apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: controller-gen.kubebuilder.io/version: v0.4.1 creationTimestamp: null name: policies.k8s.nginx.org spec: group: k8s.nginx.org names: kind: Policy listKind: PolicyList plural: policies shortNames: - pol singular: policy scope: Namespaced versions: - additionalPrinterColumns: - description: Current state of the Policy. If the resource has a valid status, it means it has been validated and accepted by the Ingress Controller. jsonPath: .status.state name: State type: string - jsonPath: .metadata.creationTimestamp name: Age type: date name: v1 schema: openAPIV3Schema: description: Policy defines a Policy for VirtualServer and VirtualServerRoute resources. type: object properties: apiVersion: description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' type: string kind: description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' type: string metadata: type: object spec: description: PolicySpec is the spec of the Policy resource. The spec includes multiple fields, where each field represents a different policy. Only one policy (field) is allowed. type: object properties: accessControl: description: 'AccessControl defines an access policy based on the source IP of a request. policy status: production-ready' type: object properties: allow: type: array items: type: string deny: type: array items: type: string egressMTLS: description: 'EgressMTLS defines an Egress MTLS policy. policy status: preview' type: object properties: ciphers: type: string protocols: type: string serverName: type: boolean sessionReuse: type: boolean sslName: type: string tlsSecret: type: string trustedCertSecret: type: string verifyDepth: type: integer verifyServer: type: boolean ingressMTLS: description: 'IngressMTLS defines an Ingress MTLS policy. policy status: preview' type: object properties: clientCertSecret: type: string verifyClient: type: string verifyDepth: type: integer jwt: description: 'JWTAuth holds JWT authentication configuration. policy status: preview' type: object properties: realm: type: string secret: type: string token: type: string oidc: description: OIDC defines an Open ID Connect policy. type: object properties: authEndpoint: type: string clientID: type: string clientSecret: type: string jwksURI: type: string redirectURI: type: string scope: type: string tokenEndpoint: type: string rateLimit: description: 'RateLimit defines a rate limit policy. policy status: preview' type: object properties: burst: type: integer delay: type: integer dryRun: type: boolean key: type: string logLevel: type: string noDelay: type: boolean rate: type: string rejectCode: type: integer zoneSize: type: string status: description: PolicyStatus is the status of the policy resource type: object properties: message: type: string reason: type: string state: type: string served: true storage: true subresources: status: {} status: acceptedNames: kind: "" plural: "" conditions: [] storedVersions: []