aleleba/letsEncryptKubernetes
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
d9f9d157a8
letsEncryptKubernetes/crds/k8s.nginx.org_policies.yaml

159 lines
5.8 KiB
YAML
Raw Blame History

apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.4.1
creationTimestamp: null
name: policies.k8s.nginx.org
spec:
group: k8s.nginx.org
names:
kind: Policy
listKind: PolicyList
plural: policies
shortNames:
- pol
singular: policy
scope: Namespaced
versions:
- additionalPrinterColumns:
- description: Current state of the Policy. If the resource has a valid status, it means it has been validated and accepted by the Ingress Controller.
jsonPath: .status.state
name: State
type: string
- jsonPath: .metadata.creationTimestamp
name: Age
type: date
name: v1
schema:
openAPIV3Schema:
description: Policy defines a Policy for VirtualServer and VirtualServerRoute resources.
type: object
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
metadata:
type: object
spec:
description: PolicySpec is the spec of the Policy resource. The spec includes multiple fields, where each field represents a different policy. Only one policy (field) is allowed.
type: object
properties:
accessControl:
description: 'AccessControl defines an access policy based on the source IP of a request. policy status: production-ready'
type: object
properties:
allow:
type: array
items:
type: string
deny:
type: array
items:
type: string
egressMTLS:
description: 'EgressMTLS defines an Egress MTLS policy. policy status: preview'
type: object
properties:
ciphers:
type: string
protocols:
type: string
serverName:
type: boolean
sessionReuse:
type: boolean
sslName:
type: string
tlsSecret:
type: string
trustedCertSecret:
type: string
verifyDepth:
type: integer
verifyServer:
type: boolean
ingressMTLS:
description: 'IngressMTLS defines an Ingress MTLS policy. policy status: preview'
type: object
properties:
clientCertSecret:
type: string
verifyClient:
type: string
verifyDepth:
type: integer
jwt:
description: 'JWTAuth holds JWT authentication configuration. policy status: preview'
type: object
properties:
realm:
type: string
secret:
type: string
token:
type: string
oidc:
description: OIDC defines an Open ID Connect policy.
type: object
properties:
authEndpoint:
type: string
clientID:
type: string
clientSecret:
type: string
jwksURI:
type: string
redirectURI:
type: string
scope:
type: string
tokenEndpoint:
type: string
rateLimit:
description: 'RateLimit defines a rate limit policy. policy status: preview'
type: object
properties:
burst:
type: integer
delay:
type: integer
dryRun:
type: boolean
key:
type: string
logLevel:
type: string
noDelay:
type: boolean
rate:
type: string
rejectCode:
type: integer
zoneSize:
type: string
status:
description: PolicyStatus is the status of the policy resource
type: object
properties:
message:
type: string
reason:
type: string
state:
type: string
served: true
storage: true
subresources:
status: {}
status:
acceptedNames:
kind: ""
plural: ""
conditions: []
storedVersions: []
Reference in New Issue View Git Blame Copy Permalink