Google Git
Sign in
gerrit / k8s-gerrit / 1e86329b358595a04bc5bc025f32e80f40e2e155 / . / operator / src / main / resources / crd / emissary-crds.yaml
blob: bba936f0cd409a2a34deaa21768fc5cf2eb019dc [file] [log] [blame]
# This file is downloaded from the Emissary repository on GitHub:
# https://github.com/emissary-ingress/emissary/blob/master/manifests/emissary/emissary-crds.yaml.in
#
# Several modifications have been manually made:
# 1. Only the `Mapping`, `TLSContext`, and `Host` CRDs have been kept from the source file. The source
# file defines many CRDs that are not required by this operator project so the unnecessary CRDs have
# been deleted.
# 2. `v2ExplicitTLS` field has been removed from the Mapping CRD `v3alpha1` version. This is because
# the "crd-to-java" generator plugin we use has a bug (https://github.com/fabric8io/kubernetes-client/issues/5457)
# while converting enum types and the bug is triggered by the `v2ExplicitTLS` field. This field
# may be added back in once we upgrade our fabric8 version to 6.8.x, where this bug is resolved.
# 3. `ambassador_id` property is added to `Mapping`, `TLSContext`, and `Host` CRD version `v2`, by
# copying it over from `v3`.
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.12.0
labels:
app.kubernetes.io/instance: emissary-apiext
app.kubernetes.io/managed-by: kubectl_apply_-f_emissary-apiext.yaml
app.kubernetes.io/name: emissary-apiext
app.kubernetes.io/part-of: emissary-apiext
name: mappings.getambassador.io
spec:
conversion:
strategy: Webhook
webhook:
clientConfig:
service:
name: emissary-apiext
namespace: emissary-system
conversionReviewVersions:
- v1
group: getambassador.io
names:
categories:
- ambassador-crds
kind: Mapping
listKind: MappingList
plural: mappings
singular: mapping
preserveUnknownFields: false
scope: Namespaced
versions:
- additionalPrinterColumns:
- jsonPath: .spec.host
name: Source Host
type: string
- jsonPath: .spec.prefix
name: Source Prefix
type: string
- jsonPath: .spec.service
name: Dest Service
type: string
- jsonPath: .status.state
name: State
type: string
- jsonPath: .status.reason
name: Reason
type: string
name: v1
schema:
openAPIV3Schema:
description: Mapping is the Schema for the mappings API
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this
object represents. Servers may infer this from the endpoint the client
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
metadata:
type: object
spec:
description: MappingSpec defines the desired state of Mapping
properties:
add_linkerd_headers:
type: boolean
add_request_headers:
type: object
x-kubernetes-preserve-unknown-fields: true
add_response_headers:
type: object
x-kubernetes-preserve-unknown-fields: true
allow_upgrade:
description: "A case-insensitive list of the non-HTTP protocols to
allow \"upgrading\" to from HTTP via the \"Connection: upgrade\"
mechanism[1]. After the upgrade, Ambassador does not interpret
the traffic, and behaves similarly to how it does for TCPMappings.
\n [1]: https://tools.ietf.org/html/rfc7230#section-6.7 \n For example,
if your upstream service supports WebSockets, you would write \n
allow_upgrade: - websocket \n Or if your upstream service supports
upgrading from HTTP to SPDY (as the Kubernetes apiserver does for
`kubectl exec` functionality), you would write \n allow_upgrade:
- spdy/3.1"
items:
type: string
type: array
auth_context_extensions:
additionalProperties:
type: string
type: object
auto_host_rewrite:
type: boolean
bypass_auth:
type: boolean
bypass_error_response_overrides:
description: If true, bypasses any `error_response_overrides` set
on the Ambassador module.
type: boolean
case_sensitive:
type: boolean
circuit_breakers:
items:
properties:
max_connections:
type: integer
max_pending_requests:
type: integer
max_requests:
type: integer
max_retries:
type: integer
priority:
enum:
- default
- high
type: string
type: object
type: array
cluster_idle_timeout_ms:
type: integer
cluster_max_connection_lifetime_ms:
type: integer
cluster_tag:
type: string
connect_timeout_ms:
type: integer
cors:
properties:
credentials:
type: boolean
max_age:
type: string
type: object
x-kubernetes-preserve-unknown-fields: true
dns_type:
type: string
docs:
description: DocsInfo provides some extra information about the docs
for the Mapping (used by the Dev Portal)
properties:
display_name:
type: string
ignored:
type: boolean
path:
type: string
timeout_ms:
type: integer
url:
type: string
type: object
enable_ipv4:
type: boolean
enable_ipv6:
type: boolean
envoy_override:
type: object
x-kubernetes-preserve-unknown-fields: true
error_response_overrides:
description: Error response overrides for this Mapping. Replaces all
of the `error_response_overrides` set on the Ambassador module,
if any.
items:
description: A response rewrite for an HTTP error response
properties:
body:
description: The new response body
properties:
content_type:
description: The content type to set on the error response
body when using text_format or text_format_source. Defaults
to 'text/plain'.
type: string
json_format:
additionalProperties:
type: string
description: 'A JSON response with content-type: application/json.
The values can contain format text like in text_format.'
type: object
text_format:
description: A format string representing a text response
body. Content-Type can be set using the `content_type`
field below.
type: string
text_format_source:
description: A format string sourced from a file on the
Ambassador container. Useful for larger response bodies
that should not be placed inline in configuration.
properties:
filename:
description: The name of a file on the Ambassador pod
that contains a format text string.
type: string
type: object
type: object
on_status_code:
description: The status code to match on -- not a pointer because
it's required.
maximum: 599
minimum: 400
type: integer
required:
- body
- on_status_code
type: object
minItems: 1
type: array
grpc:
type: boolean
headers:
type: object
x-kubernetes-preserve-unknown-fields: true
host:
type: string
host_redirect:
type: boolean
host_regex:
type: boolean
host_rewrite:
type: string
idle_timeout_ms:
type: integer
keepalive:
properties:
idle_time:
type: integer
interval:
type: integer
probes:
type: integer
type: object
labels:
additionalProperties:
description: A MappingLabelGroupsArray is an array of MappingLabelGroups.
I know, complex.
items:
description: 'A MappingLabelGroup is a single element of a MappingLabelGroupsArray:
a second map, where the key is a human-readable name that identifies
the group.'
maxProperties: 1
minProperties: 1
type: object
x-kubernetes-preserve-unknown-fields: true
type: array
description: A DomainMap is the overall Mapping.spec.Labels type.
