alexlebens/infrastructure
1
0
Fork 0
Code Issues 1 Pull Requests Actions 1 Activity

chore: Update manifests after change

Browse Source
This commit is contained in:
gitea-bot
2025-12-20 00:36:52 +00:00
parent 5be0abbb43
commit 0a1d33f0e8
20 changed files with 23 additions and 712 deletions
Download Patch File Download Diff File Expand all files Collapse all files

109
clusters/cl01tl/manifests/traefik/CustomResourceDefinition-apiauths.hub.traefik.io.yaml
View File

@@ -61,29 +61,21 @@ spec:
description: ForwardHeaders specifies additional headers to forward with the request.
type: object
jwksFile:
description: |-
JWKSFile contains the JWKS file content for JWT verification.
Mutually exclusive with SigningSecretName, PublicKey, JWKSURL, and TrustedIssuers.
description: JWKSFile contains the JWKS file content for JWT verification.
type: string
jwksUrl:
description: |-
JWKSURL is the URL to fetch the JWKS for JWT verification.
Mutually exclusive with SigningSecretName, PublicKey, JWKSFile, and TrustedIssuers.
Deprecated: Use TrustedIssuers instead for more flexible JWKS configuration with issuer validation.
description: JWKSURL is the URL to fetch the JWKS for JWT verification.
type: string
x-kubernetes-validations:
- message: must be a valid HTTPS URL
rule: isURL(self) && self.startsWith('https://')
- message: must be a valid URL
rule: isURL(self)
publicKey:
description: |-
PublicKey is the PEM-encoded public key for JWT verification.
Mutually exclusive with SigningSecretName, JWKSFile, JWKSURL, and TrustedIssuers.
description: PublicKey is the PEM-encoded public key for JWT verification.
type: string
signingSecretName:
description: |-
SigningSecretName is the name of the Kubernetes Secret containing the signing secret.
The secret must be of type Opaque and contain a key named 'value'.
Mutually exclusive with PublicKey, JWKSFile, JWKSURL, and TrustedIssuers.
maxLength: 253
type: string
stripAuthorizationHeader:
@@ -97,42 +89,12 @@ spec:
tokenQueryKey:
description: TokenQueryKey specifies the query parameter name for the JWT token.
type: string
trustedIssuers:
description: |-
TrustedIssuers defines multiple JWKS providers with optional issuer validation.
Mutually exclusive with SigningSecretName, PublicKey, JWKSFile, and JWKSURL.
items:
description: TrustedIssuer represents a trusted JWT issuer with its associated JWKS endpoint for token verification.
properties:
issuer:
description: |-
Issuer is the expected value of the "iss" claim.
If specified, tokens must have this exact issuer to be validated against this JWKS.
The issuer value must match exactly, including trailing slashes and URL encoding.
If omitted, this JWKS acts as a fallback for any issuer.
type: string
jwksUrl:
description: JWKSURL is the URL to fetch the JWKS from.
type: string
x-kubernetes-validations:
- message: must be a valid HTTPS URL
rule: isURL(self) && self.startsWith('https://')
required:
- jwksUrl
type: object
maxItems: 100
minItems: 1
type: array
required:
- appIdClaim
type: object
x-kubernetes-validations:
- message: exactly one of signingSecretName, publicKey, jwksFile, jwksUrl, or trustedIssuers must be specified
rule: '[has(self.signingSecretName), has(self.publicKey), has(self.jwksFile), has(self.jwksUrl), has(self.trustedIssuers)].filter(x, x).size() == 1'
- message: trustedIssuers must not be empty when specified
rule: '!has(self.trustedIssuers) || size(self.trustedIssuers) > 0'
- message: only one entry in trustedIssuers may omit the issuer field
rule: '!has(self.trustedIssuers) || self.trustedIssuers.filter(x, !has(x.issuer) || x.issuer == "").size() <= 1'
- message: exactly one of signingSecretName, publicKey, jwksFile, or jwksUrl must be specified
rule: '[has(self.signingSecretName), has(self.publicKey), has(self.jwksFile), has(self.jwksUrl)].filter(x, x).size() == 1'
ldap:
description: LDAP configures LDAP authentication.
properties:
@@ -192,61 +154,6 @@ spec:
status:
description: The current status of this APIAuth.
properties:
conditions:
items:
description: Condition contains details for one aspect of the current state of this API Resource.
properties:
lastTransitionTime:
description: |-
lastTransitionTime is the last time the condition transitioned from one status to another.
This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.
format: date-time
type: string
message:
description: |-
message is a human readable message indicating details about the transition.
This may be an empty string.
maxLength: 32768
type: string
observedGeneration:
description: |-
observedGeneration represents the .metadata.generation that the condition was set based upon.
For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date
with respect to the current state of the instance.
format: int64
minimum: 0
type: integer
reason:
description: |-
reason contains a programmatic identifier indicating the reason for the condition's last transition.
Producers of specific condition types may define expected values and meanings for this field,
and whether the values are considered a guaranteed API.
The value should be a CamelCase string.
This field may not be empty.
maxLength: 1024
minLength: 1
pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
type: string
status:
description: status of the condition, one of True, False, Unknown.
enum:
- "True"
- "False"
- Unknown
type: string
type:
description: type of condition in CamelCase or in foo.example.com/CamelCase.
maxLength: 316
pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
type: string
required:
- lastTransitionTime
- message
- reason
- status
- type
type: object
type: array
hash:
description: Hash is a hash representing the APIAuth.
type: string
@@ -259,5 +166,3 @@ spec:
type: object
served: true
storage: true
subresources:
status: {}