Skip to content

feat(CRDs): update Traefik Hub to v1.22.0 #1522

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Closed
wants to merge 1 commit into from
Closed

feat(CRDs): update Traefik Hub to v1.22.0 #1522

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
60 changes: 57 additions & 3 deletions traefik-crds/crds-files/hub/hub.traefik.io_apiauths.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -101,13 +101,67 @@ spec:
or jwksUrl must be specified
rule: '[has(self.signingSecretName), has(self.publicKey), has(self.jwksFile),
has(self.jwksUrl)].filter(x, x).size() == 1'
ldap:
description: LDAP configures LDAP authentication.
properties:
attribute:
default: cn
description: |-
Attribute is the LDAP object attribute used to form a bind DN when sending bind queries.
The bind DN is formed as <Attribute>=<Username>,<BaseDN>.
type: string
baseDn:
description: BaseDN is the base domain name that should be used
for bind and search queries.
type: string
bindDn:
description: |-
BindDN is the domain name to bind to in order to authenticate to the LDAP server when running in search mode.
If empty, an anonymous bind will be done.
type: string
bindPasswordSecretName:
description: |-
BindPasswordSecretName is the name of the Kubernetes Secret containing the password for the bind DN.
The secret must contain a key named 'password'.
maxLength: 253
type: string
certificateAuthority:
description: |-
CertificateAuthority is a PEM-encoded certificate to use to establish a connection with the LDAP server if the
connection uses TLS but that the certificate was signed by a custom Certificate Authority.
type: string
insecureSkipVerify:
description: InsecureSkipVerify controls whether the server's
certificate chain and host name is verified.
type: boolean
searchFilter:
description: |-
SearchFilter is used to filter LDAP search queries.
Example: (&(objectClass=inetOrgPerson)(gidNumber=500)(uid=%s))
%s can be used as a placeholder for the username.
type: string
startTls:
description: StartTLS instructs the middleware to issue a StartTLS
request when initializing the connection with the LDAP server.
type: boolean
url:
description: URL is the URL of the LDAP server, including the
protocol (ldap or ldaps) and the port.
type: string
x-kubernetes-validations:
- message: must be a valid LDAP URL
rule: isURL(self) && (self.startsWith('ldap://') || self.startsWith('ldaps://'))
required:
- baseDn
- url
type: object
required:
- isDefault
type: object
x-kubernetes-validations:
- message: exactly one of apiKey or jwt must be specified
rule: (has(self.apiKey) && !has(self.jwt)) || (!has(self.apiKey) &&
has(self.jwt))
- message: exactly one authentication method must be specified
rule: '[has(self.apiKey), has(self.jwt), has(self.ldap)].filter(x, x).size()
== 1'
status:
description: The current status of this APIAuth.
properties:
Expand Down
109 changes: 104 additions & 5 deletions traefik-crds/crds-files/hub/hub.traefik.io_apiportalauths.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -40,6 +40,105 @@ spec:
spec:
description: The desired behavior of this APIPortalAuth.
properties:
ldap:
description: LDAP configures the LDAP authentication.
properties:
attribute:
default: cn
description: |-
Attribute is the LDAP object attribute used to form a bind DN when sending bind queries.
The bind DN is formed as <Attribute>=<Username>,<BaseDN>.
type: string
attributes:
description: Attributes configures LDAP attribute mappings for
user attributes.
properties:
company:
description: Company is the LDAP attribute for user company.
type: string
email:
description: Email is the LDAP attribute for user email.
type: string
firstname:
description: Firstname is the LDAP attribute for user first
name.
type: string
lastname:
description: Lastname is the LDAP attribute for user last
name.
type: string
userId:
description: UserID is the LDAP attribute for user ID mapping.
type: string
type: object
baseDn:
description: BaseDN is the base domain name that should be used
for bind and search queries.
type: string
bindDn:
description: |-
BindDN is the domain name to bind to in order to authenticate to the LDAP server when running in search mode.
If empty, an anonymous bind will be done.
type: string
bindPasswordSecretName:
description: |-
BindPasswordSecretName is the name of the Kubernetes Secret containing the password for the bind DN.
The secret must contain a key named 'password'.
maxLength: 253
type: string
certificateAuthority:
description: |-
CertificateAuthority is a PEM-encoded certificate to use to establish a connection with the LDAP server if the
connection uses TLS but that the certificate was signed by a custom Certificate Authority.