It maps domains (kind of like namespaces for Mapping labels) to
arrays of label groups.
type: object
load_balancer:
properties:
cookie:
properties:
name:
type: string
path:
type: string
ttl:
type: string
required:
- name
type: object
header:
type: string
policy:
enum:
- round_robin
- ring_hash
- maglev
- least_request
type: string
source_ip:
type: boolean
required:
- policy
type: object
method:
type: string
method_regex:
type: boolean
modules:
items:
type: object
x-kubernetes-preserve-unknown-fields: true
type: array
outlier_detection:
type: string
path_redirect:
description: Path replacement to use when generating an HTTP redirect.
Used with `host_redirect`.
type: string
precedence:
type: integer
prefix:
type: string
prefix_exact:
type: boolean
prefix_redirect:
description: Prefix rewrite to use when generating an HTTP redirect.
Used with `host_redirect`.
type: string
prefix_regex:
type: boolean
priority:
type: string
query_parameters:
type: object
x-kubernetes-preserve-unknown-fields: true
redirect_response_code:
description: The response code to use when generating an HTTP redirect.
Defaults to 301. Used with `host_redirect`.
enum:
- 301
- 302
- 303
- 307
- 308
type: integer
regex_headers:
additionalProperties:
type: string
type: object
regex_query_parameters:
additionalProperties:
type: string
type: object
regex_redirect:
description: Prefix regex rewrite to use when generating an HTTP redirect.
Used with `host_redirect`.
properties:
pattern:
type: string
substitution:
type: string
type: object
regex_rewrite:
properties:
pattern:
type: string
substitution:
type: string
type: object
resolver:
type: string
respect_dns_ttl:
type: boolean
retry_policy:
properties:
num_retries:
type: integer
per_try_timeout:
type: string
retry_on:
enum:
- 5xx
- gateway-error
- connect-failure
- retriable-4xx
- refused-stream
- retriable-status-codes
type: string
type: object
rewrite:
type: string
service:
type: string
shadow:
type: boolean
timeout_ms:
description: The timeout for requests that use this Mapping. Overrides
`cluster_request_timeout_ms` set on the Ambassador Module, if it
exists.
type: integer
use_websocket:
description: 'use_websocket is deprecated, and is equivlaent to setting
`allow_upgrade: ["websocket"]`'
type: boolean
v3StatsName:
type: string
v3health_checks:
items:
description: HealthCheck specifies settings for performing active
health checking on upstreams
properties:
health_check:
description: Configuration for where the healthcheck request
should be made to
maxProperties: 1
minProperties: 1
properties:
grpc:
description: HealthCheck for gRPC upstreams. Only one of
grpc_health_check or http_health_check may be specified
properties:
authority:
description: The value of the :authority header in the
gRPC health check request. If left empty the upstream
name will be used.
type: string
upstream_name:
description: The upstream name parameter which will
be sent to gRPC service in the health check message
type: string
required:
- upstream_name
type: object
http:
description: HealthCheck for HTTP upstreams. Only one of
http_health_check or grpc_health_check may be specified
properties:
add_request_headers:
additionalProperties:
properties:
append:
type: boolean
v2Representation:
enum:
- ""
- string
- "null"
type: string
value:
type: string
type: object
type: object
expected_statuses:
items:
description: A range of response statuses from Start
to End inclusive
properties:
max:
description: End of the statuses to include. Must
be between 100 and 599 (inclusive)
maximum: 599
minimum: 100
type: integer
min:
description: Start of the statuses to include.
Must be between 100 and 599 (inclusive)
maximum: 599
minimum: 100
type: integer
required:
- max
- min
type: object
type: array
hostname:
type: string
path:
type: string
remove_request_headers:
items:
type: string
type: array
required:
- path
type: object
type: object
healthy_threshold:
description: Number of expected responses for the upstream to
be considered healthy. Defaults to 1.
type: integer
interval:
description: Interval between health checks. Defaults to every
5 seconds.
type: string
timeout:
description: Timeout for connecting to the health checking endpoint.
Defaults to 3 seconds.
type: string
unhealthy_threshold:
description: Number of non-expected responses for the upstream
to be considered unhealthy. A single 503 will mark the upstream
as unhealthy regardless of the threshold. Defaults to 2.
type: integer
required:
- health_check
type: object
minItems: 1
type: array
weight:
type: integer
required:
- prefix
- service
type: object
x-kubernetes-preserve-unknown-fields: true
status:
description: MappingStatus defines the observed state of Mapping
properties:
reason:
type: string
state:
enum:
- ""
- Inactive
- Running
type: string
type: object
type: object
served: true
storage: false
subresources:
status: {}
- additionalPrinterColumns:
- jsonPath: .spec.host
name: Source Host
type: string
- jsonPath: .spec.prefix
name: Source Prefix
type: string
- jsonPath: .spec.service
name: Dest Service
type: string
- jsonPath: .status.state
name: State
type: string
- jsonPath: .status.reason
name: Reason
type: string
name: v2
schema:
openAPIV3Schema:
description: Mapping is the Schema for the mappings API
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this
object represents. Servers may infer this from the endpoint the client
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
metadata:
type: object
spec:
description: MappingSpec defines the desired state of Mapping
properties:
add_linkerd_headers:
type: boolean
add_request_headers:
type: object
x-kubernetes-preserve-unknown-fields: true
add_response_headers:
type: object
x-kubernetes-preserve-unknown-fields: true
allow_upgrade:
description: "A case-insensitive list of the non-HTTP protocols to
allow \"upgrading\" to from HTTP via the \"Connection: upgrade\"
mechanism[1]. After the upgrade, Ambassador does not interpret
the traffic, and behaves similarly to how it does for TCPMappings.
\n [1]: https://tools.ietf.org/html/rfc7230#section-6.7 \n For example,
if your upstream service supports WebSockets, you would write \n
allow_upgrade: - websocket \n Or if your upstream service supports
upgrading from HTTP to SPDY (as the Kubernetes apiserver does for
`kubectl exec` functionality), you would write \n allow_upgrade:
- spdy/3.1"
items:
type: string
type: array
# [operator] added manually by coping over from v3alpha1
ambassador_id:
description: "AmbassadorID declares which Ambassador instances should
pay attention to this resource. If no value is provided, the default
is: \n ambassador_id: - \"default\""
items:
type: string
type: array
auth_context_extensions:
additionalProperties:
type: string
type: object
auto_host_rewrite:
type: boolean
bypass_auth:
type: boolean
bypass_error_response_overrides:
description: If true, bypasses any `error_response_overrides` set
on the Ambassador module.
