Documentation
¶
Overview ¶
Package v1alpha1 contains the Cloudflare-specific API types for the tunnel controller.
+groupName=cloudflare.jan0ski.net
Index ¶
Constants ¶
This section is empty.
Variables ¶
View Source
var ( GroupVersion = schema.GroupVersion{Group: "cloudflare.jan0ski.net", Version: "v1alpha1"} SchemeBuilder = runtime.NewSchemeBuilder(addKnownTypes) AddToScheme = SchemeBuilder.AddToScheme )
Functions ¶
This section is empty.
Types ¶
type CloudflareAccessPolicy ¶
type CloudflareAccessPolicy struct {
metav1.TypeMeta `json:",inline"`
metav1.ObjectMeta `json:"metadata,omitempty"`
Spec CloudflareAccessPolicySpec `json:"spec"`
Status CloudflareAccessPolicyStatus `json:"status,omitempty"`
}
+kubebuilder:object:root=true +kubebuilder:subresource:status +kubebuilder:resource:categories=cloudflare
CloudflareAccessPolicy is a Direct Attached Policy (per GEP-713) that configures Cloudflare Access JWT enforcement on targeted Gateway API resources. It uses the Policy Attachment pattern with targetRefs to specify which Gateway, HTTPRoute, or Service resources should have Access enforcement.
func (*CloudflareAccessPolicy) DeepCopy ¶
func (in *CloudflareAccessPolicy) DeepCopy() *CloudflareAccessPolicy
func (*CloudflareAccessPolicy) DeepCopyInto ¶
func (in *CloudflareAccessPolicy) DeepCopyInto(out *CloudflareAccessPolicy)
func (*CloudflareAccessPolicy) DeepCopyObject ¶
func (in *CloudflareAccessPolicy) DeepCopyObject() runtime.Object
type CloudflareAccessPolicyList ¶
type CloudflareAccessPolicyList struct {
metav1.TypeMeta `json:",inline"`
metav1.ListMeta `json:"metadata,omitempty"`
Items []CloudflareAccessPolicy `json:"items"`
}
+kubebuilder:object:root=true
func (*CloudflareAccessPolicyList) DeepCopy ¶
func (in *CloudflareAccessPolicyList) DeepCopy() *CloudflareAccessPolicyList
func (*CloudflareAccessPolicyList) DeepCopyInto ¶
func (in *CloudflareAccessPolicyList) DeepCopyInto(out *CloudflareAccessPolicyList)
func (*CloudflareAccessPolicyList) DeepCopyObject ¶
func (in *CloudflareAccessPolicyList) DeepCopyObject() runtime.Object
type CloudflareAccessPolicySpec ¶
type CloudflareAccessPolicySpec struct {
// TargetRefs identifies the Gateway API resources this policy applies to.
// Supported kinds: Gateway, HTTPRoute, GRPCRoute, Service.
//
// When targeting a Gateway, all routes attached to it get Access enforcement.
// When targeting a route, only that route's ingress rules get Access enforcement.
//
// +listType=map
// +listMapKey=group
// +listMapKey=kind
// +listMapKey=name
// +kubebuilder:validation:MinItems=1
// +kubebuilder:validation:MaxItems=16
TargetRefs []gwapiv1.LocalPolicyTargetReference `json:"targetRefs"`
// TeamName is the Cloudflare organization team name for JWT validation.
TeamName string `json:"teamName"`
// Required enforces Access JWT validation on all requests.
Required bool `json:"required,omitempty"`
// AudTag is the audience tags to verify against Access JWT aud claim.
AudTag []string `json:"audTag,omitempty"`
}
func (*CloudflareAccessPolicySpec) DeepCopyInto ¶
func (in *CloudflareAccessPolicySpec) DeepCopyInto(out *CloudflareAccessPolicySpec)
type CloudflareAccessPolicyStatus ¶
type CloudflareAccessPolicyStatus struct {
// Conditions describe the current state of the policy.
// +listType=map
// +listMapKey=type
Conditions []metav1.Condition `json:"conditions,omitempty"`
}
func (*CloudflareAccessPolicyStatus) DeepCopyInto ¶
func (in *CloudflareAccessPolicyStatus) DeepCopyInto(out *CloudflareAccessPolicyStatus)
Source Files
Click to show internal directories.
Click to hide internal directories.