generated-1-25-apis-concierge-config-v1alpha1-impersonationproxyspec[$$ImpersonationProxySpec$$] +**** + +[cols="25a,75a", options="header"] +|=== +| Field | Description +| *`certificateAuthorityData`* __string__ | X.509 Certificate Authority (base64-encoded PEM bundle). Used to advertise the CA bundle for the impersonation proxy endpoint. +| *`secretName`* __string__ | SecretName is the name of a Secret in the same namespace, of type `kubernetes.io/tls`, which contains the TLS serving certificate for the Concierge impersonation proxy endpoint. |=== diff --git a/generated/1.25/apis/concierge/config/v1alpha1/types_credentialissuer.go b/generated/1.25/apis/concierge/config/v1alpha1/types_credentialissuer.go index d1cb160ba..1e869247a 100644 --- a/generated/1.25/apis/concierge/config/v1alpha1/types_credentialissuer.go +++ b/generated/1.25/apis/concierge/config/v1alpha1/types_credentialissuer.go @@ -1,4 +1,4 @@ -// Copyright 2020-2022 the Pinniped contributors. All Rights Reserved. +// Copyright 2020-2023 the Pinniped contributors. All Rights Reserved. // SPDX-License-Identifier: Apache-2.0 package v1alpha1 @@ -80,6 +80,22 @@ const ( ImpersonationProxyServiceTypeNone = ImpersonationProxyServiceType("None") ) +// ImpersonationProxyTLSSpec contains information about how the Concierge impersonation proxy should +// serve TLS. +type ImpersonationProxyTLSSpec struct { + // X.509 Certificate Authority (base64-encoded PEM bundle). + // Used to advertise the CA bundle for the impersonation proxy endpoint. + // + // +optional + CertificateAuthorityData string `json:"certificateAuthorityData,omitempty"` + + // SecretName is the name of a Secret in the same namespace, of type `kubernetes.io/tls`, which contains + // the TLS serving certificate for the Concierge impersonation proxy endpoint. + // + // +kubebuilder:validation:MinLength=1 + SecretName string `json:"secretName,omitempty"` +} + // ImpersonationProxySpec describes the intended configuration of the Concierge impersonation proxy. type ImpersonationProxySpec struct { // Mode configures whether the impersonation proxy should be started: @@ -100,6 +116,11 @@ type ImpersonationProxySpec struct { // // +optional ExternalEndpoint string `json:"externalEndpoint,omitempty"` + + // TLS contains information about how the Concierge impersonation proxy should serve TLS. + // + // +optional + TLS *ImpersonationProxyTLSSpec `json:"tls,omitempty"` } // ImpersonationProxyServiceSpec describes how the Concierge should provision a Service to expose the impersonation proxy. diff --git a/generated/1.25/apis/concierge/config/v1alpha1/zz_generated.deepcopy.go b/generated/1.25/apis/concierge/config/v1alpha1/zz_generated.deepcopy.go index 1d2678dea..d4a01ba48 100644 --- a/generated/1.25/apis/concierge/config/v1alpha1/zz_generated.deepcopy.go +++ b/generated/1.25/apis/concierge/config/v1alpha1/zz_generated.deepcopy.go @@ -229,6 +229,11 @@ func (in *ImpersonationProxyServiceSpec) DeepCopy() *ImpersonationProxyServiceSp func (in *ImpersonationProxySpec) DeepCopyInto(out *ImpersonationProxySpec) { *out = *in in.Service.DeepCopyInto(&out.Service) + if in.TLS != nil { + in, out := &in.TLS, &out.TLS + *out = new(ImpersonationProxyTLSSpec) + **out = **in + } return } @@ -242,6 +247,22 @@ func (in *ImpersonationProxySpec) DeepCopy() *ImpersonationProxySpec { return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ImpersonationProxyTLSSpec) DeepCopyInto(out *ImpersonationProxyTLSSpec) { + *out = *in + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ImpersonationProxyTLSSpec. +func (in *ImpersonationProxyTLSSpec) DeepCopy() *ImpersonationProxyTLSSpec { + if in == nil { + return nil + } + out := new(ImpersonationProxyTLSSpec) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *TokenCredentialRequestAPIInfo) DeepCopyInto(out *TokenCredentialRequestAPIInfo) { *out = *in diff --git a/generated/1.25/crds/config.concierge.pinniped.dev_credentialissuers.yaml b/generated/1.25/crds/config.concierge.pinniped.dev_credentialissuers.yaml index faa2b6d32..76b3a3db2 100644 --- a/generated/1.25/crds/config.concierge.pinniped.dev_credentialissuers.yaml +++ b/generated/1.25/crds/config.concierge.pinniped.dev_credentialissuers.yaml @@ -103,6 +103,23 @@ spec: - None type: string type: object + tls: + description: TLS contains information about how the Concierge + impersonation proxy should serve TLS. + properties: + certificateAuthorityData: + description: X.509 Certificate Authority (base64-encoded PEM + bundle). Used to advertise the CA bundle for the impersonation + proxy endpoint. + type: string + secretName: + description: SecretName is the name of a Secret in the same + namespace, of type `kubernetes.io/tls`, which contains the + TLS serving certificate for the Concierge impersonation + proxy endpoint. + minLength: 1 + type: string + type: object required: - mode - service diff --git a/generated/1.26/README.adoc b/generated/1.26/README.adoc index 6e3a4d4fe..c68d22d4f 100644 --- a/generated/1.26/README.adoc +++ b/generated/1.26/README.adoc @@ -566,6 +566,25 @@ ImpersonationProxySpec describes the intended configuration of the Concierge imp | *`service`* __xref:{anchor_prefix}-go-pinniped-dev-generated-1-26-apis-concierge-config-v1alpha1-impersonationproxyservicespec[$$ImpersonationProxyServiceSpec$$]__ | Service describes the configuration of the Service provisioned to expose the impersonation proxy to clients. | *`externalEndpoint`* __string__ | ExternalEndpoint describes the HTTPS endpoint where the proxy will be exposed. If not set, the proxy will be served using the external name of the LoadBalancer service or the cluster service DNS name. This field must be non-empty when spec.impersonationProxy.service.type is "None". +| *`tls`* __xref:{anchor_prefix}-go-pinniped-dev-generated-1-26-apis-concierge-config-v1alpha1-impersonationproxytlsspec[$$ImpersonationProxyTLSSpec$$]__ | TLS contains information about how the Concierge impersonation proxy should serve TLS. +|=== + + +[id="{anchor_prefix}-go-pinniped-dev-generated-1-26-apis-concierge-config-v1alpha1-impersonationproxytlsspec"] +==== ImpersonationProxyTLSSpec + +ImpersonationProxyTLSSpec contains information about how the Concierge impersonation proxy should serve TLS. + +.Appears In: +**** +- xref:{anchor_prefix}-go-pinniped-dev-generated-1-26-apis-concierge-config-v1alpha1-impersonationproxyspec[$$ImpersonationProxySpec$$] +**** + +[cols="25a,75a", options="header"] +|=== +| Field | Description +| *`certificateAuthorityData`* __string__ | X.509 Certificate Authority (base64-encoded PEM bundle). Used to advertise the CA bundle for the impersonation proxy endpoint. +| *`secretName`* __string__ | SecretName is the name of a Secret in the same namespace, of type `kubernetes.io/tls`, which contains the TLS serving certificate for the Concierge impersonation proxy endpoint. |=== diff --git a/generated/1.26/apis/concierge/config/v1alpha1/types_credentialissuer.go b/generated/1.26/apis/concierge/config/v1alpha1/types_credentialissuer.go index d1cb160ba..1e869247a 100644 --- a/generated/1.26/apis/concierge/config/v1alpha1/types_credentialissuer.go +++ b/generated/1.26/apis/concierge/config/v1alpha1/types_credentialissuer.go @@ -1,4 +1,4 @@ -// Copyright 2020-2022 the Pinniped contributors. All Rights Reserved. +// Copyright 2020-2023 the Pinniped contributors. All Rights Reserved. // SPDX-License-Identifier: Apache-2.0 package v1alpha1 @@ -80,6 +80,22 @@ const ( ImpersonationProxyServiceTypeNone = ImpersonationProxyServiceType("None") ) +// ImpersonationProxyTLSSpec contains information about how the Concierge impersonation proxy should +// serve TLS. +type ImpersonationProxyTLSSpec struct { + // X.509 Certificate Authority (base64-encoded PEM bundle). + // Used to advertise the CA bundle for the impersonation proxy endpoint. + // + // +optional + CertificateAuthorityData string `json:"certificateAuthorityData,omitempty"` + + // SecretName is the name of a Secret in the same namespace, of type `kubernetes.io/tls`, which contains + // the TLS serving certificate for the Concierge impersonation proxy endpoint. + // + // +kubebuilder:validation:MinLength=1 + SecretName string `json:"secretName,omitempty"` +} + // ImpersonationProxySpec describes the intended configuration of the Concierge impersonation proxy. type