skupperproject · pwright · Aug 8, 2025 · Aug 8, 2025 · Aug 11, 2025 · Aug 13, 2025
diff --git a/.plano.py b/.plano.py
@@ -45,4 +45,4 @@ def update_crds():
             assert is_dir(extracted_dir)
 
             with working_dir(extracted_dir):
-                copy("api/types/crds", crd_dir, inside=False)
+                copy("config/crd/bases", crd_dir, inside=False)
diff --git a/config/resources/access-grant.yaml b/config/resources/access-grant.yaml
@@ -3,77 +3,79 @@ related_concepts: [access-token]
 related_resources: [access-token]
 related_commands: [token/issue]
 links: [skupper/site-linking]
-description: |
-  Permission to redeem access tokens for links to the local
-  site.  A remote site can use a token containing the grant
-  URL and secret code to obtain a certificate signed by the
-  grant's certificate authority (CA), within a certain
-  expiration window and for a limited number of redemptions.
+description: |-
+  Permission to redeem access tokens for links to the local site.
+  A remote site can use a token containing the grant URL and secret
+  code to obtain a certificate signed by the grant's certificate authority (CA),
+  within a certain expiration window and for a limited number of redemptions.
 
-  The `code`, `url`, and `ca` properties of the resource
-  status are used to generate access tokens from the grant.
+  The code, url, and ca properties of the resource status are used to generate access tokens from the grant.
 metadata:
   include_properties: [metadata/*]
 spec:
   include_properties: [settings]
   properties:
     - name: redemptionsAllowed
-      description: |
-        The number of times an access token for this grant can
-        be redeemed.
+      description: |-
+        The maximum number of times an access token for this grant can be redeemed.
+        The default value is `1`.
       default: 1
     - name: expirationWindow
-      description: |
-        The period of time in which an access token for this
-        grant can be redeemed.
+      description: |-
+        The period of time in which an access token for this grant can be redeemed.
+        The default value is `15m`.
       default: 15m
     - name: code
       group: advanced
-      description: |
-        The secret code to use to authenticate access tokens submitted
-        for redemption.
-
-        If not set, a value is generated and placed in the `code`
-        status property.
+      description: |-
+        Advanced. The secret code to use to authenticate access tokens submitted for redemption.
+        If not set, a value is generated and placed in the code status property.
     - name: issuer
       group: advanced
       platforms: [Kubernetes]
       links: [skupper/router-tls, kubernetes/tls-secrets]
-      description: |
-        The name of a Kubernetes secret used to generate a
-        certificate when redeeming a token for this grant.
+      description: |-
+        Advanced. The name of a Kubernetes secret used to generate a certificate when redeeming a token for this grant.
+        If not set, `defaultIssuer` on the Site resource is used.
+  description: |-
+    Permission to redeem access tokens for links to the local site.
+    A remote site can use a token containing the grant URL and secret
+    code to obtain a certificate signed by the grant's certificate authority (CA),
+    within a certain expiration window and for a limited number of redemptions.
 
-        If not set, `defaultIssuer` on the Site rsource is used.
+    The code, url, and ca properties of the resource status are used to generate access tokens from the grant.
 status:
   include_properties: [status/*]
   properties:
     - name: status
+      description: |-
+        The current state of the resource.
+        - `Pending`: The resource is being processed.
+        - `Error`: There was an error processing the resource. See `message` for more information.
+        - `Ready`: The resource is ready to use.
     - name: message
+      description: |-
+        A human-readable status message. Error messages are reported here.
     - name: redemptions
-      description: |
-        The number of times a token for this grant has been
-        redeemed.
+      description: |-
+        The number of times a token for this grant has been redeemed.
     - name: expirationTime
-      description: |
+      description: |-
         The point in time when the grant expires.
     - name: url
-      description: |
+      description: |-
         The URL of the token-redemption service for this grant.
     - name: ca
-      description: |
-        The trusted server certificate of the token-redemption
-        service for this grant.
+      description: |-
+        The trusted server certificate of the token-redemption service for this grant.
     - name: code
-      description: |
-        The secret code used to authenticate access tokens
-        submitted for redemption.
+      description: |-
+        The secret code used to authenticate access tokens submitted for redemption.
       default: _Generated_
     - name: conditions
-      description: |
-        @description@
+      description: |-
+        A set of named conditions describing the current state of the resource.
 
