| --- |
| apiVersion: apiextensions.k8s.io/v1 |
| kind: CustomResourceDefinition |
| metadata: |
| annotations: |
| controller-gen.kubebuilder.io/version: v0.17.2 |
| name: apisixconsumers.apisix.apache.org |
| spec: |
| group: apisix.apache.org |
| names: |
| kind: ApisixConsumer |
| listKind: ApisixConsumerList |
| plural: apisixconsumers |
| shortNames: |
| - ac |
| singular: apisixconsumer |
| scope: Namespaced |
| versions: |
| - name: v2 |
| schema: |
| openAPIV3Schema: |
| description: ApisixConsumer defines configuration of a consumer and their |
| authentication details. |
| properties: |
| apiVersion: |
| description: |- |
| APIVersion defines the versioned schema of this representation of an object. |
| Servers should convert recognized schemas to the latest internal value, and |
| may reject unrecognized values. |
| More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources |
| type: string |
| kind: |
| description: |- |
| Kind is a string value representing the REST resource this object represents. |
| Servers may infer this from the endpoint the client submits requests to. |
| Cannot be updated. |
| In CamelCase. |
| More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds |
| type: string |
| metadata: |
| type: object |
| spec: |
| description: ApisixConsumerSpec defines the consumer authentication configuration. |
| properties: |
| authParameter: |
| description: AuthParameter defines the authentication credentials |
| and configuration for this consumer. |
| properties: |
| basicAuth: |
| description: BasicAuth configures the basic authentication details. |
| properties: |
| secretRef: |
| description: SecretRef references a Kubernetes Secret containing |
| the basic authentication credentials. |
| properties: |
| name: |
| default: "" |
| description: |- |
| Name of the referent. |
| This field is effectively required, but due to backwards compatibility is |
| allowed to be empty. Instances of this type with an empty value here are |
| almost certainly wrong. |
| More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names |
| type: string |
| type: object |
| x-kubernetes-map-type: atomic |
| value: |
| description: Value specifies the basic authentication credentials. |
| properties: |
| password: |
| description: Password is the basic authentication password. |
| type: string |
| username: |
| description: Username is the basic authentication username. |
| type: string |
| required: |
| - password |
| - username |
| type: object |
| type: object |
| hmacAuth: |
| description: HMACAuth configures the HMAC authentication details. |
| properties: |
| secretRef: |
| description: SecretRef references a Kubernetes Secret containing |
| the HMAC credentials. |
| properties: |
| name: |
| default: "" |
| description: |- |
| Name of the referent. |
| This field is effectively required, but due to backwards compatibility is |
| allowed to be empty. Instances of this type with an empty value here are |
| almost certainly wrong. |
| More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names |
| type: string |
| type: object |
| x-kubernetes-map-type: atomic |
| value: |
| description: Value specifies HMAC authentication credentials. |
| properties: |
| access_key: |
| description: AccessKey is the identifier used to look |
| up the HMAC secret. Deprecated from consumer configuration |
| type: string |
| algorithm: |
| description: Algorithm specifies the hashing algorithm |
| (e.g., "hmac-sha256"). Deprecated from consumer configuration |
| type: string |
| clock_skew: |
| description: ClockSkew is the allowed time difference |
| (in seconds) between client and server clocks. Deprecated |
| from consumer configuration |
| format: int64 |
| type: integer |
| encode_uri_params: |
| description: EncodeURIParams indicates whether URI parameters |
| are encoded when calculating the signature. Deprecated |
| from consumer configuration |
| type: boolean |
| keep_headers: |
| description: KeepHeaders determines whether the HMAC signature |
| headers are preserved after verification. Deprecated |
| from consumer configuration |
| type: boolean |
| key_id: |
| description: KeyID is the identifier used to look up the |
| HMAC secret. |
| type: string |
| max_req_body: |
| description: MaxReqBody sets the maximum size (in bytes) |
| of the request body that can be validated. Deprecated |
| from consumer configuration |
| format: int64 |
| type: integer |
| secret_key: |
| description: SecretKey is the HMAC secret used to sign |
| the request. |
| type: string |
| signed_headers: |
| description: SignedHeaders lists the headers that must |
| be included in the signature. Deprecated from consumer |
| configuration |
| items: |
| type: string |
| type: array |
| validate_request_body: |
| description: ValidateRequestBody enables HMAC validation |
| of the request body. Deprecated from consumer configuration |
| type: boolean |
| required: |
| - secret_key |
| type: object |
| type: object |
| jwtAuth: |
| description: JwtAuth configures the JWT authentication details. |
| properties: |
| secretRef: |
| description: SecretRef references a Kubernetes Secret containing |
| JWT authentication credentials. |
| properties: |
| name: |
| default: "" |
| description: |- |
| Name of the referent. |
| This field is effectively required, but due to backwards compatibility is |
| allowed to be empty. Instances of this type with an empty value here are |
| almost certainly wrong. |
| More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names |
| type: string |
| type: object |
| x-kubernetes-map-type: atomic |
| value: |
| description: Value specifies JWT authentication credentials. |
| properties: |
| algorithm: |
| description: |- |
| Algorithm specifies the signing algorithm. |
| Can be `HS256`, `HS512`, `RS256`, or `ES256`. |
| type: string |
| base64_secret: |
| description: Base64Secret indicates whether the secret |
| is base64-encoded. |
| type: boolean |
| exp: |
