| apiVersion: apiextensions.k8s.io/v1beta1 |
| kind: CustomResourceDefinition |
| metadata: |
| annotations: |
| "helm.sh/resource-policy": keep |
| labels: |
| app: istio-pilot |
| chart: istio |
| heritage: Tiller |
| istio: rbac |
| release: istio |
| name: clusterrbacconfigs.rbac.istio.io |
| spec: |
| group: rbac.istio.io |
| names: |
| categories: |
| - istio-io |
| - rbac-istio-io |
| kind: ClusterRbacConfig |
| listKind: ClusterRbacConfigList |
| plural: clusterrbacconfigs |
| singular: clusterrbacconfig |
| preserveUnknownFields: false |
| scope: Cluster |
| subresources: |
| status: {} |
| validation: |
| openAPIV3Schema: |
| properties: |
| spec: |
| description: 'See more details at:' |
| properties: |
| enforcementMode: |
| enum: |
| - ENFORCED |
| - PERMISSIVE |
| type: string |
| exclusion: |
| description: A list of services or namespaces that should not be enforced |
| by Istio RBAC policies. |
| properties: |
| namespaces: |
| description: A list of namespaces. |
| items: |
| format: string |
| type: string |
| type: array |
| services: |
| description: A list of services. |
| items: |
| format: string |
| type: string |
| type: array |
| type: object |
| inclusion: |
| description: A list of services or namespaces that should be enforced |
| by Istio RBAC policies. |
| properties: |
| namespaces: |
| description: A list of namespaces. |
| items: |
| format: string |
| type: string |
| type: array |
| services: |
| description: A list of services. |
| items: |
| format: string |
| type: string |
| type: array |
| type: object |
| mode: |
| description: Istio RBAC mode. |
| enum: |
| - "OFF" |
| - "ON" |
| - ON_WITH_INCLUSION |
| - ON_WITH_EXCLUSION |
| type: string |
| type: object |
| status: |
| type: object |
| x-kubernetes-preserve-unknown-fields: true |
| type: object |
| versions: |
| - name: v1alpha1 |
| served: true |
| storage: true |
