diff --git a/apis/supervisor/config/v1alpha1/types_federationdomain.go.tmpl b/apis/supervisor/config/v1alpha1/types_federationdomain.go.tmpl index e92303a9f..27de4401c 100644 --- a/apis/supervisor/config/v1alpha1/types_federationdomain.go.tmpl +++ b/apis/supervisor/config/v1alpha1/types_federationdomain.go.tmpl @@ -31,8 +31,9 @@ type FederationDomainTLSSpec struct { // SNI requests do not include port numbers, so all issuers with the same DNS hostname must use the same // SecretName value even if they have different port numbers. // - // SecretName is not required when you would like to use only the HTTP endpoints (e.g. when terminating TLS at an - // Ingress). It is also not required when you would like all requests to this OIDC Provider's HTTPS endpoints to + // SecretName is not required when you would like to use only the HTTP endpoints (e.g. when the HTTP listener is + // configured to listen on loopback interfaces or UNIX domain sockets for traffic from a service mesh sidecar). + // It is also not required when you would like all requests to this OIDC Provider's HTTPS endpoints to // use the default TLS certificate, which is configured elsewhere. // // When your Issuer URL's host is an IP address, then this field is ignored. SNI does not work for IP addresses. diff --git a/deploy/supervisor/config.supervisor.pinniped.dev_federationdomains.yaml b/deploy/supervisor/config.supervisor.pinniped.dev_federationdomains.yaml index c9f969a38..71f7370d1 100644 --- a/deploy/supervisor/config.supervisor.pinniped.dev_federationdomains.yaml +++ b/deploy/supervisor/config.supervisor.pinniped.dev_federationdomains.yaml @@ -76,12 +76,13 @@ spec: so all issuers with the same DNS hostname must use the same SecretName value even if they have different port numbers. \n SecretName is not required when you would like to use only the - HTTP endpoints (e.g. when terminating TLS at an Ingress). It - is also not required when you would like all requests to this - OIDC Provider's HTTPS endpoints to use the default TLS certificate, - which is configured elsewhere. \n When your Issuer URL's host - is an IP address, then this field is ignored. SNI does not work - for IP addresses." + HTTP endpoints (e.g. when the HTTP listener is configured to + listen on loopback interfaces or UNIX domain sockets for traffic + from a service mesh sidecar). It is also not required when you + would like all requests to this OIDC Provider's HTTPS endpoints + to use the default TLS certificate, which is configured elsewhere. + \n When your Issuer URL's host is an IP address, then this field + is ignored. SNI does not work for IP addresses." type: string type: object required: diff --git a/generated/1.17/README.adoc b/generated/1.17/README.adoc index c9a9b07e7..9efe8a67e 100644 --- a/generated/1.17/README.adoc +++ b/generated/1.17/README.adoc @@ -538,7 +538,7 @@ FederationDomainTLSSpec is a struct that describes the TLS configuration for an | *`secretName`* __string__ | SecretName is an optional name of a Secret in the same namespace, of type `kubernetes.io/tls`, which contains the TLS serving certificate for the HTTPS endpoints served by this FederationDomain. When provided, the TLS Secret named here must contain keys named `tls.crt` and `tls.key` that contain the certificate and private key to use for TLS. Server Name Indication (SNI) is an extension to the Transport Layer Security (TLS) supported by all major browsers. SecretName is required if you would like to use different TLS certificates for issuers of different hostnames. SNI requests do not include port numbers, so all issuers with the same DNS hostname must use the same SecretName value even if they have different port numbers. - SecretName is not required when you would like to use only the HTTP endpoints (e.g. when terminating TLS at an Ingress). It is also not required when you would like all requests to this OIDC Provider's HTTPS endpoints to use the default TLS certificate, which is configured elsewhere. + SecretName is not required when you would like to use only the HTTP endpoints (e.g. when the HTTP listener is configured to listen on loopback interfaces or UNIX domain sockets for traffic from a service mesh sidecar). It is also not required when you would like all requests to this OIDC Provider's HTTPS endpoints to use the default TLS certificate, which is configured elsewhere. When your Issuer URL's host is an IP address, then this field is ignored. SNI does not work for