{ "description": "ApiExposure is the Schema for the apiexposures API", "properties": { "apiVersion": { "type": "string", "description": "Must be \"api.cp.ei.telekom.de/v1\".", "const": "api.cp.ei.telekom.de/v1" }, "kind": { "type": "string", "description": "Must be \"ApiExposure\".", "const": "ApiExposure" }, "metadata": { "type": "object", "description": "Standard Kubernetes object metadata. See https://kubernetes.io/docs/reference/kubernetes-api/common-definitions/object-meta/", "properties": { "name": { "type": "string", "description": "Name must be unique within a namespace. Is required when creating resources." }, "namespace": { "type": "string", "description": "Namespace defines the space within which each name must be unique." }, "labels": { "type": "object", "description": "Map of string keys and values that can be used to organize and categorize objects.", "additionalProperties": { "type": "string" } }, "annotations": { "type": "object", "description": "Annotations is an unstructured key value map stored with a resource that may be set by external tools.", "additionalProperties": { "type": "string" } }, "generateName": { "type": "string", "description": "GenerateName is an optional prefix, used by the server, to generate a unique name only if the Name field has not been provided." } } }, "spec": { "description": "ApiExposureSpec defines the desired state of ApiExposure", "properties": { "apiBasePath": { "type": "string" }, "approval": { "properties": { "strategy": { "default": "Auto", "enum": [ "Auto", "Simple", "FourEyes" ], "type": "string" }, "trustedTeams": { "description": "TrustedTeams identifies teams that are trusted for approving this API\nPer default your own team is trusted", "items": { "type": "string" }, "maxItems": 10, "minItems": 0, "type": "array" } }, "required": [ "strategy" ], "type": "object" }, "security": { "description": "Security defines the security configuration for the Rover\nSecurity is optional, but if provided, exactly one of m2m or h2m must be set", "properties": { "m2m": { "description": "M2M defines machine-to-machine authentication configuration", "properties": { "basic": { "description": "Basic defines basic authentication configuration", "properties": { "password": { "description": "Password for basic authentication", "minLength": 1, "type": "string" }, "username": { "description": "Username for basic authentication", "minLength": 1, "type": "string" } }, "required": [ "password", "username" ], "type": "object" }, "externalIDP": { "description": "ExternalIDP defines external identity provider configuration", "properties": { "basic": { "description": "Basic defines basic auth credentials for the OAuth2 token request", "properties": { "password": { "description": "Password for basic authentication", "minLength": 1, "type": "string" }, "username": { "description": "Username for basic authentication", "minLength": 1, "type": "string" } }, "required": [ "password", "username" ], "type": "object" }, "client": { "description": "Client defines client credentials for the OAuth2 token request", "properties": { "clientId": { "description": "ClientId identifies the client for OAuth2 client credentials flow", "minLength": 1, "type": "string" }, "clientKey": { "description": "ClientKey is the private key associated with the client ID", "type": "string" }, "clientSecret": { "description": "ClientSecret is the secret associated with the client ID", "type": "string" } }, "required": [ "clientId" ], "type": "object", "x-kubernetes-validations": [ { "message": "ClientSecret and ClientKey cannot be used together", "rule": "self == null || (has(self.clientKey) ? (!has(self.clientSecret)) : true)" }, { "message": "At least one of clientSecret or clientKey must be provided", "rule": "self == null || has(self.clientSecret) || has(self.clientKey)" } ] }, "grantType": { "description": "GrantType defines the OAuth2 grant type to use for the token request", "enum": [ "client_credentials", "authorization_code", "password" ], "type": "string" }, "tokenEndpoint": { "description": "TokenEndpoint is the URL for the OAuth2 token endpoint", "format": "uri", "type": "string" }, "tokenRequest": { "description": "TokenRequest is the type of token request, \"body\" or \"header\"", "enum": [ "body", "header" ], "type": "string" } }, "required": [ "tokenEndpoint" ], "type": "object", "x-kubernetes-validations": [ { "message": "Only one of basic or client credentials can be provided (XOR relationship)", "rule": "self == null || !has(self.basic) || !has(self.client)" } ] }, "scopes": { "description": "Scopes defines additional OAuth2 scopes that are added to the LMS token", "items": { "type": "string" }, "maxItems": 10, "type": "array" } }, "type": "object", "x-kubernetes-validations": [ { "message": "ExternalIDP and basic authentication cannot be used together", "rule": "self == null || (has(self.externalIDP) ? (!has(self.basic)) : true)" }, { "message": "Scopes and basic authentication cannot be used together", "rule": "self == null || (has(self.scopes) ? (!has(self.basic)) : true)" }, { "message": "At least one of