apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: name: ratelimits.citrix.com spec: group: citrix.com names: kind: ratelimit plural: ratelimits singular: ratelimit scope: Namespaced versions: - name: v1beta1 served: true storage: true subresources: status: {} additionalPrinterColumns: - name: Status type: string description: "Current Status of the CRD" jsonPath: .status.state - name: Message type: string description: "Status Message" jsonPath: .status.status_message schema: openAPIV3Schema: type: object properties: status: type: object properties: state: type: string status_message: type: string spec: type: object properties: ingressclass: type: string description: "Ingress class, if not specified then all Netscaler ingress controllers in the cluster will process the resource otherwise only the controller with that ingress class will process this resource" servicenames: description: 'Name of the services to which the ratelimit policies are applied.' type: array items: type: string maxLength: 127 selector_keys: type: object description: 'Traffic match criteria to which apply above rate-limit/throttling. All keys are applied as AND condition. If no keys are specified, rate-limit applies at service level' properties: basic: type: object description: "Basic traffic stream selection criteria to which to apply the ratelimit" properties: path: type: array description: "api resource path prefix match. e.g. /api/v1/products" items: type: string method: type: array items: type: string enum: ['GET', 'PUT', 'POST', 'DELETE', 'HEAD', 'OPTIONS', 'TRACE', 'CONNECT','PATCH', 'UNKNOWN_METHOD'] header_name: description: "HTTP header that identifies the unique API client for e.g. X-apikey" type: string per_client_ip: description: "Setting this applies the throttling limit to each unique Client IP address accessing the API resource" type: boolean req_threshold: description: 'Max requests per timeslice units to be allowed' type: integer timeslice: description: 'Timeslice in miliseconds in multiple of 10. Defaults to 1000 miliseconds' type: integer limittype: description: "Burst mode or smooth. Defaults to smooth limittype if not specified" type: string enum: ['BURSTY','SMOOTH'] throttle_action: type: string enum: ['DROP', 'RESET','REDIRECT', 'RESPOND'] description: "Drop will drop the requests exceeding limits, RESET will reset the client connection, Redirect will redirect to specified URL, respond will respond with 429 'Exceeded allowed rate of requests'" redirect_url: type: string description: "Redirect-URL" logpackets: type: object description: 'Adds an audit message action. The action specifies whether to log the message, and to which log.' properties: logexpression: description: 'Default-syntax expression that defines the format and content of the log message.' type: string maxLength: 7991 loglevel: description: 'Audit log level, which specifies the severity level of the log message being generated.' type: string enum: ["EMERGENCY", "ALERT", "CRITICAL", "ERROR", "WARNING", "NOTICE", "INFORMATIONAL", "DEBUG"] required: [logexpression, loglevel] required: [req_threshold]