IP addresses. |=== diff --git a/generated/1.17/apis/supervisor/config/v1alpha1/types_federationdomain.go b/generated/1.17/apis/supervisor/config/v1alpha1/types_federationdomain.go index e92303a9f..27de4401c 100644 --- a/generated/1.17/apis/supervisor/config/v1alpha1/types_federationdomain.go +++ b/generated/1.17/apis/supervisor/config/v1alpha1/types_federationdomain.go @@ -31,8 +31,9 @@ type FederationDomainTLSSpec struct { // SNI requests do not include port numbers, so all issuers with the same DNS hostname must use the same // SecretName value even if they have different port numbers. // - // SecretName is not required when you would like to use only the HTTP endpoints (e.g. when terminating TLS at an - // Ingress). It is also not required when you would like all requests to this OIDC Provider's HTTPS endpoints to + // SecretName is not required when you would like to use only the HTTP endpoints (e.g. when the HTTP listener is + // configured to listen on loopback interfaces or UNIX domain sockets for traffic from a service mesh sidecar). + // It is also not required when you would like all requests to this OIDC Provider's HTTPS endpoints to // use the default TLS certificate, which is configured elsewhere. // // When your Issuer URL's host is an IP address, then this field is ignored. SNI does not work for IP addresses. diff --git a/generated/1.17/crds/config.supervisor.pinniped.dev_federationdomains.yaml b/generated/1.17/crds/config.supervisor.pinniped.dev_federationdomains.yaml index c9f969a38..71f7370d1 100644 --- a/generated/1.17/crds/config.supervisor.pinniped.dev_federationdomains.yaml +++ b/generated/1.17/crds/config.supervisor.pinniped.dev_federationdomains.yaml @@ -76,12 +76,13 @@ spec: so all issuers with the same DNS hostname must use the same SecretName value even if they have different port numbers. \n SecretName is not required when you would like to use only the - HTTP endpoints (e.g. when terminating TLS at an Ingress). It - is also not required when you would like all requests to this - OIDC Provider's HTTPS endpoints to use the default TLS certificate, - which is configured elsewhere. \n When your Issuer URL's host - is an IP address, then this field is ignored. SNI does not work - for IP addresses." + HTTP endpoints (e.g. when the HTTP listener is configured to + listen on loopback interfaces or UNIX domain sockets for traffic + from a service mesh sidecar). It is also not required when you + would like all requests to this OIDC Provider's HTTPS endpoints + to use the default TLS certificate, which is configured elsewhere. + \n When your Issuer URL's host is an IP address, then this field + is ignored. SNI does not work for IP addresses." type: string type: object required: diff --git a/generated/1.18/README.adoc b/generated/1.18/README.adoc index fce0e2baa..f6ecc0f5d 100644 --- a/generated/1.18/README.adoc +++ b/generated/1.18/README.adoc @@ -538,7 +538,7 @@ FederationDomainTLSSpec is a struct that describes the TLS configuration for an | *`secretName`* __string__ | SecretName is an optional name of a Secret in the same namespace, of type `kubernetes.io/tls`, which contains the TLS serving certificate for the HTTPS endpoints served by this FederationDomain. When provided, the TLS Secret named here must contain keys named `tls.crt` and `tls.key` that contain the certificate and private key to use for TLS. Server Name Indication (SNI) is an extension to the Transport Layer Security (TLS) supported by all major browsers. SecretName is required if you would like to use different TLS certificates for issuers of different hostnames. SNI requests do not include port numbers, so all issuers with the same DNS hostname must use the same SecretName value even if they have different port numbers. - SecretName is not required when you would like to use only the HTTP endpoints (e.g. when terminating TLS at an Ingress). It is also not required when you would like all requests to this OIDC Provider's HTTPS endpoints to use the default TLS certificate, which is configured elsewhere. + SecretName is not required when you would like to use only the HTTP endpoints (e.g. when the HTTP listener is configured to listen on loopback interfaces or UNIX domain sockets for traffic from a service mesh sidecar). It is also not required when you would like all requests to this OIDC Provider's HTTPS endpoints to use the default TLS certificate, which is configured elsewhere. When your Issuer URL's host is