sa_8001/dsk-devops-toolchains
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

디렉토리 구조 및 각 서비스 추가

Browse Source
This commit is contained in:
dsk-minchulahn
2024-01-03 17:29:11 +09:00
parent 98de2a7627
commit d601d0f259
1632 changed files with 207616 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

168
helm/teleport-cluster/charts/teleport-operator/templates/resources.teleport.dev_githubconnectors.yaml Normal file
View File

@@ -0,0 +1,168 @@
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
creationTimestamp: null
name: teleportgithubconnectors.resources.teleport.dev
spec:
group: resources.teleport.dev
names:
kind: TeleportGithubConnector
listKind: TeleportGithubConnectorList
plural: teleportgithubconnectors
shortNames:
- githubconnector
- githubconnectors
singular: teleportgithubconnector
scope: Namespaced
versions:
- name: v3
schema:
openAPIV3Schema:
description: GithubConnector is the Schema for the githubconnectors API
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this
object represents. Servers may infer this from the endpoint the client
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
metadata:
type: object
spec:
description: GithubConnector resource definition v3 from Teleport
properties:
api_endpoint_url:
description: APIEndpointURL is the URL of the API endpoint of the
Github instance this connector is for.
type: string
client_id:
description: ClientID is the Github OAuth app client ID.
type: string
client_secret:
description: ClientSecret is the Github OAuth app client secret.
type: string
display:
description: Display is the connector display name.
type: string
endpoint_url:
description: EndpointURL is the URL of the GitHub instance this connector
is for.
type: string
redirect_url:
description: RedirectURL is the authorization callback URL.
type: string
teams_to_roles:
description: TeamsToRoles maps Github team memberships onto allowed
roles.
items:
properties:
organization:
description: Organization is a Github organization a user belongs
to.
type: string
roles:
description: Roles is a list of allowed logins for this org/team.
items:
type: string
nullable: true
type: array
team:
description: Team is a team within the organization a user belongs
to.
type: string
type: object
type: array
type: object
status:
description: TeleportGithubConnectorStatus defines the observed state
of TeleportGithubConnector
properties:
conditions:
description: Conditions represent the latest available observations
of an object's state
items:
description: "Condition contains details for one aspect of the current
state of this API Resource. --- This struct is intended for direct
use as an array at the field path .status.conditions. For example,
\n type FooStatus struct{ // Represents the observations of a
foo's current state. // Known .status.conditions.type are: \"Available\",
\"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge
// +listType=map // +listMapKey=type Conditions []metav1.Condition
`json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\"
protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }"
properties:
lastTransitionTime:
description: lastTransitionTime is the last time the condition
transitioned from one status to another. This should be when
the underlying condition changed. If that is not known, then
using the time when the API field changed is acceptable.
format: date-time
type: string
message:
description: message is a human readable message indicating
details about the transition. This may be an empty string.
maxLength: 32768
type: string
observedGeneration:
description: observedGeneration represents the .metadata.generation
that the condition was set based upon. For instance, if .metadata.generation
is currently 12, but the .status.conditions[x].observedGeneration
is 9, the condition is out of date with respect to the current
state of the instance.
format: int64
minimum: 0
type: integer
reason:
description: reason contains a programmatic identifier indicating
the reason for the condition's last transition. Producers
of specific condition types may define expected values and
meanings for this field, and whether the values are considered
a guaranteed API. The value should be a CamelCase string.
This field may not be empty.
maxLength: 1024
minLength: 1
pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
type: string
status:
description: status of the condition, one of True, False, Unknown.
enum:
- "True"
- "False"
- Unknown
type: string
type:
description: type of condition in CamelCase or in foo.example.com/CamelCase.
--- Many .condition.type values are consistent across resources
like Available, but because arbitrary conditions can be useful
(see .node.status.conditions), the ability to deconflict is
important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)
maxLength: 316
pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
type: string
required:
- lastTransitionTime
- message
- reason
- status
- type
type: object
type: array
teleportResourceID:
format: int64
type: integer
type: object
type: object
served: true
storage: true
subresources:
status: {}
status:
acceptedNames:
kind: ""
plural: ""
conditions: null
storedVersions: null

145
helm/teleport-cluster/charts/teleport-operator/templates/resources.teleport.dev_loginrules.yaml Normal file
View File

