1---
2apiVersion: apiextensions.k8s.io/v1
3kind: CustomResourceDefinition
4metadata:
5 name: authorizationpolicies.policy.linkerd.io
6 annotations:
7 {{ include "partials.annotations.created-by" . }}
8 labels:
9 helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
10 linkerd.io/control-plane-ns: {{.Release.Namespace}}
11spec:
12 group: policy.linkerd.io
13 scope: Namespaced
14 names:
15 kind: AuthorizationPolicy
16 plural: authorizationpolicies
17 singular: authorizationpolicy
18 shortNames: [authzpolicy]
19 versions:
20 - name: v1alpha1
21 served: true
22 storage: true
23 schema:
24 openAPIV3Schema:
25 type: object
26 required: [spec]
27 properties:
28 spec:
29 description: >-
30 Authorizes clients to communicate with Linkerd-proxied server
31 resources.
32 type: object
33 required: [targetRef, requiredAuthenticationRefs]
34 properties:
35 targetRef:
36 description: >-
37 TargetRef references a resource to which the authorization
38 policy applies.
39 type: object
40 required: [kind, name]
41 # Modified from the gateway API.
42 # Copyright 2020 The Kubernetes Authors
43 properties:
44 group:
45 description: >-
46 Group is the group of the referent. When empty, the
47 Kubernetes core API group is inferred.
48 maxLength: 253
49 pattern: ^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
50 type: string
51 kind:
52 description: >-
53 Kind is the kind of the referent.
54 maxLength: 63
55 minLength: 1
56 pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$
57 type: string
58 name:
59 description: Name is the name of the referent.
60 maxLength: 253
61 minLength: 1
62 type: string
63 requiredAuthenticationRefs:
64 description: >-
65 RequiredAuthenticationRefs enumerates a set of required
66 authentications. ALL authentications must be satisfied for
67 the authorization to apply. If any of the referred objects
68 cannot be found, the authorization will be ignored.
69 type: array
70 items:
71 type: object
72 required: [kind, name]
73 properties:
74 group:
75 description: >-
76 Group is the group of the referent. When empty, the
77 Kubernetes core API group is inferred."
78 maxLength: 253
79 pattern: ^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
80 type: string
81 kind:
82 description: >-
83 Kind is the kind of the referent.
84 maxLength: 63
85 minLength: 1
86 pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$
87 type: string
88 name:
89 description: >-
90 Name is the name of the referent.
91 maxLength: 253
92 minLength: 1
93 type: string
94 namespace:
95 description: >-
96 Name is the name of the referent. When unspecified,
97 this authentication refers to the local namespace.
98 maxLength: 253
99 type: string
View as plain text