From 1958bb8fb0c53cc6297cb2e09382312840264e52 Mon Sep 17 00:00:00 2001 From: Joshua Casey Date: Thu, 1 Aug 2024 23:08:00 -0500 Subject: [PATCH] Clarify documentation for the advertised CA bundle of the impersonation proxy --- .../config/v1alpha1/types_credentialissuer.go.tmpl | 9 ++++++--- ...onfig.concierge.pinniped.dev_credentialissuers.yaml | 6 +++++- generated/1.25/README.adoc | 10 +++++++--- .../config/v1alpha1/types_credentialissuer.go | 9 ++++++--- ...onfig.concierge.pinniped.dev_credentialissuers.yaml | 6 +++++- generated/1.26/README.adoc | 10 +++++++--- .../config/v1alpha1/types_credentialissuer.go | 9 ++++++--- ...onfig.concierge.pinniped.dev_credentialissuers.yaml | 6 +++++- generated/1.27/README.adoc | 10 +++++++--- .../config/v1alpha1/types_credentialissuer.go | 9 ++++++--- ...onfig.concierge.pinniped.dev_credentialissuers.yaml | 6 +++++- generated/1.28/README.adoc | 10 +++++++--- .../config/v1alpha1/types_credentialissuer.go | 9 ++++++--- ...onfig.concierge.pinniped.dev_credentialissuers.yaml | 6 +++++- generated/1.29/README.adoc | 10 +++++++--- .../config/v1alpha1/types_credentialissuer.go | 9 ++++++--- ...onfig.concierge.pinniped.dev_credentialissuers.yaml | 6 +++++- generated/1.30/README.adoc | 10 +++++++--- .../config/v1alpha1/types_credentialissuer.go | 9 ++++++--- ...onfig.concierge.pinniped.dev_credentialissuers.yaml | 6 +++++- generated/1.31/README.adoc | 10 +++++++--- .../config/v1alpha1/types_credentialissuer.go | 9 ++++++--- ...onfig.concierge.pinniped.dev_credentialissuers.yaml | 6 +++++- generated/latest/README.adoc | 10 +++++++--- .../config/v1alpha1/types_credentialissuer.go | 9 ++++++--- 25 files changed, 150 insertions(+), 59 deletions(-) diff --git a/apis/concierge/config/v1alpha1/types_credentialissuer.go.tmpl b/apis/concierge/config/v1alpha1/types_credentialissuer.go.tmpl index de976f5c1..6b908a90d 100644 --- a/apis/concierge/config/v1alpha1/types_credentialissuer.go.tmpl +++ b/apis/concierge/config/v1alpha1/types_credentialissuer.go.tmpl @@ -83,16 +83,16 @@ const ( ) // ImpersonationProxyTLSSpec contains information about how the Concierge impersonation proxy should -// serve TLS. +// serve TLS and what CA bundle to advertise for TLS verification. // // If CertificateAuthorityData is not provided, the Concierge impersonation proxy will check the secret -// for a field called "ca.crt", which will be used as the CertificateAuthorityData. +// for a field called "ca.crt", which will be used as the CA bundle to advertise for TLS verification. // // If neither CertificateAuthorityData nor ca.crt is provided, no CA bundle will be advertised for // the impersonation proxy endpoint. type ImpersonationProxyTLSSpec struct { // X.509 Certificate Authority (base64-encoded PEM bundle). - // Used to advertise the CA bundle for the impersonation proxy endpoint. + // Used to advertise the CA bundle for TLS verification. // // +optional CertificateAuthorityData string `json:"certificateAuthorityData,omitempty"` @@ -100,6 +100,9 @@ type ImpersonationProxyTLSSpec struct { // SecretName is the name of a Secret in the same namespace, of type `kubernetes.io/tls`, which contains // the TLS serving certificate for the Concierge impersonation proxy endpoint. // + // If CertificateAuthorityData is not provided, the Concierge impersonation proxy will check this secret for + // a field called "ca.crt", which will be used as the CA bundle to advertise for TLS verification. + // // +kubebuilder:validation:MinLength=1 SecretName string `json:"secretName,omitempty"` } diff --git a/deploy/concierge/config.concierge.pinniped.dev_credentialissuers.yaml b/deploy/concierge/config.concierge.pinniped.dev_credentialissuers.yaml index 6897b7968..225ce3fed 100644 --- a/deploy/concierge/config.concierge.pinniped.dev_credentialissuers.yaml +++ b/deploy/concierge/config.concierge.pinniped.dev_credentialissuers.yaml @@ -115,12 +115,16 @@ spec: certificateAuthorityData: description: |- X.509 Certificate Authority (base64-encoded PEM bundle). - Used to advertise the CA bundle for the impersonation proxy endpoint. + Used to advertise the CA bundle for TLS verification. type: string secretName: description: |- SecretName is the name of a Secret in the same namespace, of type `kubernetes.io/tls`, which contains the TLS serving certificate for the Concierge impersonation proxy endpoint. + + + If CertificateAuthorityData is not provided, the Concierge impersonation proxy will check this secret for + a field called "ca.crt", which will be used as the CA bundle to advertise for TLS verification. minLength: 1 type: string type: object diff --git a/generated/1.25/README.adoc b/generated/1.25/README.adoc index 92794f1b1..cf55f2c86 100644 --- a/generated/1.25/README.adoc +++ b/generated/1.25/README.adoc @@ -622,11 +622,11 @@ If this field is empty, the impersonation proxy will generate its own TLS certif ==== ImpersonationProxyTLSSpec ImpersonationProxyTLSSpec contains information about how the Concierge impersonation proxy should -serve TLS. +serve TLS and what CA bundle to advertise for TLS verification. If CertificateAuthorityData is not provided, the Concierge impersonation proxy will check the secret -for a field called "ca.crt", which will be used as the CertificateAuthorityData. +for a field called "ca.crt", which will be used as the CA bundle to advertise for TLS verification. If neither CertificateAuthorityData nor ca.crt is provided, no CA bundle will be advertised for @@ -641,9 +641,13 @@ the impersonation proxy endpoint. |=== | Field | Description | *`certificateAuthorityData`* __string__ | X.509 Certificate Authority (base64-encoded PEM bundle). + -Used to advertise the CA bundle for the impersonation proxy endpoint. + +Used to advertise the CA bundle for TLS verification. + | *`secretName`* __string__ | SecretName is the name of a Secret in the same namespace, of type `kubernetes.io/tls`, which contains + the TLS serving certificate for the Concierge impersonation proxy endpoint. + + + +If CertificateAuthorityData is not provided, the Concierge impersonation proxy will check this secret for + +a field called "ca.crt", which will be used as the CA bundle to advertise for TLS verification. + |=== diff --git a/generated/1.25/apis/concierge/config/v1alpha1/types_credentialissuer.go b/generated/1.25/apis/concierge/config/v1alpha1/types_credentialissuer.go index de976f5c1..6b908a90d 100644 --- a/generated/1.25/apis/concierge/config/v1alpha1/types_credentialissuer.go +++ b/generated/1.25/apis/concierge/config/v1alpha1/types_credentialissuer.go @@ -83,16 +83,16 @@ const ( ) // ImpersonationProxyTLSSpec contains information about how the Concierge impersonation proxy should -// serve TLS. +// serve TLS and what CA bundle to advertise for TLS verification. // // If CertificateAuthorityData is not provided, the Concierge impersonation proxy will check the secret -// for a field called "ca.crt", which will be used as the CertificateAuthorityData. +// for a field called "ca.crt", which will be used as the CA bundle to advertise for TLS verification. // // If neither CertificateAuthorityData nor ca.crt is provided, no CA bundle will be advertised for // the impersonation proxy endpoint. type ImpersonationProxyTLSSpec struct { // X.509 Certificate Authority (base64-encoded PEM bundle). - // Used to advertise the CA bundle for the impersonation proxy endpoint. + // Used to advertise the CA bundle for TLS verification. // // +optional CertificateAuthorityData string `json:"certificateAuthorityData,omitempty"` @@ -100,6 +100,9 @@ type ImpersonationProxyTLSSpec struct { // SecretName is the name of a Secret in the same namespace, of type `kubernetes.io/tls`, which contains // the TLS serving certificate for the Concierge impersonation proxy endpoint. // + // If CertificateAuthorityData is not provided, the Concierge impersonation proxy will check this secret for + // a field called "ca.crt", which will be used as the CA bundle to advertise for TLS verification. + // // +kubebuilder:validation:MinLength=1 SecretName string `json:"secretName,omitempty"` } diff --git a/generated/1.25/crds/config.concierge.pinniped.dev_credentialissuers.yaml b/generated/1.25/crds/config.concierge.pinniped.dev_credentialissuers.yaml index 6897b7968..225ce3fed 100644 --- a/generated/1.25/crds/config.concierge.pinniped.dev_credentialissuers.yaml +++ b/generated/1.25/crds/config.concierge.pinniped.dev_credentialissuers.yaml @@ -115,12 +115,16 @@ spec: certificateAuthorityData: description: |- X.509 Certificate Authority (base64-encoded PEM bundle). - Used to advertise the CA bundle for the impersonation proxy endpoint. + Used to advertise the CA bundle for TLS verification. type: string secretName: description: |- SecretName is the name of a Secret in the same namespace, of type `kubernetes.io/tls`, which contains the TLS serving certificate for the Concierge impersonation proxy endpoint. + + + If CertificateAuthorityData is not provided, the Concierge impersonation proxy will check this secret for + a field called "ca.crt", which will be used as the CA bundle to advertise for TLS verification. minLength: 1 type: string type: object diff --git a/generated/1.26/README.adoc b/generated/1.26/README.adoc index 2e291f103..b2a4a2013 100644 --- a/generated/1.26/README.adoc +++ b/generated/1.26/README.adoc @@ -622,11 +622,11 @@ If this field is empty, the impersonation proxy will generate its own TLS certif ==== ImpersonationProxyTLSSpec ImpersonationProxyTLSSpec contains information about how the Concierge impersonation proxy should -serve TLS. +serve TLS and what CA bundle to advertise for TLS verification. If CertificateAuthorityData is not provided, the Concierge impersonation proxy will check the secret -for a field called "ca.crt", which will be used as the CertificateAuthorityData. +for a field called "ca.crt", which will be used as the CA bundle to advertise for TLS verification. If neither CertificateAuthorityData nor ca.crt is provided, no CA bundle will