← Back to index Esc
Kind
Apiportalauth
Group
hub.traefik.io
Version
v1alpha1
apiVersion: hub.traefik.io/v1alpha1 kind: Apiportalauth metadata: name: example
View raw schema
apiVersion string
APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
kind string
Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
metadata object
spec object
The desired behavior of this APIPortalAuth.
ldap object
LDAP configures the LDAP authentication.
attribute string
Attribute is the LDAP object attribute used to form a bind DN when sending bind queries. The bind DN is formed as <Attribute>=<Username>,<BaseDN>.
attributes object
Attributes configures LDAP attribute mappings for user attributes.
company string
Company is the LDAP attribute for user company.
email string
Email is the LDAP attribute for user email.
firstname string
Firstname is the LDAP attribute for user first name.
lastname string
Lastname is the LDAP attribute for user last name.
userId string
UserID is the LDAP attribute for user ID mapping.
baseDn string required
BaseDN is the base domain name that should be used for bind and search queries.
bindDn string
BindDN is the domain name to bind to in order to authenticate to the LDAP server when running in search mode. If empty, an anonymous bind will be done.
bindPasswordSecretName string
BindPasswordSecretName is the name of the Kubernetes Secret containing the password for the bind DN. The secret must contain a key named 'password'.
maxLength: 253
certificateAuthority string
CertificateAuthority is a PEM-encoded certificate to use to establish a connection with the LDAP server if the connection uses TLS but that the certificate was signed by a custom Certificate Authority.
groups object
Groups configures group extraction.
memberOfAttribute string
MemberOfAttribute is the LDAP attribute containing group memberships (e.g., "memberOf").
insecureSkipVerify boolean
InsecureSkipVerify controls whether the server's certificate chain and host name is verified.
searchFilter string
SearchFilter is used to filter LDAP search queries. Example: (&(objectClass=inetOrgPerson)(gidNumber=500)(uid=%s)) %s can be used as a placeholder for the username.
startTls boolean
StartTLS instructs the middleware to issue a StartTLS request when initializing the connection with the LDAP server.
syncedAttributes []string
SyncedAttributes are the user attributes to synchronize with Hub platform.
maxItems: 6
url string required
URL is the URL of the LDAP server, including the protocol (ldap or ldaps) and the port.
oidc object
OIDC configures the OIDC authentication.
claims object required
Claims configures JWT claim mappings for user attributes.
company string
Company is the JWT claim for user company.
email string
Email is the JWT claim for user email.
firstname string
Firstname is the JWT claim for user first name.
groups string required
Groups is the JWT claim for user groups. This field is required for authorization.
lastname string
Lastname is the JWT claim for user last name.
userId string
UserID is the JWT claim for user ID mapping.
issuerUrl string required
IssuerURL is the OIDC provider issuer URL.
scopes []string
Scopes is a list of OAuth2 scopes.
secretName string required
SecretName is the name of the Kubernetes Secret containing clientId and clientSecret keys.
maxLength: 253
syncedAttributes []string
SyncedAttributes are the user attributes to synchronize with Hub platform.
maxItems: 6
status object
The current status of this APIPortalAuth.
conditions []object
lastTransitionTime string required
lastTransitionTime is the last time the condition transitioned from one status to another. This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.
format: date-time
message string required
message is a human readable message indicating details about the transition. This may be an empty string.
maxLength: 32768
observedGeneration integer
observedGeneration represents the .metadata.generation that the condition was set based upon. For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date with respect to the current state of the instance.
format: int64
minimum: 0
reason string required
reason contains a programmatic identifier indicating the reason for the condition's last transition. Producers of specific condition types may define expected values and meanings for this field, and whether the values are considered a guaranteed API. The value should be a CamelCase string. This field may not be empty.
pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
minLength: 1
maxLength: 1024
status string required
status of the condition, one of True, False, Unknown.
enum: True, False, Unknown
type string required
type of condition in CamelCase or in foo.example.com/CamelCase.
pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
maxLength: 316
hash string
Hash is a hash representing the APIPortalAuth.
syncedAt string
format: date-time
version string
Copied!