github.com/Azure/aad-pod-identity@v1.8.17/charts/aad-pod-identity/crds/crd.yaml (about) 1 apiVersion: apiextensions.k8s.io/v1 2 kind: CustomResourceDefinition 3 metadata: 4 annotations: 5 api-approved.kubernetes.io: unapproved 6 controller-gen.kubebuilder.io/version: v0.5.0 7 name: azureassignedidentities.aadpodidentity.k8s.io 8 labels: 9 app.kubernetes.io/name: aad-pod-identity 10 app.kubernetes.io/instance: aad-pod-identity 11 app.kubernetes.io/managed-by: Helm 12 helm.sh/chart: aad-pod-identity 13 spec: 14 group: aadpodidentity.k8s.io 15 names: 16 kind: AzureAssignedIdentity 17 listKind: AzureAssignedIdentityList 18 plural: azureassignedidentities 19 singular: azureassignedidentity 20 scope: Namespaced 21 versions: 22 - name: v1 23 schema: 24 openAPIV3Schema: 25 description: AzureAssignedIdentity contains the identity <-> pod mapping which is matched. 26 properties: 27 apiVersion: 28 description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' 29 type: string 30 kind: 31 description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' 32 type: string 33 metadata: 34 type: object 35 spec: 36 description: AzureAssignedIdentitySpec contains the relationship between an AzureIdentity and an AzureIdentityBinding. 37 properties: 38 azureBindingRef: 39 description: AzureBindingRef is an embedded resource referencing the AzureIdentityBinding used by the AzureAssignedIdentity, which requires x-kubernetes-embedded-resource fields to be true 40 properties: 41 apiVersion: 42 description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' 43 type: string 44 kind: 45 description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' 46 type: string 47 metadata: 48 type: object 49 spec: 50 description: AzureIdentityBindingSpec matches the pod with the Identity. Used to indicate the potential matches to look for between the pod/deployment and the identities present. 51 properties: 52 azureIdentity: 53 type: string 54 metadata: 55 type: object 56 selector: 57 type: string 58 weight: 59 description: Weight is used to figure out which of the matching identities would be selected. 60 type: integer 61 type: object 62 status: 63 description: AzureIdentityBindingStatus contains the status of an AzureIdentityBinding. 64 properties: 65 availableReplicas: 66 format: int32 67 type: integer 68 metadata: 69 type: object 70 type: object 71 type: object 72 x-kubernetes-embedded-resource: true 73 azureIdentityRef: 74 description: AzureIdentityRef is an embedded resource referencing the AzureIdentity used by the AzureAssignedIdentity, which requires x-kubernetes-embedded-resource fields to be true 75 properties: 76 apiVersion: 77 description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' 78 type: string 79 kind: 80 description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' 81 type: string 82 metadata: 83 type: object 84 spec: 85 description: AzureIdentitySpec describes the credential specifications of an identity on Azure. 86 properties: 87 adEndpoint: 88 type: string 89 adResourceID: 90 description: For service principal. Option param for specifying the AD details. 91 type: string 92 auxiliaryTenantIDs: 93 description: Service principal auxiliary tenant ids 94 items: 95 type: string 96 nullable: true 97 type: array 98 clientID: 99 description: Both User Assigned MSI and SP can use this field. 100 type: string 101 clientPassword: 102 description: Used for service principal 103 properties: 104 name: 105 description: Name is unique within a namespace to reference a secret resource. 106 type: string 107 namespace: 108 description: Namespace defines the space within which the secret name must be unique. 109 type: string 110 type: object 111 metadata: 112 type: object 113 replicas: 114 format: int32 115 nullable: true 116 type: integer 117 resourceID: 118 description: User assigned MSI resource id. 119 type: string 120 tenantID: 121 description: Service principal primary tenant id. 122 type: string 123 type: 124 description: UserAssignedMSI or Service Principal 125 type: integer 126 type: object 127 status: 128 description: AzureIdentityStatus contains the replica status of the resource. 