type: boolean
case_sensitive:
type: boolean
circuit_breakers:
items:
properties:
max_connections:
type: integer
max_pending_requests:
type: integer
max_requests:
type: integer
max_retries:
type: integer
priority:
enum:
- default
- high
type: string
type: object
type: array
cluster_idle_timeout_ms:
type: integer
cluster_max_connection_lifetime_ms:
type: integer
cluster_tag:
type: string
connect_timeout_ms:
type: integer
cors:
properties:
credentials:
type: boolean
max_age:
type: string
type: object
x-kubernetes-preserve-unknown-fields: true
dns_type:
type: string
docs:
description: DocsInfo provides some extra information about the docs
for the Mapping (used by the Dev Portal)
properties:
display_name:
type: string
ignored:
type: boolean
path:
type: string
timeout_ms:
type: integer
url:
type: string
type: object
enable_ipv4:
type: boolean
enable_ipv6:
type: boolean
envoy_override:
type: object
x-kubernetes-preserve-unknown-fields: true
error_response_overrides:
description: Error response overrides for this Mapping. Replaces all
of the `error_response_overrides` set on the Ambassador module,
if any.
items:
description: A response rewrite for an HTTP error response
properties:
body:
description: The new response body
properties:
content_type:
description: The content type to set on the error response
body when using text_format or text_format_source. Defaults
to 'text/plain'.
type: string
json_format:
additionalProperties:
type: string
description: 'A JSON response with content-type: application/json.
The values can contain format text like in text_format.'
type: object
text_format:
description: A format string representing a text response
body. Content-Type can be set using the `content_type`
field below.
type: string
text_format_source:
description: A format string sourced from a file on the
Ambassador container. Useful for larger response bodies
that should not be placed inline in configuration.
properties:
filename:
description: The name of a file on the Ambassador pod
that contains a format text string.
type: string
type: object
type: object
on_status_code:
description: The status code to match on -- not a pointer because
it's required.
maximum: 599
minimum: 400
type: integer
required:
- body
- on_status_code
type: object
minItems: 1
type: array
grpc:
type: boolean
headers:
type: object
x-kubernetes-preserve-unknown-fields: true
host:
type: string
host_redirect:
type: boolean
host_regex:
type: boolean
host_rewrite:
type: string
idle_timeout_ms:
type: integer
keepalive:
properties:
idle_time:
type: integer
interval:
type: integer
probes:
type: integer
type: object
labels:
additionalProperties:
description: A MappingLabelGroupsArray is an array of MappingLabelGroups.
I know, complex.
items:
description: 'A MappingLabelGroup is a single element of a MappingLabelGroupsArray:
a second map, where the key is a human-readable name that identifies
the group.'
maxProperties: 1
minProperties: 1
type: object
x-kubernetes-preserve-unknown-fields: true
type: array
description: A DomainMap is the overall Mapping.spec.Labels type.
It maps domains (kind of like namespaces for Mapping labels) to
arrays of label groups.
type: object
load_balancer:
properties:
cookie:
properties:
name:
type: string
path:
type: string
ttl:
type: string
required:
- name
type: object
header:
type: string
policy:
enum:
- round_robin
- ring_hash
- maglev
- least_request
type: string
source_ip:
type: boolean
required:
- policy
type: object
method:
type: string
method_regex:
type: boolean
modules:
items:
type: object
x-kubernetes-preserve-unknown-fields: true
type: array
outlier_detection:
type: string
path_redirect:
description: Path replacement to use when generating an HTTP redirect.
Used with `host_redirect`.
type: string
precedence:
type: integer
prefix:
type: string
prefix_exact:
type: boolean
prefix_redirect:
description: Prefix rewrite to use when generating an HTTP redirect.
Used with `host_redirect`.
type: string
prefix_regex:
type: boolean
priority:
type: string
query_parameters:
type: object
x-kubernetes-preserve-unknown-fields: true
redirect_response_code:
description: The response code to use when generating an HTTP redirect.
Defaults to 301. Used with `host_redirect`.
enum:
- 301
- 302
- 303
- 307
- 308
type: integer
regex_headers:
additionalProperties:
type: string
type: object
regex_query_parameters:
additionalProperties:
type: string
type: object
regex_redirect:
description: Prefix regex rewrite to use when generating an HTTP redirect.
Used with `host_redirect`.
properties:
pattern:
type: string
substitution:
type: string
type: object
regex_rewrite:
properties:
pattern:
type: string
substitution:
type: string
type: object
resolver:
type: string
respect_dns_ttl:
type: boolean
retry_policy:
properties:
num_retries:
type: integer
per_try_timeout:
type: string
retry_on:
enum:
- 5xx
- gateway-error
- connect-failure
- retriable-4xx
- refused-stream
- retriable-status-codes
type: string
type: object
rewrite:
type: string
service:
type: string
shadow:
type: boolean
timeout_ms:
description: The timeout for requests that use this Mapping. Overrides
`cluster_request_timeout_ms` set on the Ambassador Module, if it
exists.
type: integer
use_websocket:
description: 'use_websocket is deprecated, and is equivlaent to setting
`allow_upgrade: ["websocket"]`'
type: boolean
v3StatsName:
type: string
v3health_checks:
items:
description: HealthCheck specifies settings for performing active
health checking on upstreams
properties:
health_check:
description: Configuration for where the healthcheck request
should be made to
maxProperties: 1
minProperties: 1
properties:
grpc:
description: HealthCheck for gRPC upstreams. Only one of
grpc_health_check or http_health_check may be specified
properties:
authority:
description: The value of the :authority header in the
gRPC health check request. If left empty the upstream
name will be used.
type: string
upstream_name:
description: The upstream name parameter which will
be sent to gRPC service in the health check message
type: string
required:
- upstream_name
type: object
http:
description: HealthCheck for HTTP upstreams. Only one of
http_health_check or grpc_health_check may be specified
properties:
add_request_headers:
additionalProperties:
properties:
append:
type: boolean
v2Representation:
enum:
- ""
- string
- "null"
type: string
value:
type: string
type: object
type: object
expected_statuses:
items:
description: A range of response statuses from Start
to End inclusive
properties:
max:
description: End of the statuses to include. Must
be between 100 and 599 (inclusive)
maximum: 599
minimum: 100
type: integer
min:
description: Start of the statuses to include.
Must be between 100 and 599 (inclusive)
maximum: 599
minimum: 100
type: integer
required:
- max
- min
type: object
type: array
hostname:
type: string
path:
type: string
remove_request_headers:
items:
type: string
type: array
required:
- path
type: object
type: object
healthy_threshold:
description: Number of expected responses for the upstream to
be considered healthy. Defaults to 1.
type: integer
interval:
description: Interval between health checks. Defaults to every
5 seconds.
type: string
timeout:
description: Timeout for connecting to the health checking endpoint.
