apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: name: bots.citrix.com spec: group: citrix.com names: kind: bot plural: bots singular: bot scope: Namespaced versions: - name: v1 served: true storage: true subresources: status: {} additionalPrinterColumns: - name: Status type: string description: "Current Status of the CRD" jsonPath: .status.state - name: Message type: string description: "Status Message" jsonPath: .status.status_message schema: openAPIV3Schema: type: object required: [spec] properties: status: type: object properties: state: type: string status_message: type: string spec: type: object properties: ingressclass: type: string description: "Ingress class, if not specified then all Netscaler ingress controllers in the cluster will process the resource otherwise only the controller with that ingress class will process this resource" servicenames: description: 'Name of the services to which the bot policies are applied.' type: array items: type: string maxLength: 127 signatures: description: 'Location of external bot signature file' type: string redirect_url: description: 'url to redirect when bot violation is hit' type: string target: description: 'To control what traffic to be inspected by BOT. If you do not provide the target, everything will be inspected by default' type: object properties: path: type: array description: "List of http urls to inspect" items: type: string description: "URL path" method: type: array description: "List of http methods to inspect" items: type: string enum: ['GET', 'PUT', 'POST', 'DELETE', 'HEAD', 'OPTIONS', 'TRACE', 'CONNECT','PATCH', 'UNKNOWN_METHOD'] header: type: array description: "List of http headers to inspect" items: type: string description: "header name" security_checks: description: 'To enable/disable bot ecurity checks' type: object properties: allow_list: type: string enum: ['ON', 'OFF'] block_list: type: string enum: ['ON', 'OFF'] device_fingerprint: type: string enum: ['ON', 'OFF'] device_fingerprint_action: type: object x-kubernetes-preserve-unknown-fields: true headless_browser: type: string enum: ['ON','OFF'] reputation: type: string enum: ['ON', 'OFF'] ratelimit: type: string enum: ['ON', 'OFF'] tps: type: string enum: ['ON', 'OFF'] trap: type: object x-kubernetes-preserve-unknown-fields: true bindings: description: 'Section which contains binding rules for bot security checks' type: object properties: allow_list: type: array items: type: object properties: subnet: type: object x-kubernetes-preserve-unknown-fields: true ip: type: object x-kubernetes-preserve-unknown-fields: true ipv6: type: object x-kubernetes-preserve-unknown-fields: true ipv6_subnet: type: object x-kubernetes-preserve-unknown-fields: true expression: type: object x-kubernetes-preserve-unknown-fields: true block_list: type: array items: type: object properties: subnet: type: object x-kubernetes-preserve-unknown-fields: true ip: type: object x-kubernetes-preserve-unknown-fields: true ipv6: type: object x-kubernetes-preserve-unknown-fields: true ipv6_subnet: type: object x-kubernetes-preserve-unknown-fields: true expression: type: object x-kubernetes-preserve-unknown-fields: true ratelimit: type: array items: type: object properties: url: type: object x-kubernetes-preserve-unknown-fields: true ip: type: object x-kubernetes-preserve-unknown-fields: true cookie: type: object x-kubernetes-preserve-unknown-fields: true geolocation: type: object x-kubernetes-preserve-unknown-fields: true reputation: type: object x-kubernetes-preserve-unknown-fields: true captcha: type: array items: type: object x-kubernetes-preserve-unknown-fields: true properties: logexp: type: array items: type: object x-kubernetes-preserve-unknown-fields: true properties: kbmexpr: type: array items: type: object x-kubernetes-preserve-unknown-fields: true properties: tps: type: object properties: geolocation: type: object x-kubernetes-preserve-unknown-fields: true host: type: object x-kubernetes-preserve-unknown-fields: true ip: type: object x-kubernetes-preserve-unknown-fields: true url: type: object x-kubernetes-preserve-unknown-fields: true trapinsertion: type: object x-kubernetes-preserve-unknown-fields: true