{ "description": "KongClusterPlugin is the Schema for the kongclusterplugins API.", "properties": { "apiVersion": { "description": "APIVersion defines the versioned schema of this representation of an object.\nServers should convert recognized schemas to the latest internal value, and\nmay reject unrecognized values.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, "config": { "description": "Config contains the plugin configuration. It's a list of keys and values\nrequired to configure the plugin.\nPlease read the documentation of the plugin being configured to set values\nin here. For any plugin in Kong, anything that goes in the `config` JSON\nkey in the Admin API request, goes into this property.\nOnly one of `config` or `configFrom` may be used in a KongClusterPlugin, not both at once.", "type": "object", "x-kubernetes-preserve-unknown-fields": true }, "configFrom": { "description": "ConfigFrom references a secret containing the plugin configuration.\nThis should be used when the plugin configuration contains sensitive information,\nsuch as AWS credentials in the Lambda plugin or the client secret in the OIDC plugin.\nOnly one of `config` or `configFrom` may be used in a KongClusterPlugin, not both at once.", "properties": { "secretKeyRef": { "description": "Specifies a name, a namespace, and a key of a secret to refer to.", "properties": { "key": { "description": "The key containing the value.", "type": "string" }, "name": { "description": "The secret containing the key.", "type": "string" }, "namespace": { "description": "The namespace containing the secret.", "type": "string" } }, "required": [ "key", "name", "namespace" ], "type": "object", "additionalProperties": false } }, "required": [ "secretKeyRef" ], "type": "object", "additionalProperties": false }, "configPatches": { "description": "ConfigPatches represents JSON patches to the configuration of the plugin.\nEach item means a JSON patch to add something in the configuration,\nwhere path is specified in `path` and value is in `valueFrom` referencing\na key in a secret.\nWhen Config is specified, patches will be applied to the configuration in Config.\nOtherwise, patches will be applied to an empty object.", "items": { "description": "NamespacedConfigPatch is a JSON patch to add values from secrets to KongClusterPlugin\nto the generated configuration of plugin in Kong.", "properties": { "path": { "description": "Path is the JSON path to add the patch.", "type": "string" }, "valueFrom": { "description": "ValueFrom is the reference to a key of a secret where the patched value comes from.", "properties": { "secretKeyRef": { "description": "Specifies a name, a namespace, and a key of a secret to refer to.", "properties": { "key": { "description": "The key containing the value.", "type": "string" }, "name": { "description": "The secret containing the key.", "type": "string" }, "namespace": { "description": "The namespace containing the secret.", "type": "string" } }, "required": [ "key", "name", "namespace" ], "type": "object", "additionalProperties": false } }, "required": [ "secretKeyRef" ], "type": "object", "additionalProperties": false } }, "required": [ "path", "valueFrom" ], "type": "object", "additionalProperties": false }, "type": "array" }, "consumerRef": { "description": "ConsumerRef is a reference to a particular consumer.", "type": "string" }, "disabled": { "description": "Disabled set if the plugin is disabled or not.", "type": "boolean" }, "instance_name": { "description": "InstanceName is an optional custom name to identify an instance of the plugin. This is useful when running the\nsame plugin in multiple contexts, for example, on multiple services.", "type": "string" }, "kind": { "description": "Kind is a string value representing the REST resource this object represents.\nServers may infer this from the endpoint the client submits requests to.\nCannot be updated.\nIn CamelCase.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, "metadata": { "type": "object" }, "ordering": { "description": "Ordering overrides the normal plugin execution order. It's only available on Kong Enterprise.\n`` is a request processing phase (for example, `access` or `body_filter`) and\n`` is the name of the plugin that will run before or after the KongPlugin.