@@ -0,0 +1,145 @@
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
creationTimestamp: null
name: teleportloginrules.resources.teleport.dev
spec:
group: resources.teleport.dev
names:
kind: TeleportLoginRule
listKind: TeleportLoginRuleList
plural: teleportloginrules
shortNames:
- loginrule
- loginrules
singular: teleportloginrule
scope: Namespaced
versions:
- name: v1
schema:
openAPIV3Schema:
description: LoginRule is the Schema for the loginrules API
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this
object represents. Servers may infer this from the endpoint the client
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
metadata:
type: object
spec:
description: LoginRule resource definition v1 from Teleport
properties:
priority:
description: Priority is the priority of the login rule relative to
other login rules in the same cluster. Login rules with a lower
numbered priority will be evaluated first.
format: int32
type: integer
traits_expression:
description: TraitsExpression is a predicate expression which should
return the desired traits for the user upon login.
type: string
traits_map:
additionalProperties:
items:
type: string
type: array
description: TraitsMap is a map of trait keys to lists of predicate
expressions which should evaluate to the desired values for that
trait.
nullable: true
type: object
type: object
status:
properties:
conditions:
description: Conditions represent the latest available observations
of an object's state
items:
description: "Condition contains details for one aspect of the current
state of this API Resource. --- This struct is intended for direct
use as an array at the field path .status.conditions. For example,
\n type FooStatus struct{ // Represents the observations of a
foo's current state. // Known .status.conditions.type are: \"Available\",
\"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge
// +listType=map // +listMapKey=type Conditions []metav1.Condition
`json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\"
protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }"
properties:
lastTransitionTime:
description: lastTransitionTime is the last time the condition
transitioned from one status to another. This should be when
the underlying condition changed. If that is not known, then
using the time when the API field changed is acceptable.
format: date-time
type: string
message:
description: message is a human readable message indicating
details about the transition. This may be an empty string.
maxLength: 32768
type: string
observedGeneration:
description: observedGeneration represents the .metadata.generation
that the condition was set based upon. For instance, if .metadata.generation
is currently 12, but the .status.conditions[x].observedGeneration
is 9, the condition is out of date with respect to the current
state of the instance.
format: int64
minimum: 0
type: integer
reason:
description: reason contains a programmatic identifier indicating
the reason for the condition's last transition. Producers
of specific condition types may define expected values and
meanings for this field, and whether the values are considered
a guaranteed API. The value should be a CamelCase string.
This field may not be empty.
maxLength: 1024
minLength: 1
pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
type: string
status:
description: status of the condition, one of True, False, Unknown.
enum:
- "True"
- "False"
- Unknown
type: string
type:
description: type of condition in CamelCase or in foo.example.com/CamelCase.
--- Many .condition.type values are consistent across resources
like Available, but because arbitrary conditions can be useful
(see .node.status.conditions), the ability to deconflict is
important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)
maxLength: 316
pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
type: string
required:
- lastTransitionTime
- message
- reason
- status
- type
type: object
type: array
teleportResourceID:
format: int64
type: integer
type: object
type: object
served: true
storage: true
subresources:
status: {}
status:
acceptedNames:
kind: ""
plural: ""
conditions: null
storedVersions: null

213
helm/teleport-cluster/charts/teleport-operator/templates/resources.teleport.dev_oidcconnectors.yaml Normal file
View File

