Ambassador · Schema
TLSContextSpec
Specification for a TLSContext resource
API DevelopmentGatewaysIngressKubernetesMock ServersMocksPlatformTesting
Properties
| Name | Type | Description |
|---|---|---|
| hosts | array | Hostnames this TLSContext applies to |
| secret | string | Name of the Kubernetes Secret containing TLS certificates |
| cert_chain_file | string | Path to the certificate chain PEM file (alternative to secret) |
| private_key_file | string | Path to the private key PEM file (alternative to secret) |
| ca_secret | string | Name of the Kubernetes Secret containing CA certificates for client verification |
| cert_required | boolean | Whether client TLS certificates are required (mTLS) |
| min_tls_version | string | Minimum TLS version to accept |
| max_tls_version | string | Maximum TLS version to accept |
| cipher_suites | array | Allowed TLS cipher suites |
| ecdh_curves | array | Allowed ECDH curves |
| alpn_protocols | string | ALPN protocols to advertise |
| redirect_cleartext_from | integer | Port number from which to redirect cleartext traffic to TLS |
| sni | string | SNI hostname to present for outbound TLS connections |
| ambassador_id | array | Ambassador IDs that should use this TLSContext |
JSON Schema
{
"$schema": "https://json-schema.org/draft/2020-12/schema",
"$id": "#/components/schemas/TLSContextSpec",
"title": "TLSContextSpec",
"type": "object",
"description": "Specification for a TLSContext resource",
"properties": {
"hosts": {
"type": "array",
"description": "Hostnames this TLSContext applies to",
"items": {
"type": "string"
},
"example": []
},
"secret": {
"type": "string",
"description": "Name of the Kubernetes Secret containing TLS certificates",
"example": "example_value"
},
"cert_chain_file": {
"type": "string",
"description": "Path to the certificate chain PEM file (alternative to secret)",
"example": "example_value"
},
"private_key_file": {
"type": "string",
"description": "Path to the private key PEM file (alternative to secret)",
"example": "example_value"
},
"ca_secret": {
"type": "string",
"description": "Name of the Kubernetes Secret containing CA certificates for client verification",
"example": "example_value"
},
"cert_required": {
"type": "boolean",
"description": "Whether client TLS certificates are required (mTLS)",
"default": false,
"example": true
},
"min_tls_version": {
"type": "string",
"description": "Minimum TLS version to accept",
"enum": [
"v1.0",
"v1.1",
"v1.2",
"v1.3"
],
"default": "v1.2",
"example": "v1.0"
},
"max_tls_version": {
"type": "string",
"description": "Maximum TLS version to accept",
"enum": [
"v1.0",
"v1.1",
"v1.2",
"v1.3"
],
"default": "v1.3",
"example": "v1.0"
},
"cipher_suites": {
"type": "array",
"description": "Allowed TLS cipher suites",
"items": {
"type": "string"
},
"example": []
},
"ecdh_curves": {
"type": "array",
"description": "Allowed ECDH curves",
"items": {
"type": "string"
},
"example": []
},
"alpn_protocols": {
"type": "string",
"description": "ALPN protocols to advertise",
"example": "example_value"
},
"redirect_cleartext_from": {
"type": "integer",
"description": "Port number from which to redirect cleartext traffic to TLS",
"example": 10
},
"sni": {
"type": "string",
"description": "SNI hostname to present for outbound TLS connections",
"example": "example_value"
},
"ambassador_id": {
"type": "array",
"description": "Ambassador IDs that should use this TLSContext",
"items": {
"type": "string"
},
"example": "500123"
}
}
}