| description: Exp is the token expiration period in seconds. |
| format: int64 |
| type: integer |
| key: |
| description: Key is the unique identifier for the JWT |
| credential. |
| type: string |
| lifetime_grace_period: |
| description: LifetimeGracePeriod is the allowed clock |
| skew in seconds for token expiration. |
| format: int64 |
| type: integer |
| private_key: |
| description: PrivateKey is the private key used to sign |
| the JWT (for asymmetric algorithms). |
| type: string |
| public_key: |
| description: PublicKey is the public key used to verify |
| JWT signatures (for asymmetric algorithms). |
| type: string |
| secret: |
| description: Secret is the shared secret used to sign |
| the JWT (for symmetric algorithms). |
| type: string |
| required: |
| - key |
| - private_key |
| type: object |
| type: object |
| keyAuth: |
| description: KeyAuth configures the key authentication details. |
| properties: |
| secretRef: |
| description: SecretRef references a Kubernetes Secret containing |
| the key authentication credentials. |
| properties: |
| name: |
| default: "" |
| description: |- |
| Name of the referent. |
| This field is effectively required, but due to backwards compatibility is |
| allowed to be empty. Instances of this type with an empty value here are |
| almost certainly wrong. |
| More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names |
| type: string |
| type: object |
| x-kubernetes-map-type: atomic |
| value: |
| description: Value specifies the key authentication credentials. |
| properties: |
| key: |
| description: Key is the credential used for key authentication. |
| type: string |
| required: |
| - key |
| type: object |
| type: object |
| ldapAuth: |
| description: LDAPAuth configures the LDAP authentication details. |
| properties: |
| secretRef: |
| description: SecretRef references a Kubernetes Secret containing |
| the LDAP credentials. |
| properties: |
| name: |
| default: "" |
| description: |- |
| Name of the referent. |
| This field is effectively required, but due to backwards compatibility is |
| allowed to be empty. Instances of this type with an empty value here are |
| almost certainly wrong. |
| More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names |
| type: string |
| type: object |
| x-kubernetes-map-type: atomic |
| value: |
| description: Value specifies LDAP authentication credentials. |
| properties: |
| user_dn: |
| description: UserDN is the distinguished name (DN) of |
| the LDAP user. |
| type: string |
| required: |
| - user_dn |
| type: object |
| required: |
| - secretRef |
| type: object |
| wolfRBAC: |
| description: WolfRBAC configures the Wolf RBAC authentication |
| details. |
| properties: |
| secretRef: |
| description: SecretRef references a Kubernetes Secret containing |
| the Wolf RBAC token. |
| properties: |
| name: |
| default: "" |
| description: |- |
| Name of the referent. |
| This field is effectively required, but due to backwards compatibility is |
| allowed to be empty. Instances of this type with an empty value here are |
| almost certainly wrong. |
| More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names |
| type: string |
| type: object |
| x-kubernetes-map-type: atomic |
| value: |
| description: Value specifies the Wolf RBAC token. |
| properties: |
| appid: |
| description: Appid is the application identifier used |
| when communicating with the Wolf RBAC server. |
| type: string |
| header_prefix: |
| description: HeaderPrefix is the prefix added to request |
| headers for RBAC enforcement. |
| type: string |
| server: |
| description: Server is the URL of the Wolf RBAC server. |
| type: string |
| type: object |
| type: object |
| type: object |
| ingressClassName: |
| description: |- |
| IngressClassName is the name of an IngressClass cluster resource. |
| The controller uses this field to decide whether the resource should be managed. |
| type: string |
| required: |
| - authParameter |
| type: object |
| status: |
| description: ApisixStatus is the status report for Apisix ingress Resources |
| properties: |
| conditions: |
| items: |
| description: Condition contains details for one aspect of the current |
| state of this API Resource. |
| properties: |
| lastTransitionTime: |
| description: |- |
| lastTransitionTime is the last time the condition transitioned from one status to another. |
| This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. |
| format: date-time |
| type: string |
| message: |
| description: |- |
| message is a human readable message indicating details about the transition. |
| This may be an empty string. |
| maxLength: 32768 |
| type: string |
| observedGeneration: |
| description: |- |
| observedGeneration represents the .metadata.generation that the condition was set based upon. |
| For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date |
| with respect to the current state of the instance. |
| format: int64 |
| minimum: 0 |
| type: integer |
| reason: |
| description: |- |
| reason contains a programmatic identifier indicating the reason for the condition's last transition. |
| Producers of specific condition types may define expected values and meanings for this field, |
| and whether the values are considered a guaranteed API. |
| The value should be a CamelCase string. |
| This field may not be empty. |
| maxLength: 1024 |
| minLength: 1 |
| pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ |
| type: string |
| status: |
| description: status of the condition, one of True, False, Unknown. |
| enum: |
| - "True" |
| - "False" |
| - Unknown |
| type: string |
| type: |
| description: type of condition in CamelCase or in foo.example.com/CamelCase. |
| maxLength: 316 |
| pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ |
| type: string |
| required: |
| - lastTransitionTime |
| - message |
| - reason |
| - status |
| - type |
| type: object |
| type: array |
| type: object |
| type: object |
| served: true |
| storage: true |
| subresources: |
| status: {} |
