You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
* changed: v1alpha7 to v1beta1
Signed-off-by: Danny Eiselt <eiselt@b1-systems.de>
* added: oidc to new version + v1beta1
Signed-off-by: Danny Eiselt <eiselt@b1-systems.de>
* chore(node-images): update to 1.27.14
Signed-off-by: Jan Schoone <6106846+jschoone@users.noreply.github.com>
* chore(node-images): update to 1.27.14
Signed-off-by: Jan Schoone <6106846+jschoone@users.noreply.github.com>
* fix: change cluster stack name
Signed-off-by: Jan Schoone <6106846+jschoone@users.noreply.github.com>
* Dummy commit to trigger DCO
See dcoapp/app#211 (comment)
Signed-off-by: Danny Eiselt <eiselt@b1-systems.de>
* Dummy commit to retrigger DCO
see dcoapp/app#211 (comment)
Signed-off-by: Danny Eiselt <eiselt@b1-systems.de>
---------
Signed-off-by: Danny Eiselt <eiselt@b1-systems.de>
Signed-off-by: Jan Schoone <6106846+jschoone@users.noreply.github.com>
Co-authored-by: Jan Schoone <6106846+jschoone@users.noreply.github.com>
Co-authored-by: Malte Münch <muench@b1-systems.de>
description: "CertSANs sets extra Subject Alternative Names for the API Server signing cert."
258
258
items:
259
259
type: string
260
+
- name: oidc_config
261
+
required: false
262
+
schema:
263
+
openAPIV3Schema:
264
+
type: object
265
+
properties:
266
+
client_id:
267
+
type: string
268
+
example: "kubectl"
269
+
description: "A client id that all tokens must be issued for."
270
+
issuer_url:
271
+
type: string
272
+
example: "https://dex.k8s.scs.community"
273
+
description: "URL of the provider that allows the API server to
274
+
discover public signing keys. Only URLs that use the https:// scheme are
275
+
accepted. This is typically the provider's discovery URL, changed to have an
276
+
empty path"
277
+
username_claim:
278
+
type: string
279
+
example: "preferred_username"
280
+
default: "sub"
281
+
description: "JWT claim to use as the user name. By default sub,
282
+
which is expected to be a unique identifier of the end user. Admins can choose
283
+
other claims, such as email or name, depending on their provider. However,
284
+
claims other than email will be prefixed with the issuer URL to prevent naming
285
+
clashes with other plugins."
286
+
groups_claim:
287
+
type: string
288
+
example: "groups"
289
+
default: "groups"
290
+
description: "JWT claim to use as the user's group. If the claim
291
+
is present it must be an array of strings."
292
+
username_prefix:
293
+
type: string
294
+
example: "oidc:"
295
+
default: "oidc:"
296
+
description: "Prefix prepended to username claims to prevent
297
+
clashes with existing names (such as system: users). For example, the value
298
+
oidc: will create usernames like oidc:jane.doe. If this flag isn't provided and
299
+
--oidc-username-claim is a value other than email the prefix defaults to (
300
+
Issuer URL )# where ( Issuer URL ) is the value of --oidc-issuer-url. The value
301
+
- can be used to disable all prefixing."
302
+
groups_prefix:
303
+
type: string
304
+
example: "oidc:"
305
+
default: "oidc:"
306
+
description: "Prefix prepended to group claims to prevent clashes
307
+
with existing names (such as system: groups). For example, the value oidc: will
308
+
create group names like oidc:engineering and oidc:infra."
260
309
patches:
261
310
- name: k8s_version
262
311
description: "Sets the openstack node image for workers and the controlplane to the cluster-api image with the version mentioned in spec.topology.version."
description: "Sets the NodeCIDR for the OpenStack Subnet to be created. Cluster actuator will create a network, a subnet with NodeCIDR, and a router connected to this subnet."
677
746
enabledIf: {{ `"{{ if and .node_cidr (ne .apiserver_loadbalancer \"kube-vip\")}}true{{end}}"` }}
0 commit comments