an IP address, then this field is ignored. SNI does not work for IP addresses. |=== diff --git a/generated/1.18/apis/supervisor/config/v1alpha1/types_federationdomain.go b/generated/1.18/apis/supervisor/config/v1alpha1/types_federationdomain.go index e92303a9f..27de4401c 100644 --- a/generated/1.18/apis/supervisor/config/v1alpha1/types_federationdomain.go +++ b/generated/1.18/apis/supervisor/config/v1alpha1/types_federationdomain.go @@ -31,8 +31,9 @@ type FederationDomainTLSSpec struct { // SNI requests do not include port numbers, so all issuers with the same DNS hostname must use the same // SecretName value even if they have different port numbers. // - // SecretName is not required when you would like to use only the HTTP endpoints (e.g. when terminating TLS at an - // Ingress). It is also not required when you would like all requests to this OIDC Provider's HTTPS endpoints to + // SecretName is not required when you would like to use only the HTTP endpoints (e.g. when the HTTP listener is + // configured to listen on loopback interfaces or UNIX domain sockets for traffic from a service mesh sidecar). + // It is also not required when you would like all requests to this OIDC Provider's HTTPS endpoints to // use the default TLS certificate, which is configured elsewhere. // // When your Issuer URL's host is an IP address, then this field is ignored. SNI does not work for IP addresses. diff --git a/generated/1.18/crds/config.supervisor.pinniped.dev_federationdomains.yaml b/generated/1.18/crds/config.supervisor.pinniped.dev_federationdomains.yaml index c9f969a38..71f7370d1 100644 --- a/generated/1.18/crds/config.supervisor.pinniped.dev_federationdomains.yaml +++ b/generated/1.18/crds/config.supervisor.pinniped.dev_federationdomains.yaml @@ -76,12 +76,13 @@ spec: so all issuers with the same DNS hostname must use the same SecretName value even if they have different port numbers. \n SecretName is not required when you would like to use only the - HTTP endpoints (e.g. when terminating TLS at an Ingress). It - is also not required when you would like all requests to this - OIDC Provider's HTTPS endpoints to use the default TLS certificate, - which is configured elsewhere. \n When your Issuer URL's host - is an IP address, then this field is ignored. SNI does not work - for IP addresses." + HTTP endpoints (e.g. when the HTTP listener is configured to + listen on loopback interfaces or UNIX domain sockets for traffic + from a service mesh sidecar). It is also not required when you + would like all requests to this OIDC Provider's HTTPS endpoints + to use the default TLS certificate, which is configured elsewhere. + \n When your Issuer URL's host is an IP address, then this field + is ignored. SNI does not work for IP addresses." type: string type: object required: diff --git a/generated/1.19/README.adoc b/generated/1.19/README.adoc index b2ac07a46..197ed326f 100644 --- a/generated/1.19/README.adoc +++ b/generated/1.19/README.adoc @@ -538,7 +538,7 @@ FederationDomainTLSSpec is a struct that describes the TLS configuration for an | *`secretName`* __string__ | SecretName is an optional name of a Secret in the same namespace, of type `kubernetes.io/tls`, which contains the TLS serving certificate for the HTTPS endpoints served by this FederationDomain. When provided, the TLS Secret named here must contain keys named `tls.crt` and `tls.key` that contain the certificate and private key to use for TLS. Server Name Indication (SNI) is an extension to the Transport Layer Security (TLS) supported by all major browsers. SecretName is required if you would like to use different TLS certificates for issuers of different hostnames. SNI requests do not include port numbers, so all issuers with the same DNS hostname must use the same SecretName value even if they have different port numbers. - SecretName is not required when you would like to use only the HTTP endpoints (e.g. when terminating TLS at an Ingress). It is also not required when you would like all requests to this OIDC Provider's HTTPS endpoints to use the default TLS certificate, which is configured elsewhere. + SecretName is not required when you would like to use only the HTTP endpoints (e.g. when the HTTP listener is configured to listen on loopback interfaces or UNIX domain sockets for traffic from a service mesh sidecar). It is also not required when you would like all requests to this OIDC Provider's HTTPS endpoints to use the default TLS