externalIDP, basic, or scopes must be provided", "rule": "self == null || has(self.externalIDP) || has(self.basic) || has(self.scopes)" } ] } }, "type": "object" }, "traffic": { "properties": { "circuitBreaker": { "description": "CircuitBreaker defines the Kong circuit breaker configuration", "properties": { "enabled": { "description": "CircuitBreaker flags if the Kong circuit breaker feature should be used\nkubebuilder:default=false", "type": "boolean" } }, "type": "object" }, "failover": { "description": "Failover defines the failover configuration for the API exposure.", "properties": { "zone": { "description": "Zone is the zone to which the traffic should be failed over in case of an error.", "items": { "description": "ObjectRef is a reference to a Kubernetes object\nIt is similar to types.NamespacedName but has the required json tags for serialization", "properties": { "name": { "type": "string" }, "namespace": { "type": "string" }, "uid": { "description": "UID is a type that holds unique ID values, including UUIDs. Because we\ndon't ONLY use UUIDs, this is an alias to string. Being a type captures\nintent and helps make sure that UIDs and names do not get conflated.", "type": "string" } }, "required": [ "name", "namespace" ], "type": "object" }, "type": "array" } }, "required": [ "zone" ], "type": "object" }, "rateLimit": { "description": "RateLimit defines request rate limiting for this API", "properties": { "provider": { "description": "Provider defines request rate limiting for this API", "properties": { "limits": { "description": "Limits defines the actual rate limit values for different time windows", "properties": { "hour": { "description": "Hour defines the maximum number of requests allowed per hour", "minimum": 0, "type": "integer" }, "minute": { "description": "Minute defines the maximum number of requests allowed per minute", "minimum": 0, "type": "integer" }, "second": { "description": "Second defines the maximum number of requests allowed per second", "minimum": 0, "type": "integer" } }, "type": "object" }, "options": { "description": "RateLimitOptions defines additional configuration options for rate limiting", "properties": { "faultTolerant": { "default": true, "description": "FaultTolerant defines if the rate limit plugin should be fault tolerant, if gateway is not able to access the config store", "type": "boolean" }, "hideClientHeaders": { "default": false, "description": "HideClientHeaders hides additional client headers which give information about the rate-limit, reset and remaining requests for consumers if set to true.", "type": "boolean" } }, "type": "object" } }, "required": [ "limits" ], "type": "object" }, "subscriberRateLimit": { "description": "SubscriberRateLimit defines request rate limiting for this API per subscriber", "properties": { "default": { "description": "Default defines the rate limit applied to all consumers not specifically overridden", "properties": { "limits": { "description": "Limits defines the actual rate limit values for different time windows", "properties": { "hour": { "description": "Hour defines the maximum number of requests allowed per hour", "minimum": 0, "type": "integer" }, "minute": { "description": "Minute defines the maximum number of requests allowed per minute", "minimum": 0, "type": "integer" }, "second": { "description": "Second defines the maximum number of requests allowed per second", "minimum": 0, "type": "integer" } }, "type": "object" } }, "required": [ "limits" ], "type": "object" }, "overrides": { "description": "Overrides defines consumer-specific rate limits, keyed by consumer identifier", "items": { "properties": { "limits": { "description": "Limits defines the actual rate limit values for different time windows", "properties": { "hour": { "description": "Hour defines the maximum number of requests allowed per hour", "minimum": 0, "type": "integer" }, "minute": { "description": "Minute defines the maximum number of requests allowed per minute", "minimum": 0, "type": "integer" }, "second": { "description": "Second defines the maximum number of requests allowed per second", "minimum": 0, "type": "integer" } }, "type": "object" }, "subscriber": { "description": "Subscriber is the unique identifier of the subscriber", "minLength": 1, "type": "string" } }, "required": [ "limits", "subscriber" ], "type": "object" }, "maxItems": 10, "type": "array" } }, "type": "object" } }, "type": "object" } }, "type": "object" }, "transformation": { "description": "Transformation defines request/response transformations for an API\nThis is shared object for both subscriptions and exposures", "properties": { "request": { "description": "Request defines transformations applied to incoming API requests", "properties": { "headers": { "description": "Headers defines HTTP header modifications for requests", "properties": { "add": { "description": "Add is a list of HTTP headers to add to the request/response", "items": { "type": "string" }, "maxItems": 5, "minItems": 1, "type": "array" }, "remove": { "description": "Remove is a list of HTTP header names to