security.istio.io / v1beta1 / AuthorizationPolicy
- object
.spec
Configuration for access control on workloads. See more details at: https://istio.io/docs/reference/config/security/authorization-policy.html
- string
.spec .action
Optional.
Valid Options: ALLOW, DENY, AUDIT, CUSTOM
- object
.spec .provider
Specifies detailed configuration of the CUSTOM action.
- string
.spec .provider .name
Specifies the name of the extension provider.
- array
.spec .rules
Optional.
- array
.spec .rules[] .from
Optional.
- object
.spec .rules[] .from[] .source
Source specifies the source of a request.
- array
.spec .rules[] .from[] .source .ipBlocks
Optional.
- array
.spec .rules[] .from[] .source .namespaces
Optional.
- array
.spec .rules[] .from[] .source .notIpBlocks
Optional.
- array
.spec .rules[] .from[] .source .notNamespaces
Optional.
- array
.spec .rules[] .from[] .source .notPrincipals
Optional.
- array
.spec .rules[] .from[] .source .notRemoteIpBlocks
Optional.
- array
.spec .rules[] .from[] .source .notRequestPrincipals
Optional.
- array
.spec .rules[] .from[] .source .notServiceAccounts
Optional.
- array
.spec .rules[] .from[] .source .principals
Optional.
- array
.spec .rules[] .from[] .source .remoteIpBlocks
Optional.
- array
.spec .rules[] .from[] .source .requestPrincipals
Optional.
- array
.spec .rules[] .from[] .source .serviceAccounts
Optional.
- array
.spec .rules[] .to
Optional.
- object
.spec .rules[] .to[] .operation
Operation specifies the operation of a request.
- array
.spec .rules[] .to[] .operation .hosts
Optional.
- array
.spec .rules[] .to[] .operation .methods
Optional.
- array
.spec .rules[] .to[] .operation .notHosts
Optional.
- array
.spec .rules[] .to[] .operation .notMethods
Optional.
- array
.spec .rules[] .to[] .operation .notPaths
Optional.
- array
.spec .rules[] .to[] .operation .notPorts
Optional.
- array
.spec .rules[] .to[] .operation .paths
Optional.
- array
.spec .rules[] .to[] .operation .ports
Optional.
- array
.spec .rules[] .when
Optional.
- string required
.spec .rules[] .when[] .key
The name of an Istio attribute.
- array
.spec .rules[] .when[] .notValues
Optional.
- array
.spec .rules[] .when[] .values
Optional.
- object
.spec .selector
Optional.
- object
.spec .selector .matchLabels
One or more labels that indicate a specific set of pods/VMs on which a policy should be applied.
- object
.spec .targetRef
- string
.spec .targetRef .group
group is the group of the target resource.
- string required
.spec .targetRef .kind
kind is kind of the target resource.
- string required
.spec .targetRef .name
name is the name of the target resource.
- string
.spec .targetRef .namespace
namespace is the namespace of the referent.
- array
.spec .targetRefs
Optional.
- string
.spec .targetRefs[] .group
group is the group of the target resource.
- string required
.spec .targetRefs[] .kind
kind is kind of the target resource.
- string required
.spec .targetRefs[] .name
name is the name of the target resource.
- string
.spec .targetRefs[] .namespace
namespace is the namespace of the referent.
- object
.status
- array
.status .conditions
Current service state of the resource.
- string
.status .conditions[] .lastProbeTime
Last time we probed the condition.
- string
.status .conditions[] .lastTransitionTime
Last time the condition transitioned from one status to another.
- string
.status .conditions[] .message
Human-readable message indicating details about last transition.
- integer | string
.status .conditions[] .observedGeneration
Resource Generation to which the Condition refers.
- string
.status .conditions[] .reason
Unique, one-word, CamelCase reason for the condition’s last transition.
- string
.status .conditions[] .status
Status is the status of the condition.
- string
.status .conditions[] .type
Type is the type of the condition.
- integer | string
.status .observedGeneration
- array
.status .validationMessages
Includes any errors or warnings detected by Istio’s analyzers.
- string
.status .validationMessages[] .documentationUrl
A url pointing to the Istio documentation for this specific error type.
- string
.status .validationMessages[] .level
Represents how severe a message is.
Valid Options: UNKNOWN, ERROR, WARNING, INFO
- object
.status .validationMessages[] .type
- string
.status .validationMessages[] .type .code
A 7 character code matching
^IST[0-9]{4}$intended to uniquely identify the message type. - string
.status .validationMessages[] .type .name
A human-readable name for the message type.