Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add v1alpha1 version back to policy CRD #1956

Merged
merged 3 commits into from
Sep 15, 2021
Merged

Add v1alpha1 version back to policy CRD #1956

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
a28cd30
Add v1alpha1 version back to policy CRD
ciarams87 Sep 10, 2021
593bd0b
Merge master into test-multiple-versions
nginx-bot Sep 14, 2021
6caf8a1
Merge branch 'master' into test-multiple-versions
ciarams87 Sep 15, 2021
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
96 changes: 96 additions & 0 deletions deployments/common/crds/k8s.nginx.org_policies.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -170,6 +170,102 @@ spec:
storage: true
subresources:
status: {}
- name: v1alpha1
schema:
openAPIV3Schema:
description: Policy defines a Policy for VirtualServer and VirtualServerRoute resources.
type: object
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
metadata:
type: object
spec:
description: PolicySpec is the spec of the Policy resource. The spec includes multiple fields, where each field represents a different policy. Only one policy (field) is allowed.
type: object
properties:
accessControl:
description: AccessControl defines an access policy based on the source IP of a request.
type: object
properties:
allow:
type: array
items:
type: string
deny:
type: array
items:
type: string
egressMTLS:
description: EgressMTLS defines an Egress MTLS policy.
type: object
properties:
ciphers:
type: string
protocols:
type: string
serverName:
type: boolean
sessionReuse:
type: boolean
sslName:
type: string
tlsSecret:
type: string
trustedCertSecret:
type: string
verifyDepth:
type: integer
verifyServer:
type: boolean
ingressMTLS:
description: IngressMTLS defines an Ingress MTLS policy.
type: object
properties:
clientCertSecret:
type: string
verifyClient:
type: string
verifyDepth:
type: integer
jwt:
description: JWTAuth holds JWT authentication configuration.
type: object
properties:
realm:
type: string
secret:
type: string
token:
type: string
rateLimit:
description: RateLimit defines a rate limit policy.
type: object
properties:
burst:
type: integer
delay:
type: integer
dryRun:
type: boolean
key:
type: string
logLevel:
type: string
noDelay:
type: boolean
rate:
type: string
rejectCode:
type: integer
zoneSize:
type: string
served: true
storage: false
status:
acceptedNames:
kind: ""
Expand Down
96 changes: 96 additions & 0 deletions deployments/helm-chart/crds/k8s.nginx.org_policies.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -170,6 +170,102 @@ spec:
storage: true
subresources:
status: {}
- name: v1alpha1
schema:
openAPIV3Schema:
description: Policy defines a Policy for VirtualServer and VirtualServerRoute resources.
type: object
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
metadata:
type: object
spec:
description: PolicySpec is the spec of the Policy resource. The spec includes multiple fields, where each field represents a different policy. Only one policy (field) is allowed.
type: object
properties:
accessControl:
description: AccessControl defines an access policy based on the source IP of a request.
type: object
properties:
allow:
type: array
items:
type: string
deny:
type: array
items:
type: string
egressMTLS:
description: EgressMTLS defines an Egress MTLS policy.
type: object
properties:
ciphers:
type: string
protocols:
type: string
serverName:
type: boolean
sessionReuse:
type: boolean
sslName:
type: string
tlsSecret:
type: string
trustedCertSecret:
type: string
verifyDepth:
type: integer
verifyServer:
type: boolean
ingressMTLS:
description: IngressMTLS defines an Ingress MTLS policy.
type: object
properties:
clientCertSecret:
type: string
verifyClient:
type: string
verifyDepth:
type: integer
jwt:
description: JWTAuth holds JWT authentication configuration.
type: object
properties:
realm:
type: string
secret:
type: string
token:
type: string
rateLimit:
description: RateLimit defines a rate limit policy.
type: object
properties:
burst:
type: integer
delay:
type: integer
dryRun:
type: boolean
key:
type: string
logLevel:
type: string
noDelay:
type: boolean
rate:
type: string
rejectCode:
type: integer
zoneSize:
type: string
served: true
storage: false
status:
acceptedNames:
kind: ""
Expand Down
1 change: 1 addition & 0 deletions pkg/apis/configuration/v1/types.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -321,6 +321,7 @@ type VirtualServerRouteStatus struct {
// +kubebuilder:validation:Optional
// +kubebuilder:resource:shortName=pol
// +kubebuilder:subresource:status
// +kubebuilder:storageversion
// +kubebuilder:printcolumn:name="State",type=string,JSONPath=`.status.state`,description="Current state of the Policy. If the resource has a valid status, it means it has been validated and accepted by the Ingress Controller."
// +kubebuilder:printcolumn:name="Age",type=date,JSONPath=`.metadata.creationTimestamp`

Expand Down
79 changes: 79 additions & 0 deletions pkg/apis/configuration/v1alpha1/types.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -150,3 +150,82 @@ type TransportServerList struct {

Items []TransportServer `json:"items"`
}

// +genclient
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
// +kubebuilder:validation:Optional

// Policy defines a Policy for VirtualServer and VirtualServerRoute resources.
type Policy struct {
metav1.TypeMeta `json:",inline"`
metav1.ObjectMeta `json:"metadata,omitempty"`

Spec PolicySpec `json:"spec"`
}

// PolicySpec is the spec of the Policy resource.
// The spec includes multiple fields, where each field represents a different policy.
// Only one policy (field) is allowed.
type PolicySpec struct {
AccessControl *AccessControl `json:"accessControl"`
RateLimit *RateLimit `json:"rateLimit"`
JWTAuth *JWTAuth `json:"jwt"`
IngressMTLS *IngressMTLS `json:"ingressMTLS"`
EgressMTLS *EgressMTLS `json:"egressMTLS"`
}

// AccessControl defines an access policy based on the source IP of a request.
type AccessControl struct {
Allow []string `json:"allow"`
Deny []string `json:"deny"`
}

// RateLimit defines a rate limit policy.
type RateLimit struct {
Rate string `json:"rate"`
Key string `json:"key"`
Delay *int `json:"delay"`
NoDelay *bool `json:"noDelay"`
Burst *int `json:"burst"`
ZoneSize string `json:"zoneSize"`
DryRun *bool `json:"dryRun"`
LogLevel string `json:"logLevel"`
RejectCode *int `json:"rejectCode"`
}

// JWTAuth holds JWT authentication configuration.
type JWTAuth struct {
Realm string `json:"realm"`
Secret string `json:"secret"`
Token string `json:"token"`
}

// IngressMTLS defines an Ingress MTLS policy.
type IngressMTLS struct {
ClientCertSecret string `json:"clientCertSecret"`
VerifyClient string `json:"verifyClient"`
VerifyDepth *int `json:"verifyDepth"`
}

// EgressMTLS defines an Egress MTLS policy.
type EgressMTLS struct {
TLSSecret string `json:"tlsSecret"`
VerifyServer bool `json:"verifyServer"`
VerifyDepth *int `json:"verifyDepth"`
Protocols string `json:"protocols"`
SessionReuse *bool `json:"sessionReuse"`
Ciphers string `json:"ciphers"`
TrustedCertSecret string `json:"trustedCertSecret"`
ServerName bool `json:"serverName"`
SSLName string `json:"sslName"`
}

// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object

// PolicyList is a list of the Policy resources.
type PolicyList struct {
metav1.TypeMeta `json:",inline"`
metav1.ListMeta `json:"metadata"`

Items []Policy `json:"items"`
}