authz.kyverno.io/v1alpha1
Resource Types¶
AuthorizationServer¶
AuthorizationServer is a resource that represents a new kyverno authorization server.
| Field | Type | Required | Inline | Description |
|---|---|---|---|---|
apiVersion | string |  | authz.kyverno.io/v1alpha1 | |
kind | string | | AuthorizationServer | |
metadata | meta/v1.ObjectMeta | | No description provided. | |
spec | AuthorizationServerSpec | | No description provided. |
AuthorizationServerPolicySource¶
Appears in:
AuthorizationServerPolicySource represents where the authorization server will get its policies from.
| Field | Type | Required | Inline | Description |
|---|---|---|---|---|
kubernetes | KubernetesPolicySource | | No description provided. | |
external | ExternalPolicySource | | No description provided. |
AuthorizationServerSpec¶
Appears in:
AuthorizationServerSpec defines the spec of a authorization server.
| Field | Type | Required | Inline | Description |
|---|---|---|---|---|
type | AuthorizationServerType | | Type defines the type of authorization server. | |
sources | []AuthorizationServerPolicySource | | AuthorizationServerPolicySource contains all the sources of policies for the authorization server. |
AuthorizationServerType¶
Appears in:
AuthorizationServerType defines the type of authorization server. Only one of the fields should be set at a time (mutually exclusive).
| Field | Type | Required | Inline | Description |
|---|---|---|---|---|
envoy | EnvoyAuthorizationServer | Envoy configures an Envoy-based authorization server. | ||
http | HTTPAuthorizationServer | HTTP configures a custom HTTP authorization server. |
EnvoyAuthorizationServer¶
Appears in:
EnvoyAuthorizationServer defines the Envoy authorization server configuration.
| Field | Type | Required | Inline | Description |
|---|---|---|---|---|
port | int | | Port is the port the server listens on. | |
modifiers | Modifiers | Modifiers to apply to requests and responses. |
ExternalPolicySource¶
Appears in:
ExternalSource defines an external policy source.
| Field | Type | Required | Inline | Description |
|---|---|---|---|---|
url | string | | URL is the URL of the external policy source Supported schemes are: file://, oci://, https://, etc |
Group¶
(Alias of string)
Appears in:
Group refers to a Kubernetes Group. It must either be an empty string or a RFC 1123 subdomain.
This validation is based off of the corresponding Kubernetes validation: https://github.com/kubernetes/apimachinery/blob/02cfb53916346d085a6c6c7c66f882e3c6b0eca6/pkg/util/validation/validation.go#L208
Valid values include:
- "" - empty string implies core Kubernetes API group
- "authz.kyverno.io"
- "policies.kyverno.io"
Invalid values include:
- "example.com/bar" - "/" is an invalid character
HTTPAuthorizationServer¶
Appears in:
HTTPAuthorizationServer defines the HTTP authorization server configuration.
| Field | Type | Required | Inline | Description |
|---|---|---|---|---|
port | int | | Port is the port the server listens on. | |
modifiers | Modifiers | Modifiers to apply to requests and responses. |
Kind¶
(Alias of string)
Appears in:
Kind refers to a Kubernetes Kind.
Valid values include:
- "Service"
- "HTTPRoute"
Invalid values include:
- "invalid/kind" - "/" is an invalid character
KubernetesPolicySource¶
Appears in:
KubernetesPolicySource defines a reference to a Kubernetes policy resource.
| Field | Type | Required | Inline | Description |
|---|---|---|---|---|
policyRef | PolicyObjectReference | No description provided. |
Modifiers¶
Appears in:
Modifiers defines the request/response modifiers for the authorization server.
| Field | Type | Required | Inline | Description |
|---|---|---|---|---|
request | string | Request is a script or expression for modifying the incoming request. | ||
response | string | Response is a script or expression for modifying the outgoing response. |
ObjectName¶
(Alias of string)
Appears in:
ObjectName refers to the name of a Kubernetes object. Object names can have a variety of forms, including RFC 1123 subdomains, RFC 1123 labels, or RFC 1035 labels.
PolicyObjectReference¶
Appears in:
PolicyObjectReference represents a reference to a policy resource.
| Field | Type | Required | Inline | Description |
|---|---|---|---|---|
group | Group | No description provided. | ||
kind | Kind | Kind is the kind of the referent. For example, "ValidatingPolicy". | ||
name | ObjectName | Name is the name of the referent. Mutually exclusive with Selector. | ||
selector | meta/v1.LabelSelector | Selector is a label selector to select the Kubernetes policy resource. Mutually exclusive with Name. |