certificate, which is configured elsewhere. When your Issuer URL's host is an IP address, then this field is ignored. SNI does not work for IP addresses. |=== diff --git a/generated/1.19/apis/supervisor/config/v1alpha1/types_federationdomain.go b/generated/1.19/apis/supervisor/config/v1alpha1/types_federationdomain.go index e92303a9f..27de4401c 100644 --- a/generated/1.19/apis/supervisor/config/v1alpha1/types_federationdomain.go +++ b/generated/1.19/apis/supervisor/config/v1alpha1/types_federationdomain.go @@ -31,8 +31,9 @@ type FederationDomainTLSSpec struct { // SNI requests do not include port numbers, so all issuers with the same DNS hostname must use the same // SecretName value even if they have different port numbers. // - // SecretName is not required when you would like to use only the HTTP endpoints (e.g. when terminating TLS at an - // Ingress). It is also not required when you would like all requests to this OIDC Provider's HTTPS endpoints to + // SecretName is not required when you would like to use only the HTTP endpoints (e.g. when the HTTP listener is + // configured to listen on loopback interfaces or UNIX domain sockets for traffic from a service mesh sidecar). + // It is also not required when you would like all requests to this OIDC Provider's HTTPS endpoints to // use the default TLS certificate, which is configured elsewhere. // // When your Issuer URL's host is an IP address, then this field is ignored. SNI does not work for IP addresses. diff --git a/generated/1.19/crds/config.supervisor.pinniped.dev_federationdomains.yaml b/generated/1.19/crds/config.supervisor.pinniped.dev_federationdomains.yaml index c9f969a38..71f7370d1 100644 --- a/generated/1.19/crds/config.supervisor.pinniped.dev_federationdomains.yaml +++ b/generated/1.19/crds/config.supervisor.pinniped.dev_federationdomains.yaml @@ -76,12 +76,13 @@ spec: so all issuers with the same DNS hostname must use the same SecretName value even if they have different port numbers. \n SecretName is not required when you would like to use only the - HTTP endpoints (e.g. when terminating TLS at an Ingress). It - is also not required when you would like all requests to this - OIDC Provider's HTTPS endpoints to use the default TLS certificate, - which is configured elsewhere. \n When your Issuer URL's host - is an IP address, then this field is ignored. SNI does not work - for IP addresses." + HTTP endpoints (e.g. when the HTTP listener is configured to + listen on loopback interfaces or UNIX domain sockets for traffic + from a service mesh sidecar). It is also not required when you + would like all requests to this OIDC Provider's HTTPS endpoints + to use the default TLS certificate, which is configured elsewhere. + \n When your Issuer URL's host is an IP address, then this field + is ignored. SNI does not work for IP addresses." type: string type: object required: diff --git a/generated/1.20/README.adoc b/generated/1.20/README.adoc index 9bf80a58c..8ad43876e 100644 --- a/generated/1.20/README.adoc +++ b/generated/1.20/README.adoc @@ -538,7 +538,7 @@ FederationDomainTLSSpec is a struct that describes the TLS configuration for an | *`secretName`* __string__ | SecretName is an optional name of a Secret in the same namespace, of type `kubernetes.io/tls`, which contains the TLS serving certificate for the HTTPS endpoints served by this FederationDomain. When provided, the TLS Secret named here must contain keys named `tls.crt` and `tls.key` that contain the certificate and private key to use for TLS. Server Name Indication (SNI) is an extension to the Transport Layer Security (TLS) supported by all major browsers. SecretName is required if you would like to use different TLS certificates for issuers of different hostnames. SNI requests do not include port numbers, so all issuers with the same DNS hostname must use the same SecretName value even if they have different port numbers. - SecretName is not required when you would like to use only the HTTP endpoints (e.g. when terminating TLS at an Ingress). It is also not required when you would like all requests to this OIDC Provider's HTTPS endpoints to use the default TLS certificate, which is configured elsewhere. + SecretName is not required when you would like to use only the HTTP endpoints (e.g. when the HTTP listener is configured to listen on loopback interfaces or UNIX domain sockets for traffic from a service mesh sidecar). It is also not required when you would like all requests to