be advertised for @@ -641,9 +641,13 @@ the impersonation proxy endpoint. |=== | Field | Description | *`certificateAuthorityData`* __string__ | X.509 Certificate Authority (base64-encoded PEM bundle). + -Used to advertise the CA bundle for the impersonation proxy endpoint. + +Used to advertise the CA bundle for TLS verification. + | *`secretName`* __string__ | SecretName is the name of a Secret in the same namespace, of type `kubernetes.io/tls`, which contains + the TLS serving certificate for the Concierge impersonation proxy endpoint. + + + +If CertificateAuthorityData is not provided, the Concierge impersonation proxy will check this secret for + +a field called "ca.crt", which will be used as the CA bundle to advertise for TLS verification. + |=== diff --git a/generated/1.26/apis/concierge/config/v1alpha1/types_credentialissuer.go b/generated/1.26/apis/concierge/config/v1alpha1/types_credentialissuer.go index de976f5c1..6b908a90d 100644 --- a/generated/1.26/apis/concierge/config/v1alpha1/types_credentialissuer.go +++ b/generated/1.26/apis/concierge/config/v1alpha1/types_credentialissuer.go @@ -83,16 +83,16 @@ const ( ) // ImpersonationProxyTLSSpec contains information about how the Concierge impersonation proxy should -// serve TLS. +// serve TLS and what CA bundle to advertise for TLS verification. // // If CertificateAuthorityData is not provided, the Concierge impersonation proxy will check the secret -// for a field called "ca.crt", which will be used as the CertificateAuthorityData. +// for a field called "ca.crt", which will be used as the CA bundle to advertise for TLS verification. // // If neither CertificateAuthorityData nor ca.crt is provided, no CA bundle will be advertised for // the impersonation proxy endpoint. type ImpersonationProxyTLSSpec struct { // X.509 Certificate Authority (base64-encoded PEM bundle). - // Used to advertise the CA bundle for the impersonation proxy endpoint. + // Used to advertise the CA bundle for TLS verification. // // +optional CertificateAuthorityData string `json:"certificateAuthorityData,omitempty"` @@ -100,6 +100,9 @@ type ImpersonationProxyTLSSpec struct { // SecretName is the name of a Secret in the same namespace, of type `kubernetes.io/tls`, which contains // the TLS serving certificate for the Concierge impersonation proxy endpoint. // + // If CertificateAuthorityData is not provided, the Concierge impersonation proxy will check this secret for + // a field called "ca.crt", which will be used as the CA bundle to advertise for TLS verification. + // // +kubebuilder:validation:MinLength=1 SecretName string `json:"secretName,omitempty"` } diff --git a/generated/1.26/crds/config.concierge.pinniped.dev_credentialissuers.yaml b/generated/1.26/crds/config.concierge.pinniped.dev_credentialissuers.yaml index 6897b7968..225ce3fed 100644 --- a/generated/1.26/crds/config.concierge.pinniped.dev_credentialissuers.yaml +++ b/generated/1.26/crds/config.concierge.pinniped.dev_credentialissuers.yaml @@ -115,12 +115,16 @@ spec: certificateAuthorityData: description: |- X.509 Certificate Authority (base64-encoded PEM bundle). - Used to advertise the CA bundle for the impersonation proxy endpoint. + Used to advertise the CA bundle for TLS verification. type: string secretName: description: |- SecretName is the name of a Secret in the same namespace, of type `kubernetes.io/tls`, which contains the TLS serving certificate for the Concierge impersonation proxy endpoint. + + + If CertificateAuthorityData is not provided, the Concierge impersonation proxy will check this secret for + a field called "ca.crt", which will be used as the CA bundle to advertise for TLS verification. minLength: 1 type: string type: object diff --git a/generated/1.27/README.adoc b/generated/1.27/README.adoc index c92144a04..6d06f5f7c 100644 --- a/generated/1.27/README.adoc +++ b/generated/1.27/README.adoc @@ -622,11 +622,11 @@ If this field is empty, the impersonation proxy will generate its own TLS certif ==== ImpersonationProxyTLSSpec ImpersonationProxyTLSSpec contains information about how the Concierge impersonation proxy should -serve TLS. +serve TLS and what CA bundle to advertise for TLS verification. If CertificateAuthorityData is not provided, the Concierge impersonation proxy will check the secret -for a field called "ca.crt", which will be used as the CertificateAuthorityData. +for a field called "ca.crt", which will be used as the CA bundle to advertise for TLS verification. If neither CertificateAuthorityData nor ca.crt is provided, no CA bundle will be advertised for @@ -641,9 +641,13 @@ the impersonation proxy endpoint. |=== | Field | Description | *`certificateAuthorityData`* __string__ | X.509 Certificate Authority (base64-encoded PEM bundle). + -Used to advertise the CA bundle for the impersonation proxy endpoint. + +Used to advertise the CA bundle for TLS verification. + | *`secretName`* __string__ | SecretName is the name of a Secret in the same namespace, of type `kubernetes.io/tls`, which