@@ -0,0 +1,213 @@
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
creationTimestamp: null
name: teleportoidcconnectors.resources.teleport.dev
spec:
group: resources.teleport.dev
names:
kind: TeleportOIDCConnector
listKind: TeleportOIDCConnectorList
plural: teleportoidcconnectors
shortNames:
- oidcconnector
- oidcconnectors
singular: teleportoidcconnector
scope: Namespaced
versions:
- name: v3
schema:
openAPIV3Schema:
description: OIDCConnector is the Schema for the oidcconnectors API
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this
object represents. Servers may infer this from the endpoint the client
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
metadata:
type: object
spec:
description: OIDCConnector resource definition v3 from Teleport
properties:
acr_values:
description: ACR is an Authentication Context Class Reference value.
The meaning of the ACR value is context-specific and varies for
identity providers.
type: string
allow_unverified_email:
description: AllowUnverifiedEmail tells the connector to accept OIDC
users with unverified emails.
type: boolean
claims_to_roles:
description: ClaimsToRoles specifies a dynamic mapping from claims
to roles.
items:
properties:
claim:
description: Claim is a claim name.
type: string
roles:
description: Roles is a list of static teleport roles to match.
items:
type: string
nullable: true
type: array
value:
description: Value is a claim value to match.
type: string
type: object
type: array
client_id:
description: ClientID is the id of the authentication client (Teleport
Auth server).
type: string
client_secret:
description: ClientSecret is used to authenticate the client.
type: string
display:
description: Display is the friendly name for this provider.
type: string
google_admin_email:
description: GoogleAdminEmail is the email of a google admin to impersonate.
type: string
google_service_account:
description: GoogleServiceAccount is a string containing google service
account credentials.
type: string
google_service_account_uri:
description: GoogleServiceAccountURI is a path to a google service
account uri.
type: string
issuer_url:
description: IssuerURL is the endpoint of the provider, e.g. https://accounts.google.com.
type: string
max_age:
description: MaxAge is the amount of time that user logins are valid
for. If a user logs in, but then does not login again within this
time period, they will be forced to re-authenticate.
format: duration
type: string
prompt:
description: Prompt is an optional OIDC prompt. An empty string omits
prompt. If not specified, it defaults to select_account for backwards
compatibility.
type: string
provider:
description: Provider is the external identity provider.
type: string
redirect_url:
description: RedirectURLs is a list of callback URLs which the identity
provider can use to redirect the client back to the Teleport Proxy
to complete authentication. This list should match the URLs on the
provider's side. The URL used for a given auth request will be chosen
to match the requesting Proxy's public address. If there is no match,
the first url in the list will be used.
items:
type: string
type: array
scope:
description: Scope specifies additional scopes set by provider.
items:
type: string
nullable: true
type: array
username_claim:
description: UsernameClaim specifies the name of the claim from the
OIDC connector to be used as the user's username.
type: string
type: object
status:
description: TeleportOIDCConnectorStatus defines the observed state of
TeleportOIDCConnector
properties:
conditions:
description: Conditions represent the latest available observations
of an object's state
items:
description: "Condition contains details for one aspect of the current
state of this API Resource. --- This struct is intended for direct
use as an array at the field path .status.conditions. For example,
\n type FooStatus struct{ // Represents the observations of a
foo's current state. // Known .status.conditions.type are: \"Available\",
\"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge
// +listType=map // +listMapKey=type Conditions []metav1.Condition
`json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\"
protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }"
properties:
lastTransitionTime:
description: lastTransitionTime is the last time the condition
transitioned from one status to another. This should be when
the underlying condition changed. If that is not known, then
using the time when the API field changed is acceptable.
format: date-time
type: string
message:
description: message is a human readable message indicating
details about the transition. This may be an empty string.
maxLength: 32768
type: string
observedGeneration:
description: observedGeneration represents the .metadata.generation
that the condition was set based upon. For instance, if .metadata.generation
is currently 12, but the .status.conditions[x].observedGeneration
is 9, the condition is out of date with respect to the current
state of the instance.
format: int64
minimum: 0
type: integer
reason:
description: reason contains a programmatic identifier indicating
the reason for the condition's last transition. Producers
of specific condition types may define expected values and
meanings for this field, and whether the values are considered
a guaranteed API. The value should be a CamelCase string.
This field may not be empty.
maxLength: 1024
minLength: 1
pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
type: string
status:
description: status of the condition, one of True, False, Unknown.
enum:
- "True"
- "False"
- Unknown
type: string
type:
description: type of condition in CamelCase or in foo.example.com/CamelCase.
--- Many .condition.type values are consistent across resources
like Available, but because arbitrary conditions can be useful
(see .node.status.conditions), the ability to deconflict is
important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)
maxLength: 316
pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
type: string
required:
- lastTransitionTime
- message
- reason
- status
- type
type: object
type: array
teleportResourceID:
format: int64
type: integer
type: object
type: object
served: true
storage: true
subresources:
status: {}
status:
acceptedNames:
kind: ""
plural: ""
conditions: null
storedVersions: null