this OIDC Provider's HTTPS endpoints to use the default TLS certificate, which is configured elsewhere. When your Issuer URL's host is an IP address, then this field is ignored. SNI does not work for IP addresses. |=== diff --git a/generated/1.20/apis/supervisor/config/v1alpha1/types_federationdomain.go b/generated/1.20/apis/supervisor/config/v1alpha1/types_federationdomain.go index e92303a9f..27de4401c 100644 --- a/generated/1.20/apis/supervisor/config/v1alpha1/types_federationdomain.go +++ b/generated/1.20/apis/supervisor/config/v1alpha1/types_federationdomain.go @@ -31,8 +31,9 @@ type FederationDomainTLSSpec struct { // SNI requests do not include port numbers, so all issuers with the same DNS hostname must use the same // SecretName value even if they have different port numbers. // - // SecretName is not required when you would like to use only the HTTP endpoints (e.g. when terminating TLS at an - // Ingress). It is also not required when you would like all requests to this OIDC Provider's HTTPS endpoints to + // SecretName is not required when you would like to use only the HTTP endpoints (e.g. when the HTTP listener is + // configured to listen on loopback interfaces or UNIX domain sockets for traffic from a service mesh sidecar). + // It is also not required when you would like all requests to this OIDC Provider's HTTPS endpoints to // use the default TLS certificate, which is configured elsewhere. // // When your Issuer URL's host is an IP address, then this field is ignored. SNI does not work for IP addresses. diff --git a/generated/1.20/crds/config.supervisor.pinniped.dev_federationdomains.yaml b/generated/1.20/crds/config.supervisor.pinniped.dev_federationdomains.yaml index c9f969a38..71f7370d1 100644 --- a/generated/1.20/crds/config.supervisor.pinniped.dev_federationdomains.yaml +++ b/generated/1.20/crds/config.supervisor.pinniped.dev_federationdomains.yaml @@ -76,12 +76,13 @@ spec: so all issuers with the same DNS hostname must use the same SecretName value even if they have different port numbers. \n SecretName is not required when you would like to use only the - HTTP endpoints (e.g. when terminating TLS at an Ingress). It - is also not required when you would like all requests to this - OIDC Provider's HTTPS endpoints to use the default TLS certificate, - which is configured elsewhere. \n When your Issuer URL's host - is an IP address, then this field is ignored. SNI does not work - for IP addresses." + HTTP endpoints (e.g. when the HTTP listener is configured to + listen on loopback interfaces or UNIX domain sockets for traffic + from a service mesh sidecar). It is also not required when you + would like all requests to this OIDC Provider's HTTPS endpoints + to use the default TLS certificate, which is configured elsewhere. + \n When your Issuer URL's host is an IP address, then this field + is ignored. SNI does not work for IP addresses." type: string type: object required: diff --git a/generated/1.21/README.adoc b/generated/1.21/README.adoc index d0c24b664..6abd6c4ba 100644 --- a/generated/1.21/README.adoc +++ b/generated/1.21/README.adoc @@ -538,7 +538,7 @@ FederationDomainTLSSpec is a struct that describes the TLS configuration for an | *`secretName`* __string__ | SecretName is an optional name of a Secret in the same namespace, of type `kubernetes.io/tls`, which contains the TLS serving certificate for the HTTPS endpoints served by this FederationDomain. When provided, the TLS Secret named here must contain keys named `tls.crt` and `tls.key` that contain the certificate and private key to use for TLS. Server Name Indication (SNI) is an extension to the Transport Layer Security (TLS) supported by all major browsers. SecretName is required if you would like to use different TLS certificates for issuers of different hostnames. SNI requests do not include port numbers, so all issuers with the same DNS hostname must use the same SecretName value even if they have different port numbers. - SecretName is not required when you would like to use only the HTTP endpoints (e.g. when terminating TLS at an Ingress). It is also not required when you would like all requests to this OIDC Provider's HTTPS endpoints to use the default TLS certificate, which is configured elsewhere. + SecretName is not required when you would like to use only the HTTP endpoints (e.g. when the HTTP listener is configured to listen on loopback interfaces or UNIX domain sockets for traffic from a service mesh