Appendix A. YAML for the Skupper policy CRD
The policy system allows a cluster administrator restrict Skupper usage on a cluster. It is not required for typical Skupper usage.
The following YAML applies the Skupper policy CRD to a cluster.
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
name: skupperclusterpolicies.skupper.io
spec:
group: skupper.io
versions:
- name: v1alpha1
served: true
storage: true
schema:
openAPIV3Schema:
type: object
properties:
spec:
type: object
properties:
namespaces:
type: array
items:
type: string
allowIncomingLinks:
type: boolean
allowedOutgoingLinksHostnames:
type: array
items:
type: string
allowedExposedResources:
type: array
items:
type: string
allowedServices:
type: array
items:
type: string
scope: Cluster
names:
plural: skupperclusterpolicies
singular: skupperclusterpolicy
kind: SkupperClusterPolicy
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
labels:
application: skupper-service-controller
name: skupper-service-controller
rules:
- apiGroups:
- skupper.io
resources:
- skupperclusterpolicies
verbs:
- get
- list
- watch
- apiGroups:
- ""
resources:
- namespaces
verbs:
- get