\nFor example, a KongPlugin with `plugin: rate-limiting` and `before.access: [\"key-auth\"]`\nwill create a rate limiting plugin that limits requests _before_ they are authenticated.", "properties": { "after": { "additionalProperties": { "items": { "type": "string" }, "type": "array" }, "description": "PluginOrderingPhase indicates which plugins in a phase should affect the target plugin's order", "type": "object" }, "before": { "additionalProperties": { "items": { "type": "string" }, "type": "array" }, "description": "PluginOrderingPhase indicates which plugins in a phase should affect the target plugin's order", "type": "object" } }, "type": "object", "additionalProperties": false }, "plugin": { "description": "PluginName is the name of the plugin to which to apply the config.", "type": "string" }, "protocols": { "description": "Protocols configures plugin to run on requests received on specific\nprotocols.", "items": { "description": "KongProtocol is a valid Kong protocol.\nThis alias is necessary to deal with https://github.com/kubernetes-sigs/controller-tools/issues/342", "enum": [ "http", "https", "grpc", "grpcs", "tcp", "tls", "udp" ], "type": "string" }, "type": "array" }, "run_on": { "description": "RunOn configures the plugin to run on the first or the second or both\nnodes in case of a service mesh deployment.", "enum": [ "first", "second", "all" ], "type": "string" }, "status": { "description": "Status represents the current status of the KongClusterPlugin resource.", "properties": { "conditions": { "default": [ { "lastTransitionTime": "1970-01-01T00:00:00Z", "message": "Waiting for controller", "reason": "Pending", "status": "Unknown", "type": "Programmed" } ], "description": "Conditions describe the current conditions of the KongClusterPluginStatus.\n\n\nKnown condition types are:\n\n\n* \"Programmed\"", "items": { "description": "Condition contains details for one aspect of the current state of this API Resource.\n---\nThis struct is intended for direct use as an array at the field path .status.conditions. For example,\n\n\n\ttype FooStatus struct{\n\t // Represents the observations of a foo's current state.\n\t // Known .status.conditions.type are: \"Available\", \"Progressing\", and \"Degraded\"\n\t // +patchMergeKey=type\n\t // +patchStrategy=merge\n\t // +listType=map\n\t // +listMapKey=type\n\t Conditions []metav1.Condition `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"`\n\n\n\t // other fields\n\t}", "properties": { "lastTransitionTime": { "description": "lastTransitionTime is the last time the condition transitioned from one status to another.\nThis should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.", "format": "date-time", "type": "string" }, "message": { "description": "message is a human readable message indicating details about the transition.\nThis may be an empty string.", "maxLength": 32768, "type": "string" }, "observedGeneration": { "description": "observedGeneration represents the .metadata.generation that the condition was set based upon.\nFor instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date\nwith respect to the current state of the instance.", "format": "int64", "minimum": 0, "type": "integer" }, "reason": { "description": "reason contains a programmatic identifier indicating the reason for the condition's last transition.\nProducers of specific condition types may define expected values and meanings for this field,\nand whether the values are considered a guaranteed API.\nThe value should be a CamelCase string.\nThis field may not be empty.", "maxLength": 1024, "minLength": 1, "pattern": "^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$", "type": "string" }, "status": { "description": "status of the condition, one of True, False, Unknown.", "enum": [ "True", "False", "Unknown" ], "type": "string" }, "type": { "description": "type of condition in CamelCase or in foo.example.com/CamelCase.\n---\nMany .condition.type values are consistent across resources like Available, but because arbitrary conditions can be\nuseful (see .node.status.conditions), the ability to deconflict is important.\nThe regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)", "maxLength": 316, "pattern": "^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$", "type": "string" } }, "required": [ "lastTransitionTime", "message", "reason", "status", "type" ], "type": "object", "additionalProperties": false }, "maxItems": 8, "type": "array", "x-kubernetes-list-map-keys": [ "type" ], "x-kubernetes-list-type": "map" } }, "type": "object", "additionalProperties": false } }, "required": [ "plugin" ], "type": "object", "x-kubernetes-validations": [ { "message": "Using both config and configFrom fields is not allowed.", "rule": "!(has(self.config) && has(self.configFrom))" }, { "message": "Using both configFrom and configPatches fields is not allowed.", "rule": "!(has(self.configFrom) && has(self.configPatches))" }, { "message": "The plugin field is immutable", "rule": "self.plugin == oldSelf.plugin" } ] }