sidecar). It is also not required when you would like all requests to this OIDC Provider's HTTPS endpoints to use the default TLS certificate, which is configured elsewhere. When your Issuer URL's host is an IP address, then this field is ignored. SNI does not work for IP addresses. |=== diff --git a/generated/1.21/apis/supervisor/config/v1alpha1/types_federationdomain.go b/generated/1.21/apis/supervisor/config/v1alpha1/types_federationdomain.go index e92303a9f..27de4401c 100644 --- a/generated/1.21/apis/supervisor/config/v1alpha1/types_federationdomain.go +++ b/generated/1.21/apis/supervisor/config/v1alpha1/types_federationdomain.go @@ -31,8 +31,9 @@ type FederationDomainTLSSpec struct { // SNI requests do not include port numbers, so all issuers with the same DNS hostname must use the same // SecretName value even if they have different port numbers. // - // SecretName is not required when you would like to use only the HTTP endpoints (e.g. when terminating TLS at an - // Ingress). It is also not required when you would like all requests to this OIDC Provider's HTTPS endpoints to + // SecretName is not required when you would like to use only the HTTP endpoints (e.g. when the HTTP listener is + // configured to listen on loopback interfaces or UNIX domain sockets for traffic from a service mesh sidecar). + // It is also not required when you would like all requests to this OIDC Provider's HTTPS endpoints to // use the default TLS certificate, which is configured elsewhere. // // When your Issuer URL's host is an IP address, then this field is ignored. SNI does not work for IP addresses. diff --git a/generated/1.21/crds/config.supervisor.pinniped.dev_federationdomains.yaml b/generated/1.21/crds/config.supervisor.pinniped.dev_federationdomains.yaml index c9f969a38..71f7370d1 100644 --- a/generated/1.21/crds/config.supervisor.pinniped.dev_federationdomains.yaml +++ b/generated/1.21/crds/config.supervisor.pinniped.dev_federationdomains.yaml @@ -76,12 +76,13 @@ spec: so all issuers with the same DNS hostname must use the same SecretName value even if they have different port numbers. \n SecretName is not required when you would like to use only the - HTTP endpoints (e.g. when terminating TLS at an Ingress). It - is also not required when you would like all requests to this - OIDC Provider's HTTPS endpoints to use the default TLS certificate, - which is configured elsewhere. \n When your Issuer URL's host - is an IP address, then this field is ignored. SNI does not work - for IP addresses." + HTTP endpoints (e.g. when the HTTP listener is configured to + listen on loopback interfaces or UNIX domain sockets for traffic + from a service mesh sidecar). It is also not required when you + would like all requests to this OIDC Provider's HTTPS endpoints + to use the default TLS certificate, which is configured elsewhere. + \n When your Issuer URL's host is an IP address, then this field + is ignored. SNI does not work for IP addresses." type: string type: object required: diff --git a/generated/1.22/README.adoc b/generated/1.22/README.adoc index ae5b4564c..46e9a2e5e 100644 --- a/generated/1.22/README.adoc +++ b/generated/1.22/README.adoc @@ -538,7 +538,7 @@ FederationDomainTLSSpec is a struct that describes the TLS configuration for an | *`secretName`* __string__ | SecretName is an optional name of a Secret in the same namespace, of type `kubernetes.io/tls`, which contains the TLS serving certificate for the HTTPS endpoints served by this FederationDomain. When provided, the TLS Secret named here must contain keys named `tls.crt` and `tls.key` that contain the certificate and private key to use for TLS. Server Name Indication (SNI) is an extension to the Transport Layer Security (TLS) supported by all major browsers. SecretName is required if you would like to use different TLS certificates for issuers of different hostnames. SNI requests do not include port numbers, so all issuers with the same DNS hostname must use the same SecretName value even if they have different port numbers. - SecretName is not required when you would like to use only the HTTP endpoints (e.g. when terminating TLS at an Ingress). It is also not required when you would like all requests to this OIDC Provider's HTTPS endpoints to use the default TLS certificate, which is configured elsewhere. + SecretName is not required when you would like to use only the HTTP endpoints (e.g. when the HTTP listener is configured to listen on loopback