129 properties: 130 availableReplicas: 131 format: int32 132 type: integer 133 metadata: 134 type: object 135 type: object 136 type: object 137 x-kubernetes-embedded-resource: true 138 metadata: 139 type: object 140 nodename: 141 type: string 142 pod: 143 type: string 144 podNamespace: 145 type: string 146 replicas: 147 format: int32 148 nullable: true 149 type: integer 150 type: object 151 status: 152 description: AzureAssignedIdentityStatus contains the replica status of the resource. 153 properties: 154 availableReplicas: 155 format: int32 156 type: integer 157 metadata: 158 type: object 159 status: 160 type: string 161 type: object 162 type: object 163 served: true 164 storage: true 165 status: 166 acceptedNames: 167 kind: "" 168 plural: "" 169 conditions: [] 170 storedVersions: [] 171 --- 172 apiVersion: apiextensions.k8s.io/v1 173 kind: CustomResourceDefinition 174 metadata: 175 annotations: 176 api-approved.kubernetes.io: unapproved 177 controller-gen.kubebuilder.io/version: v0.5.0 178 name: azureidentities.aadpodidentity.k8s.io 179 labels: 180 app.kubernetes.io/name: aad-pod-identity 181 app.kubernetes.io/instance: aad-pod-identity 182 app.kubernetes.io/managed-by: Helm 183 helm.sh/chart: aad-pod-identity 184 spec: 185 group: aadpodidentity.k8s.io 186 names: 187 kind: AzureIdentity 188 listKind: AzureIdentityList 189 plural: azureidentities 190 singular: azureidentity 191 scope: Namespaced 192 versions: 193 - additionalPrinterColumns: 194 - jsonPath: .spec.type 195 name: Type 196 type: string 197 - jsonPath: .spec.clientID 198 name: ClientID 199 type: string 200 - description: CreationTimestamp is a timestamp representing the server time when this object was created. It is not guaranteed to be set in happens-before order across separate operations. Clients may not set this value. It is represented in RFC3339 form and is in UTC. 201 jsonPath: .metadata.creationTimestamp 202 name: Age 203 type: date 204 name: v1 205 schema: 206 openAPIV3Schema: 207 description: AzureIdentity is the specification of the identity data structure. 208 properties: 209 apiVersion: 210 description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' 211 type: string 212 kind: 213 description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' 214 type: string 215 metadata: 216 type: object 217 spec: 218 description: AzureIdentitySpec describes the credential specifications of an identity on Azure. 219 properties: 220 adEndpoint: 221 type: string 222 adResourceID: 223 description: For service principal. Option param for specifying the AD details. 224 type: string 225 auxiliaryTenantIDs: 226 description: Service principal auxiliary tenant ids 227 items: 228 type: string 229 nullable: true 230 type: array 231 clientID: 232 description: Both User Assigned MSI and SP can use this field. 233 type: string 234 clientPassword: 235 description: Used for service principal 236 properties: 237 name: 238 description: Name is unique within a namespace to reference a secret resource. 239 type: string 240 namespace: 241 description: Namespace defines the space within which the secret name must be unique. 242 type: string 243 type: object 244 metadata: 245 type: object 246 replicas: 247 format: int32 248 nullable: true 249 type: integer 250 resourceID: 251 description: User assigned MSI resource id. 252 type: string 253 tenantID: 254 description: Service principal primary tenant id. 255 type: string 256 type: 257 description: UserAssignedMSI or Service Principal 258 type: integer 259 type: object 260 status: 261 description: AzureIdentityStatus contains the replica status of the resource. 