-
Notifications
You must be signed in to change notification settings - Fork 405
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Browse files
Browse the repository at this point in the history
- Loading branch information
Showing
3 changed files
with
418 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
275 changes: 275 additions & 0 deletions
275
installation/resources/crds/api-gateway/apirules.gateway.crd.yaml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,275 @@ | ||
--- | ||
apiVersion: apiextensions.k8s.io/v1 | ||
kind: CustomResourceDefinition | ||
metadata: | ||
annotations: | ||
controller-gen.kubebuilder.io/version: v0.9.2 | ||
creationTimestamp: null | ||
name: apirules.gateway.kyma-project.io | ||
spec: | ||
group: gateway.kyma-project.io | ||
names: | ||
kind: APIRule | ||
listKind: APIRuleList | ||
plural: apirules | ||
singular: apirule | ||
scope: Namespaced | ||
preserveUnknownFields: false | ||
versions: | ||
- additionalPrinterColumns: | ||
- jsonPath: .status.APIRuleStatus.code | ||
name: Status | ||
type: string | ||
- jsonPath: .spec.host | ||
name: Host | ||
type: string | ||
name: v1beta1 | ||
schema: | ||
openAPIV3Schema: | ||
description: APIRule is the Schema for ApiRule APIs. | ||
properties: | ||
apiVersion: | ||
description: 'APIVersion defines the versioned schema of this representation | ||
of an object. Servers should convert recognized schemas to the latest | ||
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' | ||
type: string | ||
kind: | ||
description: 'Kind is a string value representing the REST resource this | ||
object represents. Servers may infer this from the endpoint the client | ||
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' | ||
type: string | ||
metadata: | ||
type: object | ||
spec: | ||
description: Defines the desired state of APIRule. | ||
properties: | ||
gateway: | ||
description: Specifies the Istio Gateway to be used. | ||
pattern: ^[0-9a-z-_]+(\/[0-9a-z-_]+|(\.[0-9a-z-_]+)*)$ | ||
type: string | ||
host: | ||
description: Specifies the URL of the exposed service. | ||
maxLength: 256 | ||
minLength: 3 | ||
pattern: ^([a-zA-Z0-9][a-zA-Z0-9-_]*\.)*[a-zA-Z0-9]*[a-zA-Z0-9-_]*[[a-zA-Z0-9]+$ | ||
type: string | ||
rules: | ||
description: Represents the array of Oathkeeper access rules to be | ||
applied. | ||
items: | ||
properties: | ||
accessStrategies: | ||
description: Specifies the list of access strategies. All strategies | ||
listed in [Oathkeeper documentation](https://www.ory.sh/docs/oathkeeper/pipeline/authn) | ||
are supported. | ||
items: | ||
description: Represents a handler that authenticates provided | ||
credentials. See the corresponding type in the oathkeeper-maester | ||
project. | ||
properties: | ||
config: | ||
description: Configures the handler. Configuration keys | ||
vary per handler. | ||
type: object | ||
x-kubernetes-preserve-unknown-fields: true | ||
properties: | ||
jwks_urls: | ||
description: Specifies the array of URLs from which Ory Oathkeeper can retrieve JSON Web Keys for validating JSON Web Token. | ||
The value must begin with either `http://`, `https://`, or `file://`. | ||
type: array | ||
items: | ||
type: string | ||
pattern: ^(http://|https://|file://).*$ | ||
trusted_issuers: | ||
description: If the **trusted_issuers** field is set, the JWT must contain a value for the claim `iss` | ||
that matches exactly (case-sensitive) one of the values of **trusted_issuers**. | ||
The value must begin with either `http://`, `https://`, or `file://`. | ||
type: array | ||
items: | ||
type: string | ||
pattern: ^(http://|https://|file://).*$ | ||
handler: | ||
description: Specifies the name of the handler. | ||
type: string | ||
required: | ||
- handler | ||
type: object | ||
minItems: 1 | ||
type: array | ||
methods: | ||
description: Represents the list of allowed HTTP request methods | ||
available for the **spec.rules.path**. | ||
items: | ||
type: string | ||
minItems: 1 | ||
type: array | ||
mutators: | ||
description: Specifies the list of [Ory Oathkeeper mutators](https://www.ory.sh/docs/oathkeeper/pipeline/mutator). | ||
items: | ||
description: Mutator represents a handler that transforms | ||
the HTTP request before forwarding it. See the corresponding | ||
in the oathkeeper-maester project. | ||
properties: | ||
config: | ||
description: Configures the handler. Configuration keys | ||
vary per handler. | ||
type: object | ||
x-kubernetes-preserve-unknown-fields: true | ||
handler: | ||
description: Specifies the name of the handler. | ||
type: string | ||
required: | ||
- handler | ||
type: object | ||
type: array | ||
path: | ||
description: Specifies the path of the exposed service. | ||
