194 lines
8.0 KiB
Io
194 lines
8.0 KiB
Io
---
|
|
#
|
|
# config/crd/standard/gateway.networking.k8s.io_referencegrants.yaml
|
|
#
|
|
apiVersion: apiextensions.k8s.io/v1
|
|
kind: CustomResourceDefinition
|
|
metadata:
|
|
annotations:
|
|
api-approved.kubernetes.io: https://github.com/kubernetes-sigs/gateway-api/pull/3328
|
|
gateway.networking.k8s.io/bundle-version: v1.4.0
|
|
gateway.networking.k8s.io/channel: standard
|
|
name: referencegrants.gateway.networking.k8s.io
|
|
spec:
|
|
group: gateway.networking.k8s.io
|
|
names:
|
|
categories:
|
|
- gateway-api
|
|
kind: ReferenceGrant
|
|
listKind: ReferenceGrantList
|
|
plural: referencegrants
|
|
shortNames:
|
|
- refgrant
|
|
singular: referencegrant
|
|
scope: Namespaced
|
|
versions:
|
|
- additionalPrinterColumns:
|
|
- jsonPath: .metadata.creationTimestamp
|
|
name: Age
|
|
type: date
|
|
name: v1beta1
|
|
schema:
|
|
openAPIV3Schema:
|
|
description: |-
|
|
ReferenceGrant identifies kinds of resources in other namespaces that are
|
|
trusted to reference the specified kinds of resources in the same namespace
|
|
as the policy.
|
|
|
|
Each ReferenceGrant can be used to represent a unique trust relationship.
|
|
Additional Reference Grants can be used to add to the set of trusted
|
|
sources of inbound references for the namespace they are defined within.
|
|
|
|
All cross-namespace references in Gateway API (with the exception of cross-namespace
|
|
Gateway-route attachment) require a ReferenceGrant.
|
|
|
|
ReferenceGrant is a form of runtime verification allowing users to assert
|
|
which cross-namespace object references are permitted. Implementations that
|
|
support ReferenceGrant MUST NOT permit cross-namespace references which have
|
|
no grant, and MUST respond to the removal of a grant by revoking the access
|
|
that the grant allowed.
|
|
properties:
|
|
apiVersion:
|
|
description: |-
|
|
APIVersion defines the versioned schema of this representation of an object.
|
|
Servers should convert recognized schemas to the latest internal value, and
|
|
may reject unrecognized values.
|
|
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
|
|
type: string
|
|
kind:
|
|
description: |-
|
|
Kind is a string value representing the REST resource this object represents.
|
|
Servers may infer this from the endpoint the client submits requests to.
|
|
Cannot be updated.
|
|
In CamelCase.
|
|
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
|
|
type: string
|
|
metadata:
|
|
type: object
|
|
spec:
|
|
description: Spec defines the desired state of ReferenceGrant.
|
|
properties:
|
|
from:
|
|
description: |-
|
|
From describes the trusted namespaces and kinds that can reference the
|
|
resources described in "To". Each entry in this list MUST be considered
|
|
to be an additional place that references can be valid from, or to put
|
|
this another way, entries MUST be combined using OR.
|
|
|
|
Support: Core
|
|
items:
|
|
description: ReferenceGrantFrom describes trusted namespaces and kinds.
|
|
properties:
|
|
group:
|
|
description: |-
|
|
Group is the group of the referent.
|
|
When empty, the Kubernetes core API group is inferred.
|
|
|
|
Support: Core
|
|
maxLength: 253
|
|
pattern: ^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
|
|
type: string
|
|
kind:
|
|
description: |-
|
|
Kind is the kind of the referent. Although implementations may support
|
|
additional resources, the following types are part of the "Core"
|
|
support level for this field.
|
|
|
|
When used to permit a SecretObjectReference:
|
|
|
|
* Gateway
|
|
|
|
When used to permit a BackendObjectReference:
|
|
|
|
* GRPCRoute
|
|
* HTTPRoute
|
|
* TCPRoute
|
|
* TLSRoute
|
|
* UDPRoute
|
|
maxLength: 63
|
|
minLength: 1
|
|
pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$
|
|
type: string
|
|
namespace:
|
|
description: |-
|
|
Namespace is the namespace of the referent.
|
|
|
|
Support: Core
|
|
maxLength: 63
|
|
minLength: 1
|
|
pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
|
|
type: string
|
|
required:
|
|
- group
|
|
- kind
|
|
- namespace
|
|
type: object
|
|
maxItems: 16
|
|
minItems: 1
|
|
type: array
|
|
x-kubernetes-list-type: atomic
|
|
to:
|
|
description: |-
|
|
To describes the resources that may be referenced by the resources
|
|
described in "From". Each entry in this list MUST be considered to be an
|
|
additional place that references can be valid to, or to put this another
|
|
way, entries MUST be combined using OR.
|
|
|
|
Support: Core
|
|
items:
|
|
description: |-
|
|
ReferenceGrantTo describes what Kinds are allowed as targets of the
|
|
references.
|
|
properties:
|
|
group:
|
|
description: |-
|
|
Group is the group of the referent.
|
|
When empty, the Kubernetes core API group is inferred.
|
|
|
|
Support: Core
|
|
maxLength: 253
|
|
pattern: ^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
|
|
type: string
|
|
kind:
|
|
description: |-
|
|
Kind is the kind of the referent. Although implementations may support
|
|
additional resources, the following types are part of the "Core"
|
|
support level for this field:
|
|
|
|
* Secret when used to permit a SecretObjectReference
|
|
* Service when used to permit a BackendObjectReference
|
|
maxLength: 63
|
|
minLength: 1
|
|
pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$
|
|
type: string
|
|
name:
|
|
description: |-
|
|
Name is the name of the referent. When unspecified, this policy
|
|
refers to all resources of the specified Group and Kind in the local
|
|
namespace.
|
|
maxLength: 253
|
|
minLength: 1
|
|
type: string
|
|
required:
|
|
- group
|
|
- kind
|
|
type: object
|
|
maxItems: 16
|
|
minItems: 1
|
|
type: array
|
|
x-kubernetes-list-type: atomic
|
|
required:
|
|
- from
|
|
- to
|
|
type: object
|
|
type: object
|
|
served: true
|
|
storage: true
|
|
subresources: {}
|
|
status:
|
|
acceptedNames:
|
|
kind: ""
|
|
plural: ""
|
|
conditions: null
|
|
storedVersions: null
|