Defaults to 3 seconds.
type: string
unhealthy_threshold:
description: Number of non-expected responses for the upstream
to be considered unhealthy. A single 503 will mark the upstream
as unhealthy regardless of the threshold. Defaults to 2.
type: integer
required:
- health_check
type: object
minItems: 1
type: array
weight:
type: integer
required:
- prefix
- service
type: object
x-kubernetes-preserve-unknown-fields: true
status:
description: MappingStatus defines the observed state of Mapping
properties:
reason:
type: string
state:
enum:
- ""
- Inactive
- Running
type: string
type: object
type: object
served: true
storage: true
subresources:
status: {}
- additionalPrinterColumns:
- jsonPath: .spec.host
name: Source Host
type: string
- jsonPath: .spec.prefix
name: Source Prefix
type: string
- jsonPath: .spec.service
name: Dest Service
type: string
- jsonPath: .status.state
name: State
type: string
- jsonPath: .status.reason
name: Reason
type: string
name: v3alpha1
schema:
openAPIV3Schema:
description: Mapping is the Schema for the mappings API
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this
object represents. Servers may infer this from the endpoint the client
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
metadata:
type: object
spec:
description: MappingSpec defines the desired state of Mapping
properties:
add_linkerd_headers:
type: boolean
add_request_headers:
additionalProperties:
properties:
append:
type: boolean
v2Representation:
enum:
- ""
- string
- "null"
type: string
value:
type: string
type: object
type: object
add_response_headers:
additionalProperties:
properties:
append:
type: boolean
v2Representation:
enum:
- ""
- string
- "null"
type: string
value:
type: string
type: object
type: object
allow_upgrade:
description: "A case-insensitive list of the non-HTTP protocols to
allow \"upgrading\" to from HTTP via the \"Connection: upgrade\"
mechanism[1]. After the upgrade, Ambassador does not interpret
the traffic, and behaves similarly to how it does for TCPMappings.
\n [1]: https://tools.ietf.org/html/rfc7230#section-6.7 \n For example,
if your upstream service supports WebSockets, you would write \n
allow_upgrade: - websocket \n Or if your upstream service supports
upgrading from HTTP to SPDY (as the Kubernetes apiserver does for
`kubectl exec` functionality), you would write \n allow_upgrade:
- spdy/3.1"
items:
type: string
type: array
ambassador_id:
description: "AmbassadorID declares which Ambassador instances should
pay attention to this resource. If no value is provided, the default
is: \n ambassador_id: - \"default\""
items:
type: string
type: array
auth_context_extensions:
additionalProperties:
type: string
type: object
auto_host_rewrite:
type: boolean
bypass_auth:
type: boolean
bypass_error_response_overrides:
description: If true, bypasses any `error_response_overrides` set
on the Ambassador module.
type: boolean
case_sensitive:
type: boolean
circuit_breakers:
items:
properties:
max_connections:
type: integer
max_pending_requests:
type: integer
max_requests:
type: integer
max_retries:
type: integer
priority:
enum:
- default
- high
type: string
type: object
type: array
cluster_idle_timeout_ms:
type: integer
cluster_max_connection_lifetime_ms:
type: integer
cluster_tag:
type: string
connect_timeout_ms:
type: integer
cors:
properties:
credentials:
type: boolean
exposed_headers:
items:
type: string
type: array
headers:
items:
type: string
type: array
max_age:
type: string
methods:
items:
type: string
type: array
origins:
items:
type: string
type: array
v2CommaSeparatedOrigins:
type: boolean
type: object
dns_type:
type: string
docs:
description: DocsInfo provides some extra information about the docs
for the Mapping. Docs is used by both the agent and the DevPortal.
properties:
display_name:
type: string
ignored:
type: boolean
path:
type: string
timeout_ms:
type: integer
url:
type: string
type: object
enable_ipv4:
type: boolean
enable_ipv6:
type: boolean
envoy_override:
type: object
x-kubernetes-preserve-unknown-fields: true
error_response_overrides:
description: Error response overrides for this Mapping. Replaces all
of the `error_response_overrides` set on the Ambassador module,
if any.
items:
description: A response rewrite for an HTTP error response
properties:
body:
description: The new response body
properties:
content_type:
description: The content type to set on the error response
body when using text_format or text_format_source. Defaults
to 'text/plain'.
type: string
json_format:
additionalProperties:
type: string
description: 'A JSON response with content-type: application/json.
The values can contain format text like in text_format.'
type: object
text_format:
description: A format string representing a text response
body. Content-Type can be set using the `content_type`
field below.
type: string
text_format_source:
description: A format string sourced from a file on the
Ambassador container. Useful for larger response bodies
that should not be placed inline in configuration.
properties:
filename:
description: The name of a file on the Ambassador pod
that contains a format text string.
type: string
type: object
type: object
on_status_code:
description: The status code to match on -- not a pointer because
it's required.
maximum: 599
minimum: 400
type: integer
required:
- body
- on_status_code
type: object
minItems: 1
type: array
grpc:
type: boolean
headers:
additionalProperties:
type: string
type: object
health_checks:
items:
description: HealthCheck specifies settings for performing active
health checking on upstreams
properties:
health_check:
description: Configuration for where the healthcheck request
should be made to
maxProperties: 1
minProperties: 1
properties:
grpc:
description: HealthCheck for gRPC upstreams. Only one of
grpc_health_check or http_health_check may be specified
properties:
authority:
description: The value of the :authority header in the
gRPC health check request. If left empty the upstream
name will be used.
type: string
upstream_name:
description: The upstream name parameter which will
be sent to gRPC service in the health check message
type: string
required:
- upstream_name
type: object
http:
description: HealthCheck for HTTP upstreams. Only one of
http_health_check or grpc_health_check may be specified
properties:
add_request_headers:
additionalProperties:
properties:
append:
type: boolean
v2Representation:
enum:
- ""
- string
- "null"
type: string
value:
type: string
type: object
type: object
expected_statuses:
items:
description: A range of response statuses from Start
to End inclusive
properties:
max:
description: End of the statuses to include. Must
be between 100 and 599 (inclusive)
maximum: 599
minimum: 100
type: integer
min:
description: Start of the statuses to include.
Must be between 100 and 599 (inclusive)
maximum: 599
minimum: 100
type: integer
required:
- max
- min
type: object
type: array
hostname:
type: string
path:
type: string
remove_request_headers:
items:
type: string
type: array
required:
- path
type: object
type: object
healthy_threshold:
description: Number of expected responses for the upstream to
be considered healthy. Defaults to 1.
type: integer
interval:
description: Interval between health checks. Defaults to every
5 seconds.
type: string
timeout:
description: Timeout for connecting to the health checking endpoint.