pattern: ^([0-9a-zA-Z./*()?!\\_-]+) | ||
type: string | ||
service: | ||
description: Describes the service to expose. Overwrites the | ||
**spec** level service if defined. | ||
properties: | ||
external: | ||
description: Specifies if the service is internal (in cluster) | ||
or external. | ||
type: boolean | ||
name: | ||
description: Specifies the name of the exposed service. | ||
type: string | ||
namespace: | ||
description: Specifies the Namespace of the exposed service. | ||
If not defined, it defaults to the APIRule Namespace. | ||
pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ | ||
type: string | ||
port: | ||
description: Specifies the communication port of the exposed | ||
service. | ||
format: int32 | ||
maximum: 65535 | ||
minimum: 1 | ||
type: integer | ||
required: | ||
- name | ||
- port | ||
type: object | ||
timeout: | ||
description: Specifies the timeout, in seconds, for | ||
HTTP requests made to **spec.rules.path**. The maximum timeout is limited | ||
to 3900 seconds (65 minutes). Timeout definitions set at this level | ||
take precedence over any timeout defined at the **spec.timeout** level. | ||
maximum: 3900 | ||
minimum: 1 | ||
type: integer | ||
required: | ||
- accessStrategies | ||
- methods | ||
- path | ||
type: object | ||
minItems: 1 | ||
type: array | ||
service: | ||
description: Describes the service to expose. | ||
properties: | ||
external: | ||
description: Specifies if the service is internal (in cluster) | ||
or external. | ||
type: boolean | ||
name: | ||
description: Specifies the name of the exposed service. | ||
type: string | ||
namespace: | ||
description: Specifies the Namespace of the exposed service. If | ||
not defined, it defaults to the APIRule Namespace. | ||
pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ | ||
type: string | ||
port: | ||
description: Specifies the communication port of the exposed service. | ||
format: int32 | ||
maximum: 65535 | ||
minimum: 1 | ||
type: integer | ||
required: | ||
- name | ||
- port | ||
type: object | ||
timeout: | ||
description: Specifies the timeout, in seconds, for HTTP requests for all Oathkeeper access rules. | ||
However, this value can be overridden for each individual rule. | ||
The maximum timeout is limited to 3900 seconds (65 minutes). | ||
If no timeout is specified, the default timeout of 180 seconds applies. | ||
maximum: 3900 | ||
minimum: 1 | ||
type: integer | ||
required: | ||
- gateway | ||
- host | ||
- rules | ||
type: object | ||
status: | ||
description: Describes the observed state of ApiRule. | ||
properties: | ||
APIRuleStatus: | ||
description: Describes the status of APIRule. | ||
properties: | ||
code: | ||
description: Status code describing APIRule. | ||
type: string | ||
desc: | ||
description: Explains the status of APIRule. | ||
type: string | ||
type: object | ||
accessRuleStatus: | ||
description: Describes the status of ORY Oathkeeper Rule. | ||
properties: | ||
code: | ||
description: Status code describing ORY Oathkeeper Rule. | ||
type: string | ||
desc: | ||
description: Explains the status of ORY Oathkeeper Rule. | ||
type: string | ||
type: object | ||
authorizationPolicyStatus: | ||
description: Describes the status of the Istio Authorization Policy subresource. | ||
properties: | ||
code: | ||
description: Status code describing the Istio Authorization Policy subresource. | ||
type: string | ||
desc: | ||
description: Explains the status of the Istio Authorization Policy subresource. | ||
type: string | ||
type: object | ||
lastProcessedTime: | ||
description: Indicates the timestamp when the API Gateway controller last processed APIRule. | ||
format: date-time | ||
type: string | ||
observedGeneration: | ||
description: Specifies the generation of the resource that was observed by the API Gateway controller. | ||
format: int64 | ||
type: integer | ||
requestAuthenticationStatus: | ||
description: Describes the status of the Istio Request Authentication subresource. | ||
properties: | ||
code: | ||
description: Status code describing the state of the Istio Authorization Policy subresource. | ||
type: string | ||
desc: | ||
description: Explains the status of the Istio Request Authentication subresource. | ||
type: string | ||
type: object | ||
virtualServiceStatus: | ||
description: Describes the status of Istio VirtualService. | ||
properties: | ||
code: | ||
description: Status code describing Istio VirtualService. | ||
type: string | ||
desc: | ||
description: Explains the status of Istio VirtualService. | ||
type: string | ||
type: object | ||
type: object | ||
type: object | ||
served: true | ||
storage: true | ||
subresources: | ||
status: {} |
Oops, something went wrong.