homelab/operator
1
0
Fork 0
mirror of https://github.com/morten-olsen/homelab-operator.git synced 2026-02-08 01:36:28 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
598f54581c0b6676ecab8ebc92f07d15ed3133a9
operator/src/__generated__/resources/K8SAuthorizationPolicyV1.json
Morten Olsen 757b2fcfac lot more stuff
2025-08-04 23:44:14 +02:00

463 lines
16 KiB
JSON
Raw Blame History

{
"properties": {
"spec": {
"description": "Configuration for access control on workloads. See more details at: https://istio.io/docs/reference/config/security/authorization-policy.html",
"oneOf": [
{
"not": {
"anyOf": [
{
"required": [
"provider"
]
}
]
}
},
{
"required": [
"provider"
]
}
],
"properties": {
"action": {
"description": "Optional.\n\nValid Options: ALLOW, DENY, AUDIT, CUSTOM",
"_enum": [
"ALLOW",
"DENY",
"AUDIT",
"CUSTOM"
],
"type": "string"
},
"provider": {
"description": "Specifies detailed configuration of the CUSTOM action.",
"properties": {
"name": {
"description": "Specifies the name of the extension provider.",
"type": "string"
}
},
"type": "object"
},
"rules": {
"description": "Optional.",
"items": {
"type": "object",
"properties": {
"from": {
"description": "Optional.",
"type": "array",
"items": {
"type": "object",
"properties": {
"source": {
"description": "Source specifies the source of a request.",
"type": "object",
"properties": {
"ipBlocks": {
"description": "Optional.",
"type": "array",
"items": {
"type": "string"
}
},
"namespaces": {
"description": "Optional.",
"type": "array",
"items": {
"type": "string"
}
},
"notIpBlocks": {
"description": "Optional.",
"type": "array",
"items": {
"type": "string"
}
},
"notNamespaces": {
"description": "Optional.",
"type": "array",
"items": {
"type": "string"
}
},
"notPrincipals": {
"description": "Optional.",
"type": "array",
"items": {
"type": "string"
}
},
"notRemoteIpBlocks": {
"description": "Optional.",
"type": "array",
"items": {
"type": "string"
}
},
"notRequestPrincipals": {
"description": "Optional.",
"type": "array",
"items": {
"type": "string"
}
},
"principals": {
"description": "Optional.",
"type": "array",
"items": {
"type": "string"
}
},
"remoteIpBlocks": {
"description": "Optional.",
"type": "array",
"items": {
"type": "string"
}
},
"requestPrincipals": {
"description": "Optional.",
"type": "array",
"items": {
"type": "string"
}
}
}
}
}
}
},
"to": {
"description": "Optional.",
"type": "array",
"items": {
"type": "object",
"properties": {
"operation": {
"description": "Operation specifies the operation of a request.",
"type": "object",
"properties": {
"hosts": {
"description": "Optional.",
"type": "array",
"items": {
"type": "string"
}
},
"methods": {
"description": "Optional.",
"type": "array",
"items": {
"type": "string"
}
},
"notHosts": {
"description": "Optional.",
"type": "array",
"items": {
"type": "string"
}
},
"notMethods": {
"description": "Optional.",
"type": "array",
"items": {
"type": "string"
}
},
"notPaths": {
"description": "Optional.",
"type": "array",
"items": {
"type": "string"
}
},
"notPorts": {
"description": "Optional.",
"type": "array",
"items": {
"type": "string"
}
},
"paths": {
"description": "Optional.",
"type": "array",
"items": {
"type": "string"
}
},
"ports": {
"description": "Optional.",
"type": "array",
"items": {
"type": "string"
}
}
}
}
}
}
},
"when": {
"description": "Optional.",
"type": "array",
"items": {
"type": "object",
"required": [
"key"
],
"properties": {
"key": {
"description": "The name of an Istio attribute.",
"type": "string"
},
"notValues": {
"description": "Optional.",
"type": "array",
"items": {
"type": "string"
}
},
"values": {
"description": "Optional.",
"type": "array",
"items": {
"type": "string"
}
}
}
}
}
}
},
"type": "array"
},
"selector": {
"description": "Optional.",
"properties": {
"matchLabels": {
"additionalProperties": {
"type": "string",
"maxLength": 63,
"x-kubernetes-validations": [
{
"rule": "!self.contains('*')",
"message": "wildcard not allowed in label value match"
}
]
},
"description": "One or more labels that indicate a specific set of pods/VMs on which a policy should be applied.",
"maxProperties": 4096,
"type": "object",
"x_kubernetes_validations": [
{
"message": "wildcard not allowed in label key match",
"rule": "self.all(key, !key.contains('*'))"
},
{
"message": "key must not be empty",
"rule": "self.all(key, key.size() != 0)"
}
]
}
},
"type": "object"
},
"targetRef": {
"properties": {
"group": {