type: string
groups:
description: Groups configures group extraction.
properties:
memberOfAttribute:
default: memberOf
description: MemberOfAttribute is the LDAP attribute containing
group memberships (e.g., "memberOf").
type: string
type: object
insecureSkipVerify:
description: InsecureSkipVerify controls whether the server's
certificate chain and host name is verified.
type: boolean
searchFilter:
description: |-
SearchFilter is used to filter LDAP search queries.
Example: (&(objectClass=inetOrgPerson)(gidNumber=500)(uid=%s))
%s can be used as a placeholder for the username.
type: string
startTls:
description: StartTLS instructs the middleware to issue a StartTLS
request when initializing the connection with the LDAP server.
type: boolean
syncedAttributes:
description: SyncedAttributes are the user attributes to synchronize
with Hub platform.
items:
enum:
- groups
- userId
- firstname
- lastname
- email
- company
type: string
maxItems: 6
type: array
url:
description: URL is the URL of the LDAP server, including the
protocol (ldap or ldaps) and the port.
type: string
x-kubernetes-validations:
- message: must be a valid LDAP URL
rule: isURL(self) && (self.startsWith('ldap://') || self.startsWith('ldaps://'))
required:
- baseDn
- url
type: object
oidc:
description: OIDC configures the OIDC authentication.
properties:
Expand Down Expand Up @@ -85,9 +184,8 @@ spec:
maxLength: 253
type: string
syncedAttributes:
description: |-
SyncedAttributes is a list of additional attributes to sync from the OIDC provider.
Each attribute must correspond to a configured claim field.
description: SyncedAttributes are the user attributes to synchronize
with Hub platform.
items:
enum:
- groups
Expand All @@ -104,9 +202,10 @@ spec:
- issuerUrl
- secretName
type: object
required:
- oidc
type: object
x-kubernetes-validations:
- message: exactly one of oidc or ldap must be specified
rule: '[has(self.oidc), has(self.ldap)].filter(x, x).size() == 1'
status:
description: The current status of this APIPortalAuth.
properties:
Expand Down
60 changes: 57 additions & 3 deletions traefik/crds/hub.traefik.io_apiauths.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -101,13 +101,67 @@ spec:
or jwksUrl must be specified
rule: '[has(self.signingSecretName), has(self.publicKey), has(self.jwksFile),
has(self.jwksUrl)].filter(x, x).size() == 1'
ldap:
description: LDAP configures LDAP authentication.
properties:
attribute:
default: cn
description: |-
Attribute is the LDAP object attribute used to form a bind DN when sending bind queries.
The bind DN is formed as <Attribute>=<Username>,<BaseDN>.
type: string
baseDn:
description: BaseDN is the base domain name that should be used
for bind and search queries.
type: string
bindDn:
description: |-
BindDN is the domain name to bind to in order to authenticate to the LDAP server when running in search mode.
If empty, an anonymous bind will be done.
type: string
bindPasswordSecretName:
description: |-
BindPasswordSecretName is the name of the Kubernetes Secret containing the password for the bind DN.
The secret must contain a key named 'password'.
maxLength: 253
type: string
certificateAuthority:
description: |-
CertificateAuthority is a PEM-encoded certificate to use to establish a connection with the LDAP server if the
connection uses TLS but that the certificate was signed by a custom Certificate Authority.
type: string
insecureSkipVerify:
description: InsecureSkipVerify controls whether the server's
certificate chain and host name is verified.
type: boolean
searchFilter:
description: |-
SearchFilter is used to filter LDAP search queries.
Example: (&(objectClass=inetOrgPerson)(gidNumber=500)(uid=%s))
%s can be used as a placeholder for the username.
type: string
startTls:
description: StartTLS instructs the middleware to issue a StartTLS
request when initializing the connection with the LDAP server.
type: boolean
url:
description: URL is the URL of the LDAP server, including the
protocol (ldap or ldaps) and the port.
type: string
x-kubernetes-validations:
- message: must be a valid LDAP URL
rule: isURL(self) && (self.startsWith('ldap://') || self.startsWith('ldaps://'))
required:
- baseDn
- url
type: object
required:
- isDefault
type: object
x-kubernetes-validations:
- message: exactly one of apiKey or jwt must be specified
rule: (has(self.apiKey) && !has(self.jwt)) || (!has(self.apiKey) &&
has(self.jwt))
- message: exactly one authentication method must be specified
rule: '[has(self.apiKey), has(self.jwt), has(self.ldap)].filter(x, x).size()
== 1'
status:
description: The current status of this APIAuth.
properties:
Expand Down
Loading