109 lines
4.6 KiB
YAML
109 lines
4.6 KiB
YAML
|
apiVersion: apiextensions.k8s.io/v1
|
||
|
|
kind: CustomResourceDefinition
|
||
|
|
metadata:
|
||
|
|
annotations:
|
||
|
|
controller-gen.kubebuilder.io/version: v0.15.0
|
||
|
|
labels:
|
||
|
|
app.kubernetes.io/name: airlock-microgateway-operator
|
||
|
|
app.kubernetes.io/version: 4.3.0
|
||
|
|
name: identitypropagations.microgateway.airlock.com
|
||
|
|
spec:
|
||
|
|
group: microgateway.airlock.com
|
||
|
|
names:
|
||
|
|
categories:
|
||
|
|
- airlock-microgateway
|
||
|
|
kind: IdentityPropagation
|
||
|
|
listKind: IdentityPropagationList
|
||
|
|
plural: identitypropagations
|
||
|
|
singular: identitypropagation
|
||
|
|
scope: Namespaced
|
||
|
|
versions:
|
||
|
|
- additionalPrinterColumns:
|
||
|
|
- jsonPath: .metadata.creationTimestamp
|
||
|
|
name: Age
|
||
|
|
type: date
|
||
|
|
name: v1alpha1
|
||
|
|
schema:
|
||
|
|
openAPIV3Schema:
|
||
|
|
description: IdentityPropagation specifies the desired identity propagation.
|
||
|
|
properties:
|
||
|
|
apiVersion:
|
||
|
|
description: |-
|
||
|
|
APIVersion defines the versioned schema of this representation of an object.
|
||
|
|
Servers should convert recognized schemas to the latest internal value, and
|
||
|
|
may reject unrecognized values.
|
||
|
|
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
|
||
|
|
type: string
|
||
|
|
kind:
|
||
|
|
description: |-
|
||
|
|
Kind is a string value representing the REST resource this object represents.
|
||
|
|
Servers may infer this from the endpoint the client submits requests to.
|
||
|
|
Cannot be updated.
|
||
|
|
In CamelCase.
|
||
|
|
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
|
||
|
|
type: string
|
||
|
|
metadata:
|
||
|
|
type: object
|
||
|
|
spec:
|
||
|
|
description: Specification of the desired identity propagation.
|
||
|
|
properties:
|
||
|
|
header:
|
||
|
|
description: Header configures identity propagation via a request header.
|
||
|
|
properties:
|
||
|
|
name:
|
||
|
|
description: Name of the header to set.
|
||
|
|
minLength: 1
|
||
|
|
type: string
|
||
|
|
value:
|
||
|
|
description: Value to propagate to the application.
|
||
|
|
properties:
|
||
|
|
source:
|
||
|
|
description: Source from which to extract the value.
|
||
|
|
properties:
|
||
|
|
metadata:
|
||
|
|
description: Metadata specifies to extract a value from an Envoy dynamic filter metadata key.
|
||
|
|
properties:
|
||
|
|
key:
|
||
|
|
description: Key specifies the metadata key from which to load the value, e.g. `some_payload.aud`.
|
||
|
|
minLength: 1
|
||
|
|
type: string
|
||
|
|
namespace:
|
||
|
|
description: Namespace specifies the metadata namespace within which the lookup should be performed, e.g. `envoy.filters.http.jwt_authn`.
|
||
|
|
minLength: 1
|
||
|
|
type: string
|
||
|
|
required:
|
||
|
|
- key
|
||
|
|
- namespace
|
||
|
|
type: object
|
||
|
|
oidc:
|
||
|
|
description: OIDC specifies to extract a value from the result of an OpenID Connect flow.
|
||
|
|
properties:
|
||
|
|
idToken:
|
||
|
|
description: IDToken specifies to extract the value from the OpenID Connect ID Token.
|
||
|
|
properties:
|
||
|
|
claim:
|
||
|
|
description: Claim selects the JWT claim from which to extract the value.
|
||
|
|
minLength: 1
|
||
|
|
type: string
|
||
|
|
required:
|
||
|
|
- claim
|
||
|
|
type: object
|
||
|
|
required:
|
||
|
|
- idToken
|
||
|
|
type: object
|
||
|
|
type: object
|
||
|
|
required:
|
||
|
|
- source
|
||
|
|
type: object
|
||
|
|
required:
|
||
|
|
- name
|
||
|
|
- value
|
||
|
|
type: object
|
||
|
|
type: object
|
||
|
|
required:
|
||
|
|
- spec
|
||
|
|
type: object
|
||
|
|
served: true
|
||
|
|
storage: true
|
||
|
|
subresources: {}
|