215 lines
10 KiB
YAML
215 lines
10 KiB
YAML
|
|
---
|
|
apiVersion: apiextensions.k8s.io/v1
|
|
kind: CustomResourceDefinition
|
|
metadata:
|
|
annotations:
|
|
controller-gen.kubebuilder.io/version: v0.7.0
|
|
creationTimestamp: null
|
|
name: slicerolebindings.networking.kubeslice.io
|
|
spec:
|
|
group: networking.kubeslice.io
|
|
names:
|
|
kind: SliceRoleBinding
|
|
listKind: SliceRoleBindingList
|
|
plural: slicerolebindings
|
|
singular: slicerolebinding
|
|
scope: Namespaced
|
|
versions:
|
|
- name: v1alpha1
|
|
schema:
|
|
openAPIV3Schema:
|
|
description: SliceRoleBinding is the Schema for the slicerolebindings API
|
|
properties:
|
|
apiVersion:
|
|
description: 'APIVersion defines the versioned schema of this representation
|
|
of an object. Servers should convert recognized schemas to the latest
|
|
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
|
|
type: string
|
|
kind:
|
|
description: 'Kind is a string value representing the REST resource this
|
|
object represents. Servers may infer this from the endpoint the client
|
|
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
|
|
type: string
|
|
metadata:
|
|
type: object
|
|
spec:
|
|
description: SliceRoleBindingSpec defines the desired state of SliceRoleBinding
|
|
type: object
|
|
status:
|
|
properties:
|
|
roleRefCondition:
|
|
properties:
|
|
condition:
|
|
description: Condition defines conditions of the RoleRef, one
|
|
of INVALID_RULE, INVALID_ROLE_BINDING.
|
|
type: string
|
|
lastUpdateTime:
|
|
description: The last time this condition was updated.
|
|
format: date-time
|
|
type: string
|
|
message:
|
|
description: A human readable message indicating details about
|
|
the transition.
|
|
type: string
|
|
reason:
|
|
description: The reason for the condition's last transition.
|
|
type: string
|
|
roleRef:
|
|
description: Name, APIGroup and Kind of the RoleRef
|
|
properties:
|
|
apiVersion:
|
|
description: 'APIVersion defines the versioned schema of this
|
|
representation of an object. Servers should convert recognized
|
|
schemas to the latest internal value, and may reject unrecognized
|
|
values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
|
|
type: string
|
|
kind:
|
|
description: Kind is the type of resource being referenced
|
|
type: string
|
|
name:
|
|
description: Name is the name of resource being referenced
|
|
type: string
|
|
required:
|
|
- apiVersion
|
|
- kind
|
|
- name
|
|
type: object
|
|
status:
|
|
description: Status of the condition, one of True, False, Unknown.
|
|
type: string
|
|
required:
|
|
- condition
|
|
- lastUpdateTime
|
|
- reason
|
|
- roleRef
|
|
- status
|
|
type: object
|
|
sliceRbConfig:
|
|
description: RoleBindingConfig references a role, but does not contain
|
|
it.
|
|
properties:
|
|
applyTo:
|
|
description: ApplyTo contains information about the namespace
|
|
and the Subjects.
|
|
items:
|
|
description: ApplyTo contains information about the namespace
|
|
and the Subjects. It adds who information via Subjects and
|
|
namespace information by which namespace it exists in.
|
|
properties:
|
|
namespace:
|
|
description: Namespace of the referenced object. If the
|
|
object kind is non-namespace, such as "User" or "Group",
|
|
and this value is not empty the Authorizer should report
|
|
an error. '*' Represents all namespaces
|
|
type: string
|
|
subjects:
|
|
description: Subjects holds references to the objects the
|
|
role applies to.
|
|
items:
|
|
description: Subject contains a reference to the object
|
|
or user identities a role binding applies to. This
|
|
can either hold a direct API object reference, or a
|
|
value for non-objects such as user and group names.
|
|
properties:
|
|
apiGroup:
|
|
description: APIGroup holds the API group of the referenced
|
|
subject. Defaults to "" for ServiceAccount subjects.
|
|
Defaults to "rbac.authorization.k8s.io" for User
|
|
and Group subjects.
|
|
type: string
|
|
kind:
|
|
description: Kind of object being referenced. Values
|
|
defined by this API group are "User", "Group", and
|
|
"ServiceAccount". If the Authorizer does not recognized
|
|
the kind value, the Authorizer should report an
|
|
error.
|
|
type: string
|
|
name:
|
|
description: Name of the object being referenced.
|
|
type: string
|
|
namespace:
|
|
description: Namespace of the referenced object. If
|
|
the object kind is non-namespace, such as "User"
|
|
or "Group", and this value is not empty the Authorizer
|
|
should report an error.
|
|
type: string
|
|
required:
|
|
- kind
|
|
- name
|
|
type: object
|
|
type: array
|
|
type: object
|
|
type: array
|
|
roleRefName:
|
|
description: Name of the RoleRef
|
|
type: string
|
|
rules:
|
|
description: PolicyRule holds information that describes a policy
|
|
rule
|
|
items:
|
|
description: PolicyRule holds information that describes a policy
|
|
rule, but does not contain information about who the rule
|
|
applies to or which namespace the rule applies to.
|
|
properties:
|
|
apiGroups:
|
|
description: APIGroups is the name of the APIGroup that
|
|
contains the resources. If multiple API groups are specified,
|
|
any action requested against one of the enumerated resources
|
|
in any API group will be allowed.
|
|
items:
|
|
type: string
|
|
type: array
|
|
nonResourceURLs:
|
|
description: NonResourceURLs is a set of partial urls that
|
|
a user should have access to. *s are allowed, but only
|
|
as the full, final step in the path Since non-resource
|
|
URLs are not namespaced, this field is only applicable
|
|
for ClusterRoles referenced from a ClusterRoleBinding.
|
|
Rules can either apply to API resources (such as "pods"
|
|
or "secrets") or non-resource URL paths (such as "/api"), but
|
|
not both.
|
|
items:
|
|
type: string
|
|
type: array
|
|
resourceNames:
|
|
description: ResourceNames is an optional white list of
|
|
names that the rule applies to. An empty set means that
|
|
everything is allowed.
|
|
items:
|
|
type: string
|
|
type: array
|
|
resources:
|
|
description: Resources is a list of resources this rule
|
|
applies to. '*' represents all resources.
|
|
items:
|
|
type: string
|
|
type: array
|
|
verbs:
|
|
description: Verbs is a list of Verbs that apply to ALL
|
|
the ResourceKinds contained in this rule. '*' represents
|
|
all verbs.
|
|
items:
|
|
type: string
|
|
type: array
|
|
required:
|
|
- verbs
|
|
type: object
|
|
type: array
|
|
sliceName:
|
|
description: sliceName is the name of the slice
|
|
type: string
|
|
type: object
|
|
type: object
|
|
type: object
|
|
served: true
|
|
storage: true
|
|
subresources:
|
|
status: {}
|
|
status:
|
|
acceptedNames:
|
|
kind: ""
|
|
plural: ""
|
|
conditions: []
|
|
storedVersions: []
|