contains + the TLS serving certificate for the Concierge impersonation proxy endpoint. + + + +If CertificateAuthorityData is not provided, the Concierge impersonation proxy will check this secret for + +a field called "ca.crt", which will be used as the CA bundle to advertise for TLS verification. + |=== diff --git a/generated/1.27/apis/concierge/config/v1alpha1/types_credentialissuer.go b/generated/1.27/apis/concierge/config/v1alpha1/types_credentialissuer.go index de976f5c1..6b908a90d 100644 --- a/generated/1.27/apis/concierge/config/v1alpha1/types_credentialissuer.go +++ b/generated/1.27/apis/concierge/config/v1alpha1/types_credentialissuer.go @@ -83,16 +83,16 @@ const ( ) // ImpersonationProxyTLSSpec contains information about how the Concierge impersonation proxy should -// serve TLS. +// serve TLS and what CA bundle to advertise for TLS verification. // // If CertificateAuthorityData is not provided, the Concierge impersonation proxy will check the secret -// for a field called "ca.crt", which will be used as the CertificateAuthorityData. +// for a field called "ca.crt", which will be used as the CA bundle to advertise for TLS verification. // // If neither CertificateAuthorityData nor ca.crt is provided, no CA bundle will be advertised for // the impersonation proxy endpoint. type ImpersonationProxyTLSSpec struct { // X.509 Certificate Authority (base64-encoded PEM bundle). - // Used to advertise the CA bundle for the impersonation proxy endpoint. + // Used to advertise the CA bundle for TLS verification. // // +optional CertificateAuthorityData string `json:"certificateAuthorityData,omitempty"` @@ -100,6 +100,9 @@ type ImpersonationProxyTLSSpec struct { // SecretName is the name of a Secret in the same namespace, of type `kubernetes.io/tls`, which contains // the TLS serving certificate for the Concierge impersonation proxy endpoint. // + // If CertificateAuthorityData is not provided, the Concierge impersonation proxy will check this secret for + // a field called "ca.crt", which will be used as the CA bundle to advertise for TLS verification. + // // +kubebuilder:validation:MinLength=1 SecretName string `json:"secretName,omitempty"` } diff --git a/generated/1.27/crds/config.concierge.pinniped.dev_credentialissuers.yaml b/generated/1.27/crds/config.concierge.pinniped.dev_credentialissuers.yaml index 6897b7968..225ce3fed 100644 --- a/generated/1.27/crds/config.concierge.pinniped.dev_credentialissuers.yaml +++ b/generated/1.27/crds/config.concierge.pinniped.dev_credentialissuers.yaml @@ -115,12 +115,16 @@ spec: certificateAuthorityData: description: |- X.509 Certificate Authority (base64-encoded PEM bundle). - Used to advertise the CA bundle for the impersonation proxy endpoint. + Used to advertise the CA bundle for TLS verification. type: string secretName: description: |- SecretName is the name of a Secret in the same namespace, of type `kubernetes.io/tls`, which contains the TLS serving certificate for the Concierge impersonation proxy endpoint. + + + If CertificateAuthorityData is not provided, the Concierge impersonation proxy will check this secret for + a field called "ca.crt", which will be used as the CA bundle to advertise for TLS verification. minLength: 1 type: string type: object diff --git a/generated/1.28/README.adoc b/generated/1.28/README.adoc index 11bab11c0..f1c5bf84b 100644 --- a/generated/1.28/README.adoc +++ b/generated/1.28/README.adoc @@ -622,11 +622,11 @@ If this field is empty, the impersonation proxy will generate its own TLS certif ==== ImpersonationProxyTLSSpec ImpersonationProxyTLSSpec contains information about how the Concierge impersonation proxy should -serve TLS. +serve TLS and what CA bundle to advertise for TLS verification. If CertificateAuthorityData is not provided, the Concierge impersonation proxy will check the secret -for a field called "ca.crt", which will be used as the CertificateAuthorityData. +for a field called "ca.crt", which will be used as the CA bundle to advertise for TLS verification. If neither CertificateAuthorityData nor ca.crt is provided, no CA bundle will be advertised for @@ -641,9 +641,13 @@ the impersonation proxy endpoint. |=== | Field | Description | *`certificateAuthorityData`* __string__ | X.509 Certificate Authority (base64-encoded PEM bundle). + -Used to advertise the CA bundle for the impersonation proxy endpoint. + +Used to advertise the CA bundle for TLS verification. + | *`secretName`* __string__ | SecretName is the name of a Secret in the same namespace, of type `kubernetes.io/tls`, which contains + the TLS serving certificate for the Concierge impersonation proxy endpoint. + + + +If CertificateAuthorityData is not provided, the Concierge impersonation proxy will check this secret for + +a field called "ca.crt", which will be used as the CA bundle to advertise for TLS verification. + |=== diff --git a/generated/1.28/apis/concierge/config/v1alpha1/types_credentialissuer.go b/generated/1.28/apis/concierge/config/v1alpha1/types_credentialissuer.go