ImpersonationProxySpec struct { // Mode configures whether the impersonation proxy should be started: @@ -100,6 +116,11 @@ type ImpersonationProxySpec struct { // // +optional ExternalEndpoint string `json:"externalEndpoint,omitempty"` + + // TLS contains information about how the Concierge impersonation proxy should serve TLS. + // + // +optional + TLS *ImpersonationProxyTLSSpec `json:"tls,omitempty"` } // ImpersonationProxyServiceSpec describes how the Concierge should provision a Service to expose the impersonation proxy. diff --git a/generated/1.26/apis/concierge/config/v1alpha1/zz_generated.deepcopy.go b/generated/1.26/apis/concierge/config/v1alpha1/zz_generated.deepcopy.go index 1d2678dea..d4a01ba48 100644 --- a/generated/1.26/apis/concierge/config/v1alpha1/zz_generated.deepcopy.go +++ b/generated/1.26/apis/concierge/config/v1alpha1/zz_generated.deepcopy.go @@ -229,6 +229,11 @@ func (in *ImpersonationProxyServiceSpec) DeepCopy() *ImpersonationProxyServiceSp func (in *ImpersonationProxySpec) DeepCopyInto(out *ImpersonationProxySpec) { *out = *in in.Service.DeepCopyInto(&out.Service) + if in.TLS != nil { + in, out := &in.TLS, &out.TLS + *out = new(ImpersonationProxyTLSSpec) + **out = **in + } return } @@ -242,6 +247,22 @@ func (in *ImpersonationProxySpec) DeepCopy() *ImpersonationProxySpec { return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ImpersonationProxyTLSSpec) DeepCopyInto(out *ImpersonationProxyTLSSpec) { + *out = *in + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ImpersonationProxyTLSSpec. +func (in *ImpersonationProxyTLSSpec) DeepCopy() *ImpersonationProxyTLSSpec { + if in == nil { + return nil + } + out := new(ImpersonationProxyTLSSpec) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *TokenCredentialRequestAPIInfo) DeepCopyInto(out *TokenCredentialRequestAPIInfo) { *out = *in diff --git a/generated/1.26/crds/config.concierge.pinniped.dev_credentialissuers.yaml b/generated/1.26/crds/config.concierge.pinniped.dev_credentialissuers.yaml index faa2b6d32..76b3a3db2 100644 --- a/generated/1.26/crds/config.concierge.pinniped.dev_credentialissuers.yaml +++ b/generated/1.26/crds/config.concierge.pinniped.dev_credentialissuers.yaml @@ -103,6 +103,23 @@ spec: - None type: string type: object + tls: + description: TLS contains information about how the Concierge + impersonation proxy should serve TLS. + properties: + certificateAuthorityData: + description: X.509 Certificate Authority (base64-encoded PEM + bundle). Used to advertise the CA bundle for the impersonation + proxy endpoint. + type: string + secretName: + description: SecretName is the name of a Secret in the same + namespace, of type `kubernetes.io/tls`, which contains the + TLS serving certificate for the Concierge impersonation + proxy endpoint. + minLength: 1 + type: string + type: object required: - mode - service diff --git a/generated/1.27/README.adoc b/generated/1.27/README.adoc index c099d5572..f4fbe6608 100644 --- a/generated/1.27/README.adoc +++ b/generated/1.27/README.adoc @@ -566,6 +566,25 @@ ImpersonationProxySpec describes the intended configuration of the Concierge imp | *`service`* __xref:{anchor_prefix}-go-pinniped-dev-generated-1-27-apis-concierge-config-v1alpha1-impersonationproxyservicespec[$$ImpersonationProxyServiceSpec$$]__ | Service describes the configuration of the Service provisioned to expose the impersonation proxy to clients. | *`externalEndpoint`* __string__ | ExternalEndpoint describes the HTTPS endpoint where the proxy will be exposed. If not set, the proxy will be served using the external name of the LoadBalancer service or the cluster service DNS name. This field must be non-empty when spec.impersonationProxy.service.type is "None". +| *`tls`* __xref:{anchor_prefix}-go-pinniped-dev-generated-1-27-apis-concierge-config-v1alpha1-impersonationproxytlsspec[$$ImpersonationProxyTLSSpec$$]__ | TLS contains information about how the Concierge impersonation proxy should serve TLS. +|=== + + +[id="{anchor_prefix}-go-pinniped-dev-generated-1-27-apis-concierge-config-v1alpha1-impersonationproxytlsspec"] +==== ImpersonationProxyTLSSpec + +ImpersonationProxyTLSSpec contains