summaryrefslogtreecommitdiff
path: root/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_apiserver.crd.yaml
diff options
context:
space:
mode:
Diffstat (limited to 'vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_apiserver.crd.yaml')
-rw-r--r--vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_apiserver.crd.yaml219
1 files changed, 0 insertions, 219 deletions
diff --git a/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_apiserver.crd.yaml b/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_apiserver.crd.yaml
deleted file mode 100644
index 4e1fdac37..000000000
--- a/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_apiserver.crd.yaml
+++ /dev/null
@@ -1,219 +0,0 @@
-apiVersion: apiextensions.k8s.io/v1beta1
-kind: CustomResourceDefinition
-metadata:
- name: apiservers.config.openshift.io
-spec:
- group: config.openshift.io
- scope: Cluster
- preserveUnknownFields: false
- names:
- kind: APIServer
- singular: apiserver
- plural: apiservers
- listKind: APIServerList
- versions:
- - name: v1
- served: true
- storage: true
- subresources:
- status: {}
- "validation":
- "openAPIV3Schema":
- description: APIServer holds configuration (like serving certificates, client
- CA and CORS domains) shared by all API servers in the system, among them especially
- kube-apiserver and openshift-apiserver. The canonical name of an instance
- is 'cluster'.
- type: object
- required:
- - spec
- properties:
- apiVersion:
- description: 'APIVersion defines the versioned schema of this representation
- of an object. Servers should convert recognized schemas to the latest
- internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
- type: string
- kind:
- description: 'Kind is a string value representing the REST resource this
- object represents. Servers may infer this from the endpoint the client
- submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
- type: string
- metadata:
- type: object
- spec:
- type: object
- properties:
- additionalCORSAllowedOrigins:
- description: additionalCORSAllowedOrigins lists additional, user-defined
- regular expressions describing hosts for which the API server allows
- access using the CORS headers. This may be needed to access the API
- and the integrated OAuth server from JavaScript applications. The
- values are regular expressions that correspond to the Golang regular
- expression language.
- type: array
- items:
- type: string
- clientCA:
- description: 'clientCA references a ConfigMap containing a certificate
- bundle for the signers that will be recognized for incoming client
- certificates in addition to the operator managed signers. If this
- is empty, then only operator managed signers are valid. You usually
- only have to set this if you have your own PKI you wish to honor client
- certificates from. The ConfigMap must exist in the openshift-config
- namespace and contain the following required fields: - ConfigMap.Data["ca-bundle.crt"]
- - CA bundle.'
- type: object
- required:
- - name
- properties:
- name:
- description: name is the metadata.name of the referenced config
- map
- type: string
- encryption:
- description: encryption allows the configuration of encryption of resources
- at the datastore layer.
- type: object
- properties:
- type:
- description: "type defines what encryption type should be used to
- encrypt resources at the datastore layer. When this field is unset
- (i.e. when it is set to the empty string), identity is implied.
- The behavior of unset can and will change over time. Even if
- encryption is enabled by default, the meaning of unset may change
- to a different encryption type based on changes in best practices.
- \n When encryption is enabled, all sensitive resources shipped
- with the platform are encrypted. This list of sensitive resources
- can and will change over time. The current authoritative list
- is: \n 1. secrets 2. configmaps 3. routes.route.openshift.io
- \ 4. oauthaccesstokens.oauth.openshift.io 5. oauthauthorizetokens.oauth.openshift.io"
- type: string
- enum:
- - ""
- - identity
- - aescbc
- servingCerts:
- description: servingCert is the TLS cert info for serving secure traffic.
- If not specified, operator managed certificates will be used for serving
- secure traffic.
- type: object
- properties:
- namedCertificates:
- description: namedCertificates references secrets containing the
- TLS cert info for serving secure traffic to specific hostnames.
- If no named certificates are provided, or no named certificates
- match the server name as understood by a client, the defaultServingCertificate
- will be used.
- type: array
- items:
- description: APIServerNamedServingCert maps a server DNS name,
- as understood by a client, to a certificate.
- type: object
- properties:
- names:
- description: names is a optional list of explicit DNS names
- (leading wildcards allowed) that should use this certificate
- to serve secure traffic. If no names are provided, the implicit
- names will be extracted from the certificates. Exact names
- trump over wildcard names. Explicit names defined here trump
- over extracted implicit names.
- type: array
- items:
- type: string
- servingCertificate:
- description: 'servingCertificate references a kubernetes.io/tls
- type secret containing the TLS cert info for serving secure
- traffic. The secret must exist in the openshift-config namespace
- and contain the following required fields: - Secret.Data["tls.key"]
- - TLS private key. - Secret.Data["tls.crt"] - TLS certificate.'
- type: object
- required:
- - name
- properties:
- name:
- description: name is the metadata.name of the referenced
- secret
- type: string
- tlsSecurityProfile:
- description: "tlsSecurityProfile specifies settings for TLS connections
- for externally exposed servers. \n If unset, a default (which may
- change between releases) is chosen. Note that only Old and Intermediate
- profiles are currently supported, and the maximum available MinTLSVersions
- is VersionTLS12."