index de976f5c1..6b908a90d 100644 --- a/generated/1.28/apis/concierge/config/v1alpha1/types_credentialissuer.go +++ b/generated/1.28/apis/concierge/config/v1alpha1/types_credentialissuer.go @@ -83,16 +83,16 @@ const ( ) // ImpersonationProxyTLSSpec contains information about how the Concierge impersonation proxy should -// serve TLS. +// serve TLS and what CA bundle to advertise for TLS verification. // // If CertificateAuthorityData is not provided, the Concierge impersonation proxy will check the secret -// for a field called "ca.crt", which will be used as the CertificateAuthorityData. +// for a field called "ca.crt", which will be used as the CA bundle to advertise for TLS verification. // // If neither CertificateAuthorityData nor ca.crt is provided, no CA bundle will be advertised for // the impersonation proxy endpoint. type ImpersonationProxyTLSSpec struct { // X.509 Certificate Authority (base64-encoded PEM bundle). - // Used to advertise the CA bundle for the impersonation proxy endpoint. + // Used to advertise the CA bundle for TLS verification. // // +optional CertificateAuthorityData string `json:"certificateAuthorityData,omitempty"` @@ -100,6 +100,9 @@ type ImpersonationProxyTLSSpec struct { // SecretName is the name of a Secret in the same namespace, of type `kubernetes.io/tls`, which contains // the TLS serving certificate for the Concierge impersonation proxy endpoint. // + // If CertificateAuthorityData is not provided, the Concierge impersonation proxy will check this secret for + // a field called "ca.crt", which will be used as the CA bundle to advertise for TLS verification. + // // +kubebuilder:validation:MinLength=1 SecretName string `json:"secretName,omitempty"` } diff --git a/generated/1.28/crds/config.concierge.pinniped.dev_credentialissuers.yaml b/generated/1.28/crds/config.concierge.pinniped.dev_credentialissuers.yaml index 6897b7968..225ce3fed 100644 --- a/generated/1.28/crds/config.concierge.pinniped.dev_credentialissuers.yaml +++ b/generated/1.28/crds/config.concierge.pinniped.dev_credentialissuers.yaml @@ -115,12 +115,16 @@ spec: certificateAuthorityData: description: |- X.509 Certificate Authority (base64-encoded PEM bundle). - Used to advertise the CA bundle for the impersonation proxy endpoint. + Used to advertise the CA bundle for TLS verification. type: string secretName: description: |- SecretName is the name of a Secret in the same namespace, of type `kubernetes.io/tls`, which contains the TLS serving certificate for the Concierge impersonation proxy endpoint. + + + If CertificateAuthorityData is not provided, the Concierge impersonation proxy will check this secret for + a field called "ca.crt", which will be used as the CA bundle to advertise for TLS verification. minLength: 1 type: string type: object diff --git a/generated/1.29/README.adoc b/generated/1.29/README.adoc index 17c21cf5c..b5361cb24 100644 --- a/generated/1.29/README.adoc +++ b/generated/1.29/README.adoc @@ -622,11 +622,11 @@ If this field is empty, the impersonation proxy will generate its own TLS certif ==== ImpersonationProxyTLSSpec ImpersonationProxyTLSSpec contains information about how the Concierge impersonation proxy should -serve TLS. +serve TLS and what CA bundle to advertise for TLS verification. If CertificateAuthorityData is not provided, the Concierge impersonation proxy will check the secret -for a field called "ca.crt", which will be used as the CertificateAuthorityData. +for a field called "ca.crt", which will be used as the CA bundle to advertise for TLS verification. If neither CertificateAuthorityData nor ca.crt is provided, no CA bundle will be advertised for @@ -641,9 +641,13 @@ the impersonation proxy endpoint. |=== | Field | Description | *`certificateAuthorityData`* __string__ | X.509 Certificate Authority (base64-encoded PEM bundle). + -Used to advertise the CA bundle for the impersonation proxy endpoint. + +Used to advertise the CA bundle for TLS verification. + | *`secretName`* __string__ | SecretName is the name of a Secret in the same namespace, of type `kubernetes.io/tls`, which contains + the TLS serving certificate for the Concierge impersonation proxy endpoint. + + + +If CertificateAuthorityData is not provided, the Concierge impersonation proxy will check this secret for + +a field called "ca.crt", which will be used as the CA bundle to advertise for TLS verification. + |=== diff --git a/generated/1.29/apis/concierge/config/v1alpha1/types_credentialissuer.go b/generated/1.29/apis/concierge/config/v1alpha1/types_credentialissuer.go index de976f5c1..6b908a90d 100644 --- a/generated/1.29/apis/concierge/config/v1alpha1/types_credentialissuer.go +++ b/generated/1.29/apis/concierge/config/v1alpha1/types_credentialissuer.go @@ -83,16 +83,16 @@ const ( ) // ImpersonationProxyTLSSpec contains information about how the Concierge impersonation proxy should -// serve TLS. +// serve TLS and what CA bundle to advertise for TLS verification. // // If