github.com/Azure/aad-pod-identity@v1.8.17/config/crd/aadpodidentity.k8s.io.yaml (about) 1 apiVersion: apiextensions.k8s.io/v1 2 kind: CustomResourceDefinition 3 metadata: 4 annotations: 5 api-approved.kubernetes.io: unapproved 6 controller-gen.kubebuilder.io/version: v0.5.0 7 name: azureassignedidentities.aadpodidentity.k8s.io 8 spec: 9 group: aadpodidentity.k8s.io 10 names: 11 kind: AzureAssignedIdentity 12 listKind: AzureAssignedIdentityList 13 plural: azureassignedidentities 14 singular: azureassignedidentity 15 scope: Namespaced 16 versions: 17 - name: v1 18 schema: 19 openAPIV3Schema: 20 description: AzureAssignedIdentity contains the identity <-> pod mapping which is matched. 21 properties: 22 apiVersion: 23 description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' 24 type: string 25 kind: 26 description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' 27 type: string 28 metadata: 29 type: object 30 spec: 31 description: AzureAssignedIdentitySpec contains the relationship between an AzureIdentity and an AzureIdentityBinding. 32 properties: 33 azureBindingRef: 34 description: AzureBindingRef is an embedded resource referencing the AzureIdentityBinding used by the AzureAssignedIdentity, which requires x-kubernetes-embedded-resource fields to be true 35 properties: 36 apiVersion: 37 description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' 38 type: string 39 kind: 40 description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' 41 type: string 42 metadata: 43 type: object 44 spec: 45 description: AzureIdentityBindingSpec matches the pod with the Identity. Used to indicate the potential matches to look for between the pod/deployment and the identities present. 46 properties: 47 azureIdentity: 48 type: string 49 metadata: 50 type: object 51 selector: 52 type: string 53 weight: 54 description: Weight is used to figure out which of the matching identities would be selected. 55 type: integer 56 type: object 57 status: 58 description: AzureIdentityBindingStatus contains the status of an AzureIdentityBinding. 59 properties: 60 availableReplicas: 61 format: int32 62 type: integer 63 metadata: 64 type: object 65 type: object 66 type: object 67 x-kubernetes-embedded-resource: true 68 azureIdentityRef: 69 description: AzureIdentityRef is an embedded resource referencing the AzureIdentity used by the AzureAssignedIdentity, which requires x-kubernetes-embedded-resource fields to be true 70 properties: 71 apiVersion: 72 description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' 73 type: string 74 kind: 75 description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' 76 type: string 77 metadata: 78 type: object 79 spec: 80 description: AzureIdentitySpec describes the credential specifications of an identity on Azure. 81 properties: 82 adEndpoint: 83 type: string 84 adResourceID: 85 description: For service principal. Option param for specifying the AD details. 86 type: string 87 auxiliaryTenantIDs: 88 description: Service principal auxiliary tenant ids 89 items: 90 type: string 91 nullable: true 92 type: array 93 clientID: 94 description: Both User Assigned MSI and SP can use this field. 95 type: string 96 clientPassword: 97 description: Used for service principal 98 properties: 99 name: 100 description: Name is unique within a namespace to reference a secret resource. 101 type: string 102 namespace: 103 description: Namespace defines the space within which the secret name must be unique. 104 type: string 105 type: object 106 metadata: 107 type: object 108 replicas: 109 format: int32 110 nullable: true 111 type: integer 112 resourceID: 113 description: User assigned MSI resource id. 114 type: string 115 tenantID: 116 description: Service principal primary tenant id. 117 type: string 118 type: 119 description: UserAssignedMSI or Service Principal 120 type: integer 121 type: object 122 status: 123 description: AzureIdentityStatus contains the replica status of the resource. 124 properties: 125 availableReplicas: 126 format: int32 127 type: integer 128 metadata: 129 type: object 130 type: object 131 type: object 132 x-kubernetes-embedded-resource: true 133 metadata: 134 type: object 135 nodename: 136 type: string 137 pod: 138 type: string 139 podNamespace: 140 type: string 141 replicas: 142 format: int32 143 nullable: true 144 type: integer 145 type: object 146 status: 147 description: AzureAssignedIdentityStatus contains the replica status of the resource. 148 properties: 149 availableReplicas: 150 format: int32 151 type: integer 152 metadata: 153 type: object 154 status: 155 type: string 156 type: object 157 type: object 158 served: true 159 storage: true 160 status: 161 acceptedNames: 162 kind: "" 163 plural: "" 164 conditions: [] 165 storedVersions: [] 166 --- 167 apiVersion: apiextensions.k8s.io/v1 168 kind: CustomResourceDefinition 169 metadata: 170 annotations: 171 api-approved.kubernetes.io: unapproved 172 controller-gen.kubebuilder.io/version: v0.5.0 173 name: azureidentities.aadpodidentity.k8s.io 174 spec: 175 group: aadpodidentity.k8s.io 176 names: 177 kind: AzureIdentity 178 listKind: AzureIdentityList 179 plural: azureidentities 180 singular: azureidentity 181 scope: Namespaced 182 versions: 183 - additionalPrinterColumns: 184 - jsonPath: .spec.type 185 name: Type 186 type: string 187 - jsonPath: .spec.clientID 188 name: ClientID 189 type: string 190 - description: CreationTimestamp is a timestamp representing the server time when this object was created. It is not guaranteed to be set in happens-before order across separate operations. Clients may not set this value. It is represented in RFC3339 form and is in UTC. 191 jsonPath: .metadata.creationTimestamp 192 name: Age 193 type: date 194 name: v1 195 schema: 196 openAPIV3Schema: 197 description: AzureIdentity is the specification of the identity data structure. 