From 57ea89a5128bebbf2b1c9c3a0308a1906eb830ef Mon Sep 17 00:00:00 2001
From: nikhiljindal <nikhiljindal@google.com>
Date: Mon, 23 May 2016 20:07:01 -0700
Subject: [PATCH] Replacing string Credentials by SecretRef in API

---
 federation/apis/federation/types.go          | 9 +++++----
 federation/apis/federation/v1alpha1/types.go | 9 +++++----
 2 files changed, 10 insertions(+), 8 deletions(-)

diff --git a/federation/apis/federation/types.go b/federation/apis/federation/types.go
index abc1499b82b..33306527c96 100644
--- a/federation/apis/federation/types.go
+++ b/federation/apis/federation/types.go
@@ -37,10 +37,11 @@ type ClusterSpec struct {
 	// Clients can use the appropriate server address as per the CIDR that they match.
 	// In case of multiple matches, clients should use the longest matching CIDR.
 	ServerAddressByClientCIDRs []ServerAddressByClientCIDR `json:"serverAddressByClientCIDRs" patchStrategy:"merge" patchMergeKey:"clientCIDR"`
-	// the type (e.g. bearer token, client certificate etc) and data of the credential used to access cluster.
-	// It’s used for system routines (not behalf of users)
-	// TODO: string may not enough, https://github.com/kubernetes/kubernetes/pull/23847#discussion_r59301275
-	Credential string `json:"credential,omitempty"`
+	// Name of the secret containing kubeconfig to access this cluster.
+	// The secret is read from the kubernetes cluster that is hosting federation control plane.
+	// Admin needs to ensure that the required secret exists. Secret should be in the same namespace where federation control plane is hosted and it should have kubeconfig in its data with key "kubeconfig".
+	// This will later be changed to a reference to secret in federation control plane when the federation control plane supports secrets.
+	SecretRef *api.LocalObjectReference `json:"secretRef"`
 }
 
 type ClusterConditionType string
diff --git a/federation/apis/federation/v1alpha1/types.go b/federation/apis/federation/v1alpha1/types.go
index 83aca2d0c71..87b5f712cda 100644
--- a/federation/apis/federation/v1alpha1/types.go
+++ b/federation/apis/federation/v1alpha1/types.go
@@ -37,10 +37,11 @@ type ClusterSpec struct {
 	// Clients can use the appropriate server address as per the CIDR that they match.
 	// In case of multiple matches, clients should use the longest matching CIDR.
 	ServerAddressByClientCIDRs []ServerAddressByClientCIDR `json:"serverAddressByClientCIDRs" patchStrategy:"merge" patchMergeKey:"clientCIDR" protobuf:"bytes,1,rep,name=serverAddressByClientCIDRs"`
-	// the type (e.g. bearer token, client certificate etc) and data of the credential used to access cluster.
-	// It’s used for system routines (not behalf of users)
-	// TODO: string may not enough, https://github.com/kubernetes/kubernetes/pull/23847#discussion_r59301275
-	Credential string `json:"credential,omitempty" protobuf:"bytes,2,opt,name=credential"`
+	// Name of the secret containing kubeconfig to access this cluster.
+	// The secret is read from the kubernetes cluster that is hosting federation control plane.
+	// Admin needs to ensure that the required secret exists. Secret should be in the same namespace where federation control plane is hosted and it should have kubeconfig in its data with key "kubeconfig".
+	// This will later be changed to a reference to secret in federation control plane when the federation control plane supports secrets.
+	SecretRef *v1.LocalObjectReference `json:"secretRef" protobuf:"bytes,2,opt,name=secretRef"`
 }
 
 type ClusterConditionType string