Defaults to 3 seconds.
type: string
unhealthy_threshold:
description: Number of non-expected responses for the upstream
to be considered unhealthy. A single 503 will mark the upstream
as unhealthy regardless of the threshold. Defaults to 2.
type: integer
required:
- health_check
type: object
minItems: 1
type: array
host:
description: "Exact match for the hostname of a request if HostRegex
is false; regex match for the hostname if HostRegex is true. \n
Host specifies both a match for the ':authority' header of a request,
as well as a match criterion for Host CRDs: a Mapping that specifies
Host will not associate with a Host that doesn't have a matching
Hostname. \n If both Host and Hostname are set, an error is logged,
Host is ignored, and Hostname is used. \n DEPRECATED: Host is either
an exact match or a regex, depending on HostRegex. Use HostName
instead."
type: string
host_redirect:
type: boolean
host_regex:
description: 'DEPRECATED: Host is either an exact match or a regex,
depending on HostRegex. Use HostName instead.'
type: boolean
host_rewrite:
type: string
hostname:
description: "Hostname is a DNS glob specifying the hosts to which
this Mapping applies. \n Hostname specifies both a match for the
':authority' header of a request, as well as a match criterion for
Host CRDs: a Mapping that specifies Hostname will not associate
with a Host that doesn't have a matching Hostname. \n If both Host
and Hostname are set, an error is logged, Host is ignored, and Hostname
is used."
type: string
idle_timeout_ms:
type: integer
keepalive:
properties:
idle_time:
type: integer
interval:
type: integer
probes:
type: integer
type: object
labels:
additionalProperties:
description: A MappingLabelGroupsArray is an array of MappingLabelGroups.
I know, complex.
items:
additionalProperties:
description: 'A MappingLabelsArray is the value in the MappingLabelGroup:
an array of label specifiers.'
items:
description: "A MappingLabelSpecifier (finally!) defines a
single label. \n This mimics envoy/config/route/v3/route_components.proto:RateLimit:Action:action_specifier."
maxProperties: 1
minProperties: 1
properties:
destination_cluster:
description: Sets the label "destination_cluster=«Envoy
destination cluster name»".
properties:
key:
enum:
- destination_cluster
type: string
required:
- key
type: object
generic_key:
description: Sets the label "«key»=«value»" (where by
default «key» is "generic_key").
properties:
key:
description: The default is "generic_key".
type: string
v2Shorthand:
type: boolean
value:
type: string
required:
- value
type: object
remote_address:
description: Sets the label "remote_address=«IP address
of the client»".
properties:
key:
enum:
- remote_address
type: string
required:
- key
type: object
request_headers:
description: If the «header_name» header is set, then
set the label "«key»=«Value of the «header_name» header»";
otherwise skip applying this label group.
properties:
header_name:
type: string
key:
type: string
omit_if_not_present:
type: boolean
required:
- header_name
- key
type: object
source_cluster:
description: Sets the label "source_cluster=«Envoy source
cluster name»".
properties:
key:
enum:
- source_cluster
type: string
required:
- key
type: object
type: object
type: array
description: 'A MappingLabelGroup is a single element of a MappingLabelGroupsArray:
a second map, where the key is a human-readable name that identifies
the group.'
maxProperties: 1
minProperties: 1
type: object
type: array
description: A DomainMap is the overall Mapping.spec.Labels type.
It maps domains (kind of like namespaces for Mapping labels) to
arrays of label groups.
type: object
load_balancer:
properties:
cookie:
properties:
name:
type: string
path:
type: string
ttl:
type: string
required:
- name
type: object
header:
type: string
policy:
enum:
- round_robin
- ring_hash
- maglev
- least_request
type: string
source_ip:
type: boolean
required:
- policy
type: object
method:
type: string
method_regex:
type: boolean
modules:
items:
type: object
x-kubernetes-preserve-unknown-fields: true
type: array
outlier_detection:
type: string
path_redirect:
description: Path replacement to use when generating an HTTP redirect.
Used with `host_redirect`.
type: string
precedence:
type: integer
prefix:
type: string
prefix_exact:
type: boolean
prefix_redirect:
description: Prefix rewrite to use when generating an HTTP redirect.
Used with `host_redirect`.
type: string
prefix_regex:
type: boolean
priority:
type: string
query_parameters:
additionalProperties:
type: string
type: object
redirect_response_code:
description: The response code to use when generating an HTTP redirect.
Defaults to 301. Used with `host_redirect`.
enum:
- 301
- 302
- 303
- 307
- 308
type: integer
regex_headers:
additionalProperties:
type: string
type: object
regex_query_parameters:
additionalProperties:
type: string
type: object
regex_redirect:
description: Prefix regex rewrite to use when generating an HTTP redirect.
Used with `host_redirect`.
properties:
pattern:
type: string
substitution:
type: string
type: object
regex_rewrite:
properties:
pattern:
type: string
substitution:
type: string
type: object
remove_request_headers:
items:
type: string
type: array
remove_response_headers:
items:
type: string
type: array
resolver:
type: string
respect_dns_ttl:
type: boolean
retry_policy:
properties:
num_retries:
type: integer
per_try_timeout:
type: string
retry_on:
enum:
- 5xx
- gateway-error
- connect-failure
- retriable-4xx
- refused-stream
- retriable-status-codes
type: string
type: object
rewrite:
type: string
service:
type: string
shadow:
type: boolean
stats_name:
type: string
timeout_ms:
description: The timeout for requests that use this Mapping. Overrides
`cluster_request_timeout_ms` set on the Ambassador Module, if it
exists.
type: integer
tls:
type: string
use_websocket:
description: 'use_websocket is deprecated, and is equivlaent to setting
`allow_upgrade: ["websocket"]`'
type: boolean
v2BoolHeaders:
items:
type: string
type: array
v2BoolQueryParameters:
items:
