1---
2apiVersion: apiextensions.k8s.io/v1
3kind: CustomResourceDefinition
4metadata:
5 name: meshtlsauthentications.policy.linkerd.io
6 annotations:
7 {{ include "partials.annotations.created-by" . }}
8 labels:
9 helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
10 linkerd.io/control-plane-ns: {{.Release.Namespace}}
11spec:
12 group: policy.linkerd.io
13 scope: Namespaced
14 names:
15 kind: MeshTLSAuthentication
16 plural: meshtlsauthentications
17 singular: meshtlsauthentication
18 shortNames: [meshtlsauthn]
19 versions:
20 - name: v1alpha1
21 served: true
22 storage: true
23 schema:
24 openAPIV3Schema:
25 type: object
26 required: [spec]
27 properties:
28 spec:
29 description: >-
30 MeshTLSAuthentication defines a list of authenticated client IDs
31 to be referenced by an `AuthorizationPolicy`. If a client
32 connection has the mutually-authenticated identity that matches
33 ANY of the of the provided identities, the connection is
34 considered authenticated.
35 type: object
36 oneOf:
37 - required: [identities]
38 - required: [identityRefs]
39 properties:
40 identities:
41 description: >-
42 Authorizes clients with the provided proxy identity strings
43 (as provided via MTLS)
44
45 The `*` prefix can be used to match all identities in
46 a domain. An identity string of `*` indicates that
47 all authentication clients are authorized.
48 type: array
49 minItems: 1
50 items:
51 type: string
52 identityRefs:
53 type: array
54 minItems: 1
55 items:
56 type: object
57 required:
58 - kind
59 properties:
60 group:
61 description: >-
62 Group is the group of the referent. When empty, the
63 Kubernetes core API group is inferred."
64 maxLength: 253
65 pattern: ^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
66 type: string
67 kind:
68 description: >-
69 Kind is the kind of the referent.
70 maxLength: 63
71 minLength: 1
72 pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$
73 type: string
74 name:
75 description: >-
76 Name is the name of the referent. When unspecified,
77 this refers to all resources of the specified Group
78 and Kind in the specified namespace.
79 maxLength: 253
80 minLength: 1
81 type: string
82 namespace:
83 description: >-
84 Name is the name of the referent. When unspecified,
85 this authentication refers to the local namespace.
86 maxLength: 253
87 type: string
View as plain text