andata
/
rancher-partner-charts
mirror of https://git.rancher.io/partner-charts
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
rancher-partner-charts/charts/intel/tcs-issuer/crds/quoteattestations.tcs.intel...

229 lines
10 KiB
YAML
Raw Normal View History

Charts CI ``` Updated: argo/argo-cd: - 5.26.1 bitnami/kafka: - 21.4.0 bitnami/postgresql: - 12.2.3 bitnami/redis: - 17.8.5 bitnami/tomcat: - 10.5.19 bitnami/wordpress: - 15.2.54 datadog/datadog: - 3.19.2 gopaddle/gopaddle: - 4.2.6 haproxy/haproxy: - 1.29.2 intel/tcs-issuer: - 0.5.0 jaeger/jaeger-operator: - 2.41.0 jenkins/jenkins: - 4.3.8 jfrog/artifactory-ha: - 107.55.7 jfrog/artifactory-jcr: - 107.55.7 kubecost/cost-analyzer: - 1.101.2 percona/psmdb-db: - 1.14.0 percona/psmdb-operator: - 1.14.0 redpanda/redpanda: - 3.0.3 sysdig/sysdig: - 1.15.79 ```
2023-03-14 21:10:14 +00:00
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.10.0
creationTimestamp: null
name: quoteattestations.tcs.intel.com
spec:
group: tcs.intel.com
names:
kind: QuoteAttestation
listKind: QuoteAttestationList
plural: quoteattestations
singular: quoteattestation
scope: Namespaced
versions:
- name: v1alpha1
schema:
openAPIV3Schema:
description: QuoteAttestation is the Schema for the quoteattestations API
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this
object represents. Servers may infer this from the endpoint the client
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
metadata:
type: object
spec:
description: QuoteAttestationSpec defines the desired state of QuoteAttestation
properties:
publicKey:
description: PublicKey for encrypting the secret, hash is part of
the quote data, base-64 encoded.
format: byte
type: string
quote:
description: Quote to be verified, base64-encoded.
format: byte
type: string
quoteVersion:
description: QuoteVersion used to for generated quote, default is
ECDSA quote "3"
type: string
secretName:
description: SecretName is name of the Secret object (in the same
namespace) to keep the wrapped on secrets (only needed for KeyProvisioning
request type) which is an opaque type. The secret data must contain
two map elements `tls.key` and `tls.cert` and the values are the
base64 encoded encrypted CA key and base64 encoded x509(PEM encoded)
certificate. This must be added only after a successful quote validation
and before updating the status condition.
type: string
serviceId:
description: ServiceID holds the unique identifier(name?) that represents
service which is requesting for the secret. To be decided whether
this should be SPIFFE trust domain!
type: string
signerName:
description: SignerName refers to the Kubernetes CSR signer name used
by this request.
type: string
type:
description: Type represents the type of the request, one of "QuoteAttestation",
"KeyProvisioning".
enum:
- QuoteAttestation
- KeyProvisioning
type: string
required:
- publicKey
- quote
- serviceId
- signerName
- type
type: object
status:
description: QuoteAttestationStatus defines the observed state of QuoteAttestation
properties:
conditions:
description: conditions applied to the request. Known conditions are
"QuoteVerified", "CASecretsReady" and "Ready".
items:
description: QuoteAttestationCondition describes a condition of
a QuoteAttestation object
properties:
lastUpdateTime:
description: lastUpdateTime is the time of the last update to
this condition
format: date-time
type: string
message:
description: message contains a human readable message with
details about the request state
type: string
reason:
description: Reason indicates current request state
type: string
status:
description: Status indicates the status of a condition (true,
false, or unknown).
type: string
type:
description: type of the condition. One of QuoteVerified, CASecretReady
and Ready
type: string
type: object
type: array
type: object
type: object
served: true
storage: false
subresources:
status: {}
- name: v1alpha2
schema:
openAPIV3Schema:
description: QuoteAttestation is the Schema for the quote attestation API
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this
object represents. Servers may infer this from the endpoint the client
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
metadata:
type: object
spec:
description: QuoteAttestationSpec defines the desired state of QuoteAttestation
properties:
nonce:
description: Nonce base64-encoded nonce used for generating the SGX
Quote. This is required for verifying the provided SGX quote by
the key server(s).
format: byte
type: string
publicKey:
description: PublicKey for encrypting the secret, hash is part of
the quote data, base-64 encoded.
format: byte
type: string
quote:
description: Quote to be verified, base64-encoded.
format: byte
type: string
quoteVersion:
description: QuoteVersion used to for generated quote, default is
ECDSA quote "3"
type: string
secretName:
description: SecretName is name of the Secret object (in the same
namespace) to keep the wrapped on secrets (only needed for KeyProvisioning
request type) which is an opaque type. The secret data must contain
two map elements `tls.key` and `tls.cert` and the values are the
base64 encoded encrypted CA key and base64 encoded x509(PEM encoded)
certificate. This must be added only after a successful quote validation
and before updating the status condition.
type: string
serviceId:
description: ServiceID holds the unique identifier(name?) that represents
service which is requesting for the secret. To be decided whether
this should be SPIFFE trust domain!
type: string
signerName:
description: SignerName refers to the Kubernetes CSR signer name used
by this request.
type: string
type:
description: Type represents the type of the request, one of "QuoteAttestation",
"KeyProvisioning".
enum:
- QuoteAttestation
- KeyProvisioning
type: string
required:
- publicKey
- quote
- serviceId
- signerName
- type
type: object
status:
description: QuoteAttestationStatus defines the observed state of QuoteAttestation
properties:
conditions:
description: conditions applied to the request. Known conditions are
"QuoteVerified", "CASecretsReady" and "Ready".
items:
description: QuoteAttestationCondition describes a condition of
a QuoteAttestation object
properties:
lastUpdateTime:
description: lastUpdateTime is the time of the last update to
this condition
format: date-time
type: string
message:
description: message contains a human readable message with
details about the request state
type: string
reason:
description: Reason indicates current request state
type: string
status:
description: Status indicates the status of a condition (true,
false, or unknown).
type: string
type:
description: type of the condition. One of QuoteVerified, CASecretReady
and Ready
type: string
type: object
type: array
type: object
type: object
served: true
storage: true
subresources:
status: {}