type: string
type: array
# TODO: uncomment when [bug](https://github.com/fabric8io/kubernetes-client/issues/5457) is resolved
# v2ExplicitTLS:
# description: V2ExplicitTLS controls some vanity/stylistic elements
# when converting from v3alpha1 to v2. The values in an V2ExplicitTLS
# should not in any way affect the runtime operation of Emissary;
# except that it may affect internal names in the Envoy config, which
# may in turn affect stats names. But it should not affect any end-user
# observable behavior.
# properties:
# serviceScheme:
# description: "ServiceScheme specifies how to spell and capitalize
# the scheme-part of the service URL. \n Acceptable values are
# \"http://\" (case-insensitive), \"https://\" (case-insensitive),
# or \"\". The value is used if it agrees with whether or not
# this resource enables TLS origination, or if something else
# in the resource overrides the scheme."
# pattern: ^([hH][tT][tT][pP][sS]?://)?$
# type: string
# tls:
# description: "TLS controls whether and how to represent the \"tls\"
# field when its value could be implied by the \"service\" field.
# \ In v2, there were a lot of different ways to spell an \"empty\"
# value, and this field specifies which way to spell it (and will
# therefore only be used if the value will indeed be empty). \n
# | Value | Representation | Meaning
# of representation | |--------------+---------------------------------------+------------------------------------|
# | \"\" | omit the field | defer
# to service (no TLSContext) | | \"null\" | store an explicit
# \"null\" in the field | defer to service (no TLSContext) |
# | \"string\" | store an empty string in the field | defer
# to service (no TLSContext) | | \"bool:false\" | store a Boolean
# \"false\" in the field | defer to service (no TLSContext) |
# | \"bool:true\" | store a Boolean \"true\" in the field |
# originate TLS (no TLSContext) | \n If the meaning of the
# representation contradicts anything else (if a TLSContext is
# to be used, or in the case of \"bool:true\" if TLS is not to
# be originated), then this field is ignored."
# enum:
# - ""
# - "null"
# - bool:true
# - bool:false
# - string
# type: string
# type: object
weight:
type: integer
required:
- prefix
- service
type: object
status:
description: MappingStatus defines the observed state of Mapping
properties:
reason:
type: string
state:
enum:
- ""
- Inactive
- Running
type: string
type: object
type: object
served: true
storage: false
subresources:
status: {}
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.12.0
labels:
app.kubernetes.io/instance: emissary-apiext
app.kubernetes.io/managed-by: kubectl_apply_-f_emissary-apiext.yaml
app.kubernetes.io/name: emissary-apiext
app.kubernetes.io/part-of: emissary-apiext
name: tlscontexts.getambassador.io
spec:
conversion:
strategy: Webhook
webhook:
clientConfig:
service:
name: emissary-apiext
namespace: emissary-system
conversionReviewVersions:
- v1
group: getambassador.io
names:
categories:
- ambassador-crds
kind: TLSContext
listKind: TLSContextList
plural: tlscontexts
singular: tlscontext
preserveUnknownFields: false
scope: Namespaced
versions:
- name: v1
schema:
openAPIV3Schema:
description: TLSContext is the Schema for the tlscontexts API
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this
object represents. Servers may infer this from the endpoint the client
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
metadata:
type: object
spec:
description: TLSContextSpec defines the desired state of TLSContext
properties:
alpn_protocols:
type: string
ca_secret:
type: string
cacert_chain_file:
type: string
cert_chain_file:
type: string
cert_required:
type: boolean
cipher_suites:
items:
type: string
type: array
ecdh_curves:
items:
type: string
type: array
hosts:
items:
type: string
type: array
max_tls_version:
enum:
- v1.0
- v1.1
- v1.2
- v1.3
type: string
min_tls_version:
enum:
- v1.0
- v1.1
- v1.2
- v1.3
type: string
private_key_file:
type: string
redirect_cleartext_from:
type: integer
secret:
type: string
secret_namespacing:
type: boolean
sni:
type: string
v3CRLSecret:
type: string
type: object
x-kubernetes-preserve-unknown-fields: true
type: object
served: true
storage: false
- name: v2
schema:
openAPIV3Schema:
description: TLSContext is the Schema for the tlscontexts API
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this
object represents. Servers may infer this from the endpoint the client
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
metadata:
type: object
spec:
description: TLSContextSpec defines the desired state of TLSContext
properties:
alpn_protocols:
type: string
# [operator] added manually by coping over from v3alpha1
ambassador_id:
description: "AmbassadorID declares which Ambassador instances should
pay attention to this resource. If no value is provided, the default
is: \n ambassador_id: - \"default\""
items:
type: string
type: array
ca_secret:
type: string
cacert_chain_file:
type: string
cert_chain_file:
type: string
cert_required:
type: boolean
cipher_suites:
items:
type: string
type: array
ecdh_curves:
items:
type: string
type: array
hosts:
items:
type: string
type: array
max_tls_version:
enum:
- v1.0
- v1.1
- v1.2
- v1.3
type: string
min_tls_version:
enum:
- v1.0
- v1.1
- v1.2
- v1.3
type: string
private_key_file:
type: string
redirect_cleartext_from:
type: integer
secret:
type: string
secret_namespacing:
type: boolean
sni:
type: string
v3CRLSecret:
type: string
type: object
x-kubernetes-preserve-unknown-fields: true
type: object
served: true
storage: true
- name: v3alpha1
schema:
openAPIV3Schema:
description: TLSContext is the Schema for the tlscontexts API
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this
object represents. Servers may infer this from the endpoint the client
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
metadata:
type: object
spec:
description: TLSContextSpec defines the desired state of TLSContext
properties:
alpn_protocols:
type: string
ambassador_id:
description: "AmbassadorID declares which Ambassador instances should
pay attention to this resource. If no value is provided, the default
is: \n ambassador_id: - \"default\""
items:
type: string
type: array
ca_secret:
type: string
cacert_chain_file:
type: string
cert_chain_file:
type: string
cert_required:
type: boolean
cipher_suites:
items:
type: string
type: array
crl_secret:
type: string
ecdh_curves:
items:
type: string
type: array
hosts:
items:
type: string
type: array
max_tls_version:
enum:
- v1.0
- v1.1
- v1.2
- v1.3
type: string
min_tls_version:
enum:
- v1.0
- v1.1
- v1.2
- v1.3
type: string
private_key_file:
type: string
redirect_cleartext_from:
type: integer
secret:
type: string
secret_namespacing:
type: boolean
sni:
type: string
type: object
type: object
served: true
storage: false
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.12.0
labels:
app.kubernetes.io/instance: emissary-apiext
app.kubernetes.io/managed-by: kubectl_apply_-f_emissary-apiext.yaml
app.kubernetes.io/name: emissary-apiext
app.kubernetes.io/part-of: emissary-apiext
name: hosts.getambassador.io
spec:
conversion:
strategy: Webhook
webhook:
clientConfig:
service:
name: emissary-apiext
namespace: emissary-system
conversionReviewVersions:
- v1
group: getambassador.io
names:
categories:
- ambassador-crds
kind: Host
listKind: HostList
plural: hosts
singular: host
preserveUnknownFields: false
scope: Namespaced
versions:
- additionalPrinterColumns:
- jsonPath: .spec.hostname
name: Hostname
type: string
- jsonPath: .status.state
name: State
type: string
- jsonPath: .status.phaseCompleted
name: Phase Completed
type: string
- jsonPath: .status.phasePending
name: Phase Pending
type: string
- jsonPath: .metadata.creationTimestamp
name: Age
type: date
name: v2
schema:
openAPIV3Schema:
description: Host is the Schema for the hosts API
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this
object represents. Servers may infer this from the endpoint the client
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
metadata:
type: object
spec:
description: HostSpec defines the desired state of Host
properties:
acmeProvider:
description: Specifies whether/who to talk ACME with to automatically
manage the $tlsSecret.
properties:
authority:
description: Specifies who to talk ACME with to get certs. Defaults
to Let's Encrypt; if "none" (case-insensitive), do not try to
do ACME for this Host.
type: string
email:
type: string
privateKeySecret:
description: "Specifies the Kubernetes Secret to use to store
the private key of the ACME account (essentially, where to store
the auto-generated password for the auto-created ACME account).