         - `Processed`: The controller has accepted the grant.
-        - `Resolved`: The grant service is available to process tokens
-          for this grant.
-        - `Ready`: The grant is ready to use.  All other
-          conditions are true.
+        - `Resolved`: The grant service is available to process tokens for this grant.
+        - `Ready`: The grant is ready to use. All other conditions are true.
diff --git a/config/resources/access-token.yaml b/config/resources/access-token.yaml
@@ -3,46 +3,42 @@ related_concepts: [access-token]
 related_resources: [access-grant]
 related_commands: [token/issue, token/redeem]
 links: [skupper/site-linking]
-description: |
-  A short-lived credential used to create a link.  An access token
-  contains the URL and secret code of a corresponding access grant.
-
-  **Note:** Access tokens are often [issued][issue] and
-  [redeemed][redeem] using the Skupper CLI.
-
-  [issue]: {{site.prefix}}/commands/token/issue.html
-  [redeem]: {{site.prefix}}/commands/token/redeem.html
+description: |-
+  A short-lived credential used to create a link between sites.
+  An access token contains the URL and secret code of a corresponding access grant.
+  **Note:** Access tokens are typically issued and redeemed using the Skupper CLI.
 metadata:
   include_properties: [metadata/*]
 spec:
   include_properties: [settings]
   properties:
     - name: url
-      description: |
+      description: |-
         The URL of the grant service at the remote site.
     - name: ca
       required: false
-      description: |
-        The trusted server certificate of the grant service at the
-        remote site.
+      description: |-
+        The trusted server certificate of the grant service at the remote site.
     - name: code
-      description: |
-        The secret code used to authenticate the token when
-        submitted for redemption.
+      description: |-
+        The secret code used to authenticate the token when submitted for redemption.
     - name: linkCost
       default: 1
       links: [skupper/load-balancing]
-      description: |
+      description: |-
         The link cost to use when creating the link.
+  description: |-
+    A short-lived credential used to create a link between sites.
+    An access token contains the URL and secret code of a corresponding access grant.
+    **Note:** Access tokens are typically issued and redeemed using the Skupper CLI.
 status:
   include_properties: [status/*]
   properties:
     - name: redeemed
-      description: |
-        True if the token has been redeemed.  Once a token is
-        redeemed, it cannot be used again.
+      description: |-
+        True if the token has been redeemed. Once a token is redeemed, it cannot be used again.
     - name: conditions
-      description: |
-        @description@
+      description: |-
+        A set of named conditions describing the current state of the resource.
 
         - `Redeemed`: The token has been exchanged for a link.
diff --git a/config/resources/attached-connector-binding.yaml b/config/resources/attached-connector-binding.yaml
@@ -2,8 +2,11 @@ name: AttachedConnectorBinding
 platforms: [Kubernetes]
 related_resources: [attached-connector]
 links: [skupper/attached-connectors]
-description: |
-  A binding to an attached connector in a peer namespace.
+description: |-
+  An attached connector binding is a binding to an attached connector in a peer namespace that allows you to 
+  bring a workload into your existing VAN without creating a separate site or establishing inter-site links.
+  The name of this resource must be the same as that of the associated AttachedConnector resource in the peer 
+  namespace.
 metadata:
   include_properties: [metadata/*]
   properties:
@@ -13,13 +16,18 @@ metadata:
 
         The name must be the same as that of the associated
         AttachedConnector resource in the connector namespace.
+  description: |-
+    An attached connector binding is a binding to an attached connector in a peer namespace that allows you to 
+    bring a workload into your existing VAN without creating a separate site or establishing inter-site links.
+    The name of this resource must be the same as that of the associated AttachedConnector resource in the peer 
+    namespace.
 spec:
-  include_properties: [connector/spec/routingKey, connector/spec/exposePodsByName, settings]
+  include_properties: [connector/spec/routingKey, 
+        connector/spec/exposePodsByName, settings]
   properties:
     - name: connectorNamespace
-      description: |
-        The name of the namespace where the associated
-        AttachedConnector is located.
+      description: |-
+        The name of the namespace where the associated AttachedConnector is located.
 status:
   include_properties: [status/*, connector/status/hasMatchingListener]
   exclude_properties: [status/message]
diff --git a/config/resources/attached-connector.yaml b/config/resources/attached-connector.yaml
@@ -2,8 +2,9 @@ name: AttachedConnector
 platforms: [Kubernetes]
 related_resources: [attached-connector-binding]
 links: [skupper/attached-connectors]
-description: |
-  A connector in a peer namespace.
+description: |-
+  An attached connector is a connector in a peer namespace that allows you to bring a workload into your existing VAN without creating a separate site or establishing inter-site links.
+  The name of this resource must be the same as that of the associated AttachedConnectorBinding resource in the site namespace.
 metadata:
   include_properties: [metadata/*]
   properties:
@@ -13,6 +14,9 @@ metadata:
 
