sigs.k8s.io/cluster-api-provider-azure@v1.14.3/config/crd/bases/infrastructure.cluster.x-k8s.io_azureclusteridentities.yaml (about) 1 --- 2 apiVersion: apiextensions.k8s.io/v1 3 kind: CustomResourceDefinition 4 metadata: 5 annotations: 6 controller-gen.kubebuilder.io/version: v0.13.0 7 name: azureclusteridentities.infrastructure.cluster.x-k8s.io 8 spec: 9 group: infrastructure.cluster.x-k8s.io 10 names: 11 categories: 12 - cluster-api 13 kind: AzureClusterIdentity 14 listKind: AzureClusterIdentityList 15 plural: azureclusteridentities 16 singular: azureclusteridentity 17 scope: Namespaced 18 versions: 19 - additionalPrinterColumns: 20 - description: Type of AzureClusterIdentity 21 jsonPath: .spec.type 22 name: Type 23 type: string 24 - description: Time duration since creation of this AzureClusterIdentity 25 jsonPath: .metadata.creationTimestamp 26 name: Age 27 type: date 28 name: v1beta1 29 schema: 30 openAPIV3Schema: 31 description: AzureClusterIdentity is the Schema for the azureclustersidentities 32 API. 33 properties: 34 apiVersion: 35 description: 'APIVersion defines the versioned schema of this representation 36 of an object. Servers should convert recognized schemas to the latest 37 internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' 38 type: string 39 kind: 40 description: 'Kind is a string value representing the REST resource this 41 object represents. Servers may infer this from the endpoint the client 42 submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' 43 type: string 44 metadata: 45 type: object 46 spec: 47 description: AzureClusterIdentitySpec defines the parameters that are 48 used to create an AzureIdentity. 49 properties: 50 allowedNamespaces: 51 description: AllowedNamespaces is used to identify the namespaces 52 the clusters are allowed to use the identity from. Namespaces can 53 be selected either using an array of namespaces or with label selector. 54 An empty allowedNamespaces object indicates that AzureClusters can 55 use this identity from any namespace. If this object is nil, no 56 namespaces will be allowed (default behaviour, if this field is 57 not provided) A namespace should be either in the NamespaceList 58 or match with Selector to use the identity. 59 nullable: true 60 properties: 61 list: 62 description: A nil or empty list indicates that AzureCluster cannot 63 use the identity from any namespace. 64 items: 65 type: string 66 nullable: true 67 type: array 68 selector: 69 description: "Selector is a selector of namespaces that AzureCluster 70 can use this Identity from. This is a standard Kubernetes LabelSelector, 71 a label query over a set of resources. The result of matchLabels 72 and matchExpressions are ANDed. \n A nil or empty selector indicates 73 that AzureCluster cannot use this AzureClusterIdentity from 74 any namespace." 75 properties: 76 matchExpressions: 77 description: matchExpressions is a list of label selector 78 requirements. The requirements are ANDed. 79 items: 80 description: A label selector requirement is a selector 81 that contains values, a key, and an operator that relates 82 the key and values. 83 properties: 84 key: 85 description: key is the label key that the selector 86 applies to. 87 type: string 88 operator: 89 description: operator represents a key's relationship 90 to a set of values. Valid operators are In, NotIn, 91 Exists and DoesNotExist. 92 type: string 93 values: 94 description: values is an array of string values. If 95 the operator is In or NotIn, the values array must 96 be non-empty. If the operator is Exists or DoesNotExist, 97 the values array must be empty. This array is replaced 98 during a strategic merge patch. 99 items: 100 type: string 101 type: array 102 required: 103 - key 104 - operator 105 type: object 106 type: array 107 matchLabels: 108 additionalProperties: 109 type: string 110 description: matchLabels is a map of {key,value} pairs. A 111 single {key,value} in the matchLabels map is equivalent 112 to an element of matchExpressions, whose key field is "key", 113 the operator is "In", and the values array contains only 114 "value". The requirements are ANDed. 115 type: object 116 type: object 117 x-kubernetes-map-type: atomic 118 type: object 119 clientID: 120 description: ClientID is the service principal client ID. Both User 121 Assigned MSI and SP can use this field. 122 type: string 123 clientSecret: 124 description: ClientSecret is a secret reference which should contain 125 either a Service Principal password or certificate secret. 126 properties: 127 name: 128 description: name is unique within a namespace to reference a 129 secret resource. 130 type: string 131 namespace: 132 description: namespace defines the space within which the secret 133 name must be unique. 134 type: string 135 type: object 136 x-kubernetes-map-type: atomic 137 resourceID: 138 description: ResourceID is the Azure resource ID for the User Assigned 139 MSI resource. Only applicable when type is UserAssignedMSI. 140 type: string 141 tenantID: 142 description: TenantID is the service principal primary tenant id. 143 type: string 144 type: 145 description: Type is the type of Azure Identity used. ServicePrincipal, 146 ServicePrincipalCertificate, UserAssignedMSI, ManualServicePrincipal 147 or WorkloadIdentity. 148 enum: 149 - ServicePrincipal 150 - UserAssignedMSI 151 - ManualServicePrincipal 152 - ServicePrincipalCertificate 153 - WorkloadIdentity 154 type: string 155 required: 156 - clientID 157 - tenantID 158 - type 159 type: object 160 status: 161 description: AzureClusterIdentityStatus defines the observed state of 162 AzureClusterIdentity. 163 properties: 164 conditions: 165 description: Conditions defines current service state of the AzureClusterIdentity. 166 items: 167 description: Condition defines an observation of a Cluster API resource 168 operational state. 169 properties: 170 lastTransitionTime: 171 description: Last time the condition transitioned from one status 172 to another. This should be when the underlying condition changed. 173 If that is not known, then using the time when the API field 174 changed is acceptable. 175 format: date-time 176 type: string 177 message: 178 description: A human readable message indicating details about 179 the transition. This field may be empty. 180 type: string 181 reason: 182 description: The reason for the condition's last transition 183 in CamelCase. The specific API may choose whether or not this 184 field is considered a guaranteed API. This field may not be 185 empty. 186 type: string 187 severity: 188 description: Severity provides an explicit classification of 189 Reason code, so the users or machines can immediately understand 190 the current situation and act accordingly. The Severity field 191 MUST be set only when Status=False. 192 type: string 193 status: 194 description: Status of the condition, one of True, False, Unknown. 195 type: string 196 type: 197 description: Type of condition in CamelCase or in foo.example.com/CamelCase. 198 Many .condition.type values are consistent across resources 199 like Available, but because arbitrary conditions can be useful 200 (see .node.status.conditions), the ability to deconflict is 201 important. 202 type: string 203 required: 204 - lastTransitionTime 205 - status 206 - type 207 type: object 208 type: array 209 type: object 210 type: object 211 served: true 212 storage: true 213 subresources: 214 status: {}