Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Add access control policy for VirtualServer
* Add new CRD - Policy * Implement access control policy * Refactor return and redirect actions to work with access control policy * Support Policy CRD in Helm
- Loading branch information
Showing
42 changed files
with
2,573 additions
and
98 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,56 @@ | ||
apiVersion: apiextensions.k8s.io/v1beta1 | ||
kind: CustomResourceDefinition | ||
metadata: | ||
name: policies.k8s.nginx.org | ||
spec: | ||
group: k8s.nginx.org | ||
versions: | ||
- name: v1alpha1 | ||
served: true | ||
storage: true | ||
scope: Namespaced | ||
names: | ||
plural: policies | ||
singular: policy | ||
kind: Policy | ||
shortNames: | ||
- pol | ||
preserveUnknownFields: false | ||
validation: | ||
openAPIV3Schema: | ||
description: Policy defines a Policy for VirtualServer and VirtualServerRoute | ||
resources. | ||
type: object | ||
properties: | ||
apiVersion: | ||
description: 'APIVersion defines the versioned schema of this representation | ||
of an object. Servers should convert recognized schemas to the latest | ||
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' | ||
type: string | ||
kind: | ||
description: 'Kind is a string value representing the REST resource this | ||
object represents. Servers may infer this from the endpoint the client | ||
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' | ||
type: string | ||
metadata: | ||
type: object | ||
spec: | ||
description: 'PolicySpec is the spec of the Policy resource. The spec includes | ||
multiple fields, where each field represents a different policy. Note: | ||
currently we have only one policy -- AccessControl, but we will support | ||
more in the future. Only one policy (field) is allowed.' | ||
type: object | ||
properties: | ||
accessControl: | ||
description: AccessControl defines an access policy based on the source | ||
IP of a request. | ||
type: object | ||
properties: | ||
allow: | ||
type: array | ||
items: | ||
type: string | ||
deny: | ||
type: array | ||
items: | ||
type: string |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,60 @@ | ||
apiVersion: apiextensions.k8s.io/v1beta1 | ||
kind: CustomResourceDefinition | ||
metadata: | ||
name: policies.k8s.nginx.org | ||
labels: | ||
app.kubernetes.io/name: "nginx-ingress" | ||
annotations: | ||
"helm.sh/hook": crd-install | ||
spec: | ||
group: k8s.nginx.org | ||
versions: | ||
- name: v1alpha1 | ||
served: true | ||
storage: true | ||
scope: Namespaced | ||
names: | ||
plural: policies | ||
singular: policy | ||
kind: Policy | ||
shortNames: | ||
- pol | ||
preserveUnknownFields: false | ||
validation: | ||
openAPIV3Schema: | ||
description: Policy defines a Policy for VirtualServer and VirtualServerRoute | ||
resources. | ||
type: object | ||
properties: | ||
apiVersion: | ||
description: 'APIVersion defines the versioned schema of this representation | ||
of an object. Servers should convert recognized schemas to the latest | ||
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' | ||
type: string | ||
kind: | ||
description: 'Kind is a string value representing the REST resource this | ||
object represents. Servers may infer this from the endpoint the client | ||
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' | ||
type: string | ||
metadata: | ||
type: object | ||
spec: | ||
description: 'PolicySpec is the spec of the Policy resource. The spec includes | ||
multiple fields, where each field represents a different policy. Note: | ||
currently we have only one policy -- AccessControl, but we will support | ||
more in the future. Only one policy (field) is allowed.' | ||
type: object | ||
properties: | ||
accessControl: | ||
description: AccessControl defines an access policy based on the source | ||
IP of a request. | ||
type: object | ||
properties: | ||
allow: | ||
type: array | ||
items: | ||
type: string | ||
deny: | ||
type: array | ||
items: | ||
type: string |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -73,6 +73,7 @@ rules: | |
- virtualservers | ||
- virtualserverroutes | ||
- transportservers | ||
- policies | ||
verbs: | ||
- list | ||
- watch | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.