         The name must be the same as that of the associated
         AttachedConnectorBinding resource in the site namespace.
+  description: |-
+    An attached connector is a connector in a peer namespace that allows you to bring a workload into your existing VAN without creating a separate site or establishing inter-site links.
+    The name of this resource must be the same as that of the associated AttachedConnectorBinding resource in the site namespace.
 spec:
   include_properties: [connector/spec/*, settings]
   exclude_properties:
@@ -23,9 +27,8 @@ spec:
     - connector/spec/verifyHostname
   properties:
     - name: siteNamespace
-      description: |
-        The name of the namespace in which the site this connector
-        should be attached to is defined.
+      description: |-
+        The name of the namespace in which the site this connector should be attached to is defined.
 status:
   include_properties: [status/*, connector/status/selectedPods]
   exclude_properties: [status/message]
diff --git a/config/resources/connector.yaml b/config/resources/connector.yaml
@@ -1,17 +1,15 @@
 name: Connector
 related_resources: [listener]
 links: [skupper/service-exposure]
-description: |
-  A connector binds a local workload to [listeners](listener.html) in
-  remote [sites](site.html).  Listeners and connectors are matched by
-  routing key.
+description: |-
+  A connector binds a local workload to listeners in remote sites. Listeners
+  and connectors are matched by routing key.
 
-  On Kubernetes, a Connector resource has a selector and port for
-  specifying workload pods.
+  On Kubernetes, a Connector resource has a selector and port for specifying
+  workload pods.
 
-  On Docker, Podman, and Linux, a Connector resource has a host and
-  port for specifying a local server.  Optionally, Kubernetes can also
-  use a host and port.
+  On Docker, Podman, and Linux, a Connector resource has a host and port for
+  specifying a local server. Optionally, Kubernetes can also use a host and port.
 examples:
   - description: |
       A connector in site East for the Hello World backend service
@@ -29,5 +27,67 @@ metadata:
   include_properties: [metadata/*]
 spec:
   include_properties: [connector/spec/*, settings]
+  properties:
+    - name: routingKey
+      description: |-
+        The identifier used to route traffic from listeners to connectors.
+        To expose a local workload to a remote site, the remote listener and
+        the local connector must have matching routing keys.
+       # will be filled from CRD
+    - name: selector
+      description: |-
+        A Kubernetes label selector for specifying target server pods. It uses
+        <label-name>=<label-value> syntax.
+
+        On Kubernetes, either selector or host is required.
+    - name: host
+      description: |-
+        The hostname or IP address of the server. This is an alternative to
+        selector for specifying the target server.
+
+        On Kubernetes, either selector or host is required.
+
+        On Docker, Podman, or Linux, host is required.
+    - name: port
+      description: |-
+        The port on the target server to connect to.
+    - name: tlsCredentials
+      description: |-
+        The name of a bundle of TLS certificates used for secure router-to-server
+        communication. The bundle contains the trusted server certificate
+        (usually a CA). It optionally includes a client certificate and key for
+        mutual TLS.
+
+        On Kubernetes, the value is the name of a Secret in the current namespace.
+        On Docker, Podman, and Linux, the value is the name of a directory under
+        input/certs/ in the current namespace.
+    - name: useClientCert
+      description: |-
+        Send the client certificate when connecting in order to enable mutual TLS.
+    - name: verifyHostname
+      description: |-
+        If true, require that the hostname of the server connected to matches the
+        hostname in the server's certificate.
+    - name: includeNotReadyPods
+      description: |-
+        If true, include server pods in the NotReady state.
+    - name: exposePodsByName
+      description: |-
+        If true, expose each pod as an individual service.
+    - name: settings
+      description: |-
+        A map containing additional settings. Each map entry has a string name and a
+        string value.
+
+        Note: In general, we recommend not changing settings from their default values.
+  description: |-
+    A connector binds a local workload to listeners in remote sites. Listeners
+    and connectors are matched by routing key.
+
+    On Kubernetes, a Connector resource has a selector and port for specifying
+    workload pods.
+
+    On Docker, Podman, and Linux, a Connector resource has a host and port for
+    specifying a local server. Optionally, Kubernetes can also use a host and port.
 status:
   include_properties: [status/*, connector/status/*]