CertificateAuthorityData is not provided, the Concierge impersonation proxy will check the secret -// for a field called "ca.crt", which will be used as the CertificateAuthorityData. +// for a field called "ca.crt", which will be used as the CA bundle to advertise for TLS verification. // // If neither CertificateAuthorityData nor ca.crt is provided, no CA bundle will be advertised for // the impersonation proxy endpoint. type ImpersonationProxyTLSSpec struct { // X.509 Certificate Authority (base64-encoded PEM bundle). - // Used to advertise the CA bundle for the impersonation proxy endpoint. + // Used to advertise the CA bundle for TLS verification. // // +optional CertificateAuthorityData string `json:"certificateAuthorityData,omitempty"` @@ -100,6 +100,9 @@ type ImpersonationProxyTLSSpec struct { // SecretName is the name of a Secret in the same namespace, of type `kubernetes.io/tls`, which contains // the TLS serving certificate for the Concierge impersonation proxy endpoint. // + // If CertificateAuthorityData is not provided, the Concierge impersonation proxy will check this secret for + // a field called "ca.crt", which will be used as the CA bundle to advertise for TLS verification. + // // +kubebuilder:validation:MinLength=1 SecretName string `json:"secretName,omitempty"` } diff --git a/generated/1.29/crds/config.concierge.pinniped.dev_credentialissuers.yaml b/generated/1.29/crds/config.concierge.pinniped.dev_credentialissuers.yaml index 6897b7968..225ce3fed 100644 --- a/generated/1.29/crds/config.concierge.pinniped.dev_credentialissuers.yaml +++ b/generated/1.29/crds/config.concierge.pinniped.dev_credentialissuers.yaml @@ -115,12 +115,16 @@ spec: certificateAuthorityData: description: |- X.509 Certificate Authority (base64-encoded PEM bundle). - Used to advertise the CA bundle for the impersonation proxy endpoint. + Used to advertise the CA bundle for TLS verification. type: string secretName: description: |- SecretName is the name of a Secret in the same namespace, of type `kubernetes.io/tls`, which contains the TLS serving certificate for the Concierge impersonation proxy endpoint. + + + If CertificateAuthorityData is not provided, the Concierge impersonation proxy will check this secret for + a field called "ca.crt", which will be used as the CA bundle to advertise for TLS verification. minLength: 1 type: string type: object diff --git a/generated/1.30/README.adoc b/generated/1.30/README.adoc index 0659827b6..b384536a0 100644 --- a/generated/1.30/README.adoc +++ b/generated/1.30/README.adoc @@ -622,11 +622,11 @@ If this field is empty, the impersonation proxy will generate its own TLS certif ==== ImpersonationProxyTLSSpec ImpersonationProxyTLSSpec contains information about how the Concierge impersonation proxy should -serve TLS. +serve TLS and what CA bundle to advertise for TLS verification. If CertificateAuthorityData is not provided, the Concierge impersonation proxy will check the secret -for a field called "ca.crt", which will be used as the CertificateAuthorityData. +for a field called "ca.crt", which will be used as the CA bundle to advertise for TLS verification. If neither CertificateAuthorityData nor ca.crt is provided, no CA bundle will be advertised for @@ -641,9 +641,13 @@ the impersonation proxy endpoint. |=== | Field | Description | *`certificateAuthorityData`* __string__ | X.509 Certificate Authority (base64-encoded PEM bundle). + -Used to advertise the CA bundle for the impersonation proxy endpoint. + +Used to advertise the CA bundle for TLS verification. + | *`secretName`* __string__ | SecretName is the name of a Secret in the same namespace, of type `kubernetes.io/tls`, which contains + the TLS serving certificate for the Concierge impersonation proxy endpoint. + + + +If CertificateAuthorityData is not provided, the Concierge impersonation proxy will check this secret for + +a field called "ca.crt", which will be used as the CA bundle to advertise for TLS verification. + |=== diff --git a/generated/1.30/apis/concierge/config/v1alpha1/types_credentialissuer.go b/generated/1.30/apis/concierge/config/v1alpha1/types_credentialissuer.go index de976f5c1..6b908a90d 100644 --- a/generated/1.30/apis/concierge/config/v1alpha1/types_credentialissuer.go +++ b/generated/1.30/apis/concierge/config/v1alpha1/types_credentialissuer.go @@ -83,16 +83,16 @@ const ( ) // ImpersonationProxyTLSSpec contains information about how the Concierge impersonation proxy should -// serve TLS. +// serve TLS and what CA bundle to advertise for TLS verification. // // If CertificateAuthorityData is not provided, the Concierge impersonation proxy will check the secret -// for a field called "ca.crt", which will be used as the CertificateAuthorityData. +// for a field called "ca.crt", which will be used as the CA bundle to advertise for TLS verification. // // If neither CertificateAuthorityData nor ca.crt is provided, no CA bundle will be advertised for // the impersonation proxy endpoint. type