1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
|
package v1
import metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
// +genclient
// +genclient:nonNamespaced
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
// Console holds cluster-wide configuration for the web console, including the
// logout URL, and reports the public URL of the console. The canonical name is
// `cluster`.
type Console struct {
metav1.TypeMeta `json:",inline"`
metav1.ObjectMeta `json:"metadata,omitempty"`
// spec holds user settable values for configuration
// +kubebuilder:validation:Required
// +required
Spec ConsoleSpec `json:"spec"`
// status holds observed values from the cluster. They may not be overridden.
// +optional
Status ConsoleStatus `json:"status"`
}
// ConsoleSpec is the specification of the desired behavior of the Console.
type ConsoleSpec struct {
// +optional
Authentication ConsoleAuthentication `json:"authentication"`
}
// ConsoleStatus defines the observed status of the Console.
type ConsoleStatus struct {
// The URL for the console. This will be derived from the host for the route that
// is created for the console.
ConsoleURL string `json:"consoleURL"`
}
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
type ConsoleList struct {
metav1.TypeMeta `json:",inline"`
metav1.ListMeta `json:"metadata"`
Items []Console `json:"items"`
}
// ConsoleAuthentication defines a list of optional configuration for console authentication.
type ConsoleAuthentication struct {
// An optional, absolute URL to redirect web browsers to after logging out of
// the console. If not specified, it will redirect to the default login page.
// This is required when using an identity provider that supports single
// sign-on (SSO) such as:
// - OpenID (Keycloak, Azure)
// - RequestHeader (GSSAPI, SSPI, SAML)
// - OAuth (GitHub, GitLab, Google)
// Logging out of the console will destroy the user's token. The logoutRedirect
// provides the user the option to perform single logout (SLO) through the identity
// provider to destroy their single sign-on session.
// +optional
// +kubebuilder:validation:Pattern=`^$|^((https):\/\/?)[^\s()<>]+(?:\([\w\d]+\)|([^[:punct:]\s]|\/?))$`
LogoutRedirect string `json:"logoutRedirect,omitempty"`
}
|