183
helm/teleport-cluster/charts/teleport-operator/templates/resources.teleport.dev_oktaimportrules.yaml Normal file
View File

@@ -0,0 +1,183 @@
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
creationTimestamp: null
name: teleportoktaimportrules.resources.teleport.dev
spec:
group: resources.teleport.dev
names:
kind: TeleportOktaImportRule
listKind: TeleportOktaImportRuleList
plural: teleportoktaimportrules
shortNames:
- oktaimportrule
- oktaimportrules
singular: teleportoktaimportrule
scope: Namespaced
versions:
- name: v1
schema:
openAPIV3Schema:
description: OktaImportRule is the Schema for the oktaimportrules API
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this
object represents. Servers may infer this from the endpoint the client
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
metadata:
type: object
spec:
description: OktaImportRule resource definition v1 from Teleport
properties:
mappings:
description: Mappings is a list of matches that will map match conditions
to labels.
items:
properties:
add_labels:
description: AddLabels specifies which labels to add if any
of the previous matches match.
nullable: true
properties:
key:
type: string
value:
type: string
type: object
match:
description: Match is a set of matching rules for this mapping.
If any of these match, then the mapping will be applied.
items:
properties:
app_ids:
description: AppIDs is a list of app IDs to match against.
items:
type: string
nullable: true
type: array
app_name_regexes:
description: AppNameRegexes is a list of regexes to match
against app names.
items:
type: string
nullable: true
type: array
group_ids:
description: GroupIDs is a list of group IDs to match
against.
items:
type: string
nullable: true
type: array
group_name_regexes:
description: GroupNameRegexes is a list of regexes to
match against group names.
items:
type: string
nullable: true
type: array
type: object
nullable: true
type: array
type: object
nullable: true
type: array
priority:
description: Priority represents the priority of the rule application.
Lower numbered rules will be applied first.
format: int32
type: integer
type: object
status:
properties:
conditions:
description: Conditions represent the latest available observations
of an object's state
items:
description: "Condition contains details for one aspect of the current
state of this API Resource. --- This struct is intended for direct
use as an array at the field path .status.conditions. For example,
\n type FooStatus struct{ // Represents the observations of a
foo's current state. // Known .status.conditions.type are: \"Available\",
\"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge
// +listType=map // +listMapKey=type Conditions []metav1.Condition
`json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\"
protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }"
properties:
lastTransitionTime:
description: lastTransitionTime is the last time the condition
transitioned from one status to another. This should be when
the underlying condition changed. If that is not known, then
using the time when the API field changed is acceptable.
format: date-time
type: string
message:
description: message is a human readable message indicating
details about the transition. This may be an empty string.
maxLength: 32768
type: string
observedGeneration:
description: observedGeneration represents the .metadata.generation
that the condition was set based upon. For instance, if .metadata.generation
is currently 12, but the .status.conditions[x].observedGeneration
is 9, the condition is out of date with respect to the current
state of the instance.
format: int64
minimum: 0
type: integer
reason:
description: reason contains a programmatic identifier indicating
the reason for the condition's last transition. Producers
of specific condition types may define expected values and
meanings for this field, and whether the values are considered
a guaranteed API. The value should be a CamelCase string.
This field may not be empty.
maxLength: 1024
minLength: 1
pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
type: string
status:
description: status of the condition, one of True, False, Unknown.
enum:
- "True"
- "False"
- Unknown
type: string
type:
description: type of condition in CamelCase or in foo.example.com/CamelCase.
--- Many .condition.type values are consistent across resources
like Available, but because arbitrary conditions can be useful
(see .node.status.conditions), the ability to deconflict is
important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)
maxLength: 316
pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
type: string
required:
- lastTransitionTime
- message
- reason
- status
- type
type: object
type: array
teleportResourceID:
format: int64
type: integer
type: object
type: object
served: true
storage: true
subresources:
status: {}
status:
acceptedNames:
kind: ""
plural: ""
conditions: null
storedVersions: null

353
helm/teleport-cluster/charts/teleport-operator/templates/resources.teleport.dev_provisiontokens.yaml Normal file
View File