information about how the Concierge impersonation proxy should serve TLS. + +.Appears In: +**** +- xref:{anchor_prefix}-go-pinniped-dev-generated-1-27-apis-concierge-config-v1alpha1-impersonationproxyspec[$$ImpersonationProxySpec$$] +**** + +[cols="25a,75a", options="header"] +|=== +| Field | Description +| *`certificateAuthorityData`* __string__ | X.509 Certificate Authority (base64-encoded PEM bundle). Used to advertise the CA bundle for the impersonation proxy endpoint. +| *`secretName`* __string__ | SecretName is the name of a Secret in the same namespace, of type `kubernetes.io/tls`, which contains the TLS serving certificate for the Concierge impersonation proxy endpoint. |=== diff --git a/generated/1.27/apis/concierge/config/v1alpha1/types_credentialissuer.go b/generated/1.27/apis/concierge/config/v1alpha1/types_credentialissuer.go index d1cb160ba..1e869247a 100644 --- a/generated/1.27/apis/concierge/config/v1alpha1/types_credentialissuer.go +++ b/generated/1.27/apis/concierge/config/v1alpha1/types_credentialissuer.go @@ -1,4 +1,4 @@ -// Copyright 2020-2022 the Pinniped contributors. All Rights Reserved. +// Copyright 2020-2023 the Pinniped contributors. All Rights Reserved. // SPDX-License-Identifier: Apache-2.0 package v1alpha1 @@ -80,6 +80,22 @@ const ( ImpersonationProxyServiceTypeNone = ImpersonationProxyServiceType("None") ) +// ImpersonationProxyTLSSpec contains information about how the Concierge impersonation proxy should +// serve TLS. +type ImpersonationProxyTLSSpec struct { + // X.509 Certificate Authority (base64-encoded PEM bundle). + // Used to advertise the CA bundle for the impersonation proxy endpoint. + // + // +optional + CertificateAuthorityData string `json:"certificateAuthorityData,omitempty"` + + // SecretName is the name of a Secret in the same namespace, of type `kubernetes.io/tls`, which contains + // the TLS serving certificate for the Concierge impersonation proxy endpoint. + // + // +kubebuilder:validation:MinLength=1 + SecretName string `json:"secretName,omitempty"` +} + // ImpersonationProxySpec describes the intended configuration of the Concierge impersonation proxy. type ImpersonationProxySpec struct { // Mode configures whether the impersonation proxy should be started: @@ -100,6 +116,11 @@ type ImpersonationProxySpec struct { // // +optional ExternalEndpoint string `json:"externalEndpoint,omitempty"` + + // TLS contains information about how the Concierge impersonation proxy should serve TLS. + // + // +optional + TLS *ImpersonationProxyTLSSpec `json:"tls,omitempty"` } // ImpersonationProxyServiceSpec describes how the Concierge should provision a Service to expose the impersonation proxy. diff --git a/generated/1.27/apis/concierge/config/v1alpha1/zz_generated.deepcopy.go b/generated/1.27/apis/concierge/config/v1alpha1/zz_generated.deepcopy.go index 1d2678dea..d4a01ba48 100644 --- a/generated/1.27/apis/concierge/config/v1alpha1/zz_generated.deepcopy.go +++ b/generated/1.27/apis/concierge/config/v1alpha1/zz_generated.deepcopy.go @@ -229,6 +229,11 @@ func (in *ImpersonationProxyServiceSpec) DeepCopy() *ImpersonationProxyServiceSp func (in *ImpersonationProxySpec) DeepCopyInto(out *ImpersonationProxySpec) { *out = *in in.Service.DeepCopyInto(&out.Service) + if in.TLS != nil { + in, out := &in.TLS, &out.TLS + *out = new(ImpersonationProxyTLSSpec) + **out = **in + } return } @@ -242,6 +247,22 @@ func (in *ImpersonationProxySpec) DeepCopy() *ImpersonationProxySpec { return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ImpersonationProxyTLSSpec) DeepCopyInto(out *ImpersonationProxyTLSSpec) { + *out = *in + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ImpersonationProxyTLSSpec. +func (in *ImpersonationProxyTLSSpec) DeepCopy() *ImpersonationProxyTLSSpec { + if in == nil { + return nil + } + out := new(ImpersonationProxyTLSSpec) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *TokenCredentialRequestAPIInfo) DeepCopyInto(out *TokenCredentialRequestAPIInfo) { *out = *in diff --git a/generated/1.27/crds/config.concierge.pinniped.dev_credentialissuers.yaml b/generated/1.27/crds/config.concierge.pinniped.dev_credentialissuers.yaml index