sigs.k8s.io/gateway-api@v1.0.0/config/crd/experimental/gateway.networking.k8s.io_referencegrants.yaml (about) 1 apiVersion: apiextensions.k8s.io/v1 2 kind: CustomResourceDefinition 3 metadata: 4 annotations: 5 api-approved.kubernetes.io: https://github.com/kubernetes-sigs/gateway-api/pull/2466 6 gateway.networking.k8s.io/bundle-version: v1.0.0 7 gateway.networking.k8s.io/channel: experimental 8 creationTimestamp: null 9 name: referencegrants.gateway.networking.k8s.io 10 spec: 11 group: gateway.networking.k8s.io 12 names: 13 categories: 14 - gateway-api 15 kind: ReferenceGrant 16 listKind: ReferenceGrantList 17 plural: referencegrants 18 shortNames: 19 - refgrant 20 singular: referencegrant 21 scope: Namespaced 22 versions: 23 - additionalPrinterColumns: 24 - jsonPath: .metadata.creationTimestamp 25 name: Age 26 type: date 27 deprecated: true 28 deprecationWarning: The v1alpha2 version of ReferenceGrant has been deprecated 29 and will be removed in a future release of the API. Please upgrade to v1beta1. 30 name: v1alpha2 31 schema: 32 openAPIV3Schema: 33 description: "ReferenceGrant identifies kinds of resources in other namespaces 34 that are trusted to reference the specified kinds of resources in the same 35 namespace as the policy. \n Each ReferenceGrant can be used to represent 36 a unique trust relationship. Additional Reference Grants can be used to 37 add to the set of trusted sources of inbound references for the namespace 38 they are defined within. \n A ReferenceGrant is required for all cross-namespace 39 references in Gateway API (with the exception of cross-namespace Route-Gateway 40 attachment, which is governed by the AllowedRoutes configuration on the 41 Gateway, and cross-namespace Service ParentRefs on a \"consumer\" mesh Route, 42 which defines routing rules applicable only to workloads in the Route namespace). 43 ReferenceGrants allowing a reference from a Route to a Service are only 44 applicable to BackendRefs. \n ReferenceGrant is a form of runtime verification 45 allowing users to assert which cross-namespace object references are permitted. 46 Implementations that support ReferenceGrant MUST NOT permit cross-namespace 47 references which have no grant, and MUST respond to the removal of a grant 48 by revoking the access that the grant allowed." 49 properties: 50 apiVersion: 51 description: 'APIVersion defines the versioned schema of this representation 52 of an object. Servers should convert recognized schemas to the latest 53 internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' 54 type: string 55 kind: 56 description: 'Kind is a string value representing the REST resource this 57 object represents. Servers may infer this from the endpoint the client 58 submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' 59 type: string 60 metadata: 61 type: object 62 spec: 63 description: Spec defines the desired state of ReferenceGrant. 64 properties: 65 from: 66 description: "From describes the trusted namespaces and kinds that 67 can reference the resources described in \"To\". Each entry in this 68 list MUST be considered to be an additional place that references 69 can be valid from, or to put this another way, entries MUST be combined 70 using OR. \n Support: Core" 71 items: 72 description: ReferenceGrantFrom describes trusted namespaces and 73 kinds. 74 properties: 75 group: 76 description: "Group is the group of the referent. When empty, 77 the Kubernetes core API group is inferred. \n Support: Core" 78 maxLength: 253 79 pattern: ^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ 80 type: string 81 kind: 82 description: "Kind is the kind of the referent. Although implementations 83 may support additional resources, the following types are 84 part of the \"Core\" support level for this field. \n When 85 used to permit a SecretObjectReference: \n * Gateway \n When 86 used to permit a BackendObjectReference: \n * GRPCRoute * 87 HTTPRoute * TCPRoute * TLSRoute * UDPRoute" 88 maxLength: 63 89 minLength: 1 90 pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$ 91 type: string 92 namespace: 93 description: "Namespace is the namespace of the referent. \n 94 Support: Core" 95 maxLength: 63 96 minLength: 1 97 pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ 98 type: string 99 required: 100 - group 101 - kind 102 - namespace 103 type: object 104 maxItems: 16 105 minItems: 1 106 type: array 107 to: 108 description: "To describes the resources that may be referenced by 109 the resources described in \"From\". Each entry in this list MUST 110 be considered to be an additional place that references can be valid 111 to, or to put this another way, entries MUST be combined using OR. 112 \n Support: Core" 113 items: 114 description: ReferenceGrantTo describes what Kinds are allowed as 115 targets of the references. 116 properties: 117 group: 118 description: "Group is the group of the referent. When empty, 119 the Kubernetes core API group is inferred. \n Support: Core" 120 maxLength: 253 121 pattern: ^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ 122 type: string 123 kind: 124 description: "Kind is the kind of the referent. Although implementations 125 may support additional resources, the following types are 126 part of the \"Core\" support level for this field: \n * Secret 127 when used to permit a SecretObjectReference * Service when 128 used to permit a BackendObjectReference" 129 maxLength: 63 130 minLength: 1 131 pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$ 132 type: string 133 name: 134 description: Name is the name of the referent. When unspecified, 135 this policy refers to all resources of the specified Group 136 and Kind in the local namespace. 