@@ -0,0 +1,353 @@
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
creationTimestamp: null
name: teleportprovisiontokens.resources.teleport.dev
spec:
group: resources.teleport.dev
names:
kind: TeleportProvisionToken
listKind: TeleportProvisionTokenList
plural: teleportprovisiontokens
shortNames:
- provisiontoken
- provisiontokens
singular: teleportprovisiontoken
scope: Namespaced
versions:
- name: v2
schema:
openAPIV3Schema:
description: ProvisionToken is the Schema for the provisiontokens API
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this
object represents. Servers may infer this from the endpoint the client
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
metadata:
type: object
spec:
description: ProvisionToken resource definition v2 from Teleport
properties:
allow:
description: Allow is a list of TokenRules, nodes using this token
must match one allow rule to use this token.
items:
properties:
aws_account:
description: AWSAccount is the AWS account ID.
type: string
aws_arn:
description: AWSARN is used for the IAM join method, the AWS
identity of joining nodes must match this ARN. Supports wildcards
"*" and "?".
type: string
aws_regions:
description: AWSRegions is used for the EC2 join method and
is a list of AWS regions a node is allowed to join from.
items:
type: string
nullable: true
type: array
aws_role:
description: AWSRole is used for the EC2 join method and is
the the ARN of the AWS role that the auth server will assume
in order to call the ec2 API.
type: string
type: object
nullable: true
type: array
aws_iid_ttl:
description: AWSIIDTTL is the TTL to use for AWS EC2 Instance Identity
Documents used to join the cluster with this token.
format: duration
type: string
azure:
description: Azure allows the configuration of options specific to
the "azure" join method.
nullable: true
properties:
allow:
description: Allow is a list of Rules, nodes using this token
must match one allow rule to use this token.
items:
properties:
resource_groups:
items:
type: string
nullable: true
type: array
subscription:
type: string
type: object
nullable: true
type: array
type: object
bot_name:
description: BotName is the name of the bot this token grants access
to, if any
type: string
circleci:
description: CircleCI allows the configuration of options specific
to the "circleci" join method.
nullable: true
properties:
allow:
description: Allow is a list of TokenRules, nodes using this token
must match one allow rule to use this token.
items:
properties:
context_id:
type: string
project_id:
type: string
type: object
nullable: true
type: array
organization_id:
type: string
type: object
gcp:
description: GCP allows the configuration of options specific to the
"gcp" join method.
nullable: true
properties:
allow:
description: Allow is a list of Rules, nodes using this token
must match one allow rule to use this token.
items:
properties:
locations:
items:
type: string
nullable: true
type: array
project_ids:
items:
type: string
nullable: true
type: array
service_accounts:
items:
type: string
nullable: true
type: array
type: object
nullable: true
type: array
type: object
github:
description: GitHub allows the configuration of options specific to
the "github" join method.
nullable: true
properties:
allow:
description: Allow is a list of TokenRules, nodes using this token
must match one allow rule to use this token.
items:
properties:
actor:
type: string
environment:
type: string
ref:
type: string
ref_type:
type: string
repository:
type: string
repository_owner:
type: string
sub:
type: string
workflow:
type: string
type: object
nullable: true
type: array
enterprise_server_host:
description: EnterpriseServerHost allows joining from runners
associated with a GitHub Enterprise Server instance. When unconfigured,
tokens will be validated against github.com, but when configured
to the host of a GHES instance, then the tokens will be validated
against host. This value should be the hostname of the GHES
instance, and should not include the scheme or a path. The instance
must be accessible over HTTPS at this hostname and the certificate
must be trusted by the Auth Server.
type: string
type: object
gitlab:
description: GitLab allows the configuration of options specific to
the "gitlab" join method.
nullable: true
properties:
allow:
description: Allow is a list of TokenRules, nodes using this token
must match one allow rule to use this token.
items:
properties:
environment:
type: string
namespace_path:
type: string
pipeline_source:
type: string
project_path:
type: string
ref:
type: string
ref_type:
type: string
sub:
type: string
type: object
nullable: true
type: array
domain:
