|
| 1 | +--- |
| 2 | +apiVersion: apiextensions.k8s.io/v1 |
| 3 | +kind: CustomResourceDefinition |
| 4 | +metadata: |
| 5 | + annotations: |
| 6 | + controller-gen.kubebuilder.io/version: v0.13.0 |
| 7 | + name: securitypolicies.gateway.envoyproxy.io |
| 8 | +spec: |
| 9 | + group: gateway.envoyproxy.io |
| 10 | + names: |
| 11 | + kind: SecurityPolicy |
| 12 | + listKind: SecurityPolicyList |
| 13 | + plural: securitypolicies |
| 14 | + singular: securitypolicy |
| 15 | + scope: Namespaced |
| 16 | + versions: |
| 17 | + - additionalPrinterColumns: |
| 18 | + - jsonPath: .status.conditions[?(@.type=="Accepted")].reason |
| 19 | + name: Status |
| 20 | + type: string |
| 21 | + - jsonPath: .metadata.creationTimestamp |
| 22 | + name: Age |
| 23 | + type: date |
| 24 | + name: v1alpha1 |
| 25 | + schema: |
| 26 | + openAPIV3Schema: |
| 27 | + description: SecurityPolicy allows the user to configure various security |
| 28 | + settings for a Gateway. |
| 29 | + properties: |
| 30 | + apiVersion: |
| 31 | + description: 'APIVersion defines the versioned schema of this representation |
| 32 | + of an object. Servers should convert recognized schemas to the latest |
| 33 | + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' |
| 34 | + type: string |
| 35 | + kind: |
| 36 | + description: 'Kind is a string value representing the REST resource this |
| 37 | + object represents. Servers may infer this from the endpoint the client |
| 38 | + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' |
| 39 | + type: string |
| 40 | + metadata: |
| 41 | + type: object |
| 42 | + spec: |
| 43 | + description: Spec defines the desired state of SecurityPolicy. |
| 44 | + properties: |
| 45 | + targetRef: |
| 46 | + description: TargetRef is the name of the Gateway resource this policy |
| 47 | + is being attached to. This Policy and the TargetRef MUST be in the |
| 48 | + same namespace for this Policy to have effect and be applied to |
| 49 | + the Gateway. TargetRef |
| 50 | + properties: |
| 51 | + group: |
| 52 | + description: Group is the group of the target resource. |
| 53 | + maxLength: 253 |
| 54 | + pattern: ^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ |
| 55 | + type: string |
| 56 | + kind: |
| 57 | + description: Kind is kind of the target resource. |
| 58 | + maxLength: 63 |
| 59 | + minLength: 1 |
| 60 | + pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$ |
| 61 | + type: string |
| 62 | + name: |
| 63 | + description: Name is the name of the target resource. |
| 64 | + maxLength: 253 |
| 65 | + minLength: 1 |
| 66 | + type: string |
| 67 | + namespace: |
| 68 | + description: Namespace is the namespace of the referent. When |
| 69 | + unspecified, the local namespace is inferred. Even when policy |
| 70 | + targets a resource in a different namespace, it MUST only apply |
| 71 | + to traffic originating from the same namespace as the policy. |
| 72 | + maxLength: 63 |
| 73 | + minLength: 1 |
| 74 | + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ |
| 75 | + type: string |
| 76 | + sectionName: |
| 77 | + description: "SectionName is the name of a section within the |
| 78 | + target resource. When unspecified, this targetRef targets the |
| 79 | + entire resource. In the following resources, SectionName is |
| 80 | + interpreted as the following: \n * Gateway: Listener Name * |
| 81 | + Service: Port Name \n If a SectionName is specified, but does |
| 82 | + not exist on the targeted object, the Policy must fail to attach, |
| 83 | + and the policy implementation should record a `ResolvedRefs` |
| 84 | + or similar Condition in the Policy's status." |
| 85 | + maxLength: 253 |
| 86 | + minLength: 1 |
| 87 | + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ |
| 88 | + type: string |
| 89 | + required: |
| 90 | + - group |
| 91 | + - kind |
| 92 | + - name |
| 93 | + type: object |
| 94 | + required: |
