diff --git a/old/01-crd.yaml b/old/01-crd.yaml deleted file mode 100644 --- a/old/01-crd.yaml +++ /dev/null @@ -1,259 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.9.0 - creationTimestamp: null - labels: - app.kubernetes.io/name: pomerium - name: pomerium.ingress.pomerium.io -spec: - group: ingress.pomerium.io - names: - kind: Pomerium - listKind: PomeriumList - plural: pomerium - singular: pomerium - scope: Cluster - versions: - - name: v1 - schema: - openAPIV3Schema: - description: Pomerium define runtime-configurable Pomerium settings that do - not fall into the category of deployment parameters - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: PomeriumSpec defines the desired state of Settings - properties: - authenticate: - description: Authenticate sets authenticate service parameters - properties: - callbackPath: - description: CallbackPath see https://www.pomerium.com/reference/#authenticate-callback-path - type: string - url: - description: AuthenticateURL should be publicly accessible URL - the non-authenticated persons would be referred to see https://www.pomerium.com/reference/#authenticate-service-url - format: uri - pattern: ^https:// - type: string - required: - - url - type: object - certificates: - description: Certificates is a list of secrets of type TLS to use - items: - type: string - type: array - identityProvider: - description: IdentityProvider see https://www.pomerium.com/docs/identity-providers/ - properties: - provider: - description: Provider one of accepted providers - see https://www.pomerium.com/reference/#identity-provider-name. - enum: - - auth0 - - azure - - google - - okta - - onelogin - - oidc - - ping - - github - type: string - refreshDirectory: - description: RefreshDirectory defines IdP directory refresh options - properties: - interval: - description: interval is the time that pomerium will sync - your IDP directory. - format: duration - type: string - timeout: - description: timeout is the maximum time allowed each run. - format: duration - type: string - required: - - interval - - timeout - type: object - requestParams: - additionalProperties: - type: string - description: RequestParams see https://www.pomerium.com/reference/#identity-provider-request-params - type: object - requestParamsSecret: - description: RequestParamsSecret is a reference to a secret for - additional parameters you'd prefer not to provide in plaintext. - type: string - scopes: - description: Scopes see https://www.pomerium.com/reference/#identity-provider-scopes. - items: - type: string - type: array - secret: - description: Secret containing IdP provider specific parameters - and must contain at least client_id and client_secret values, - an optional `service_account` field, mapped to https://www.pomerium.com/reference/#identity-provider-service-account - minLength: 1 - type: string - serviceAccountFromSecret: - description: ServiceAccountFromSecret is a convenience way to - build a value for `idp_service_account` from secret map values, - see https://www.pomerium.com/docs/identity-providers/ - type: string - url: - description: URL is identity provider url, see https://www.pomerium.com/reference/#identity-provider-url. - format: uri - pattern: ^https:// - type: string - required: - - provider - - secret - type: object - secrets: - description: Secrets references a Secret that must have the following - keys - shared_secret - cookie_secret - signing_key - minLength: 1 - type: string - storage: - description: Storage defines persistent storage for sessions and other - data it will use in-memory if none specified see https://www.pomerium.com/docs/topics/data-storage - properties: - postgres: - description: Postgres specifies PostgreSQL database connection - parameters - properties: - caSecret: - description: CASecret should refer to a k8s secret with key - `ca.crt` containing CA certificate that, if specified, would - be used to populate `sslrootcert` parameter of the connection - string - minLength: 1 - type: string - secret: - description: Secret specifies a name of a Secret that must - contain `connection` key for the connection DSN format and - parameters, see https://www.postgresql.org/docs/current/libpq-connect.html#LIBPQ-CONNSTRING - the following keywords are not allowed to be part of the - parameters, as they must be populated via `tlsCecret` and - `caSecret` fields - minLength: 1 - type: string - tlsSecret: - description: TLSSecret should refer to a k8s secret of type - `kubernetes.io/tls` and allows to specify an optional client - certificate and key, by constructing `sslcert` and `sslkey` - connection string parameter values see https://www.postgresql.org/docs/current/libpq-connect.html#LIBPQ-PARAMKEYWORDS - minLength: 1 - type: string - required: - - secret - type: object - redis: - description: Redis defines REDIS connection parameters - properties: - caSecret: - description: CASecret should refer to a k8s secret with key - `ca.crt` that must be a PEM-encoded certificate authority - to use when connecting to the databroker storage engine - see https://www.pomerium.com/docs/reference/data-broker-storage-certificate-authority - type: string - secret: - description: Secret specifies a name of a Secret that must - contain `connection` key. see https://www.pomerium.com/docs/reference/data-broker-storage-connection-string - minLength: 1 - type: string - tlsSecret: - description: TLSSecret should refer to a k8s secret of type - `kubernetes.io/tls` and allows to specify an optional databroker - storage client certificate and key, see - https://www.pomerium.com/docs/reference/data-broker-storage-certificate-file - - https://www.pomerium.com/docs/reference/data-broker-storage-certificate-key-file - minLength: 1 - type: string - tlsSkipVerify: - description: TLSSkipVerify disables TLS certificate chain - validation see https://www.pomerium.com/docs/reference/data-broker-storage-tls-skip-verify - type: boolean - required: - - secret - type: object - type: object - required: - - authenticate - - identityProvider - - secrets - type: object - status: - description: PomeriumStatus defines the observed state of Settings - properties: - ingress: - additionalProperties: - description: ResourceStatus represents the outcome of the latest - attempt to reconcile it with Pomerium. - properties: - error: - description: Error that prevented latest observedGeneration - to be synchronized with Pomerium. - type: string - observedAt: - description: ObservedAt is when last reconciliation attempt - was made. - format: date-time - type: string - observedGeneration: - description: ObservedGeneration represents the .metadata.generation - that was last presented to Pomerium. - format: int64 - type: integer - reconciled: - description: Reconciled is whether this object generation was - successfully synced with pomerium. - type: boolean - required: - - reconciled - type: object - description: Routes provide per-Ingress status. - type: object - settingsStatus: - description: settingsStatus represent most recent main configuration - reconciliation status. - properties: - error: - description: Error that prevented latest observedGeneration to - be synchronized with Pomerium. - type: string - observedAt: - description: ObservedAt is when last reconciliation attempt was - made. - format: date-time - type: string - observedGeneration: - description: ObservedGeneration represents the .metadata.generation - that was last presented to Pomerium. - format: int64 - type: integer - reconciled: - description: Reconciled is whether this object generation was - successfully synced with pomerium. - type: boolean - required: - - reconciled - type: object - type: object - type: object - served: true - storage: true - subresources: - status: {} \ No newline at end of file