--- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: controller-gen.kubebuilder.io/version: v0.17.3 name: bindpolicies.bind.unkin.net spec: group: bind.unkin.net names: kind: BindPolicy listKind: BindPolicyList plural: bindpolicies shortNames: - bp singular: bindpolicy scope: Namespaced versions: - additionalPrinterColumns: - jsonPath: .spec.clusterRef name: Cluster type: string - jsonPath: .spec.zoneName name: Zone type: string - jsonPath: .status.ruleCount name: Rules type: integer - jsonPath: .status.ready name: Ready type: boolean name: v1alpha1 schema: openAPIV3Schema: description: BindPolicy is a Response Policy Zone (RPZ) applied to a cluster. properties: apiVersion: description: |- APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: description: |- Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object spec: description: |- BindPolicySpec defines a Response Policy Zone (RPZ) — a DNS firewall applied to a resolver cluster. properties: clusterRef: description: ClusterRef names the owning BindCluster (typically a resolver). type: string order: default: 100 description: Order controls this policy's position in the response-policy clause. format: int32 type: integer primaries: description: |- Primaries lets the RPZ zone be transferred from an external feed instead of being locally populated. items: type: string type: array rules: description: Rules are the inline policy triggers. items: description: RPZRule is a single response-policy rule. properties: action: default: nxdomain description: Action taken when the rule matches. enum: - nxdomain - nodata - passthru - drop - tcp-only - cname type: string match: description: Match is the trigger value, e.g. a domain "bad.example." or CIDR. type: string target: description: Target is the rewrite target when Action is cname. type: string trigger: default: qname description: Trigger selects what the Match is compared against. enum: - qname - client-ip - ip - nsdname - nsip type: string required: - match type: object type: array transferKeyRef: description: TransferKeyRef names the BindTSIGKey used to pull from Primaries. type: string viewRef: description: ViewRef optionally scopes the policy to a single view. type: string zoneName: description: ZoneName is the RPZ zone origin, e.g. "rpz.internal". type: string required: - clusterRef - zoneName type: object status: description: BindPolicyStatus reports observed policy state. properties: conditions: items: description: Condition contains details for one aspect of the current state of this API Resource. properties: lastTransitionTime: description: |- lastTransitionTime is the last time the condition transitioned from one status to another. This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. format: date-time type: string message: description: |- message is a human readable message indicating details about the transition. This may be an empty string. maxLength: 32768 type: string observedGeneration: description: |- observedGeneration represents the .metadata.generation that the condition was set based upon. For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date with respect to the current state of the instance. format: int64 minimum: 0 type: integer reason: description: |- reason contains a programmatic identifier indicating the reason for the condition's last transition. Producers of specific condition types may define expected values and meanings for this field, and whether the values are considered a guaranteed API. The value should be a CamelCase string. This field may not be empty. maxLength: 1024 minLength: 1 pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ type: string status: description: status of the condition, one of True, False, Unknown. enum: - "True" - "False" - Unknown type: string type: description: type of condition in CamelCase or in foo.example.com/CamelCase. maxLength: 316 pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ type: string required: - lastTransitionTime - message - reason - status - type type: object type: array x-kubernetes-list-map-keys: - type x-kubernetes-list-type: map observedGeneration: format: int64 type: integer ready: type: boolean ruleCount: description: RuleCount is the number of active rules. format: int32 type: integer type: object type: object served: true storage: true subresources: status: {}