262 properties: 263 availableReplicas: 264 format: int32 265 type: integer 266 metadata: 267 type: object 268 type: object 269 type: object 270 served: true 271 storage: true 272 subresources: {} 273 status: 274 acceptedNames: 275 kind: "" 276 plural: "" 277 conditions: [] 278 storedVersions: [] 279 --- 280 apiVersion: apiextensions.k8s.io/v1 281 kind: CustomResourceDefinition 282 metadata: 283 annotations: 284 api-approved.kubernetes.io: unapproved 285 controller-gen.kubebuilder.io/version: v0.5.0 286 name: azureidentitybindings.aadpodidentity.k8s.io 287 labels: 288 app.kubernetes.io/name: aad-pod-identity 289 app.kubernetes.io/instance: aad-pod-identity 290 app.kubernetes.io/managed-by: Helm 291 helm.sh/chart: aad-pod-identity 292 spec: 293 group: aadpodidentity.k8s.io 294 names: 295 kind: AzureIdentityBinding 296 listKind: AzureIdentityBindingList 297 plural: azureidentitybindings 298 singular: azureidentitybinding 299 scope: Namespaced 300 versions: 301 - additionalPrinterColumns: 302 - jsonPath: .spec.azureIdentity 303 name: AzureIdentity 304 type: string 305 - jsonPath: .spec.selector 306 name: Selector 307 type: string 308 - description: CreationTimestamp is a timestamp representing the server time when this object was created. It is not guaranteed to be set in happens-before order across separate operations. Clients may not set this value. It is represented in RFC3339 form and is in UTC. 309 jsonPath: .metadata.creationTimestamp 310 name: Age 311 type: date 312 name: v1 313 schema: 314 openAPIV3Schema: 315 description: AzureIdentityBinding brings together the spec of matching pods and the identity which they can use. 316 properties: 317 apiVersion: 318 description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' 319 type: string 320 kind: 321 description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' 322 type: string 323 metadata: 324 type: object 325 spec: 326 description: AzureIdentityBindingSpec matches the pod with the Identity. Used to indicate the potential matches to look for between the pod/deployment and the identities present. 327 properties: 328 azureIdentity: 329 type: string 330 metadata: 331 type: object 332 selector: 333 type: string 334 weight: 335 description: Weight is used to figure out which of the matching identities would be selected. 336 type: integer 337 type: object 338 status: 339 description: AzureIdentityBindingStatus contains the status of an AzureIdentityBinding. 340 properties: 341 availableReplicas: 342 format: int32 343 type: integer 344 metadata: 345 type: object 346 type: object 347 type: object 348 served: true 349 storage: true 350 subresources: {} 351 status: 352 acceptedNames: 353 kind: "" 354 plural: "" 355 conditions: [] 356 storedVersions: [] 357 --- 358 apiVersion: apiextensions.k8s.io/v1 359 kind: CustomResourceDefinition 360 metadata: 361 annotations: 362 api-approved.kubernetes.io: unapproved 363 controller-gen.kubebuilder.io/version: v0.5.0 364 name: azurepodidentityexceptions.aadpodidentity.k8s.io 365 labels: 366 app.kubernetes.io/name: aad-pod-identity 367 app.kubernetes.io/instance: aad-pod-identity 368 app.kubernetes.io/managed-by: Helm 369 helm.sh/chart: aad-pod-identity 370 spec: 371 group: aadpodidentity.k8s.io 372 names: 373 kind: AzurePodIdentityException 374 listKind: AzurePodIdentityExceptionList 375 plural: azurepodidentityexceptions 376 singular: azurepodidentityexception 377 scope: Namespaced 378 versions: 379 - name: v1 380 schema: 381 openAPIV3Schema: 382 description: AzurePodIdentityException contains the pod selectors for all pods that don't require NMI to process and request token on their behalf. 383 properties: 384 apiVersion: 385 description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' 386 type: string 387 kind: 388 description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' 389 type: string 390 metadata: 391 type: object 392 spec: 393 description: AzurePodIdentityExceptionSpec matches pods with the selector defined. If request originates from a pod that matches the selector, nmi will proxy the request and send response back without any validation. 394 properties: 395 metadata: 396 type: object 397 podLabels: 398 additionalProperties: 399 type: string 400 type: object 401 type: object 402 status: 403 description: AzurePodIdentityExceptionStatus contains the status of an AzurePodIdentityException. 404 properties: 405 metadata: 406 type: object 407 status: 408 type: string 409 type: object 410 type: object 411 served: true 412 storage: true 413 status: 414 acceptedNames: 415 kind: "" 416 plural: "" 417 conditions: [] 418 storedVersions: []