This repository has been archived by the owner on Aug 25, 2021. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 385
/
Copy pathcrd-serviceintentions.yaml
232 lines (232 loc) · 11.2 KB
/
crd-serviceintentions.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
{{- if .Values.controller.enabled }}
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.6.0
creationTimestamp: null
name: serviceintentions.consul.hashicorp.com
labels:
app: {{ template "consul.name" . }}
chart: {{ template "consul.chart" . }}
heritage: {{ .Release.Service }}
release: {{ .Release.Name }}
component: crd
spec:
group: consul.hashicorp.com
names:
kind: ServiceIntentions
listKind: ServiceIntentionsList
plural: serviceintentions
singular: serviceintentions
scope: Namespaced
versions:
- additionalPrinterColumns:
- description: The sync status of the resource with Consul
jsonPath: .status.conditions[?(@.type=="Synced")].status
name: Synced
type: string
- description: The last successful synced time of the resource with Consul
jsonPath: .status.lastSyncedTime
name: Last Synced
type: date
- description: The age of the resource
jsonPath: .metadata.creationTimestamp
name: Age
type: date
name: v1alpha1
schema:
openAPIV3Schema:
description: ServiceIntentions is the Schema for the serviceintentions API
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this
object represents. Servers may infer this from the endpoint the client
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
metadata:
type: object
spec:
description: ServiceIntentionsSpec defines the desired state of ServiceIntentions
properties:
destination:
description: Destination is the intention destination that will have
the authorization granted to.
properties:
name:
description: Name is the destination of all intentions defined
in this config entry. This may be set to the wildcard character
(*) to match all services that don't otherwise have intentions
defined.
type: string
namespace:
description: Namespace specifies the namespace the config entry
will apply to. This may be set to the wildcard character (*)
to match all services in all namespaces that don't otherwise
have intentions defined.
type: string
type: object
sources:
description: Sources is the list of all intention sources and the
authorization granted to those sources. The order of this list does
not matter, but out of convenience Consul will always store this
reverse sorted by intention precedence, as that is the order that
they will be evaluated at enforcement time.
items:
properties:
action:
description: Action is required for an L4 intention, and should
be set to one of "allow" or "deny" for the action that should
be taken if this intention matches a request.
type: string
description:
description: Description for the intention. This is not used
by Consul, but is presented in API responses to assist tooling.
type: string
name:
description: Name is the source of the intention. This is the
name of a Consul service. The service doesn't need to be registered.
type: string
namespace:
description: Namespace is the namespace for the Name parameter.
type: string
permissions:
description: Permissions is the list of all additional L7 attributes
that extend the intention match criteria. Permission precedence
is applied top to bottom. For any given request the first
permission to match in the list is terminal and stops further
evaluation. As with L4 intentions, traffic that fails to match
any of the provided permissions in this intention will be
subject to the default intention behavior is defined by the
default ACL policy. This should be omitted for an L4 intention
as it is mutually exclusive with the Action field.
items:
properties:
action:
description: Action is one of "allow" or "deny" for the
action that should be taken if this permission matches
a request.
type: string
http:
description: HTTP is a set of HTTP-specific authorization
criteria.
properties:
header:
description: Header is a set of criteria that can
match on HTTP request headers. If more than one
is configured all must match for the overall match
to apply.
items:
properties:
exact:
description: Exact matches if the header with
the given name is this value.
type: string
invert:
description: Invert inverts the logic of the
match.
type: boolean
name:
description: Name is the name of the header
to match.
type: string
prefix:
description: Prefix matches if the header with
the given name has this prefix.
type: string
present:
description: Present matches if the header with
the given name is present with any value.
type: boolean
regex:
description: Regex matches if the header with
the given name matches this pattern.
type: string
suffix:
description: Suffix matches if the header with
the given name has this suffix.
type: string
type: object
type: array
methods:
description: Methods is a list of HTTP methods for
which this match applies. If unspecified all HTTP
methods are matched. If provided the names must
be a valid method.
items:
type: string
type: array
pathExact:
description: PathExact is the exact path to match
on the HTTP request path.
type: string
pathPrefix:
description: PathPrefix is the path prefix to match
on the HTTP request path.
type: string
pathRegex:
description: PathRegex is the regular expression to
match on the HTTP request path.
type: string
type: object
type: object
type: array
type: object
type: array
type: object
status:
properties:
conditions:
description: Conditions indicate the latest available observations
of a resource's current state.
items:
description: 'Conditions define a readiness condition for a Consul
resource. See: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#typical-status-properties'
properties:
lastTransitionTime:
description: LastTransitionTime is the last time the condition
transitioned from one status to another.
format: date-time
type: string
message:
description: A human readable message indicating details about
the transition.
type: string
reason:
description: The reason for the condition's last transition.
type: string
status:
description: Status of the condition, one of True, False, Unknown.
type: string
type:
description: Type of condition.
type: string
required:
- status
- type
type: object
type: array
lastSyncedTime:
description: LastSyncedTime is the last time the resource successfully
synced with Consul.
format: date-time
type: string
type: object
type: object
served: true
storage: true
subresources:
status: {}
status:
acceptedNames:
kind: ""
plural: ""
conditions: []
storedVersions: []
{{- end }}