interfaces or UNIX domain sockets for traffic from a service mesh sidecar). It is also not required when you would like all requests to this OIDC Provider's HTTPS endpoints to use the default TLS certificate, which is configured elsewhere. When your Issuer URL's host is an IP address, then this field is ignored. SNI does not work for IP addresses. |=== diff --git a/generated/1.22/apis/supervisor/config/v1alpha1/types_federationdomain.go b/generated/1.22/apis/supervisor/config/v1alpha1/types_federationdomain.go index e92303a9f..27de4401c 100644 --- a/generated/1.22/apis/supervisor/config/v1alpha1/types_federationdomain.go +++ b/generated/1.22/apis/supervisor/config/v1alpha1/types_federationdomain.go @@ -31,8 +31,9 @@ type FederationDomainTLSSpec struct { // SNI requests do not include port numbers, so all issuers with the same DNS hostname must use the same // SecretName value even if they have different port numbers. // - // SecretName is not required when you would like to use only the HTTP endpoints (e.g. when terminating TLS at an - // Ingress). It is also not required when you would like all requests to this OIDC Provider's HTTPS endpoints to + // SecretName is not required when you would like to use only the HTTP endpoints (e.g. when the HTTP listener is + // configured to listen on loopback interfaces or UNIX domain sockets for traffic from a service mesh sidecar). + // It is also not required when you would like all requests to this OIDC Provider's HTTPS endpoints to // use the default TLS certificate, which is configured elsewhere. // // When your Issuer URL's host is an IP address, then this field is ignored. SNI does not work for IP addresses. diff --git a/generated/1.22/crds/config.supervisor.pinniped.dev_federationdomains.yaml b/generated/1.22/crds/config.supervisor.pinniped.dev_federationdomains.yaml index c9f969a38..71f7370d1 100644 --- a/generated/1.22/crds/config.supervisor.pinniped.dev_federationdomains.yaml +++ b/generated/1.22/crds/config.supervisor.pinniped.dev_federationdomains.yaml @@ -76,12 +76,13 @@ spec: so all issuers with the same DNS hostname must use the same SecretName value even if they have different port numbers. \n SecretName is not required when you would like to use only the - HTTP endpoints (e.g. when terminating TLS at an Ingress). It - is also not required when you would like all requests to this - OIDC Provider's HTTPS endpoints to use the default TLS certificate, - which is configured elsewhere. \n When your Issuer URL's host - is an IP address, then this field is ignored. SNI does not work - for IP addresses." + HTTP endpoints (e.g. when the HTTP listener is configured to + listen on loopback interfaces or UNIX domain sockets for traffic + from a service mesh sidecar). It is also not required when you + would like all requests to this OIDC Provider's HTTPS endpoints + to use the default TLS certificate, which is configured elsewhere. + \n When your Issuer URL's host is an IP address, then this field + is ignored. SNI does not work for IP addresses." type: string type: object required: diff --git a/generated/1.23/README.adoc b/generated/1.23/README.adoc index b341bc4af..9d67cb25a 100644 --- a/generated/1.23/README.adoc +++ b/generated/1.23/README.adoc @@ -538,7 +538,7 @@ FederationDomainTLSSpec is a struct that describes the TLS configuration for an | *`secretName`* __string__ | SecretName is an optional name of a Secret in the same namespace, of type `kubernetes.io/tls`, which contains the TLS serving certificate for the HTTPS endpoints served by this FederationDomain. When provided, the TLS Secret named here must contain keys named `tls.crt` and `tls.key` that contain the certificate and private key to use for TLS. Server Name Indication (SNI) is an extension to the Transport Layer Security (TLS) supported by all major browsers. SecretName is required if you would like to use different TLS certificates for issuers of different hostnames. SNI requests do not include port numbers, so all issuers with the same DNS hostname must use the same SecretName value even if they have different port numbers. - SecretName is not required when you would like to use only the HTTP endpoints (e.g. when terminating TLS at an Ingress). It is also not required when you would like all requests to this OIDC Provider's HTTPS endpoints to use the default TLS certificate, which is configured elsewhere. + SecretName is not required when you would like to use only the HTTP endpoints (e.g. when the HTTP listener is configured to listen on loopback interfaces or UNIX domain sockets for traffic from a service mesh sidecar). It is also not required when you would like all requests to this OIDC Provider's HTTPS endpoints to use the default TLS certificate, which is configured elsewhere. When your Issuer URL's host is an IP address, then this field is ignored. SNI does not work for IP addresses. |=== diff --git a/generated/1.23/apis/supervisor/config/v1alpha1/types_federationdomain.go b/generated/1.23/apis/supervisor/config/v1alpha1/types_federationdomain.go index e92303a9f..27de4401c 100644 --- a/generated/1.23/apis/supervisor/config/v1alpha1/types_federationdomain.go +++ b/generated/1.23/apis/supervisor/config/v1alpha1/types_federationdomain.go @@ -31,8 +31,9 @@ type FederationDomainTLSSpec struct { // SNI requests do not include port numbers, so all issuers with the same DNS hostname must use the same // SecretName value even if they have different port numbers. // - // SecretName is not required when you would like to use only the HTTP endpoints (e.g. when terminating TLS at an - // Ingress). It is also not required when you would like all requests to this OIDC Provider's HTTPS endpoints to + // SecretName is not required when you would like to use only the HTTP endpoints (e.g. when the HTTP listener is + // configured to listen on loopback interfaces or UNIX domain sockets for traffic from a service mesh sidecar). + // It is also not required when you would like all requests to this OIDC Provider's HTTPS endpoints to // use the default TLS certificate, which is configured elsewhere. // // When your Issuer URL's host is an IP address, then this field is ignored. SNI does not work for IP addresses. diff --git a/generated/1.23/crds/config.supervisor.pinniped.dev_federationdomains.yaml b/generated/1.23/crds/config.supervisor.pinniped.dev_federationdomains.yaml index c9f969a38..71f7370d1 100644 --- a/generated/1.23/crds/config.supervisor.pinniped.dev_federationdomains.yaml +++ b/generated/1.23/crds/config.supervisor.pinniped.dev_federationdomains.yaml @@ -76,12 +76,13 @@ spec: so all issuers with the same DNS hostname must use the same SecretName value even if they have different port numbers. \n SecretName is not required when you would like to use only the - HTTP endpoints (e.g. when terminating TLS at an Ingress). It - is also not required when you would like all requests to this - OIDC Provider's HTTPS endpoints to use the default TLS certificate, - which is configured elsewhere. \n When your Issuer URL's host - is an IP address, then this field is ignored. SNI does not work - for IP addresses." + HTTP endpoints (e.g. when the HTTP listener is configured to + listen on loopback interfaces or UNIX domain sockets for traffic + from a service mesh sidecar). It is also not required when you + would like all requests to this OIDC Provider's HTTPS endpoints + to use the default TLS certificate, which is configured elsewhere. + \n When your Issuer URL's host is an IP address, then this field + is ignored. SNI does not work for IP addresses." type: string type: object required: diff --git a/generated/latest/apis/supervisor/config/v1alpha1/types_federationdomain.go b/generated/latest/apis/supervisor/config/v1alpha1/types_federationdomain.go index e92303a9f..27de4401c 100644 --- a/generated/latest/apis/supervisor/config/v1alpha1/types_federationdomain.go +++ b/generated/latest/apis/supervisor/config/v1alpha1/types_federationdomain.go @@ -31,8 +31,9 @@ type FederationDomainTLSSpec struct { // SNI requests do not include port numbers, so all issuers with the same DNS hostname must use the same // SecretName value even if they have different port numbers. // - // SecretName is not required when you would like to use only the HTTP endpoints (e.g. when terminating TLS at an - // Ingress). It is also not required when you would like all requests to this OIDC Provider's HTTPS endpoints to + // SecretName is not required when you would like to use only the HTTP endpoints (e.g. when the HTTP listener is + // configured to listen on loopback interfaces or UNIX domain sockets for traffic from a service mesh sidecar). + // It is also not required when you would like all requests to this OIDC Provider's HTTPS endpoints to // use the default TLS certificate, which is configured elsewhere. // // When your Issuer URL's host is an IP address, then this field is ignored. SNI does not work for IP addresses.