{ "description": "Host is the Schema for the hosts API", "properties": { "apiVersion": { "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, "kind": { "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, "metadata": { "type": "object" }, "spec": { "description": "HostSpec defines the desired state of Host", "properties": { "acmeProvider": { "description": "Specifies whether/who to talk ACME with to automatically manage the $tlsSecret.", "properties": { "authority": { "description": "Specifies who to talk ACME with to get certs. Defaults to Let's Encrypt; if \"none\" (case-insensitive), do not try to do ACME for this Host.", "type": "string" }, "email": { "type": "string" }, "privateKeySecret": { "description": "Specifies the Kubernetes Secret to use to store the private key of the ACME account (essentially, where to store the auto-generated password for the auto-created ACME account). You should not normally need to set this--the default value is based on a combination of the ACME authority being registered wit and the email address associated with the account. \n Note that this is a native-Kubernetes-style core.v1.LocalObjectReference, not an Ambassador-style `{name}.{namespace}` string. Because we're opinionated, it does not support referencing a Secret in another namespace (because most native Kubernetes resources don't support that), but if we ever abandon that opinion and decide to support non-local references it, it would be by adding a `namespace:` field by changing it from a core.v1.LocalObjectReference to a core.v1.SecretReference, not by adopting the `{name}.{namespace}` notation.", "properties": { "name": { "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?", "type": "string" } }, "type": "object", "additionalProperties": false }, "registration": { "description": "This is normally set automatically", "type": "string" } }, "type": "object", "additionalProperties": false }, "hostname": { "description": "Hostname by which the Ambassador can be reached.", "type": "string" }, "previewUrl": { "description": "Configuration for the Preview URL feature of Service Preview. Defaults to preview URLs not enabled.", "properties": { "enabled": { "description": "Is the Preview URL feature enabled?", "type": "boolean" }, "type": { "description": "What type of Preview URL is allowed?", "enum": [ "Path" ], "type": "string" } }, "type": "object", "additionalProperties": false }, "requestPolicy": { "description": "Request policy definition.", "properties": { "insecure": { "properties": { "action": { "enum": [ "Redirect", "Reject", "Route" ], "type": "string" }, "additionalPort": { "type": "integer" } }, "type": "object", "additionalProperties": false } }, "type": "object", "additionalProperties": false }, "selector": { "description": "Selector by which we can find further configuration. Defaults to hostname=$hostname", "properties": { "matchExpressions": { "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", "items": { "description": "A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.", "properties": { "key": { "description": "key is the label key that the selector applies to.", "type": "string" }, "operator": { "description": "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.", "type": "string" }, "values": { "description": "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.", "items": { "type": "string" }, "type": "array" } }, "required": [ "key", "operator" ], "type": "object", "additionalProperties": false }, "type": "array" }, "matchLabels": { "additionalProperties": { "type": "string" }, "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", "type": "object" } }, "type": "object", "additionalProperties": false }, "tls": { "description": "TLS configuration. It is not valid to specify both `tlsContext` and `tls`.", "properties": { "alpn_protocols": { "type": "string" }, "ca_secret": { "type": "string" }, "cacert_chain_file": { "type": "string" }, "cert_chain_file": { "type": "string" }, "cert_required": { "type": "boolean" }, "cipher_suites": { "items": { "type": "string" }, "type": "array" }, "ecdh_curves": { "items": { "type": "string" }, "type": "array" }, "max_tls_version": { "type": "string" }, "min_tls_version": { "type": "string" }, "private_key_file": { "type": "string" }, "redirect_cleartext_from": { "type": "integer" }, "sni": { "type": "string" }, "v3CRLSecret": { "type": "string" } }, "type": "object", "additionalProperties": false }, "tlsContext": { "description": "Name of the TLSContext the Host resource is linked with. It is not valid to specify both `tlsContext` and `tls`. \n Note that this is a native-Kubernetes-style core.v1.LocalObjectReference, not an Ambassador-style `{name}.{namespace}` string. Because we're opinionated, it does not support referencing a Secret in another namespace (because most native Kubernetes resources don't support that), but if we ever abandon that opinion and decide to support non-local references it, it would be by adding a `namespace:` field by changing it from a core.v1.LocalObjectReference to a core.v1.SecretReference, not by adopting the `{name}.{namespace}` notation.", "properties": { "name": { "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?", "type": "string" } }, "type": "object", "additionalProperties": false }, "tlsSecret": { "description": "Name of the Kubernetes secret into which to save generated certificates. If ACME is enabled (see $acmeProvider), then the default is $hostname; otherwise the default is \"\". If the value is \"\", then we do not do TLS for this Host.", "properties": { "name": { "description": "Name is unique within a namespace to reference a secret resource.", "type": "string" }, "namespace": { "description": "Namespace defines the space within which the secret name must be unique.", "type": "string" } }, "type": "object", "additionalProperties": false } }, "type": "object", "x-kubernetes-preserve-unknown-fields": true }, "status": { "description": "HostStatus defines the observed state of Host", "properties": { "errorBackoff": { "type": "string" }, "errorReason": { "description": "errorReason, errorTimestamp, and errorBackoff are valid when state==Error.", "type": "string" }, "errorTimestamp": { "format": "date-time", "type": "string" }, "phaseCompleted": { "description": "phaseCompleted and phasePending are valid when state==Pending or state==Error.", "enum": [ "NA", "DefaultsFilled", "ACMEUserPrivateKeyCreated", "ACMEUserRegistered", "ACMECertificateChallenge" ], "type": "string" }, "phasePending": { "description": "phaseCompleted and phasePending are valid when state==Pending or state==Error.", "enum": [ "NA", "DefaultsFilled", "ACMEUserPrivateKeyCreated", "ACMEUserRegistered", "ACMECertificateChallenge" ], "type": "string" }, "state": { "description": "The first value listed in the Enum marker becomes the \"zero\" value, and it would be great if \"Pending\" could be the default value; but it's Important that the \"zero\" value be able to be shown as empty/omitted from display, and we really do want `kubectl get hosts` to say \"Pending\" in the \"STATE\" column, and not leave the column empty.", "enum": [ "Initial", "Pending", "Ready", "Error" ], "type": "string" }, "tlsCertificateSource": { "enum": [ "Unknown", "None", "Other", "ACME" ], "type": "string" } }, "type": "object", "additionalProperties": false } }, "type": "object" }