{
"description": "Flagd is the Schema for the flagds API",
"properties": {
"apiVersion": {
"description": "APIVersion defines the versioned schema of this representation of an object.\nServers should convert recognized schemas to the latest internal value, and\nmay reject unrecognized values.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources",
"type": "string"
},
"kind": {
"description": "Kind is a string value representing the REST resource this object represents.\nServers may infer this from the endpoint the client submits requests to.\nCannot be updated.\nIn CamelCase.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds",
"type": "string"
},
"metadata": {
"type": "object"
},
"spec": {
"description": "FlagdSpec defines the desired state of Flagd",
"properties": {
"featureFlagSource": {
"description": "FeatureFlagSource references to a FeatureFlagSource from which the created flagd instance retrieves\nthe feature flag configurations",
"type": "string"
},
"gatewayApiRoutes": {
"description": "GatewayApiRoutes",
"properties": {
"annotations": {
"additionalProperties": {
"type": "string"
},
"description": "Annotations to be added to the Gateway API routes",
"type": "object"
},
"enabled": {
"description": "Enabled enables/disables the Gateway API routes for flagd",
"type": "boolean"
},
"hosts": {
"description": "Hosts list of hosts to be added to the ingress.\nEmpty string corresponds to rule with no host.",
"items": {
"type": "string"
},
"type": "array"
},
"parentRefs": {
"description": "ParentRefs references the resources (usually Gateways) that the Routes should\nbe attached to.",
"items": {
"description": "ParentReference identifies an API object (usually a Gateway) that can be considered\na parent of this resource (usually a route). There are two kinds of parent resources\nwith \"Core\" support:\n\n* Gateway (Gateway conformance profile)\n* Service (Mesh conformance profile, ClusterIP Services only)\n\nThis API may be extended in the future to support additional kinds of parent\nresources.\n\nThe API object must be valid in the cluster; the Group and Kind must\nbe registered in the cluster for this reference to be valid.",
"properties": {
"group": {
"default": "gateway.networking.k8s.io",
"description": "Group is the group of the referent.\nWhen unspecified, \"gateway.networking.k8s.io\" is inferred.\nTo set the core API group (such as for a \"Service\" kind referent),\nGroup must be explicitly set to \"\" (empty string).\n\nSupport: Core",
"maxLength": 253,
"pattern": "^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$",
"type": "string"
},
"kind": {
"default": "Gateway",
"description": "Kind is kind of the referent.\n\nThere are two kinds of parent resources with \"Core\" support:\n\n* Gateway (Gateway conformance profile)\n* Service (Mesh conformance profile, ClusterIP Services only)\n\nSupport for other resources is Implementation-Specific.",
"maxLength": 63,
"minLength": 1,
"pattern": "^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$",
"type": "string"
},
"name": {
"description": "Name is the name of the referent.\n\nSupport: Core",
"maxLength": 253,
"minLength": 1,
"type": "string"
},
"namespace": {
"description": "Namespace is the namespace of the referent. When unspecified, this refers\nto the local namespace of the Route.\n\nNote that there are specific rules for ParentRefs which cross namespace\nboundaries. Cross-namespace references are only valid if they are explicitly\nallowed by something in the namespace they are referring to. For example:\nGateway has the AllowedRoutes field, and ReferenceGrant provides a\ngeneric way to enable any other kind of cross-namespace reference.\n\n\nParentRefs from a Route to a Service in the same namespace are \"producer\"\nroutes, which apply default routing rules to inbound connections from\nany namespace to the Service.\n\nParentRefs from a Route to a Service in a different namespace are\n\"consumer\" routes, and these routing rules are only applied to outbound\nconnections originating from the same namespace as the Route, for which\nthe intended destination of the connections are a Service targeted as a\nParentRef of the Route.\n\n\nSupport: Core",
"maxLength": 63,
"minLength": 1,
"pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?$",
"type": "string"
},
"port": {
"description": "Port is the network port this Route targets. It can be interpreted\ndifferently based on the type of parent resource.\n\nWhen the parent resource is a Gateway, this targets all listeners\nlistening on the specified port that also support this kind of Route(and\nselect this Route). It's not recommended to set `Port` unless the\nnetworking behaviors specified in a Route must apply to a specific port\nas opposed to a listener(s) whose port(s) may be changed. When both Port\nand SectionName are specified, the name and port of the selected listener\nmust match both specified values.\n\n\nWhen the parent resource is a Service, this targets a specific port in the\nService spec. When both Port (experimental) and SectionName are specified,\nthe name and port of the selected port must match both specified values.\n\n\nImplementations MAY choose to support other parent resources.\nImplementations supporting other types of parent resources MUST clearly\ndocument how/if Port is interpreted.\n\nFor the purpose of status, an attachment is considered successful as\nlong as the parent resource accepts it partially. For example, Gateway\nlisteners can restrict which Routes can attach to them by Route kind,\nnamespace, or hostname. If 1 of 2 Gateway listeners accept attachment\nfrom the referencing Route, the Route MUST be considered successfully\nattached. If no Gateway listeners accept attachment from this Route,\nthe Route MUST be considered detached from the Gateway.\n\nSupport: Extended",