description: Domain is the domain of your GitLab instance. This
will default to `gitlab.com` - but can be set to the domain
of your self-hosted GitLab e.g `gitlab.example.com`.
type: string
type: object
join_method:
description: JoinMethod is the joining method required in order to
use this token. Supported joining methods include "token", "ec2",
and "iam".
type: string
kubernetes:
description: Kubernetes allows the configuration of options specific
to the "kubernetes" join method.
nullable: true
properties:
allow:
description: Allow is a list of Rules, nodes using this token
must match one allow rule to use this token.
items:
properties:
service_account:
type: string
type: object
nullable: true
type: array
type: object
roles:
description: Roles is a list of roles associated with the token, that
will be converted to metadata in the SSH and X509 certificates issued
to the user of the token
items:
type: string
nullable: true
type: array
suggested_agent_matcher_labels:
additionalProperties:
x-kubernetes-preserve-unknown-fields: true
description: SuggestedAgentMatcherLabels is a set of labels to be
used by agents to match on resources. When an agent uses this token,
the agent should monitor resources that match those labels. For
databases, this means adding the labels to `db_service.resources.labels`.
Currently, only node-join scripts create a configuration according
to the suggestion.
type: object
suggested_labels:
additionalProperties:
x-kubernetes-preserve-unknown-fields: true
description: SuggestedLabels is a set of labels that resources should
set when using this token to enroll themselves in the cluster. Currently,
only node-join scripts create a configuration according to the suggestion.
type: object
type: object
status:
description: TeleportProvisionTokenStatus defines the observed state of
TeleportProvisionToken
properties:
conditions:
description: Conditions represent the latest available observations
of an object's state
items:
description: "Condition contains details for one aspect of the current
state of this API Resource. --- This struct is intended for direct
use as an array at the field path .status.conditions. For example,
\n type FooStatus struct{ // Represents the observations of a
foo's current state. // Known .status.conditions.type are: \"Available\",
\"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge
// +listType=map // +listMapKey=type Conditions []metav1.Condition
`json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\"
protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }"
properties:
lastTransitionTime:
description: lastTransitionTime is the last time the condition
transitioned from one status to another. This should be when
the underlying condition changed. If that is not known, then
using the time when the API field changed is acceptable.
format: date-time
type: string
message:
description: message is a human readable message indicating
details about the transition. This may be an empty string.
maxLength: 32768
type: string
observedGeneration:
description: observedGeneration represents the .metadata.generation
that the condition was set based upon. For instance, if .metadata.generation
is currently 12, but the .status.conditions[x].observedGeneration
is 9, the condition is out of date with respect to the current
state of the instance.
format: int64
minimum: 0
type: integer
reason:
description: reason contains a programmatic identifier indicating
the reason for the condition's last transition. Producers
of specific condition types may define expected values and
meanings for this field, and whether the values are considered
a guaranteed API. The value should be a CamelCase string.
This field may not be empty.
maxLength: 1024
minLength: 1
pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
type: string
status:
description: status of the condition, one of True, False, Unknown.
enum:
- "True"
- "False"
- Unknown
type: string
type:
description: type of condition in CamelCase or in foo.example.com/CamelCase.
--- Many .condition.type values are consistent across resources
like Available, but because arbitrary conditions can be useful
(see .node.status.conditions), the ability to deconflict is
important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)
maxLength: 316
pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
type: string
required:
- lastTransitionTime
- message
- reason
- status
- type
type: object
type: array
teleportResourceID:
format: int64
type: integer
type: object
type: object
served: true
storage: true
subresources:
status: {}
status:
acceptedNames:
kind: ""
plural: ""
conditions: null
storedVersions: null

