{ "properties": { "spec": { "description": "MeshTLSAuthentication defines a list of authenticated client IDs to be referenced by an `AuthorizationPolicy`. If a client connection has the mutually-authenticated identity that matches ANY of the of the provided identities, the connection is considered authenticated.", "oneOf": [ { "required": [ "identities" ] }, { "required": [ "identityRefs" ] } ], "properties": { "identities": { "description": "Authorizes clients with the provided proxy identity strings (as provided via MTLS)\nThe `*` prefix can be used to match all identities in a domain. An identity string of `*` indicates that all authentication clients are authorized.", "items": { "pattern": "^(\\*|[a-z0-9]([-a-z0-9]*[a-z0-9])?)(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$", "type": "string" }, "minItems": 1, "type": "array" }, "identityRefs": { "items": { "properties": { "group": { "description": "Group is the group of the referent. When empty, the Kubernetes core API group is inferred.\"", "maxLength": 253, "pattern": "^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$", "type": "string" }, "kind": { "description": "Kind is the kind of the referent.", "maxLength": 63, "minLength": 1, "pattern": "^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$", "type": "string" }, "name": { "description": "Name is the name of the referent. When unspecified, this refers to all resources of the specified Group and Kind in the specified namespace.", "maxLength": 253, "minLength": 1, "type": "string" }, "namespace": { "description": "Name is the name of the referent. When unspecified, this authentication refers to the local namespace.", "maxLength": 253, "type": "string" } }, "required": [ "kind" ], "type": "object", "additionalProperties": false }, "minItems": 1, "type": "array" } }, "type": "object", "additionalProperties": false } }, "required": [ "spec" ], "type": "object" }