ImpersonationProxyTLSSpec struct { // X.509 Certificate Authority (base64-encoded PEM bundle). - // Used to advertise the CA bundle for the impersonation proxy endpoint. + // Used to advertise the CA bundle for TLS verification. // // +optional CertificateAuthorityData string `json:"certificateAuthorityData,omitempty"` @@ -100,6 +100,9 @@ type ImpersonationProxyTLSSpec struct { // SecretName is the name of a Secret in the same namespace, of type `kubernetes.io/tls`, which contains // the TLS serving certificate for the Concierge impersonation proxy endpoint. // + // If CertificateAuthorityData is not provided, the Concierge impersonation proxy will check this secret for + // a field called "ca.crt", which will be used as the CA bundle to advertise for TLS verification. + // // +kubebuilder:validation:MinLength=1 SecretName string `json:"secretName,omitempty"` } diff --git a/generated/1.30/crds/config.concierge.pinniped.dev_credentialissuers.yaml b/generated/1.30/crds/config.concierge.pinniped.dev_credentialissuers.yaml index 6897b7968..225ce3fed 100644 --- a/generated/1.30/crds/config.concierge.pinniped.dev_credentialissuers.yaml +++ b/generated/1.30/crds/config.concierge.pinniped.dev_credentialissuers.yaml @@ -115,12 +115,16 @@ spec: certificateAuthorityData: description: |- X.509 Certificate Authority (base64-encoded PEM bundle). - Used to advertise the CA bundle for the impersonation proxy endpoint. + Used to advertise the CA bundle for TLS verification. type: string secretName: description: |- SecretName is the name of a Secret in the same namespace, of type `kubernetes.io/tls`, which contains the TLS serving certificate for the Concierge impersonation proxy endpoint. + + + If CertificateAuthorityData is not provided, the Concierge impersonation proxy will check this secret for + a field called "ca.crt", which will be used as the CA bundle to advertise for TLS verification. minLength: 1 type: string type: object diff --git a/generated/1.31/README.adoc b/generated/1.31/README.adoc index ba03e684a..b6371e1fb 100644 --- a/generated/1.31/README.adoc +++ b/generated/1.31/README.adoc @@ -622,11 +622,11 @@ If this field is empty, the impersonation proxy will generate its own TLS certif ==== ImpersonationProxyTLSSpec ImpersonationProxyTLSSpec contains information about how the Concierge impersonation proxy should -serve TLS. +serve TLS and what CA bundle to advertise for TLS verification. If CertificateAuthorityData is not provided, the Concierge impersonation proxy will check the secret -for a field called "ca.crt", which will be used as the CertificateAuthorityData. +for a field called "ca.crt", which will be used as the CA bundle to advertise for TLS verification. If neither CertificateAuthorityData nor ca.crt is provided, no CA bundle will be advertised for @@ -641,9 +641,13 @@ the impersonation proxy endpoint. |=== | Field | Description | *`certificateAuthorityData`* __string__ | X.509 Certificate Authority (base64-encoded PEM bundle). + -Used to advertise the CA bundle for the impersonation proxy endpoint. + +Used to advertise the CA bundle for TLS verification. + | *`secretName`* __string__ | SecretName is the name of a Secret in the same namespace, of type `kubernetes.io/tls`, which contains + the TLS serving certificate for the Concierge impersonation proxy endpoint. + + + +If CertificateAuthorityData is not provided, the Concierge impersonation proxy will check this secret for + +a field called "ca.crt", which will be used as the CA bundle to advertise for TLS verification. + |=== diff --git a/generated/1.31/apis/concierge/config/v1alpha1/types_credentialissuer.go b/generated/1.31/apis/concierge/config/v1alpha1/types_credentialissuer.go index de976f5c1..6b908a90d 100644 --- a/generated/1.31/apis/concierge/config/v1alpha1/types_credentialissuer.go +++ b/generated/1.31/apis/concierge/config/v1alpha1/types_credentialissuer.go @@ -83,16 +83,16 @@ const ( ) // ImpersonationProxyTLSSpec contains information about how the Concierge impersonation proxy should -// serve TLS. +// serve TLS and what CA bundle to advertise for TLS verification. // // If CertificateAuthorityData is not provided, the Concierge impersonation proxy will check the secret -// for a field called "ca.crt", which will be used as the CertificateAuthorityData. +// for a field called "ca.crt", which will be used as the CA bundle to advertise for TLS verification. // // If neither CertificateAuthorityData nor ca.crt is provided, no CA bundle will be advertised for // the impersonation proxy endpoint. type ImpersonationProxyTLSSpec struct { // X.509 Certificate Authority (base64-encoded PEM bundle). - // Used to advertise the CA bundle for the impersonation proxy endpoint. + // Used to advertise the CA bundle for TLS verification. // // +optional CertificateAuthorityData string `json:"certificateAuthorityData,omitempty"` @@ -100,6 +100,9 @@ type ImpersonationProxyTLSSpec struct { // SecretName is the name of a Secret in the same namespace, of