--- apiVersion: apiextensions.k8s.io/v1beta1 kind: CustomResourceDefinition metadata: creationTimestamp: null name: appenvconfigtemplatev2s.appconfigmgr.cft.dev spec: group: appconfigmgr.cft.dev names: kind: AppEnvConfigTemplateV2 listKind: AppEnvConfigTemplateV2List plural: appenvconfigtemplatev2s singular: appenvconfigtemplatev2 scope: "" validation: openAPIV3Schema: properties: apiVersion: description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' type: string kind: description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' type: string metadata: type: object spec: description: AppEnvConfigTemplateV2Spec defines the desired state of AppEnvConfigTemplateV2 properties: allowedEgress: description: Whitelisted destinations that services may initiate outgoing connections with. items: properties: hosts: description: Hosts to allow egress to (i.e. "www.google.com"). items: type: string type: array type: description: Type of egress traffic (i.e. "http"). type: string type: object type: array auth: description: Application-wide authentication configuration. properties: gcpAccess: properties: accessType: description: Defines the type of GCP access auth granted to the application (must be "secret" or "vault"). type: string secretInfo: description: Used with accessType="secret". Declares the properties of the secret resource. properties: name: description: The name of the Secret. type: string namespace: description: The namespace of the Secret. type: string type: object vaultInfo: description: Used with accessType="vault". Declares the configured Google Cloud roleSet name to be enabled via the given Kubernetes service accounts for use by the application. See https://www.vaultproject.io/docs/secrets/gcp/index.html for details on creating roleSets. properties: path: description: Vault Google Cloud Secrets Engine mounted path. type: string roleset: description: Vault Google Cloud Secrets Engine roleset name to retrieve credentials from. type: string serviceAccount: description: Kubernetes service account name used in Vault authentication. type: string type: object type: object jwt: description: Configuration for validating JWTs. properties: params: additionalProperties: type: string description: Parameters used to identify project/etc. for a given type of system. type: object type: description: Type of system to accept JWTs from (i.e. "firebase"). type: string type: object type: object ingress: description: Ingress configuration. properties: tls: description: AppEnvConfigTemplateIngressTLS configures app-wide ingress TLS policy. properties: certSecrets: items: type: string type: array type: object type: object services: description: Services that make up this application (set of services). items: description: AppEnvConfigTemplateServiceInfo defines the service info of AppEnvConfigTemplate properties: allowedClients: description: The set of clients that are allowed to call the service. items: properties: name: description: Name of the allowed client (corresponds to the "app" label on client Pod). It can be namespaced (i.e. "namespace/app") or it will default to the same namespace as the app config. type: string type: object type: array deploymentApp: description: Must match the "app" label on the corresponding deployed Pods. type: string deploymentPort: description: Must match the port exposed on the corresponding deployed Pods. format: int32 type: integer deploymentPortProtocol: description: Protocol to use for the service (i.e. "TCP"). type: string deploymentVersion: description: Must match the "version" label on the corresponding deployed Pods. type: string disableAuth: description: Disables the application-wide auth policy (i.e. JWT) for this service. type: boolean ingress: description: Specifies the ingress policy for this service (external access). properties: host: type: string path: type: string type: object name: description: Name of the service. type: string serviceAccount: description: Attaches a kubernetes service account to created pods. type: string servicePort: description: The port for the Kubernetes Service that will be created. format: int32 type: integer type: object type: array type: object status: description: AppEnvConfigTemplateV2Status defines the observed state of AppEnvConfigTemplateV2 type: object type: object version: v1alpha1 versions: - name: v1alpha1 served: true storage: true status: acceptedNames: kind: "" plural: "" conditions: [] storedVersions: []