- type: object
- properties:
- custom:
- description: "custom is a user-defined TLS security profile. Be
- extremely careful using a custom profile as invalid configurations
- can be catastrophic. An example custom profile looks like this:
- \n ciphers: - ECDHE-ECDSA-CHACHA20-POLY1305 - ECDHE-RSA-CHACHA20-POLY1305
- \ - ECDHE-RSA-AES128-GCM-SHA256 - ECDHE-ECDSA-AES128-GCM-SHA256
- \ minTLSVersion: TLSv1.1"
- type: object
- properties:
- ciphers:
- description: "ciphers is used to specify the cipher algorithms
- that are negotiated during the TLS handshake. Operators may
- remove entries their operands do not support. For example,
- to use DES-CBC3-SHA (yaml): \n ciphers: - DES-CBC3-SHA"
- type: array
- items:
- type: string
- minTLSVersion:
- description: "minTLSVersion is used to specify the minimal version
- of the TLS protocol that is negotiated during the TLS handshake.
- For example, to use TLS versions 1.1, 1.2 and 1.3 (yaml):
- \n minTLSVersion: TLSv1.1 \n NOTE: currently the highest
- minTLSVersion allowed is VersionTLS12"
- type: string
- nullable: true
- intermediate:
- description: "intermediate is a TLS security profile based on: \n
- https://wiki.mozilla.org/Security/Server_Side_TLS#Intermediate_compatibility_.28recommended.29
- \n and looks like this (yaml): \n ciphers: - TLS_AES_128_GCM_SHA256
- \ - TLS_AES_256_GCM_SHA384 - TLS_CHACHA20_POLY1305_SHA256
- \ - ECDHE-ECDSA-AES128-GCM-SHA256 - ECDHE-RSA-AES128-GCM-SHA256
- \ - ECDHE-ECDSA-AES256-GCM-SHA384 - ECDHE-RSA-AES256-GCM-SHA384
- \ - ECDHE-ECDSA-CHACHA20-POLY1305 - ECDHE-RSA-CHACHA20-POLY1305
- \ - DHE-RSA-AES128-GCM-SHA256 - DHE-RSA-AES256-GCM-SHA384
- \ minTLSVersion: TLSv1.2"
- type: object
- nullable: true
- modern:
- description: "modern is a TLS security profile based on: \n https://wiki.mozilla.org/Security/Server_Side_TLS#Modern_compatibility
- \n and looks like this (yaml): \n ciphers: - TLS_AES_128_GCM_SHA256
- \ - TLS_AES_256_GCM_SHA384 - TLS_CHACHA20_POLY1305_SHA256
- \ minTLSVersion: TLSv1.3 \n NOTE: Currently unsupported."
- type: object
- nullable: true
- old:
- description: "old is a TLS security profile based on: \n https://wiki.mozilla.org/Security/Server_Side_TLS#Old_backward_compatibility
- \n and looks like this (yaml): \n ciphers: - TLS_AES_128_GCM_SHA256
- \ - TLS_AES_256_GCM_SHA384 - TLS_CHACHA20_POLY1305_SHA256
- \ - ECDHE-ECDSA-AES128-GCM-SHA256 - ECDHE-RSA-AES128-GCM-SHA256
- \ - ECDHE-ECDSA-AES256-GCM-SHA384 - ECDHE-RSA-AES256-GCM-SHA384
- \ - ECDHE-ECDSA-CHACHA20-POLY1305 - ECDHE-RSA-CHACHA20-POLY1305
- \ - DHE-RSA-AES128-GCM-SHA256 - DHE-RSA-AES256-GCM-SHA384
- \ - DHE-RSA-CHACHA20-POLY1305 - ECDHE-ECDSA-AES128-SHA256
- \ - ECDHE-RSA-AES128-SHA256 - ECDHE-ECDSA-AES128-SHA -
- ECDHE-RSA-AES128-SHA - ECDHE-ECDSA-AES256-SHA384 - ECDHE-RSA-AES256-SHA384
- \ - ECDHE-ECDSA-AES256-SHA - ECDHE-RSA-AES256-SHA -
- DHE-RSA-AES128-SHA256 - DHE-RSA-AES256-SHA256 - AES128-GCM-SHA256
- \ - AES256-GCM-SHA384 - AES128-SHA256 - AES256-SHA256
- \ - AES128-SHA - AES256-SHA - DES-CBC3-SHA minTLSVersion:
- TLSv1.0"
- type: object
- nullable: true
- type:
- description: "type is one of Old, Intermediate, Modern or Custom.
- Custom provides the ability to specify individual TLS security
- profile parameters. Old, Intermediate and Modern are TLS security
- profiles based on: \n https://wiki.mozilla.org/Security/Server_Side_TLS#Recommended_configurations
- \n The profiles are intent based, so they may change over time
- as new ciphers are developed and existing ciphers are found to
- be insecure. Depending on precisely which ciphers are available
- to a process, the list may be reduced. \n Note that the Modern
- profile is currently not supported because it is not yet well
- adopted by common software libraries."
- type: string
- status:
- type: object
generated by cgit v1.2.3-54-g00ecf (git 2.39.0) at 2024-10-19 11:52:06 +0000