{ "description": "AuthService is the Schema for the authservices API", "properties": { "apiVersion": { "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, "kind": { "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, "metadata": { "type": "object" }, "spec": { "description": "AuthServiceSpec defines the desired state of AuthService", "properties": { "add_auth_headers": { "additionalProperties": { "type": "string" }, "type": "object" }, "add_linkerd_headers": { "type": "boolean" }, "allow_request_body": { "description": "TODO(lukeshu): In v3alpha2, drop allow_request_body in favor of include_body. allow_request_body has been deprecated for a long time.", "type": "boolean" }, "allowed_authorization_headers": { "items": { "type": "string" }, "type": "array" }, "allowed_request_headers": { "items": { "type": "string" }, "type": "array" }, "ambassador_id": { "description": "AmbassadorID declares which Ambassador instances should pay attention to this resource. If no value is provided, the default is: \n \tambassador_id: \t- \"default\" \n TODO(lukeshu): In v3alpha2, consider renaming all of the `ambassador_id` (singular) fields to `ambassador_ids` (plural).", "items": { "type": "string" }, "type": "array" }, "auth_service": { "description": "TODO(lukeshu): In v3alpha2, consider renameing `auth_service` to just `service`, for consistency with the other resource types.", "type": "string" }, "circuit_breakers": { "items": { "properties": { "max_connections": { "type": "integer" }, "max_pending_requests": { "type": "integer" }, "max_requests": { "type": "integer" }, "max_retries": { "type": "integer" }, "priority": { "enum": [ "default", "high" ], "type": "string" } }, "type": "object", "additionalProperties": false }, "type": "array" }, "failure_mode_allow": { "type": "boolean" }, "include_body": { "properties": { "allow_partial": { "type": "boolean" }, "max_bytes": { "description": "These aren't pointer types because they are required.", "type": "integer" } }, "required": [ "allow_partial", "max_bytes" ], "type": "object", "additionalProperties": false }, "path_prefix": { "type": "string" }, "proto": { "enum": [ "http", "grpc" ], "type": "string" }, "protocol_version": { "description": "ProtocolVersion is the envoy api transport protocol version", "enum": [ "v2", "v3" ], "type": "string" }, "stats_name": { "type": "string" }, "status_on_error": { "description": "TODO(lukeshu): In v3alpha2, consider getting rid of this struct type in favor of just using an int (i.e. `statusOnError: 500` instead of the current `statusOnError: { code: 500 }`).", "properties": { "code": { "type": "integer" } }, "type": "object", "additionalProperties": false }, "timeout_ms": { "description": "TODO(lukeshu): In v3alpha2, change all of the `{foo}_ms`/`MillisecondDuration` fields to `{foo}`/`metav1.Duration`.", "type": "integer" }, "tls": { "type": "string" }, "v2ExplicitTLS": { "description": "V2ExplicitTLS controls some vanity/stylistic elements when converting from v3alpha1 to v2. The values in an V2ExplicitTLS should not in any way affect the runtime operation of Emissary; except that it may affect internal names in the Envoy config, which may in turn affect stats names. But it should not affect any end-user observable behavior.", "properties": { "serviceScheme": { "description": "ServiceScheme specifies how to spell and capitalize the scheme-part of the service URL. \n Acceptable values are \"http://\" (case-insensitive), \"https://\" (case-insensitive), or \"\". The value is used if it agrees with whether or not this resource enables TLS origination, or if something else in the resource overrides the scheme.", "pattern": "^([hH][tT][tT][pP][sS]?://)?$", "type": "string" }, "tls": { "description": "TLS controls whether and how to represent the \"tls\" field when its value could be implied by the \"service\" field. In v2, there were a lot of different ways to spell an \"empty\" value, and this field specifies which way to spell it (and will therefore only be used if the value will indeed be empty). \n | Value | Representation | Meaning of representation | |--------------+---------------------------------------+------------------------------------| | \"\" | omit the field | defer to service (no TLSContext) | | \"null\" | store an explicit \"null\" in the field | defer to service (no TLSContext) | | \"string\" | store an empty string in the field | defer to service (no TLSContext) | | \"bool:false\" | store a Boolean \"false\" in the field | defer to service (no TLSContext) | | \"bool:true\" | store a Boolean \"true\" in the field | originate TLS (no TLSContext) | \n If the meaning of the representation contradicts anything else (if a TLSContext is to be used, or in the case of \"bool:true\" if TLS is not to be originated), then this field is ignored.", "enum": [ "", "null", "bool:true", "bool:false", "string" ], "type": "string" } }, "type": "object", "additionalProperties": false } }, "required": [ "auth_service" ], "type": "object", "additionalProperties": false } }, "type": "object" }