faa2b6d32..76b3a3db2 100644 --- a/generated/1.27/crds/config.concierge.pinniped.dev_credentialissuers.yaml +++ b/generated/1.27/crds/config.concierge.pinniped.dev_credentialissuers.yaml @@ -103,6 +103,23 @@ spec: - None type: string type: object + tls: + description: TLS contains information about how the Concierge + impersonation proxy should serve TLS. + properties: + certificateAuthorityData: + description: X.509 Certificate Authority (base64-encoded PEM + bundle). Used to advertise the CA bundle for the impersonation + proxy endpoint. + type: string + secretName: + description: SecretName is the name of a Secret in the same + namespace, of type `kubernetes.io/tls`, which contains the + TLS serving certificate for the Concierge impersonation + proxy endpoint. + minLength: 1 + type: string + type: object required: - mode - service diff --git a/generated/latest/apis/concierge/config/v1alpha1/types_credentialissuer.go b/generated/latest/apis/concierge/config/v1alpha1/types_credentialissuer.go index d1cb160ba..1e869247a 100644 --- a/generated/latest/apis/concierge/config/v1alpha1/types_credentialissuer.go +++ b/generated/latest/apis/concierge/config/v1alpha1/types_credentialissuer.go @@ -1,4 +1,4 @@ -// Copyright 2020-2022 the Pinniped contributors. All Rights Reserved. +// Copyright 2020-2023 the Pinniped contributors. All Rights Reserved. // SPDX-License-Identifier: Apache-2.0 package v1alpha1 @@ -80,6 +80,22 @@ const ( ImpersonationProxyServiceTypeNone = ImpersonationProxyServiceType("None") ) +// ImpersonationProxyTLSSpec contains information about how the Concierge impersonation proxy should +// serve TLS. +type ImpersonationProxyTLSSpec struct { + // X.509 Certificate Authority (base64-encoded PEM bundle). + // Used to advertise the CA bundle for the impersonation proxy endpoint. + // + // +optional + CertificateAuthorityData string `json:"certificateAuthorityData,omitempty"` + + // SecretName is the name of a Secret in the same namespace, of type `kubernetes.io/tls`, which contains + // the TLS serving certificate for the Concierge impersonation proxy endpoint. + // + // +kubebuilder:validation:MinLength=1 + SecretName string `json:"secretName,omitempty"` +} + // ImpersonationProxySpec describes the intended configuration of the Concierge impersonation proxy. type ImpersonationProxySpec struct { // Mode configures whether the impersonation proxy should be started: @@ -100,6 +116,11 @@ type ImpersonationProxySpec struct { // // +optional ExternalEndpoint string `json:"externalEndpoint,omitempty"` + + // TLS contains information about how the Concierge impersonation proxy should serve TLS. + // + // +optional + TLS *ImpersonationProxyTLSSpec `json:"tls,omitempty"` } // ImpersonationProxyServiceSpec describes how the Concierge should provision a Service to expose the impersonation proxy. diff --git a/generated/latest/apis/concierge/config/v1alpha1/zz_generated.deepcopy.go b/generated/latest/apis/concierge/config/v1alpha1/zz_generated.deepcopy.go index 1d2678dea..d4a01ba48 100644 --- a/generated/latest/apis/concierge/config/v1alpha1/zz_generated.deepcopy.go +++ b/generated/latest/apis/concierge/config/v1alpha1/zz_generated.deepcopy.go @@ -229,6 +229,11 @@ func (in *ImpersonationProxyServiceSpec) DeepCopy() *ImpersonationProxyServiceSp func (in *ImpersonationProxySpec) DeepCopyInto(out *ImpersonationProxySpec) { *out = *in in.Service.DeepCopyInto(&out.Service) + if in.TLS != nil { + in, out := &in.TLS, &out.TLS + *out = new(ImpersonationProxyTLSSpec) + **out = **in + } return } @@ -242,6 +247,22 @@ func (in *ImpersonationProxySpec) DeepCopy() *ImpersonationProxySpec { return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ImpersonationProxyTLSSpec) DeepCopyInto(out *ImpersonationProxyTLSSpec) { + *out = *in + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ImpersonationProxyTLSSpec. +func (in *ImpersonationProxyTLSSpec) DeepCopy() *ImpersonationProxyTLSSpec { + if in == nil { + return nil + } + out := new(ImpersonationProxyTLSSpec) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *TokenCredentialRequestAPIInfo) DeepCopyInto(out *TokenCredentialRequestAPIInfo) { *out = *in