{ "description": "Policy defines a Policy for VirtualServer and VirtualServerRoute resources.", "properties": { "apiVersion": { "description": "APIVersion defines the versioned schema of this representation of an object.\nServers should convert recognized schemas to the latest internal value, and\nmay reject unrecognized values.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, "kind": { "description": "Kind is a string value representing the REST resource this object represents.\nServers may infer this from the endpoint the client submits requests to.\nCannot be updated.\nIn CamelCase.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, "metadata": { "type": "object" }, "spec": { "description": "PolicySpec is the spec of the Policy resource.\nThe spec includes multiple fields, where each field represents a different policy.\nOnly one policy (field) is allowed.", "properties": { "accessControl": { "description": "AccessControl defines an access policy based on the source IP of a request.", "properties": { "allow": { "items": { "type": "string" }, "type": "array" }, "deny": { "items": { "type": "string" }, "type": "array" } }, "type": "object", "additionalProperties": false }, "apiKey": { "description": "APIKey defines an API Key policy.", "properties": { "clientSecret": { "type": "string" }, "suppliedIn": { "description": "SuppliedIn defines the locations API Key should be supplied in.", "properties": { "header": { "items": { "type": "string" }, "type": "array" }, "query": { "items": { "type": "string" }, "type": "array" } }, "type": "object", "additionalProperties": false } }, "type": "object", "additionalProperties": false }, "basicAuth": { "description": "BasicAuth holds HTTP Basic authentication configuration", "properties": { "realm": { "type": "string" }, "secret": { "type": "string" } }, "type": "object", "additionalProperties": false }, "egressMTLS": { "description": "EgressMTLS defines an Egress MTLS policy.", "properties": { "ciphers": { "type": "string" }, "protocols": { "type": "string" }, "serverName": { "type": "boolean" }, "sessionReuse": { "type": "boolean" }, "sslName": { "type": "string" }, "tlsSecret": { "type": "string" }, "trustedCertSecret": { "type": "string" }, "verifyDepth": { "type": "integer" }, "verifyServer": { "type": "boolean" } }, "type": "object", "additionalProperties": false }, "ingressClassName": { "type": "string" }, "ingressMTLS": { "description": "IngressMTLS defines an Ingress MTLS policy.", "properties": { "clientCertSecret": { "type": "string" }, "crlFileName": { "type": "string" }, "verifyClient": { "type": "string" }, "verifyDepth": { "type": "integer" } }, "type": "object", "additionalProperties": false }, "jwt": { "description": "JWTAuth holds JWT authentication configuration.", "properties": { "jwksURI": { "type": "string" }, "keyCache": { "type": "string" }, "realm": { "type": "string" }, "secret": { "type": "string" }, "token": { "type": "string" } }, "type": "object", "additionalProperties": false }, "oidc": { "description": "OIDC defines an Open ID Connect policy.", "properties": { "accessTokenEnable": { "type": "boolean" }, "authEndpoint": { "type": "string" }, "authExtraArgs": { "items": { "type": "string" }, "type": "array" }, "clientID": { "type": "string" }, "clientSecret": { "type": "string" }, "endSessionEndpoint": { "type": "string" }, "jwksURI": { "type": "string" }, "postLogoutRedirectURI": { "type": "string" }, "redirectURI": { "type": "string" }, "scope": { "type": "string" }, "tokenEndpoint": { "type": "string" }, "zoneSyncLeeway": { "type": "integer" } }, "type": "object", "additionalProperties": false }, "rateLimit": { "description": "RateLimit defines a rate limit policy.", "properties": { "burst": { "type": "integer" }, "delay": { "type": "integer" }, "dryRun": { "type": "boolean" }, "key": { "type": "string" }, "logLevel": { "type": "string" }, "noDelay": { "type": "boolean" }, "rate": { "type": "string" }, "rejectCode": { "type": "integer" }, "scale": { "type": "boolean" }, "zoneSize": { "type": "string" } }, "type": "object", "additionalProperties": false }, "waf": { "description": "WAF defines an WAF policy.", "properties": { "apBundle": { "type": "string" }, "apPolicy": { "type": "string" }, "enable": { "type": "boolean" }, "securityLog": { "description": "SecurityLog defines the security log of a WAF policy.", "properties": { "apLogBundle": { "type": "string" }, "apLogConf": { "type": "string" }, "enable": { "type": "boolean" }, "logDest": { "type": "string" } }, "type": "object", "additionalProperties": false }, "securityLogs": { "items": { "description": "SecurityLog defines the security log of a WAF policy.", "properties": { "apLogBundle": { "type": "string" }, "apLogConf": { "type": "string" }, "enable": { "type": "boolean" }, "logDest": { "type": "string" } }, "type": "object", "additionalProperties": false }, "type": "array" } }, "type": "object", "additionalProperties": false } }, "type": "object", "additionalProperties": false }, "status": { "description": "PolicyStatus is the status of the policy resource", "properties": { "message": { "type": "string" }, "reason": { "type": "string" }, "state": { "type": "string" } }, "type": "object", "additionalProperties": false } }, "type": "object" }