remove", "items": { "type": "string" }, "maxItems": 5, "minItems": 1, "type": "array" } }, "type": "object" } }, "type": "object" } }, "type": "object" }, "upstreams": { "items": { "properties": { "url": { "type": "string" }, "weight": { "type": "integer" } }, "required": [ "url" ], "type": "object" }, "type": "array" }, "visibility": { "enum": [ "World", "Zone", "Enterprise" ], "type": "string" }, "zone": { "description": "ObjectRef is a reference to a Kubernetes object\nIt is similar to types.NamespacedName but has the required json tags for serialization", "properties": { "name": { "type": "string" }, "namespace": { "type": "string" }, "uid": { "description": "UID is a type that holds unique ID values, including UUIDs. Because we\ndon't ONLY use UUIDs, this is an alias to string. Being a type captures\nintent and helps make sure that UIDs and names do not get conflated.", "type": "string" } }, "required": [ "name", "namespace" ], "type": "object" } }, "required": [ "apiBasePath", "approval", "traffic", "upstreams", "visibility", "zone" ], "type": "object" }, "status": { "description": "ApiExposureStatus defines the observed state of ApiExposure", "properties": { "active": { "type": "boolean" }, "conditions": { "items": { "description": "Condition contains details for one aspect of the current state of this API Resource.", "properties": { "lastTransitionTime": { "description": "lastTransitionTime is the last time the condition transitioned from one status to another.\nThis should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.", "format": "date-time", "type": "string" }, "message": { "description": "message is a human readable message indicating details about the transition.\nThis may be an empty string.", "maxLength": 32768, "type": "string" }, "observedGeneration": { "description": "observedGeneration represents the .metadata.generation that the condition was set based upon.\nFor instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date\nwith respect to the current state of the instance.", "format": "int64", "minimum": 0, "type": "integer" }, "reason": { "description": "reason contains a programmatic identifier indicating the reason for the condition's last transition.\nProducers of specific condition types may define expected values and meanings for this field,\nand whether the values are considered a guaranteed API.\nThe value should be a CamelCase string.\nThis field may not be empty.", "maxLength": 1024, "minLength": 1, "pattern": "^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$", "type": "string" }, "status": { "description": "status of the condition, one of True, False, Unknown.", "enum": [ "True", "False", "Unknown" ], "type": "string" }, "type": { "description": "type of condition in CamelCase or in foo.example.com/CamelCase.", "maxLength": 316, "pattern": "^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$", "type": "string" } }, "required": [ "lastTransitionTime", "message", "reason", "status", "type" ], "type": "object" }, "type": "array", "x-kubernetes-list-map-keys": [ "type" ], "x-kubernetes-list-type": "map" }, "failoverRoute": { "description": "ObjectRef is a reference to a Kubernetes object\nIt is similar to types.NamespacedName but has the required json tags for serialization", "properties": { "name": { "type": "string" }, "namespace": { "type": "string" }, "uid": { "description": "UID is a type that holds unique ID values, including UUIDs. Because we\ndon't ONLY use UUIDs, this is an alias to string. Being a type captures\nintent and helps make sure that UIDs and names do not get conflated.", "type": "string" } }, "required": [ "name", "namespace" ], "type": "object" }, "proxyRoutes": { "items": { "description": "ObjectRef is a reference to a Kubernetes object\nIt is similar to types.NamespacedName but has the required json tags for serialization", "properties": { "name": { "type": "string" }, "namespace": { "type": "string" }, "uid": { "description": "UID is a type that holds unique ID values, including UUIDs. Because we\ndon't ONLY use UUIDs, this is an alias to string. Being a type captures\nintent and helps make sure that UIDs and names do not get conflated.", "type": "string" } }, "required": [ "name", "namespace" ], "type": "object" }, "type": "array" }, "route": { "description": "ObjectRef is a reference to a Kubernetes object\nIt is similar to types.NamespacedName but has the required json tags for serialization", "properties": { "name": { "type": "string" }, "namespace": { "type": "string" }, "uid": { "description": "UID is a type that holds unique ID values, including UUIDs. Because we\ndon't ONLY use UUIDs, this is an alias to string. Being a type captures\nintent and helps make sure that UIDs and names do not get conflated.", "type": "string" } }, "required": [ "name", "namespace" ], "type": "object" } }, "required": [ "active" ], "type": "object" } }, "type": "object", "$schema": "http://json-schema.org/draft-07/schema#", "$id": "https://telekom.github.io/controlplane/schemas/api.cp.ei.telekom.de/apiexposure_v1.json", "title": "ApiExposure", "required": [ "apiVersion", "kind", "metadata" ] }