Documentation
¶
Overview ¶
Package v1alpha1 is the v1alpha1 version of the Pinniped supervisor configuration API.
Index ¶
Constants ¶
const ( SuccessFederationDomainStatusCondition = FederationDomainStatusCondition("Success") DuplicateFederationDomainStatusCondition = FederationDomainStatusCondition("Duplicate") SameIssuerHostMustUseSameSecretFederationDomainStatusCondition = FederationDomainStatusCondition("SameIssuerHostMustUseSameSecret") InvalidFederationDomainStatusCondition = FederationDomainStatusCondition("Invalid") )
const GroupName = "config.supervisor.pinniped.dev"
Variables ¶
var ( SchemeBuilder runtime.SchemeBuilder AddToScheme = localSchemeBuilder.AddToScheme )
var SchemeGroupVersion = schema.GroupVersion{Group: GroupName, Version: "v1alpha1"}
SchemeGroupVersion is group version used to register these objects.
Functions ¶
func Resource ¶
func Resource(resource string) schema.GroupResource
Resource takes an unqualified resource and returns a Group qualified GroupResource.
Types ¶
type FederationDomain ¶
type FederationDomain struct {
metav1.TypeMeta `json:",inline"`
metav1.ObjectMeta `json:"metadata,omitempty"`
// Spec of the OIDC provider.
Spec FederationDomainSpec `json:"spec"`
// Status of the OIDC provider.
Status FederationDomainStatus `json:"status,omitempty"`
}
FederationDomain describes the configuration of an OIDC provider. +genclient +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object +kubebuilder:resource:categories=pinniped +kubebuilder:printcolumn:name="Issuer",type=string,JSONPath=`.spec.issuer` +kubebuilder:printcolumn:name="Status",type=string,JSONPath=`.status.status` +kubebuilder:printcolumn:name="Age",type=date,JSONPath=`.metadata.creationTimestamp` +kubebuilder:subresource:status
func (*FederationDomain) DeepCopy ¶
func (in *FederationDomain) DeepCopy() *FederationDomain
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new FederationDomain.
func (*FederationDomain) DeepCopyInto ¶
func (in *FederationDomain) DeepCopyInto(out *FederationDomain)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*FederationDomain) DeepCopyObject ¶
func (in *FederationDomain) DeepCopyObject() runtime.Object
DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
type FederationDomainList ¶
type FederationDomainList struct {
metav1.TypeMeta `json:",inline"`
metav1.ListMeta `json:"metadata,omitempty"`
Items []FederationDomain `json:"items"`
}
List of FederationDomain objects. +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
func (*FederationDomainList) DeepCopy ¶
func (in *FederationDomainList) DeepCopy() *FederationDomainList
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new FederationDomainList.
func (*FederationDomainList) DeepCopyInto ¶
func (in *FederationDomainList) DeepCopyInto(out *FederationDomainList)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*FederationDomainList) DeepCopyObject ¶
func (in *FederationDomainList) DeepCopyObject() runtime.Object
DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
type FederationDomainSecrets ¶
type FederationDomainSecrets struct {
// JWKS holds the name of the corev1.Secret in which this OIDC Provider's signing/verification keys are
// stored. If it is empty, then the signing/verification keys are either unknown or they don't
// exist.
// +optional
JWKS corev1.LocalObjectReference `json:"jwks,omitempty"`
// TokenSigningKey holds the name of the corev1.Secret in which this OIDC Provider's key for
// signing tokens is stored.
// +optional
TokenSigningKey corev1.LocalObjectReference `json:"tokenSigningKey,omitempty"`
// StateSigningKey holds the name of the corev1.Secret in which this OIDC Provider's key for
// signing state parameters is stored.
// +optional
StateSigningKey corev1.LocalObjectReference `json:"stateSigningKey,omitempty"`
// StateSigningKey holds the name of the corev1.Secret in which this OIDC Provider's key for
// encrypting state parameters is stored.
