Ambassador · Schema

TLSContextSpec

Specification for a TLSContext resource

API DevelopmentGatewaysIngressKubernetesMock ServersMocksPlatformTesting

Properties

Name Type Description
hosts array Hostnames this TLSContext applies to
secret string Name of the Kubernetes Secret containing TLS certificates
cert_chain_file string Path to the certificate chain PEM file (alternative to secret)
private_key_file string Path to the private key PEM file (alternative to secret)
ca_secret string Name of the Kubernetes Secret containing CA certificates for client verification
cert_required boolean Whether client TLS certificates are required (mTLS)
min_tls_version string Minimum TLS version to accept
max_tls_version string Maximum TLS version to accept
cipher_suites array Allowed TLS cipher suites
ecdh_curves array Allowed ECDH curves
alpn_protocols string ALPN protocols to advertise
redirect_cleartext_from integer Port number from which to redirect cleartext traffic to TLS
sni string SNI hostname to present for outbound TLS connections
ambassador_id array Ambassador IDs that should use this TLSContext
View JSON Schema on GitHub

JSON Schema

ambassador-tls-context-spec-schema.json Raw ↑ 
{
  "$schema": "https://json-schema.org/draft/2020-12/schema",
  "title": "TLSContextSpec",
  "type": "object",
  "description": "Specification for a TLSContext resource",
  "properties": {
    "hosts": {
      "type": "array",
      "description": "Hostnames this TLSContext applies to"
    },
    "secret": {
      "type": "string",
      "description": "Name of the Kubernetes Secret containing TLS certificates"
    },
    "cert_chain_file": {
      "type": "string",
      "description": "Path to the certificate chain PEM file (alternative to secret)"
    },
    "private_key_file": {
      "type": "string",
      "description": "Path to the private key PEM file (alternative to secret)"
    },
    "ca_secret": {
      "type": "string",
      "description": "Name of the Kubernetes Secret containing CA certificates for client verification"
    },
    "cert_required": {
      "type": "boolean",
      "description": "Whether client TLS certificates are required (mTLS)"
    },
    "min_tls_version": {
      "type": "string",
      "description": "Minimum TLS version to accept"
    },
    "max_tls_version": {
      "type": "string",
      "description": "Maximum TLS version to accept"
    },
    "cipher_suites": {
      "type": "array",
      "description": "Allowed TLS cipher suites"
    },
    "ecdh_curves": {
      "type": "array",
      "description": "Allowed ECDH curves"
    },
    "alpn_protocols": {
      "type": "string",
      "description": "ALPN protocols to advertise"
    },
    "redirect_cleartext_from": {
      "type": "integer",
      "description": "Port number from which to redirect cleartext traffic to TLS"
    },
    "sni": {
      "type": "string",
      "description": "SNI hostname to present for outbound TLS connections"
    },
    "ambassador_id": {
      "type": "array",
      "description": "Ambassador IDs that should use this TLSContext"
    }
  }
}