198 properties: 199 apiVersion: 200 description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' 201 type: string 202 kind: 203 description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' 204 type: string 205 metadata: 206 type: object 207 spec: 208 description: AzureIdentitySpec describes the credential specifications of an identity on Azure. 209 properties: 210 adEndpoint: 211 type: string 212 adResourceID: 213 description: For service principal. Option param for specifying the AD details. 214 type: string 215 auxiliaryTenantIDs: 216 description: Service principal auxiliary tenant ids 217 items: 218 type: string 219 nullable: true 220 type: array 221 clientID: 222 description: Both User Assigned MSI and SP can use this field. 223 type: string 224 clientPassword: 225 description: Used for service principal 226 properties: 227 name: 228 description: Name is unique within a namespace to reference a secret resource. 229 type: string 230 namespace: 231 description: Namespace defines the space within which the secret name must be unique. 232 type: string 233 type: object 234 metadata: 235 type: object 236 replicas: 237 format: int32 238 nullable: true 239 type: integer 240 resourceID: 241 description: User assigned MSI resource id. 242 type: string 243 tenantID: 244 description: Service principal primary tenant id. 245 type: string 246 type: 247 description: UserAssignedMSI or Service Principal 248 type: integer 249 type: object 250 status: 251 description: AzureIdentityStatus contains the replica status of the resource. 252 properties: 253 availableReplicas: 254 format: int32 255 type: integer 256 metadata: 257 type: object 258 type: object 259 type: object 260 served: true 261 storage: true 262 subresources: {} 263 status: 264 acceptedNames: 265 kind: "" 266 plural: "" 267 conditions: [] 268 storedVersions: [] 269 --- 270 apiVersion: apiextensions.k8s.io/v1 271 kind: CustomResourceDefinition 272 metadata: 273 annotations: 274 api-approved.kubernetes.io: unapproved 275 controller-gen.kubebuilder.io/version: v0.5.0 276 name: azureidentitybindings.aadpodidentity.k8s.io 277 spec: 278 group: aadpodidentity.k8s.io 279 names: 280 kind: AzureIdentityBinding 281 listKind: AzureIdentityBindingList 282 plural: azureidentitybindings 283 singular: azureidentitybinding 284 scope: Namespaced 285 versions: 286 - additionalPrinterColumns: 287 - jsonPath: .spec.azureIdentity 288 name: AzureIdentity 289 type: string 290 - jsonPath: .spec.selector 291 name: Selector 292 type: string 293 - description: CreationTimestamp is a timestamp representing the server time when this object was created. It is not guaranteed to be set in happens-before order across separate operations. Clients may not set this value. It is represented in RFC3339 form and is in UTC. 294 jsonPath: .metadata.creationTimestamp 295 name: Age 296 type: date 297 name: v1 298 schema: 299 openAPIV3Schema: 300 description: AzureIdentityBinding brings together the spec of matching pods and the identity which they can use. 301 properties: 302 apiVersion: 303 description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' 304 type: string 305 kind: 306 description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' 307 type: string 308 metadata: 309 type: object 310 spec: 311 description: AzureIdentityBindingSpec matches the pod with the Identity. Used to indicate the potential matches to look for between the pod/deployment and the identities present. 312 properties: 313 azureIdentity: 314 type: string 315 metadata: 316 type: object 317 selector: 318 type: string 319 weight: 320 description: Weight is used to figure out which of the matching identities would be selected. 321 type: integer 322 type: object 323 status: 324 description: AzureIdentityBindingStatus contains the status of an AzureIdentityBinding. 325 properties: 326 availableReplicas: 327 format: int32 328 type: integer 329 metadata: 330 type: object 331 type: object 332 type: object 333 served: true 334 storage: true 335 subresources: {} 336 status: 337 acceptedNames: 338 kind: "" 339 plural: "" 340 conditions: [] 341 storedVersions: [] 342 --- 343 apiVersion: apiextensions.k8s.io/v1 344 kind: CustomResourceDefinition 345 metadata: 346 annotations: 347 api-approved.kubernetes.io: unapproved 348 controller-gen.kubebuilder.io/version: v0.5.0 349 name: azurepodidentityexceptions.aadpodidentity.k8s.io 350 spec: 351 group: aadpodidentity.k8s.io 352 names: 353 kind: AzurePodIdentityException 354 listKind: AzurePodIdentityExceptionList 355 plural: azurepodidentityexceptions 356 singular: azurepodidentityexception 357 scope: Namespaced 358 versions: 359 - name: v1 360 schema: 361 openAPIV3Schema: 362 description: AzurePodIdentityException contains the pod selectors for all pods that don't require NMI to process and request token on their behalf. 363 properties: 364 apiVersion: 365 description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' 366 type: string 367 kind: 368 description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' 369 type: string 370 metadata: 371 type: object 372 spec: 373 description: AzurePodIdentityExceptionSpec matches pods with the selector defined. If request originates from a pod that matches the selector, nmi will proxy the request and send response back without any validation. 374 properties: 375 metadata: 376 type: object 377 podLabels: 378 additionalProperties: 379 type: string 380 type: object 381 type: object 382 status: 383 description: AzurePodIdentityExceptionStatus contains the status of an AzurePodIdentityException. 384 properties: 385 metadata: 386 type: object 387 status: 388 type: string 389 type: object 390 type: object 391 served: true 392 storage: true 393 status: 394 acceptedNames: 395 kind: "" 396 plural: "" 397 conditions: [] 398 storedVersions: []