98 lines
3.5 KiB
YAML
98 lines
3.5 KiB
YAML
$schema: "http://json-schema.org/draft-06/schema#"
|
|
|
|
title: networkservices v1alpha1 EndpointPolicy export schema
|
|
description: A gcloud export/import command YAML validation schema.
|
|
type: object
|
|
required:
|
|
- endpointMatcher
|
|
- type
|
|
additionalProperties: false
|
|
properties:
|
|
COMMENT:
|
|
type: object
|
|
description: User specified info ignored by gcloud import.
|
|
additionalProperties: false
|
|
properties:
|
|
template-id:
|
|
type: string
|
|
region:
|
|
type: string
|
|
description:
|
|
type: string
|
|
date:
|
|
type: string
|
|
version:
|
|
type: string
|
|
UNKNOWN:
|
|
type: array
|
|
description: Unknown API fields that cannot be imported.
|
|
items:
|
|
type: string
|
|
authorizationPolicy:
|
|
description: |-
|
|
This field specifies the URL of AuthorizationPolicy resource that applies
|
|
authorization policies to the inbound traffic at the matched endpoints.
|
|
Refer to Authorization. If this field is not specified, authorization is
|
|
disabled(no authz checks) for this endpoint.
|
|
type: string
|
|
clientTlsPolicy:
|
|
description: |-
|
|
A URL referring to a ClientTlsPolicy resource. ClientTlsPolicy can be set
|
|
to specify the authentication for traffic from the proxy to the actual
|
|
endpoints. More specifically, it is applied to the outgoing traffic from
|
|
the proxy to the endpoint. This is typically used for sidecar model where
|
|
the proxy identifies itself as endpoint to the control plane, with the
|
|
connection between sidecar and endpoint requiring authentication. If this
|
|
field is not set, authentication is disabled(open). Applicable only when
|
|
EndpointPolicyType is SIDECAR_PROXY.
|
|
type: string
|
|
description:
|
|
description: |-
|
|
A free-text description of the resource. Max length 1024 characters.
|
|
type: string
|
|
endpointMatcher:
|
|
description: |-
|
|
A matcher that selects endpoints to which the policies should be applied.
|
|
$ref: EndpointMatcher.yaml
|
|
httpFilters:
|
|
description: |-
|
|
HTTP filters configuration for the endpoint. Applicable only when
|
|
EndpointPolicyType is SIDECAR_PROXY.
|
|
$ref: HttpFilters.yaml
|
|
labels:
|
|
description: Set of label tags associated with the EndpointPolicy resource.
|
|
$ref: LabelsValue.yaml
|
|
name:
|
|
description: |-
|
|
Identifier. Name of the EndpointPolicy resource. It matches pattern
|
|
`projects/{project}/locations/global/endpointPolicies/{endpoint_policy}` .
|
|
type: string
|
|
securityPolicy:
|
|
description: |-
|
|
A URL referring to a SecurityPolicy resource. SecurityPolicy is used to
|
|
enforce rate limiting policy on the inbound traffic at the identified
|
|
backends. If this field is not set, rate limiting is disabled for this
|
|
endpoint.
|
|
type: string
|
|
serverTlsPolicy:
|
|
description: |-
|
|
A URL referring to ServerTlsPolicy resource. ServerTlsPolicy is used to
|
|
determine the authentication policy to be applied to terminate the inbound
|
|
traffic at the identified backends. If this field is not set,
|
|
authentication is disabled(open) for this endpoint.
|
|
type: string
|
|
trafficPortSelector:
|
|
description: |-
|
|
Port selector for the (matched) endpoints. If no port selector is
|
|
provided, the matched config is applied to all ports.
|
|
$ref: TrafficPortSelector.yaml
|
|
type:
|
|
description: |-
|
|
The type of endpoint policy. This is primarily used to validate the
|
|
configuration.
|
|
type: string
|
|
enum:
|
|
- ENDPOINT_POLICY_TYPE_UNSPECIFIED
|
|
- GRPC_SERVER
|
|
- SIDECAR_PROXY
|