2386
helm/teleport-cluster/charts/teleport-operator/templates/resources.teleport.dev_roles.yaml Normal file
View File

File diff suppressed because it is too large Load Diff

210
helm/teleport-cluster/charts/teleport-operator/templates/resources.teleport.dev_samlconnectors.yaml Normal file
View File

@@ -0,0 +1,210 @@
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
creationTimestamp: null
name: teleportsamlconnectors.resources.teleport.dev
spec:
group: resources.teleport.dev
names:
kind: TeleportSAMLConnector
listKind: TeleportSAMLConnectorList
plural: teleportsamlconnectors
shortNames:
- samlconnector
- samlconnectors
singular: teleportsamlconnector
scope: Namespaced
versions:
- name: v2
schema:
openAPIV3Schema:
description: SAMLConnector is the Schema for the samlconnectors API
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this
object represents. Servers may infer this from the endpoint the client
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
metadata:
type: object
spec:
description: SAMLConnector resource definition v2 from Teleport
properties:
acs:
description: AssertionConsumerService is a URL for assertion consumer
service on the service provider (Teleport's side).
type: string
allow_idp_initiated:
description: AllowIDPInitiated is a flag that indicates if the connector
can be used for IdP-initiated logins.
type: boolean
assertion_key_pair:
description: EncryptionKeyPair is a key pair used for decrypting SAML
assertions.
nullable: true
properties:
cert:
description: Cert is a PEM-encoded x509 certificate.
type: string
private_key:
description: PrivateKey is a PEM encoded x509 private key.
type: string
type: object
attributes_to_roles:
description: AttributesToRoles is a list of mappings of attribute
statements to roles.
items:
properties:
name:
description: Name is an attribute statement name.
type: string
roles:
description: Roles is a list of static teleport roles to map
to.
items:
type: string
nullable: true
type: array
value:
description: Value is an attribute statement value to match.
type: string
type: object
type: array
audience:
description: Audience uniquely identifies our service provider.
type: string
cert:
description: Cert is the identity provider certificate PEM. IDP signs
<Response> responses using this certificate.
type: string
display:
description: Display controls how this connector is displayed.
type: string
entity_descriptor:
description: EntityDescriptor is XML with descriptor. It can be used
to supply configuration parameters in one XML file rather than supplying
them in the individual elements.
type: string
entity_descriptor_url:
description: EntityDescriptorURL is a URL that supplies a configuration
XML.
type: string
issuer:
description: Issuer is the identity provider issuer.
type: string
provider:
description: Provider is the external identity provider.
type: string
service_provider_issuer:
description: ServiceProviderIssuer is the issuer of the service provider
(Teleport).
type: string
signing_key_pair:
description: SigningKeyPair is an x509 key pair used to sign AuthnRequest.
nullable: true
properties:
cert:
description: Cert is a PEM-encoded x509 certificate.
type: string
private_key:
description: PrivateKey is a PEM encoded x509 private key.
type: string
type: object
sso:
description: SSO is the URL of the identity provider's SSO service.
type: string
type: object
status:
description: TeleportSAMLConnectorStatus defines the observed state of
TeleportSAMLConnector
properties:
conditions:
description: Conditions represent the latest available observations
of an object's state
items:
description: "Condition contains details for one aspect of the current
state of this API Resource. --- This struct is intended for direct
use as an array at the field path .status.conditions. For example,
\n type FooStatus struct{ // Represents the observations of a
foo's current state. // Known .status.conditions.type are: \"Available\",
\"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge
// +listType=map // +listMapKey=type Conditions []metav1.Condition
`json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\"
protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }"
properties:
lastTransitionTime:
description: lastTransitionTime is the last time the condition
transitioned from one status to another. This should be when
the underlying condition changed. If that is not known, then
using the time when the API field changed is acceptable.
format: date-time
type: string
message:
description: message is a human readable message indicating
details about the transition. This may be an empty string.
maxLength: 32768
type: string
observedGeneration:
description: observedGeneration represents the .metadata.generation
that the condition was set based upon. For instance, if .metadata.generation
is currently 12, but the .status.conditions[x].observedGeneration
is 9, the condition is out of date with respect to the current
state of the instance.
format: int64
minimum: 0
type: integer
reason:
description: reason contains a programmatic identifier indicating
the reason for the condition's last transition. Producers
of specific condition types may define expected values and
meanings for this field, and whether the values are considered
a guaranteed API. The value should be a CamelCase string.
This field may not be empty.
maxLength: 1024
minLength: 1
pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
type: string
status:
description: status of the condition, one of True, False, Unknown.
enum:
- "True"
- "False"
- Unknown
type: string
type:
description: type of condition in CamelCase or in foo.example.com/CamelCase.
--- Many .condition.type values are consistent across resources
like Available, but because arbitrary conditions can be useful
(see .node.status.conditions), the ability to deconflict is
important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)
maxLength: 316
pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
type: string
required:
- lastTransitionTime
- message
- reason
- status
- type
type: object
type: array
teleportResourceID:
format: int64
type: integer
type: object
type: object
served: true
storage: true
subresources:
status: {}
status:
acceptedNames:
kind: ""
plural: ""
conditions: null
storedVersions: null

195
helm/teleport-cluster/charts/teleport-operator/templates/resources.teleport.dev_users.yaml Normal file
View File

