...

Text file src/github.com/linkerd/linkerd2/charts/linkerd-crds/templates/policy/authorization-policy.yaml

Documentation: github.com/linkerd/linkerd2/charts/linkerd-crds/templates/policy

     1---
     2apiVersion: apiextensions.k8s.io/v1
     3kind: CustomResourceDefinition
     4metadata:
     5  name: authorizationpolicies.policy.linkerd.io
     6  annotations:
     7    {{ include "partials.annotations.created-by" . }}
     8  labels:
     9    helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
    10    linkerd.io/control-plane-ns: {{.Release.Namespace}}
    11spec:
    12  group: policy.linkerd.io
    13  scope: Namespaced
    14  names:
    15    kind: AuthorizationPolicy
    16    plural: authorizationpolicies
    17    singular: authorizationpolicy
    18    shortNames: [authzpolicy]
    19  versions:
    20    - name: v1alpha1
    21      served: true
    22      storage: true
    23      schema:
    24        openAPIV3Schema:
    25          type: object
    26          required: [spec]
    27          properties:
    28            spec:
    29              description: >-
    30                Authorizes clients to communicate with Linkerd-proxied server
    31                resources.
    32              type: object
    33              required: [targetRef, requiredAuthenticationRefs]
    34              properties:
    35                targetRef:
    36                  description: >-
    37                    TargetRef references a resource to which the authorization
    38                    policy applies.
    39                  type: object
    40                  required: [kind, name]
    41                  # Modified from the gateway API.
    42                  # Copyright 2020 The Kubernetes Authors
    43                  properties:
    44                    group:
    45                      description: >-
    46                        Group is the group of the referent. When empty, the
    47                        Kubernetes core API group is inferred.
    48                      maxLength: 253
    49                      pattern: ^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
    50                      type: string
    51                    kind:
    52                      description: >-
    53                        Kind is the kind of the referent.
    54                      maxLength: 63
    55                      minLength: 1
    56                      pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$
    57                      type: string
    58                    name:
    59                      description: Name is the name of the referent.
    60                      maxLength: 253
    61                      minLength: 1
    62                      type: string
    63                requiredAuthenticationRefs:
    64                  description: >-
    65                    RequiredAuthenticationRefs enumerates a set of required
    66                    authentications. ALL authentications must be satisfied for
    67                    the authorization to apply. If any of the referred objects
    68                    cannot be found, the authorization will be ignored.
    69                  type: array
    70                  items:
    71                    type: object
    72                    required: [kind, name]
    73                    properties:
    74                      group:
    75                        description: >-
    76                          Group is the group of the referent. When empty, the
    77                          Kubernetes core API group is inferred."
    78                        maxLength: 253
    79                        pattern: ^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
    80                        type: string
    81                      kind:
    82                        description: >-
    83                          Kind is the kind of the referent.
    84                        maxLength: 63
    85                        minLength: 1
    86                        pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$
    87                        type: string
    88                      name:
    89                        description: >-
    90                          Name is the name of the referent.
    91                        maxLength: 253
    92                        minLength: 1
    93                        type: string
    94                      namespace:
    95                        description: >-
    96                          Name is the name of the referent. When unspecified,
    97                          this authentication refers to the local namespace.
    98                        maxLength: 253
    99                        type: string

View as plain text