mirror of
https://github.com/kairos-io/kcrypt-challenger.git
synced 2025-10-18 15:18:51 +00:00
106 lines
4.2 KiB
YAML
106 lines
4.2 KiB
YAML
---
|
|
apiVersion: apiextensions.k8s.io/v1
|
|
kind: CustomResourceDefinition
|
|
metadata:
|
|
annotations:
|
|
controller-gen.kubebuilder.io/version: v0.9.2
|
|
creationTimestamp: null
|
|
name: sealedvolumes.keyserver.kairos.io
|
|
spec:
|
|
group: keyserver.kairos.io
|
|
names:
|
|
kind: SealedVolume
|
|
listKind: SealedVolumeList
|
|
plural: sealedvolumes
|
|
singular: sealedvolume
|
|
scope: Namespaced
|
|
versions:
|
|
- name: v1alpha1
|
|
schema:
|
|
openAPIV3Schema:
|
|
description: SealedVolume is the Schema for the sealedvolumes API
|
|
properties:
|
|
apiVersion:
|
|
description: 'APIVersion defines the versioned schema of this representation
|
|
of an object. Servers should convert recognized schemas to the latest
|
|
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
|
|
type: string
|
|
kind:
|
|
description: 'Kind is a string value representing the REST resource this
|
|
object represents. Servers may infer this from the endpoint the client
|
|
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
|
|
type: string
|
|
metadata:
|
|
type: object
|
|
spec:
|
|
description: SealedVolumeSpec defines the desired state of SealedVolume
|
|
properties:
|
|
TPMHash:
|
|
type: string
|
|
attestation:
|
|
description: AttestationSpec defines TPM attestation data for TOFU
|
|
enrollment and verification
|
|
properties:
|
|
akPublicKey:
|
|
description: AKPublicKey stores the Attestation Key public key
|
|
in PEM format
|
|
type: string
|
|
ekPublicKey:
|
|
description: EKPublicKey stores the Endorsement Key public key
|
|
in PEM format
|
|
type: string
|
|
enrolledAt:
|
|
description: EnrolledAt timestamp when this TPM was first enrolled
|
|
format: date-time
|
|
type: string
|
|
lastVerifiedAt:
|
|
description: LastVerifiedAt timestamp of the last successful attestation
|
|
format: date-time
|
|
type: string
|
|
pcrValues:
|
|
description: PCRValues stores the expected PCR values for boot
|
|
state verification
|
|
properties:
|
|
pcrs:
|
|
additionalProperties:
|
|
type: string
|
|
description: 'PCRs is a flexible map of PCR index (as string)
|
|
to PCR value (hex-encoded) Example: {"0": "a1b2c3...", "7":
|
|
"d4e5f6...", "11": "g7h8i9..."} This allows for any combination
|
|
of PCRs without hardcoding specific indices'
|
|
type: object
|
|
type: object
|
|
type: object
|
|
partitions:
|
|
items:
|
|
description: 'PartitionSpec defines a Partition. A partition can
|
|
be identified using any of the fields: Label, DeviceName, UUID.
|
|
The Secret defines the secret which decrypts the partition.'
|
|
properties:
|
|
deviceName:
|
|
type: string
|
|
label:
|
|
type: string
|
|
secret:
|
|
properties:
|
|
name:
|
|
type: string
|
|
path:
|
|
type: string
|
|
type: object
|
|
uuid:
|
|
type: string
|
|
type: object
|
|
type: array
|
|
quarantined:
|
|
type: boolean
|
|
type: object
|
|
status:
|
|
description: SealedVolumeStatus defines the observed state of SealedVolume
|
|
type: object
|
|
type: object
|
|
served: true
|
|
storage: true
|
|
subresources:
|
|
status: {}
|