type `kubernetes.io/tls`, which contains // the TLS serving certificate for the Concierge impersonation proxy endpoint. // + // If CertificateAuthorityData is not provided, the Concierge impersonation proxy will check this secret for + // a field called "ca.crt", which will be used as the CA bundle to advertise for TLS verification. + // // +kubebuilder:validation:MinLength=1 SecretName string `json:"secretName,omitempty"` } diff --git a/generated/1.31/crds/config.concierge.pinniped.dev_credentialissuers.yaml b/generated/1.31/crds/config.concierge.pinniped.dev_credentialissuers.yaml index 6897b7968..225ce3fed 100644 --- a/generated/1.31/crds/config.concierge.pinniped.dev_credentialissuers.yaml +++ b/generated/1.31/crds/config.concierge.pinniped.dev_credentialissuers.yaml @@ -115,12 +115,16 @@ spec: certificateAuthorityData: description: |- X.509 Certificate Authority (base64-encoded PEM bundle). - Used to advertise the CA bundle for the impersonation proxy endpoint. + Used to advertise the CA bundle for TLS verification. type: string secretName: description: |- SecretName is the name of a Secret in the same namespace, of type `kubernetes.io/tls`, which contains the TLS serving certificate for the Concierge impersonation proxy endpoint. + + + If CertificateAuthorityData is not provided, the Concierge impersonation proxy will check this secret for + a field called "ca.crt", which will be used as the CA bundle to advertise for TLS verification. minLength: 1 type: string type: object diff --git a/generated/latest/README.adoc b/generated/latest/README.adoc index ba03e684a..b6371e1fb 100644 --- a/generated/latest/README.adoc +++ b/generated/latest/README.adoc @@ -622,11 +622,11 @@ If this field is empty, the impersonation proxy will generate its own TLS certif ==== ImpersonationProxyTLSSpec ImpersonationProxyTLSSpec contains information about how the Concierge impersonation proxy should -serve TLS. +serve TLS and what CA bundle to advertise for TLS verification. If CertificateAuthorityData is not provided, the Concierge impersonation proxy will check the secret -for a field called "ca.crt", which will be used as the CertificateAuthorityData. +for a field called "ca.crt", which will be used as the CA bundle to advertise for TLS verification. If neither CertificateAuthorityData nor ca.crt is provided, no CA bundle will be advertised for @@ -641,9 +641,13 @@ the impersonation proxy endpoint. |=== | Field | Description | *`certificateAuthorityData`* __string__ | X.509 Certificate Authority (base64-encoded PEM bundle). + -Used to advertise the CA bundle for the impersonation proxy endpoint. + +Used to advertise the CA bundle for TLS verification. + | *`secretName`* __string__ | SecretName is the name of a Secret in the same namespace, of type `kubernetes.io/tls`, which contains + the TLS serving certificate for the Concierge impersonation proxy endpoint. + + + +If CertificateAuthorityData is not provided, the Concierge impersonation proxy will check this secret for + +a field called "ca.crt", which will be used as the CA bundle to advertise for TLS verification. + |=== diff --git a/generated/latest/apis/concierge/config/v1alpha1/types_credentialissuer.go b/generated/latest/apis/concierge/config/v1alpha1/types_credentialissuer.go index de976f5c1..6b908a90d 100644 --- a/generated/latest/apis/concierge/config/v1alpha1/types_credentialissuer.go +++ b/generated/latest/apis/concierge/config/v1alpha1/types_credentialissuer.go @@ -83,16 +83,16 @@ const ( ) // ImpersonationProxyTLSSpec contains information about how the Concierge impersonation proxy should -// serve TLS. +// serve TLS and what CA bundle to advertise for TLS verification. // // If CertificateAuthorityData is not provided, the Concierge impersonation proxy will check the secret -// for a field called "ca.crt", which will be used as the CertificateAuthorityData. +// for a field called "ca.crt", which will be used as the CA bundle to advertise for TLS verification. // // If neither CertificateAuthorityData nor ca.crt is provided, no CA bundle will be advertised for // the impersonation proxy endpoint. type ImpersonationProxyTLSSpec struct { // X.509 Certificate Authority (base64-encoded PEM bundle). - // Used to advertise the CA bundle for the impersonation proxy endpoint. + // Used to advertise the CA bundle for TLS verification. // // +optional CertificateAuthorityData string `json:"certificateAuthorityData,omitempty"` @@ -100,6 +100,9 @@ type ImpersonationProxyTLSSpec struct { // SecretName is the name of a Secret in the same namespace, of type `kubernetes.io/tls`, which contains // the TLS serving certificate for the Concierge impersonation proxy endpoint. // + // If CertificateAuthorityData is not provided, the Concierge impersonation proxy will check this secret for + // a field called "ca.crt", which will be used as the CA bundle to advertise for TLS verification. + // // +kubebuilder:validation:MinLength=1 SecretName string `json:"secretName,omitempty"` }