@@ -0,0 +1,195 @@
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
creationTimestamp: null
name: teleportusers.resources.teleport.dev
spec:
group: resources.teleport.dev
names:
kind: TeleportUser
listKind: TeleportUserList
plural: teleportusers
shortNames:
- user
- users
singular: teleportuser
scope: Namespaced
versions:
- name: v2
schema:
openAPIV3Schema:
description: User is the Schema for the users API
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this
object represents. Servers may infer this from the endpoint the client
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
metadata:
type: object
spec:
description: User resource definition v2 from Teleport
properties:
github_identities:
description: GithubIdentities list associated Github OAuth2 identities
that let user log in using externally verified identity
items:
properties:
connector_id:
description: ConnectorID is id of registered OIDC connector,
e.g. 'google-example.com'
type: string
username:
description: Username is username supplied by external identity
provider
type: string
type: object
type: array
oidc_identities:
description: OIDCIdentities lists associated OpenID Connect identities
that let user log in using externally verified identity
items:
properties:
connector_id:
description: ConnectorID is id of registered OIDC connector,
e.g. 'google-example.com'
type: string
username:
description: Username is username supplied by external identity
provider
type: string
type: object
type: array
roles:
description: Roles is a list of roles assigned to user
items:
type: string
nullable: true
type: array
saml_identities:
description: SAMLIdentities lists associated SAML identities that
let user log in using externally verified identity
items:
properties:
connector_id:
description: ConnectorID is id of registered OIDC connector,
e.g. 'google-example.com'
type: string
username:
description: Username is username supplied by external identity
provider
type: string
type: object
type: array
traits:
additionalProperties:
items:
type: string
type: array
description: Traits are key/value pairs received from an identity
provider (through OIDC claims or SAML assertions) or from a system
administrator for local accounts. Traits are used to populate role
variables.
type: object
trusted_device_ids:
description: TrustedDeviceIDs contains the IDs of trusted devices
enrolled by the user. Managed by the Device Trust subsystem, avoid
manual edits.
items:
type: string
nullable: true
type: array
type: object
status:
description: TeleportUserStatus defines the observed state of TeleportUser
properties:
conditions:
description: Conditions represent the latest available observations
of an object's state
items:
description: "Condition contains details for one aspect of the current
state of this API Resource. --- This struct is intended for direct
use as an array at the field path .status.conditions. For example,
\n type FooStatus struct{ // Represents the observations of a
foo's current state. // Known .status.conditions.type are: \"Available\",
\"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge
// +listType=map // +listMapKey=type Conditions []metav1.Condition
`json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\"
protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }"
properties:
lastTransitionTime:
description: lastTransitionTime is the last time the condition
transitioned from one status to another. This should be when
the underlying condition changed. If that is not known, then
using the time when the API field changed is acceptable.
format: date-time
type: string
message:
description: message is a human readable message indicating
details about the transition. This may be an empty string.
maxLength: 32768
type: string
observedGeneration:
description: observedGeneration represents the .metadata.generation
that the condition was set based upon. For instance, if .metadata.generation
is currently 12, but the .status.conditions[x].observedGeneration
is 9, the condition is out of date with respect to the current
state of the instance.
format: int64
minimum: 0
type: integer
reason:
description: reason contains a programmatic identifier indicating
the reason for the condition's last transition. Producers
of specific condition types may define expected values and
meanings for this field, and whether the values are considered
a guaranteed API. The value should be a CamelCase string.
This field may not be empty.
maxLength: 1024
minLength: 1
pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
type: string
status:
description: status of the condition, one of True, False, Unknown.
enum:
- "True"
- "False"
- Unknown
type: string
type:
description: type of condition in CamelCase or in foo.example.com/CamelCase.
--- Many .condition.type values are consistent across resources
like Available, but because arbitrary conditions can be useful
(see .node.status.conditions), the ability to deconflict is
important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)
maxLength: 316
pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
type: string
required:
- lastTransitionTime
- message
- reason
- status
- type
type: object
type: array
teleportResourceID:
format: int64
type: integer
type: object
type: object
served: true
storage: true
subresources:
status: {}
status:
acceptedNames:
kind: ""
plural: ""
conditions: null
storedVersions: null