"description": "group is the group of the target resource.",
"maxLength": 253,
"pattern": "^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$",
"type": "string"
},
"kind": {
"description": "kind is kind of the target resource.",
"maxLength": 63,
"minLength": 1,
"pattern": "^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$",
"type": "string"
},
"name": {
"description": "name is the name of the target resource.",
"maxLength": 253,
"minLength": 1,
"type": "string"
},
"namespace": {
"description": "namespace is the namespace of the referent.",
"type": "string",
"x_kubernetes_validations": [
{
"message": "cross namespace referencing is not currently supported",
"rule": "self.size() == 0"
}
]
}
},
"required": [
"kind",
"name"
],
"type": "object",
"x_kubernetes_validations": [
{
"message": "Support kinds are core/Service, networking.istio.io/ServiceEntry, gateway.networking.k8s.io/Gateway",
"rule": "[self.group, self.kind] in [['core','Service'], ['','Service'], ['gateway.networking.k8s.io','Gateway'], ['networking.istio.io','ServiceEntry']]"
}
]
},
"targetRefs": {
"description": "Optional.",
"items": {
"type": "object",
"required": [
"kind",
"name"
],
"properties": {
"group": {
"description": "group is the group of the target resource.",
"type": "string",
"maxLength": 253,
"pattern": "^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$"
},
"kind": {
"description": "kind is kind of the target resource.",
"type": "string",
"maxLength": 63,
"minLength": 1,
"pattern": "^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$"
},
"name": {
"description": "name is the name of the target resource.",
"type": "string",
"maxLength": 253,
"minLength": 1
},
"namespace": {
"description": "namespace is the namespace of the referent.",
"type": "string",
"x-kubernetes-validations": [
{
"rule": "self.size() == 0",
"message": "cross namespace referencing is not currently supported"
}
]
}
},
"x-kubernetes-validations": [
{
"rule": "[self.group, self.kind] in [['core','Service'], ['','Service'], ['gateway.networking.k8s.io','Gateway'], ['networking.istio.io','ServiceEntry']]",
"message": "Support kinds are core/Service, networking.istio.io/ServiceEntry, gateway.networking.k8s.io/Gateway"
}
]
},
"maxItems": 16,
"type": "array"
}
},
"type": "object",
"x_kubernetes_validations": [
{
"message": "only one of targetRefs or selector can be set",
"rule": "(has(self.selector)?1:0)+(has(self.targetRef)?1:0)+(has(self.targetRefs)?1:0)<=1"
}
]
},
"status": {
"properties": {
"conditions": {
"description": "Current service state of the resource.",
"items": {
"type": "object",
"properties": {
"lastProbeTime": {
"description": "Last time we probed the condition.",
"type": "string",
"format": "date-time"
},
"lastTransitionTime": {
"description": "Last time the condition transitioned from one status to another.",
"type": "string",
"format": "date-time"
},
"message": {
"description": "Human-readable message indicating details about last transition.",
"type": "string"
},
"reason": {
"description": "Unique, one-word, CamelCase reason for the condition's last transition.",
"type": "string"
},
"status": {
"description": "Status is the status of the condition.",
"type": "string"
},
"type": {
"description": "Type is the type of the condition.",
"type": "string"
}
}
},
"type": "array"
},
"observedGeneration": {
"anyOf": [
{
"type": "integer"
},
{
"type": "string"
}
],
"description": "Resource Generation to which the Reconciled Condition refers.",
"x_kubernetes_int_or_string": true
},
"validationMessages": {
"description": "Includes any errors or warnings detected by Istio's analyzers.",
"items": {
"type": "object",
"properties": {
"documentationUrl": {
"description": "A url pointing to the Istio documentation for this specific error type.",
"type": "string"
},
"level": {
"description": "Represents how severe a message is.\n\nValid Options: UNKNOWN, ERROR, WARNING, INFO",
"type": "string",
"enum": [
"UNKNOWN",
"ERROR",
"WARNING",
"INFO"
]
},
"type": {
"type": "object",
"properties": {
"code": {
"description": "A 7 character code matching `^IST[0-9]{4}$` intended to uniquely identify the message type.",
"type": "string"
},
"name": {
"description": "A human-readable name for the message type.",
"type": "string"
}
}
}
}
},
"type": "array"
}
},
"type": "object",
"x_kubernetes_preserve_unknown_fields": true
}
},
"type": "object"
}
Reference in New Issue View Git Blame Copy Permalink