345 lines
15 KiB
YAML
345 lines
15 KiB
YAML
|
|
---
|
|
apiVersion: apiextensions.k8s.io/v1
|
|
kind: CustomResourceDefinition
|
|
metadata:
|
|
annotations:
|
|
controller-gen.kubebuilder.io/version: v0.4.1
|
|
creationTimestamp: null
|
|
name: rbacdefinitions.access-manager.io
|
|
spec:
|
|
group: access-manager.io
|
|
names:
|
|
kind: RbacDefinition
|
|
listKind: RbacDefinitionList
|
|
plural: rbacdefinitions
|
|
singular: rbacdefinition
|
|
scope: Cluster
|
|
versions:
|
|
- name: v1beta1
|
|
schema:
|
|
openAPIV3Schema:
|
|
description: RbacDefinition is the Schema for the rbacdefinitions API
|
|
properties:
|
|
apiVersion:
|
|
description: 'APIVersion defines the versioned schema of this representation
|
|
of an object. Servers should convert recognized schemas to the latest
|
|
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
|
|
type: string
|
|
kind:
|
|
description: 'Kind is a string value representing the REST resource this
|
|
object represents. Servers may infer this from the endpoint the client
|
|
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
|
|
type: string
|
|
metadata:
|
|
type: object
|
|
spec:
|
|
description: RbacDefinitionSpec defines the desired state of RbacDefinition
|
|
properties:
|
|
cluster:
|
|
items:
|
|
properties:
|
|
clusterRoleName:
|
|
type: string
|
|
name:
|
|
type: string
|
|
subjects:
|
|
items:
|
|
description: Subject contains a reference to the object or
|
|
user identities a role binding applies to. This can either
|
|
hold a direct API object reference, or a value for non-objects
|
|
such as user and group names.
|
|
properties:
|
|
apiGroup:
|
|
description: APIGroup holds the API group of the referenced
|
|
subject. Defaults to "" for ServiceAccount subjects.
|
|
Defaults to "rbac.authorization.k8s.io" for User and
|
|
Group subjects.
|
|
type: string
|
|
kind:
|
|
description: Kind of object being referenced. Values defined
|
|
by this API group are "User", "Group", and "ServiceAccount".
|
|
If the Authorizer does not recognized the kind value,
|
|
the Authorizer should report an error.
|
|
type: string
|
|
name:
|
|
description: Name of the object being referenced.
|
|
type: string
|
|
namespace:
|
|
description: Namespace of the referenced object. If the
|
|
object kind is non-namespace, such as "User" or "Group",
|
|
and this value is not empty the Authorizer should report
|
|
an error.
|
|
type: string
|
|
required:
|
|
- kind
|
|
- name
|
|
type: object
|
|
type: array
|
|
required:
|
|
- clusterRoleName
|
|
- name
|
|
- subjects
|
|
type: object
|
|
type: array
|
|
namespaced:
|
|
items:
|
|
properties:
|
|
bindings:
|
|
items:
|
|
properties:
|
|
allServiceAccounts:
|
|
default: false
|
|
type: boolean
|
|
kind:
|
|
type: string
|
|
name:
|
|
default: ""
|
|
type: string
|
|
roleName:
|
|
type: string
|
|
subjects:
|
|
items:
|
|
description: Subject contains a reference to the object
|
|
or user identities a role binding applies to. This
|
|
can either hold a direct API object reference, or
|
|
a value for non-objects such as user and group names.
|
|
properties:
|
|
apiGroup:
|
|
description: APIGroup holds the API group of the
|
|
referenced subject. Defaults to "" for ServiceAccount
|
|
subjects. Defaults to "rbac.authorization.k8s.io"
|
|
for User and Group subjects.
|
|
type: string
|
|
kind:
|
|
description: Kind of object being referenced. Values
|
|
defined by this API group are "User", "Group",
|
|
and "ServiceAccount". If the Authorizer does not
|
|
recognized the kind value, the Authorizer should
|
|
report an error.
|
|
type: string
|
|
name:
|
|
description: Name of the object being referenced.
|
|
type: string
|
|
namespace:
|
|
description: Namespace of the referenced object. If
|
|
the object kind is non-namespace, such as "User"
|
|
or "Group", and this value is not empty the Authorizer
|
|
should report an error.
|
|
type: string
|
|
required:
|
|
- kind
|
|
- name
|
|
type: object
|
|
type: array
|
|
required:
|
|
- kind
|
|
- roleName
|
|
type: object
|
|
type: array
|
|
namespace:
|
|
properties:
|
|
name:
|
|
type: string
|
|
required:
|
|
- name
|
|
type: object
|
|
namespaceSelector:
|
|
description: A label selector is a label query over a set of
|
|
resources. The result of matchLabels and matchExpressions
|
|
are ANDed. An empty label selector matches all objects. A
|
|
null label selector matches no objects.
|
|
properties:
|
|
matchExpressions:
|
|
description: matchExpressions is a list of label selector
|
|
requirements. The requirements are ANDed.
|
|
items:
|
|
description: A label selector requirement is a selector
|
|
that contains values, a key, and an operator that relates
|
|
the key and values.
|
|
properties:
|
|
key:
|
|
description: key is the label key that the selector
|
|
applies to.
|
|
type: string
|
|
operator:
|
|
description: operator represents a key's relationship
|
|
to a set of values. Valid operators are In, NotIn,
|
|
Exists and DoesNotExist.