| 95 | + - targetRef |
| 96 | + type: object |
| 97 | + status: |
| 98 | + description: Status defines the current status of SecurityPolicy. |
| 99 | + properties: |
| 100 | + conditions: |
| 101 | + description: Conditions describe the current conditions of the SecurityPolicy. |
| 102 | + items: |
| 103 | + description: "Condition contains details for one aspect of the current |
| 104 | + state of this API Resource. --- This struct is intended for direct |
| 105 | + use as an array at the field path .status.conditions. For example, |
| 106 | + \n type FooStatus struct{ // Represents the observations of a |
| 107 | + foo's current state. // Known .status.conditions.type are: \"Available\", |
| 108 | + \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge |
| 109 | + // +listType=map // +listMapKey=type Conditions []metav1.Condition |
| 110 | + `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" |
| 111 | + protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }" |
| 112 | + properties: |
| 113 | + lastTransitionTime: |
| 114 | + description: lastTransitionTime is the last time the condition |
| 115 | + transitioned from one status to another. This should be when |
| 116 | + the underlying condition changed. If that is not known, then |
| 117 | + using the time when the API field changed is acceptable. |
| 118 | + format: date-time |
| 119 | + type: string |
| 120 | + message: |
| 121 | + description: message is a human readable message indicating |
| 122 | + details about the transition. This may be an empty string. |
| 123 | + maxLength: 32768 |
| 124 | + type: string |
| 125 | + observedGeneration: |
| 126 | + description: observedGeneration represents the .metadata.generation |
| 127 | + that the condition was set based upon. For instance, if .metadata.generation |
| 128 | + is currently 12, but the .status.conditions[x].observedGeneration |
| 129 | + is 9, the condition is out of date with respect to the current |
| 130 | + state of the instance. |
| 131 | + format: int64 |
| 132 | + minimum: 0 |
| 133 | + type: integer |
| 134 | + reason: |
| 135 | + description: reason contains a programmatic identifier indicating |
| 136 | + the reason for the condition's last transition. Producers |
| 137 | + of specific condition types may define expected values and |
| 138 | + meanings for this field, and whether the values are considered |
| 139 | + a guaranteed API. The value should be a CamelCase string. |
| 140 | + This field may not be empty. |
| 141 | + maxLength: 1024 |
| 142 | + minLength: 1 |
| 143 | + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ |
| 144 | + type: string |
| 145 | + status: |
| 146 | + description: status of the condition, one of True, False, Unknown. |
| 147 | + enum: |
| 148 | + - "True" |
| 149 | + - "False" |
| 150 | + - Unknown |
| 151 | + type: string |
| 152 | + type: |
| 153 | + description: type of condition in CamelCase or in foo.example.com/CamelCase. |
| 154 | + --- Many .condition.type values are consistent across resources |
| 155 | + like Available, but because arbitrary conditions can be useful |
| 156 | + (see .node.status.conditions), the ability to deconflict is |
| 157 | + important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) |
| 158 | + maxLength: 316 |
| 159 | + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ |
| 160 | + type: string |
| 161 | + required: |
| 162 | + - lastTransitionTime |
| 163 | + - message |
| 164 | + - reason |
| 165 | + - status |
| 166 | + - type |
| 167 | + type: object |
| 168 | + maxItems: 8 |
| 169 | + type: array |
| 170 | + x-kubernetes-list-map-keys: |
| 171 | + - type |
| 172 | + x-kubernetes-list-type: map |
| 173 | + type: object |
| 174 | + required: |
| 175 | + - spec |
| 176 | + type: object |
| 177 | + served: true |
| 178 | + storage: true |
| 179 | + subresources: |
| 180 | + status: {} |
0 commit comments