"format": "int32",
"maximum": 65535,
"minimum": 1,
"type": "integer"
},
"sectionName": {
"description": "SectionName is the name of a section within the target resource. In the\nfollowing resources, SectionName is interpreted as the following:\n\n* Gateway: Listener name. When both Port (experimental) and SectionName\nare specified, the name and port of the selected listener must match\nboth specified values.\n* Service: Port name. When both Port (experimental) and SectionName\nare specified, the name and port of the selected listener must match\nboth specified values.\n\nImplementations MAY choose to support attaching Routes to other resources.\nIf that is the case, they MUST clearly document how SectionName is\ninterpreted.\n\nWhen unspecified (empty string), this will reference the entire resource.\nFor the purpose of status, an attachment is considered successful if at\nleast one section in the parent resource accepts it. For example, Gateway\nlisteners can restrict which Routes can attach to them by Route kind,\nnamespace, or hostname. If 1 of 2 Gateway listeners accept attachment from\nthe referencing Route, the Route MUST be considered successfully\nattached. If no Gateway listeners accept attachment from this Route, the\nRoute MUST be considered detached from the Gateway.\n\nSupport: Core",
"maxLength": 253,
"minLength": 1,
"pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$",
"type": "string"
}
},
"required": [
"name"
],
"type": "object",
"additionalProperties": false
},
"type": "array"
}
},
"required": [
"parentRefs"
],
"type": "object",
"additionalProperties": false
},
"ingress": {
"description": "Ingress",
"properties": {
"annotations": {
"additionalProperties": {
"type": "string"
},
"description": "Annotations the annotations to be added to the ingress",
"type": "object"
},
"enabled": {
"description": "Enabled enables/disables the ingress for flagd",
"type": "boolean"
},
"flagdPath": {
"description": "FlagdPath is the path to be used for accessing the flagd flag evaluation API\nDefault: /flagd.evaluation.v1.Service",
"type": "string"
},
"hosts": {
"description": "Hosts list of hosts to be added to the ingress.\nEmpty string corresponds to rule with no host.",
"items": {
"type": "string"
},
"type": "array"
},
"ingressClassName": {
"description": "IngressClassName defines the name if the ingress class to be used for flagd",
"type": "string"
},
"ofrepPath": {
"description": "OFREPPath is the path to be used for accessing the OFREP API\nDefault: /ofrep",
"type": "string"
},
"pathType": {
"description": "PathType is the path type to be used for the ingress rules",
"type": "string"
},
"syncPath": {
"description": "SyncPath is the path to be used for accessing the sync API\nDefault: /flagd.sync.v1.Service",
"type": "string"
},
"tls": {
"description": "TLS configuration for the ingress",
"items": {
"description": "IngressTLS describes the transport layer security associated with an ingress.",
"properties": {
"hosts": {
"description": "hosts is a list of hosts included in the TLS certificate. The values in\nthis list must match the name/s used in the tlsSecret. Defaults to the\nwildcard host setting for the loadbalancer controller fulfilling this\nIngress, if left unspecified.",
"items": {
"type": "string"
},
"type": "array",
"x-kubernetes-list-type": "atomic"
},
"secretName": {
"description": "secretName is the name of the secret used to terminate TLS traffic on\nport 443. Field is left optional to allow TLS routing based on SNI\nhostname alone. If the SNI host in a listener conflicts with the \"Host\"\nheader field used by an IngressRule, the SNI host is used for termination\nand value of the \"Host\" header is used for routing.",
"type": "string"
}
},
"type": "object",
"additionalProperties": false
},
"type": "array"
}
},
"required": [
"hosts"
],
"type": "object",
"additionalProperties": false
},
"replicas": {
"default": 1,
"description": "Replicas defines the number of replicas to create for the service.\nDefault: 1",
"format": "int32",
"type": "integer"
},
"serviceAccountName": {
"description": "ServiceAccountName the service account name for the flagd deployment",
"type": "string"
},
"serviceType": {
"default": "ClusterIP",
"description": "ServiceType represents the type of Service to create.\nMust be one of: ClusterIP, NodePort, LoadBalancer, and ExternalName.\nDefault: ClusterIP",
"enum": [
"ClusterIP",
"NodePort",
"LoadBalancer",
"ExternalName"
],
"type": "string"
}
},
"required": [
"featureFlagSource"
],
"type": "object",
"additionalProperties": false
},
"status": {
"description": "FlagdStatus defines the observed state of Flagd",
"type": "object"
}
},
"type": "object"
}