|
|
type: string
|
|
values:
|
|
description: values is an array of string values.
|
|
If the operator is In or NotIn, the values array
|
|
must be non-empty. If the operator is Exists or
|
|
DoesNotExist, the values array must be empty. This
|
|
array is replaced during a strategic merge patch.
|
|
items:
|
|
type: string
|
|
type: array
|
|
required:
|
|
- key
|
|
- operator
|
|
type: object
|
|
type: array
|
|
matchLabels:
|
|
additionalProperties:
|
|
type: string
|
|
description: matchLabels is a map of {key,value} pairs.
|
|
A single {key,value} in the matchLabels map is equivalent
|
|
to an element of matchExpressions, whose key field is
|
|
"key", the operator is "In", and the values array contains
|
|
only "value". The requirements are ANDed.
|
|
type: object
|
|
type: object
|
|
required:
|
|
- bindings
|
|
type: object
|
|
type: array
|
|
paused:
|
|
type: boolean
|
|
type: object
|
|
status:
|
|
description: RbacDefinitionStatus defines the observed state of RbacDefinition
|
|
type: object
|
|
type: object
|
|
served: true
|
|
storage: true
|
|
subresources:
|
|
status: {}
|
|
status:
|
|
acceptedNames:
|
|
kind: ""
|
|
plural: ""
|
|
conditions: []
|
|
storedVersions: []
|
|
|
|
---
|
|
apiVersion: apiextensions.k8s.io/v1
|
|
kind: CustomResourceDefinition
|
|
metadata:
|
|
annotations:
|
|
controller-gen.kubebuilder.io/version: v0.4.1
|
|
creationTimestamp: null
|
|
name: syncsecretdefinitions.access-manager.io
|
|
spec:
|
|
group: access-manager.io
|
|
names:
|
|
kind: SyncSecretDefinition
|
|
listKind: SyncSecretDefinitionList
|
|
plural: syncsecretdefinitions
|
|
singular: syncsecretdefinition
|
|
scope: Cluster
|
|
versions:
|
|
- name: v1beta1
|
|
schema:
|
|
openAPIV3Schema:
|
|
description: SyncSecretDefinition is the Schema for the syncsecretdefinitions
|
|
API
|
|
properties:
|
|
apiVersion:
|
|
description: 'APIVersion defines the versioned schema of this representation
|
|
of an object. Servers should convert recognized schemas to the latest
|
|
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
|
|
type: string
|
|
kind:
|
|
description: 'Kind is a string value representing the REST resource this
|
|
object represents. Servers may infer this from the endpoint the client
|
|
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
|
|
type: string
|
|
metadata:
|
|
type: object
|
|
spec:
|
|
description: SyncSecretDefinitionSpec defines the desired state of SyncSecretDefinition
|
|
properties:
|
|
paused:
|
|
default: false
|
|
type: boolean
|
|
source:
|
|
properties:
|
|
name:
|
|
type: string
|
|
namespace:
|
|
type: string
|
|
required:
|
|
- name
|
|
- namespace
|
|
type: object
|
|
targets:
|
|
items:
|
|
properties:
|
|
namespace:
|
|
properties:
|
|
name:
|
|
type: string
|
|
required:
|
|
- name
|
|
type: object
|
|
namespaceSelector:
|
|
description: A label selector is a label query over a set of
|
|
resources. The result of matchLabels and matchExpressions
|
|
are ANDed. An empty label selector matches all objects. A
|
|
null label selector matches no objects.
|
|
properties:
|
|
matchExpressions:
|
|
description: matchExpressions is a list of label selector
|
|
requirements. The requirements are ANDed.
|
|
items:
|
|
description: A label selector requirement is a selector
|
|
that contains values, a key, and an operator that relates
|
|
the key and values.
|
|
properties:
|
|
key:
|
|
description: key is the label key that the selector
|
|
applies to.
|
|
type: string
|
|
operator:
|
|
description: operator represents a key's relationship
|
|
to a set of values. Valid operators are In, NotIn,
|
|
Exists and DoesNotExist.
|
|
type: string
|
|
values:
|
|
description: values is an array of string values.
|
|
If the operator is In or NotIn, the values array
|
|
must be non-empty. If the operator is Exists or
|
|
DoesNotExist, the values array must be empty. This
|
|
array is replaced during a strategic merge patch.
|
|
items:
|
|
type: string
|
|
type: array
|
|
required:
|
|
- key
|
|
- operator
|
|
type: object
|
|
type: array
|
|
matchLabels:
|
|
additionalProperties:
|
|
type: string
|
|
description: matchLabels is a map of {key,value} pairs.
|
|
A single {key,value} in the matchLabels map is equivalent
|
|
to an element of matchExpressions, whose key field is
|
|
"key", the operator is "In", and the values array contains
|
|
only "value". The requirements are ANDed.
|
|
type: object
|
|
type: object
|
|
type: object
|
|
type: array
|
|
required:
|
|
- source
|
|
- targets
|
|
type: object
|
|
status:
|
|
description: SyncSecretDefinitionStatus defines the observed state of
|
|
SyncSecretDefinition
|
|
type: object
|
|
type: object
|
|
served: true
|
|
storage: true
|
|
subresources:
|
|
status: {}
|
|
status:
|
|
acceptedNames:
|
|
kind: ""
|
|
plural: ""
|
|
conditions: []
|
|
storedVersions: []
|