\ You should not normally need to set this--the default value
is based on a combination of the ACME authority being registered
wit and the email address associated with the account. \n Note
that this is a native-Kubernetes-style core.v1.LocalObjectReference,
not an Ambassador-style `{name}.{namespace}` string. Because
we're opinionated, it does not support referencing a Secret
in another namespace (because most native Kubernetes resources
don't support that), but if we ever abandon that opinion and
decide to support non-local references it, it would be by adding
a `namespace:` field by changing it from a core.v1.LocalObjectReference
to a core.v1.SecretReference, not by adopting the `{name}.{namespace}`
notation."
properties:
name:
description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Add other useful fields. apiVersion, kind, uid?'
type: string
type: object
x-kubernetes-map-type: atomic
registration:
description: This is normally set automatically
type: string
type: object
ambassador_id:
description: Common to all Ambassador objects (and optional).
items:
type: string
type: array
hostname:
description: Hostname by which the Ambassador can be reached.
type: string
previewUrl:
description: Configuration for the Preview URL feature of Service
Preview. Defaults to preview URLs not enabled.
properties:
enabled:
description: Is the Preview URL feature enabled?
type: boolean
type:
description: What type of Preview URL is allowed?
enum:
- Path
type: string
type: object
requestPolicy:
description: Request policy definition.
properties:
insecure:
properties:
action:
enum:
- Redirect
- Reject
- Route
type: string
additionalPort:
type: integer
type: object
type: object
selector:
description: Selector by which we can find further configuration.
Defaults to hostname=$hostname
properties:
matchExpressions:
description: matchExpressions is a list of label selector requirements.
The requirements are ANDed.
items:
description: A label selector requirement is a selector that
contains values, a key, and an operator that relates the key
and values.
properties:
key:
description: key is the label key that the selector applies
to.
type: string
operator:
description: operator represents a key's relationship to
a set of values. Valid operators are In, NotIn, Exists
and DoesNotExist.
type: string
values:
description: values is an array of string values. If the
operator is In or NotIn, the values array must be non-empty.
If the operator is Exists or DoesNotExist, the values
array must be empty. This array is replaced during a strategic
merge patch.
items:
type: string
type: array
required:
- key
- operator
type: object
type: array
matchLabels:
additionalProperties:
type: string
description: matchLabels is a map of {key,value} pairs. A single
{key,value} in the matchLabels map is equivalent to an element
of matchExpressions, whose key field is "key", the operator
is "In", and the values array contains only "value". The requirements
are ANDed.
type: object
type: object
x-kubernetes-map-type: atomic
tls:
description: TLS configuration. It is not valid to specify both `tlsContext`
and `tls`.
properties:
alpn_protocols:
type: string
ca_secret:
type: string
cacert_chain_file:
type: string
cert_chain_file:
type: string
cert_required:
type: boolean
cipher_suites:
items:
type: string
type: array
ecdh_curves:
items:
type: string
type: array
max_tls_version:
type: string
min_tls_version:
type: string
private_key_file:
type: string
redirect_cleartext_from:
type: integer
sni:
type: string
v3CRLSecret:
type: string
type: object
tlsContext:
description: "Name of the TLSContext the Host resource is linked with.
It is not valid to specify both `tlsContext` and `tls`. \n Note
that this is a native-Kubernetes-style core.v1.LocalObjectReference,
not an Ambassador-style `{name}.{namespace}` string. Because we're
opinionated, it does not support referencing a Secret in another
namespace (because most native Kubernetes resources don't support
that), but if we ever abandon that opinion and decide to support
non-local references it, it would be by adding a `namespace:` field
by changing it from a core.v1.LocalObjectReference to a core.v1.SecretReference,
not by adopting the `{name}.{namespace}` notation."
properties:
name:
description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Add other useful fields. apiVersion, kind, uid?'
type: string
type: object
x-kubernetes-map-type: atomic
tlsSecret:
description: Name of the Kubernetes secret into which to save generated
certificates. If ACME is enabled (see $acmeProvider), then the
default is $hostname; otherwise the default is "". If the value
is "", then we do not do TLS for this Host.
properties:
name:
description: name is unique within a namespace to reference a
secret resource.
type: string
namespace:
description: namespace defines the space within which the secret
name must be unique.
type: string
type: object
x-kubernetes-map-type: atomic
type: object
x-kubernetes-preserve-unknown-fields: true
status:
description: HostStatus defines the observed state of Host
properties:
errorBackoff:
type: string
errorReason:
description: errorReason, errorTimestamp, and errorBackoff are valid
when state==Error.
type: string
errorTimestamp:
format: date-time
type: string
phaseCompleted:
description: phaseCompleted and phasePending are valid when state==Pending
or state==Error.
enum:
- NA
- DefaultsFilled
- ACMEUserPrivateKeyCreated
- ACMEUserRegistered
- ACMECertificateChallenge
type: string
phasePending:
description: phaseCompleted and phasePending are valid when state==Pending
or state==Error.
enum:
- NA
- DefaultsFilled
- ACMEUserPrivateKeyCreated
- ACMEUserRegistered
- ACMECertificateChallenge
type: string
state:
enum:
- Initial
- Pending
- Ready
- Error
type: string
tlsCertificateSource:
enum:
- Unknown
- None
- Other
- ACME
type: string
type: object
type: object
served: true
storage: true
subresources:
status: {}
- additionalPrinterColumns:
- jsonPath: .spec.hostname
name: Hostname
type: string
- jsonPath: .status.state
name: State
type: string
- jsonPath: .status.phaseCompleted
name: Phase Completed
type: string
- jsonPath: .status.phasePending
name: Phase Pending
type: string
- jsonPath: .metadata.creationTimestamp
name: Age
type: date
name: v3alpha1
schema:
openAPIV3Schema:
description: Host is the Schema for the hosts API
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this
object represents. Servers may infer this from the endpoint the client
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
metadata:
type: object
spec:
description: HostSpec defines the desired state of Host
properties:
acmeProvider:
description: Specifies whether/who to talk ACME with to automatically
manage the $tlsSecret.
properties:
authority:
description: Specifies who to talk ACME with to get certs. Defaults
to Let's Encrypt; if "none" (case-insensitive), do not try to
do ACME for this Host.
type: string
email:
type: string
privateKeySecret:
description: "Specifies the Kubernetes Secret to use to store
the private key of the ACME account (essentially, where to store
the auto-generated password for the auto-created ACME account).