137 maxLength: 253 138 minLength: 1 139 type: string 140 required: 141 - group 142 - kind 143 type: object 144 maxItems: 16 145 minItems: 1 146 type: array 147 required: 148 - from 149 - to 150 type: object 151 type: object 152 served: true 153 storage: false 154 subresources: {} 155 - additionalPrinterColumns: 156 - jsonPath: .metadata.creationTimestamp 157 name: Age 158 type: date 159 name: v1beta1 160 schema: 161 openAPIV3Schema: 162 description: "ReferenceGrant identifies kinds of resources in other namespaces 163 that are trusted to reference the specified kinds of resources in the same 164 namespace as the policy. \n Each ReferenceGrant can be used to represent 165 a unique trust relationship. Additional Reference Grants can be used to 166 add to the set of trusted sources of inbound references for the namespace 167 they are defined within. \n All cross-namespace references in Gateway API 168 (with the exception of cross-namespace Gateway-route attachment) require 169 a ReferenceGrant. \n ReferenceGrant is a form of runtime verification allowing 170 users to assert which cross-namespace object references are permitted. Implementations 171 that support ReferenceGrant MUST NOT permit cross-namespace references which 172 have no grant, and MUST respond to the removal of a grant by revoking the 173 access that the grant allowed." 174 properties: 175 apiVersion: 176 description: 'APIVersion defines the versioned schema of this representation 177 of an object. Servers should convert recognized schemas to the latest 178 internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' 179 type: string 180 kind: 181 description: 'Kind is a string value representing the REST resource this 182 object represents. Servers may infer this from the endpoint the client 183 submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' 184 type: string 185 metadata: 186 type: object 187 spec: 188 description: Spec defines the desired state of ReferenceGrant. 189 properties: 190 from: 191 description: "From describes the trusted namespaces and kinds that 192 can reference the resources described in \"To\". Each entry in this 193 list MUST be considered to be an additional place that references 194 can be valid from, or to put this another way, entries MUST be combined 195 using OR. \n Support: Core" 196 items: 197 description: ReferenceGrantFrom describes trusted namespaces and 198 kinds. 199 properties: 200 group: 201 description: "Group is the group of the referent. When empty, 202 the Kubernetes core API group is inferred. \n Support: Core" 203 maxLength: 253 204 pattern: ^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ 205 type: string 206 kind: 207 description: "Kind is the kind of the referent. Although implementations 208 may support additional resources, the following types are 209 part of the \"Core\" support level for this field. \n When 210 used to permit a SecretObjectReference: \n * Gateway \n When 211 used to permit a BackendObjectReference: \n * GRPCRoute * 212 HTTPRoute * TCPRoute * TLSRoute * UDPRoute" 213 maxLength: 63 214 minLength: 1 215 pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$ 216 type: string 217 namespace: 218 description: "Namespace is the namespace of the referent. \n 219 Support: Core" 220 maxLength: 63 221 minLength: 1 222 pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ 223 type: string 224 required: 225 - group 226 - kind 227 - namespace 228 type: object 229 maxItems: 16 230 minItems: 1 231 type: array 232 to: 233 description: "To describes the resources that may be referenced by 234 the resources described in \"From\". Each entry in this list MUST 235 be considered to be an additional place that references can be valid 236 to, or to put this another way, entries MUST be combined using OR. 237 \n Support: Core" 238 items: 239 description: ReferenceGrantTo describes what Kinds are allowed as 240 targets of the references. 241 properties: 242 group: 243 description: "Group is the group of the referent. When empty, 244 the Kubernetes core API group is inferred. \n Support: Core" 245 maxLength: 253 246 pattern: ^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ 247 type: string 248 kind: 249 description: "Kind is the kind of the referent. Although implementations 250 may support additional resources, the following types are 251 part of the \"Core\" support level for this field: \n * Secret 252 when used to permit a SecretObjectReference * Service when 253 used to permit a BackendObjectReference" 254 maxLength: 63 255 minLength: 1 256 pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$ 257 type: string 258 name: 259 description: Name is the name of the referent. When unspecified, 260 this policy refers to all resources of the specified Group 261 and Kind in the local namespace. 262 maxLength: 253 263 minLength: 1 264 type: string 265 required: 266 - group 267 - kind 268 type: object 269 maxItems: 16 270 minItems: 1 271 type: array 272 required: 273 - from 274 - to 275 type: object 276 type: object 277 served: true 278 storage: true 279 subresources: {} 280 status: 281 acceptedNames: 282 kind: "" 283 plural: "" 284 conditions: null 285 storedVersions: null