...

Text file src/github.com/linkerd/linkerd2/charts/linkerd-crds/templates/policy/meshtls-authentication.yaml

Documentation: github.com/linkerd/linkerd2/charts/linkerd-crds/templates/policy

     1---
     2apiVersion: apiextensions.k8s.io/v1
     3kind: CustomResourceDefinition
     4metadata:
     5  name: meshtlsauthentications.policy.linkerd.io
     6  annotations:
     7    {{ include "partials.annotations.created-by" . }}
     8  labels:
     9    helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
    10    linkerd.io/control-plane-ns: {{.Release.Namespace}}
    11spec:
    12  group: policy.linkerd.io
    13  scope: Namespaced
    14  names:
    15    kind: MeshTLSAuthentication
    16    plural: meshtlsauthentications
    17    singular: meshtlsauthentication
    18    shortNames: [meshtlsauthn]
    19  versions:
    20    - name: v1alpha1
    21      served: true
    22      storage: true
    23      schema:
    24        openAPIV3Schema:
    25          type: object
    26          required: [spec]
    27          properties:
    28            spec:
    29              description: >-
    30                MeshTLSAuthentication defines a list of authenticated client IDs
    31                to be referenced by an `AuthorizationPolicy`. If a client
    32                connection has the mutually-authenticated identity that matches
    33                ANY of the of the provided identities, the connection is
    34                considered authenticated.
    35              type: object
    36              oneOf:
    37                - required: [identities]
    38                - required: [identityRefs]
    39              properties:
    40                identities:
    41                  description: >-
    42                    Authorizes clients with the provided proxy identity strings
    43                    (as provided via MTLS)
    44
    45                    The `*` prefix can be used to match all identities in
    46                    a domain. An identity string of `*` indicates that
    47                    all authentication clients are authorized.
    48                  type: array
    49                  minItems: 1
    50                  items:
    51                    type: string
    52                identityRefs:
    53                  type: array
    54                  minItems: 1
    55                  items:
    56                    type: object
    57                    required:
    58                      - kind
    59                    properties:
    60                      group:
    61                        description: >-
    62                          Group is the group of the referent. When empty, the
    63                          Kubernetes core API group is inferred."
    64                        maxLength: 253
    65                        pattern: ^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
    66                        type: string
    67                      kind:
    68                        description: >-
    69                          Kind is the kind of the referent.
    70                        maxLength: 63
    71                        minLength: 1
    72                        pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$
    73                        type: string
    74                      name:
    75                        description: >-
    76                          Name is the name of the referent. When unspecified,
    77                          this refers to all resources of the specified Group
    78                          and Kind in the specified namespace.
    79                        maxLength: 253
    80                        minLength: 1
    81                        type: string
    82                      namespace:
    83                        description: >-
    84                          Name is the name of the referent. When unspecified,
    85                          this authentication refers to the local namespace.
    86                        maxLength: 253
    87                        type: string

View as plain text