alexlebens/infrastructure
1
0
Fork 0
Code Issues 1 Pull Requests 2 Actions Activity

Automated Manifest Update (#2259)

Browse Source 
This PR contains newly rendered Kubernetes manifests automatically generated by the CI workflow.

Reviewed-on: #2259
Co-authored-by: gitea-bot <gitea-bot@alexlebens.net>
Co-committed-by: gitea-bot <gitea-bot@alexlebens.net>
This commit was merged in pull request #2259.
This commit is contained in:
gitea-bot
2025-12-04 21:47:46 +00:00
committed by Alex Lebens
parent d008c08479
commit 7a96d06727
2100 changed files with 365994 additions and 380674 deletions
Download Patch File Download Diff File Expand all files Collapse all files

169
clusters/cl01tl/manifests/traefik/CustomResourceDefinition-apiauths.hub.traefik.io.yaml Normal file
View File

@@ -0,0 +1,169 @@
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.17.1
name: apiauths.hub.traefik.io
spec:
group: hub.traefik.io
names:
kind: APIAuth
listKind: APIAuthList
plural: apiauths
singular: apiauth
scope: Namespaced
versions:
- name: v1alpha1
schema:
openAPIV3Schema:
description: APIAuth defines the authentication configuration for APIs.
properties:
apiVersion:
description: |-
APIVersion defines the versioned schema of this representation of an object.
Servers should convert recognized schemas to the latest internal value, and
may reject unrecognized values.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
type: string
kind:
description: |-
Kind is a string value representing the REST resource this object represents.
Servers may infer this from the endpoint the client submits requests to.
Cannot be updated.
In CamelCase.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
type: string
metadata:
type: object
spec:
description: The desired behavior of this APIAuth.
properties:
apiKey:
description: APIKey configures API key authentication.
type: object
x-kubernetes-preserve-unknown-fields: true
isDefault:
description: |-
IsDefault specifies if this APIAuth should be used as the default API authentication method for the namespace.
Only one APIAuth per namespace should have isDefault set to true.
type: boolean
jwt:
description: JWT configures JWT authentication.
properties:
appIdClaim:
description: |-
AppIDClaim is the name of the claim holding the identifier of the application.
This field is sometimes named `client_id`.
type: string
forwardHeaders:
additionalProperties:
type: string
description: ForwardHeaders specifies additional headers to forward with the request.
type: object
jwksFile:
description: JWKSFile contains the JWKS file content for JWT verification.
type: string
jwksUrl:
description: JWKSURL is the URL to fetch the JWKS for JWT verification.
type: string
x-kubernetes-validations:
- message: must be a valid URL
rule: isURL(self)
publicKey:
description: PublicKey is the PEM-encoded public key for JWT verification.
type: string
signingSecretName:
description: |-
SigningSecretName is the name of the Kubernetes Secret containing the signing secret.
The secret must be of type Opaque and contain a key named 'value'.
maxLength: 253
type: string
stripAuthorizationHeader:
description: StripAuthorizationHeader determines whether to strip the Authorization header before forwarding the request.
type: boolean
tokenNameClaim:
description: |-
TokenNameClaim is the name of the claim holding the name of the token.
This name, if provided, will be used in the metrics.
type: string
tokenQueryKey:
description: TokenQueryKey specifies the query parameter name for the JWT token.
type: string
required:
- appIdClaim
type: object
x-kubernetes-validations:
- message: exactly one of signingSecretName, publicKey, jwksFile, or jwksUrl must be specified
rule: '[has(self.signingSecretName), has(self.publicKey), has(self.jwksFile), has(self.jwksUrl)].filter(x, x).size() == 1'
ldap:
description: LDAP configures LDAP authentication.
properties:
attribute:
default: cn
description: |-
Attribute is the LDAP object attribute used to form a bind DN when sending bind queries.
The bind DN is formed as <Attribute>=<Username>,<BaseDN>.
type: string
baseDn:
description: BaseDN is the base domain name that should be used for bind and search queries.
type: string
bindDn:
description: |-
BindDN is the domain name to bind to in order to authenticate to the LDAP server when running in search mode.
If empty, an anonymous bind will be done.
type: string
bindPasswordSecretName:
description: |-
BindPasswordSecretName is the name of the Kubernetes Secret containing the password for the bind DN.
The secret must contain a key named 'password'.
maxLength: 253
type: string
certificateAuthority:
description: |-
CertificateAuthority is a PEM-encoded certificate to use to establish a connection with the LDAP server if the
connection uses TLS but that the certificate was signed by a custom Certificate Authority.
type: string
insecureSkipVerify:
description: InsecureSkipVerify controls whether the server's certificate chain and host name is verified.
type: boolean
searchFilter:
description: |-
SearchFilter is used to filter LDAP search queries.
Example: (&(objectClass=inetOrgPerson)(gidNumber=500)(uid=%s))
%s can be used as a placeholder for the username.
type: string
startTls:
description: StartTLS instructs the middleware to issue a StartTLS request when initializing the connection with the LDAP server.
type: boolean
url:
description: URL is the URL of the LDAP server, including the protocol (ldap or ldaps) and the port.
type: string
x-kubernetes-validations:
- message: must be a valid LDAP URL
rule: isURL(self) && (self.startsWith('ldap://') || self.startsWith('ldaps://'))
required:
- baseDn
- url
type: object
required:
- isDefault
type: object
x-kubernetes-validations:
- message: exactly one authentication method must be specified
rule: '[has(self.apiKey), has(self.jwt), has(self.ldap)].filter(x, x).size() == 1'
status:
description: The current status of this APIAuth.
properties:
hash:
description: Hash is a hash representing the APIAuth.
type: string
syncedAt:
format: date-time
type: string
version:
type: string
type: object
type: object
served: true
storage: true