Address PR feedback, especially to check that the CA bundle is some k…

…ind of valid cert
vmware-tanzu · Aug 3, 2023 · dc61d13 · dc61d13
1 parent 959f18b
commit dc61d13
Show file tree

Hide file tree

Showing 39 changed files with 395 additions and 92 deletions.
diff --git a/apis/concierge/config/v1alpha1/types_credentialissuer.go.tmpl b/apis/concierge/config/v1alpha1/types_credentialissuer.go.tmpl
@@ -82,6 +82,12 @@ const (
 
 // ImpersonationProxyTLSSpec contains information about how the Concierge impersonation proxy should
 // serve TLS.
+//
+// If CertificateAuthorityData is not provided, the Concierge impersonation proxy will check the secret
+// for a field called "ca.crt", which will be used as the CertificateAuthorityData.
+//
+// If neither CertificateAuthorityData nor ca.crt is provided, no CA bundle will be advertised for
+// the impersonation proxy endpoint.
 type ImpersonationProxyTLSSpec struct {
 	// X.509 Certificate Authority (base64-encoded PEM bundle).
 	// Used to advertise the CA bundle for the impersonation proxy endpoint.
@@ -119,6 +125,8 @@ type ImpersonationProxySpec struct {
 
 	// TLS contains information about how the Concierge impersonation proxy should serve TLS.
 	//
+	// If this field is empty, the impersonation proxy will generate its own TLS certificate.
+	//
 	// +optional
 	TLS *ImpersonationProxyTLSSpec `json:"tls,omitempty"`
 }

diff --git a/deploy/concierge/config.concierge.pinniped.dev_credentialissuers.yaml b/deploy/concierge/config.concierge.pinniped.dev_credentialissuers.yaml
@@ -104,8 +104,9 @@ spec:
                         type: string
                     type: object
                   tls:
-                    description: TLS contains information about how the Concierge
-                      impersonation proxy should serve TLS.
+                    description: "TLS contains information about how the Concierge
+                      impersonation proxy should serve TLS. \n If this field is empty,
+                      the impersonation proxy will generate its own TLS certificate."
                     properties:
                       certificateAuthorityData:
                         description: X.509 Certificate Authority (base64-encoded PEM

diff --git a/generated/1.17/README.adoc b/generated/1.17/README.adoc
diff --git a/generated/1.17/apis/concierge/config/v1alpha1/types_credentialissuer.go b/generated/1.17/apis/concierge/config/v1alpha1/types_credentialissuer.go
diff --git a/generated/1.17/crds/config.concierge.pinniped.dev_credentialissuers.yaml b/generated/1.17/crds/config.concierge.pinniped.dev_credentialissuers.yaml
diff --git a/generated/1.18/README.adoc b/generated/1.18/README.adoc
diff --git a/generated/1.18/apis/concierge/config/v1alpha1/types_credentialissuer.go b/generated/1.18/apis/concierge/config/v1alpha1/types_credentialissuer.go
diff --git a/generated/1.18/crds/config.concierge.pinniped.dev_credentialissuers.yaml b/generated/1.18/crds/config.concierge.pinniped.dev_credentialissuers.yaml
diff --git a/generated/1.19/README.adoc b/generated/1.19/README.adoc
diff --git a/generated/1.19/apis/concierge/config/v1alpha1/types_credentialissuer.go b/generated/1.19/apis/concierge/config/v1alpha1/types_credentialissuer.go
diff --git a/generated/1.19/crds/config.concierge.pinniped.dev_credentialissuers.yaml b/generated/1.19/crds/config.concierge.pinniped.dev_credentialissuers.yaml
diff --git a/generated/1.20/README.adoc b/generated/1.20/README.adoc
diff --git a/generated/1.20/apis/concierge/config/v1alpha1/types_credentialissuer.go b/generated/1.20/apis/concierge/config/v1alpha1/types_credentialissuer.go
diff --git a/generated/1.20/crds/config.concierge.pinniped.dev_credentialissuers.yaml b/generated/1.20/crds/config.concierge.pinniped.dev_credentialissuers.yaml
diff --git a/generated/1.21/README.adoc b/generated/1.21/README.adoc
diff --git a/generated/1.21/apis/concierge/config/v1alpha1/types_credentialissuer.go b/generated/1.21/apis/concierge/config/v1alpha1/types_credentialissuer.go
diff --git a/generated/1.21/crds/config.concierge.pinniped.dev_credentialissuers.yaml b/generated/1.21/crds/config.concierge.pinniped.dev_credentialissuers.yaml