\ You should not normally need to set this--the default value
is based on a combination of the ACME authority being registered
wit and the email address associated with the account. \n Note
that this is a native-Kubernetes-style core.v1.LocalObjectReference,
not an Ambassador-style `{name}.{namespace}` string. Because
we're opinionated, it does not support referencing a Secret
in another namespace (because most native Kubernetes resources
don't support that), but if we ever abandon that opinion and
decide to support non-local references it, it would be by adding
a `namespace:` field by changing it from a core.v1.LocalObjectReference
to a core.v1.SecretReference, not by adopting the `{name}.{namespace}`
notation."
properties:
name:
description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Add other useful fields. apiVersion, kind, uid?'
type: string
type: object
x-kubernetes-map-type: atomic
registration:
description: This is normally set automatically
type: string
type: object
ambassador_id:
description: Common to all Ambassador objects (and optional).
items:
type: string
type: array
hostname:
description: Hostname by which the Ambassador can be reached.
type: string
mappingSelector:
description: Selector for Mappings we'll associate with this Host.
At the moment, Selector and MappingSelector are synonyms, but that
will change soon.
properties:
matchExpressions:
description: matchExpressions is a list of label selector requirements.
The requirements are ANDed.
items:
description: A label selector requirement is a selector that
contains values, a key, and an operator that relates the key
and values.
properties:
key:
description: key is the label key that the selector applies
to.
type: string
operator:
description: operator represents a key's relationship to
a set of values. Valid operators are In, NotIn, Exists
and DoesNotExist.
type: string
values:
description: values is an array of string values. If the
operator is In or NotIn, the values array must be non-empty.
If the operator is Exists or DoesNotExist, the values
array must be empty. This array is replaced during a strategic
merge patch.
items:
type: string
type: array
required:
- key
- operator
type: object
type: array
matchLabels:
additionalProperties:
type: string
description: matchLabels is a map of {key,value} pairs. A single
{key,value} in the matchLabels map is equivalent to an element
of matchExpressions, whose key field is "key", the operator
is "In", and the values array contains only "value". The requirements
are ANDed.
type: object
type: object
x-kubernetes-map-type: atomic
previewUrl:
description: Configuration for the Preview URL feature of Service
Preview. Defaults to preview URLs not enabled.
properties:
enabled:
description: Is the Preview URL feature enabled?
type: boolean
type:
description: What type of Preview URL is allowed?
enum:
- Path
type: string
type: object
requestPolicy:
description: Request policy definition.
properties:
insecure:
properties:
action:
enum:
- Redirect
- Reject
- Route
type: string
additionalPort:
type: integer
type: object
type: object
selector:
description: 'DEPRECATED: Selector by which we can find further configuration.
Use MappingSelector instead.'
properties:
matchExpressions:
description: matchExpressions is a list of label selector requirements.
The requirements are ANDed.
items:
description: A label selector requirement is a selector that
contains values, a key, and an operator that relates the key
and values.
properties:
key:
description: key is the label key that the selector applies
to.
type: string
operator:
description: operator represents a key's relationship to
a set of values. Valid operators are In, NotIn, Exists
and DoesNotExist.
type: string
values:
description: values is an array of string values. If the
operator is In or NotIn, the values array must be non-empty.
If the operator is Exists or DoesNotExist, the values
array must be empty. This array is replaced during a strategic
merge patch.
items:
type: string
type: array
required:
- key
- operator
type: object
type: array
matchLabels:
additionalProperties:
type: string
description: matchLabels is a map of {key,value} pairs. A single
{key,value} in the matchLabels map is equivalent to an element
of matchExpressions, whose key field is "key", the operator
is "In", and the values array contains only "value". The requirements
are ANDed.
type: object
type: object
x-kubernetes-map-type: atomic
tls:
description: TLS configuration. It is not valid to specify both `tlsContext`
and `tls`.
properties:
alpn_protocols:
type: string
ca_secret:
type: string
cacert_chain_file:
type: string
cert_chain_file:
type: string
cert_required:
type: boolean
cipher_suites:
items:
type: string
type: array
crl_secret:
type: string
ecdh_curves:
items:
type: string
type: array
max_tls_version:
type: string
min_tls_version:
type: string
private_key_file:
type: string
redirect_cleartext_from:
type: integer
sni:
type: string
type: object
tlsContext:
description: "Name of the TLSContext the Host resource is linked with.
It is not valid to specify both `tlsContext` and `tls`. \n Note
that this is a native-Kubernetes-style core.v1.LocalObjectReference,
not an Ambassador-style `{name}.{namespace}` string. Because we're
opinionated, it does not support referencing a Secret in another
namespace (because most native Kubernetes resources don't support
that), but if we ever abandon that opinion and decide to support
non-local references it, it would be by adding a `namespace:` field
by changing it from a core.v1.LocalObjectReference to a core.v1.SecretReference,
not by adopting the `{name}.{namespace}` notation."
properties:
name:
description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Add other useful fields. apiVersion, kind, uid?'
type: string
type: object
x-kubernetes-map-type: atomic
tlsSecret:
description: Name of the Kubernetes secret into which to save generated
certificates. If ACME is enabled (see $acmeProvider), then the
default is $hostname; otherwise the default is "". If the value
is "", then we do not do TLS for this Host.
properties:
name:
description: name is unique within a namespace to reference a
secret resource.
type: string
namespace:
description: namespace defines the space within which the secret
name must be unique.
type: string
type: object
x-kubernetes-map-type: atomic
type: object
status:
description: HostStatus defines the observed state of Host
properties:
errorBackoff:
type: string
errorReason:
description: errorReason, errorTimestamp, and errorBackoff are valid
when state==Error.
type: string
errorTimestamp:
format: date-time
type: string
phaseCompleted:
description: phaseCompleted and phasePending are valid when state==Pending
or state==Error.
enum:
- NA
- DefaultsFilled
- ACMEUserPrivateKeyCreated
- ACMEUserRegistered
- ACMECertificateChallenge
type: string
phasePending:
description: phaseCompleted and phasePending are valid when state==Pending
or state==Error.
enum:
- NA
- DefaultsFilled
- ACMEUserPrivateKeyCreated
- ACMEUserRegistered
- ACMECertificateChallenge
type: string
state:
enum:
- Initial
- Pending
- Ready
- Error
type: string
tlsCertificateSource:
enum:
- Unknown
- None
- Other
- ACME
type: string
type: object
type: object
served: true
storage: false
subresources:
status: {}