// +optional
StateEncryptionKey corev1.LocalObjectReference `json:"stateEncryptionKey,omitempty"`
}
FederationDomainSecrets holds information about this OIDC Provider's secrets.
func (*FederationDomainSecrets) DeepCopy ¶
func (in *FederationDomainSecrets) DeepCopy() *FederationDomainSecrets
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new FederationDomainSecrets.
func (*FederationDomainSecrets) DeepCopyInto ¶
func (in *FederationDomainSecrets) DeepCopyInto(out *FederationDomainSecrets)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type FederationDomainSpec ¶
type FederationDomainSpec struct {
// Issuer is the OIDC Provider's issuer, per the OIDC Discovery Metadata document, as well as the
// identifier that it will use for the iss claim in issued JWTs. This field will also be used as
// the base URL for any endpoints used by the OIDC Provider (e.g., if your issuer is
// https://example.com/foo, then your authorization endpoint will look like
// https://example.com/foo/some/path/to/auth/endpoint).
//
// See
// https://openid.net/specs/openid-connect-discovery-1_0.html#rfc.section.3 for more information.
// +kubebuilder:validation:MinLength=1
Issuer string `json:"issuer"`
// TLS configures how this FederationDomain is served over Transport Layer Security (TLS).
// +optional
TLS *FederationDomainTLSSpec `json:"tls,omitempty"`
}
FederationDomainSpec is a struct that describes an OIDC Provider.
func (*FederationDomainSpec) DeepCopy ¶
func (in *FederationDomainSpec) DeepCopy() *FederationDomainSpec
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new FederationDomainSpec.
func (*FederationDomainSpec) DeepCopyInto ¶
func (in *FederationDomainSpec) DeepCopyInto(out *FederationDomainSpec)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type FederationDomainStatus ¶
type FederationDomainStatus struct {
// Status holds an enum that describes the state of this OIDC Provider. Note that this Status can
// represent success or failure.
// +optional
Status FederationDomainStatusCondition `json:"status,omitempty"`
// Message provides human-readable details about the Status.
// +optional
Message string `json:"message,omitempty"`
// LastUpdateTime holds the time at which the Status was last updated. It is a pointer to get
// around some undesirable behavior with respect to the empty metav1.Time value (see
// https://github.com/kubernetes/kubernetes/issues/86811).
// +optional
LastUpdateTime *metav1.Time `json:"lastUpdateTime,omitempty"`
// Secrets contains information about this OIDC Provider's secrets.
// +optional
Secrets FederationDomainSecrets `json:"secrets,omitempty"`
}
FederationDomainStatus is a struct that describes the actual state of an OIDC Provider.
func (*FederationDomainStatus) DeepCopy ¶
func (in *FederationDomainStatus) DeepCopy() *FederationDomainStatus
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new FederationDomainStatus.
func (*FederationDomainStatus) DeepCopyInto ¶
func (in *FederationDomainStatus) DeepCopyInto(out *FederationDomainStatus)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type FederationDomainStatusCondition ¶
type FederationDomainStatusCondition string
+kubebuilder:validation:Enum=Success;Duplicate;Invalid;SameIssuerHostMustUseSameSecret
type FederationDomainTLSSpec ¶
type FederationDomainTLSSpec struct {
// SecretName is an optional name of a Secret in the same namespace, of type `kubernetes.io/tls`, which contains
// the TLS serving certificate for the HTTPS endpoints served by this FederationDomain. When provided, the TLS Secret
// named here must contain keys named `tls.crt` and `tls.key` that contain the certificate and private key to use
// for TLS.
//
// Server Name Indication (SNI) is an extension to the Transport Layer Security (TLS) supported by all major browsers.
//
// SecretName is required if you would like to use different TLS certificates for issuers of different hostnames.
// SNI requests do not include port numbers, so all issuers with the same DNS hostname must use the same
// SecretName value even if they have different port numbers.
//
// SecretName is not required when you would like to use only the HTTP endpoints (e.g. when the HTTP listener is
// configured to listen on loopback interfaces or UNIX domain sockets for traffic from a service mesh sidecar).
// It is also not required when you would like all requests to this OIDC Provider's HTTPS endpoints to
// use the default TLS certificate, which is configured elsewhere.
//
// When your Issuer URL's host is an IP address, then this field is ignored. SNI does not work for IP addresses.
//
// +optional
SecretName string `json:"secretName,omitempty"`
}
FederationDomainTLSSpec is a struct that describes the TLS configuration for an OIDC Provider.
func (*FederationDomainTLSSpec) DeepCopy ¶
func (in *FederationDomainTLSSpec) DeepCopy() *FederationDomainTLSSpec
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new FederationDomainTLSSpec.
func (*FederationDomainTLSSpec) DeepCopyInto ¶
func (in *FederationDomainTLSSpec) DeepCopyInto(out *FederationDomainTLSSpec)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
Source Files