Package v1alpha1 contains the schema definitions for NAuth custom resources (see Kubernetes API conventions).
All NAuth CRDs are standard Kubernetes resources and include:
apiVersion: API group/version, for example nauth.io/v1alpha1kind: resource type, for example Account, User, or NatsClustermetadata: Kubernetes object metadata (name, namespace, labels, annotations, etc.). See Kubernetes ObjectMeta
Account is the schema for accounts.
| Field | Type | Required | Notes |
|---|
apiVersion | string | Yes | nauth.io/v1alpha1 |
kind | string | Yes | Account |
metadata | ObjectMeta | Yes | Kubernetes metadata |
spec | AccountSpec | No | Desired state |
status | AccountStatus | No | Observed state |
| Field | Type | Required | Notes |
|---|
claims | AccountClaims | No | Effective account claims |
conditions | metav1.Condition[] | No | Standard Kubernetes conditions |
observedGeneration | int64 | No | Last observed generation |
reconcileTimestamp | metav1.Time | No | Last reconcile timestamp |
operatorVersion | string | No | Operator version that reconciled the resource |
| Field | Type | Default |
|---|
imports | int64 | -1 |
exports | int64 | -1 |
wildcards | bool | true |
conn | int64 | -1 |
leaf | int64 | -1 |
| Field | Type | Default |
|---|
memStorage | int64 | -1 |
diskStorage | int64 | -1 |
streams | int64 | -1 |
consumer | int64 | -1 |
maxAckPending | int64 | -1 |
memMaxStreamBytes | int64 | -1 |
diskMaxStreamBytes | int64 | -1 |
maxBytesRequired | bool | false |
User is the schema for users.
| Field | Type | Required | Notes |
|---|
apiVersion | string | Yes | nauth.io/v1alpha1 |
kind | string | Yes | User |
metadata | ObjectMeta | Yes | Kubernetes metadata |
spec | UserSpec | No | Desired state |
status | UserStatus | No | Observed state |
| Field | Type | Required | Notes |
|---|
accountName | string | Yes | Referenced account name |
displayName | string | No | Optional user display name |
permissions | Permissions | No | Publish/subscribe/response permissions |
userLimits | UserLimits | No | User limits |
natsLimits | NatsLimits | No | NATS limits |
| Field | Type | Required | Notes |
|---|
conditions | metav1.Condition[] | No | Standard Kubernetes conditions |
claims | UserClaims | No | Effective user claims |
observedGeneration | int64 | No | Last observed generation |
reconcileTimestamp | metav1.Time | No | Last reconcile timestamp |
operatorVersion | string | No | Operator version that reconciled the resource |
| Field | Type | Notes |
|---|
accountName | string | Deprecated |
displayName | string | Effective display name |
permissions | Permissions | Effective permissions |
natsLimits | NatsLimits | Effective NATS limits |
userLimits | UserLimits | Effective user limits |
NatsCluster is the schema for cluster connection configuration and secret references.
| Field | Type | Required | Notes |
|---|
apiVersion | string | Yes | nauth.io/v1alpha1 |
kind | string | Yes | NatsCluster |
metadata | ObjectMeta | Yes | Kubernetes metadata |
spec | NatsClusterSpec | No | Desired state |
status | NatsClusterStatus | No | Observed state |
Validation rule: exactly one of url or urlFrom must be specified.
| Field | Type | Required | Notes |
|---|
url | string | Conditional | Direct NATS URL. Mutually exclusive with urlFrom |
urlFrom | URLFromReference | Conditional | Indirect URL source. Mutually exclusive with url |
operatorSigningKeySecretRef | SecretKeyReference | Yes | Operator signing key secret reference |
systemAccountUserCredsSecretRef | SecretKeyReference | Yes | System account user creds secret reference |
| Field | Type | Required | Notes |
|---|
conditions | metav1.Condition[] | No | Standard Kubernetes conditions |
observedGeneration | int64 | No | Last observed generation |
reconcileTimestamp | metav1.Time | No | Last reconcile timestamp |
operatorVersion | string | No | Operator version that reconciled the resource |
| Field | Type | Required | Notes |
|---|
name | string | Yes | NatsCluster name |
namespace | string | No | NatsCluster namespace |
| Field | Type | Required | Notes |
|---|
kind | URLFromKind | Yes | ConfigMap or Secret |
name | string | Yes | Source object name |
namespace | string | No | Defaults to the NatsCluster namespace |
key | string | Yes | Key containing the URL value |
Enum values:
| Field | Type | Required |
|---|
name | string | Yes |
key | string | No |
| Field | Type | Default |
|---|
subs | int64 | -1 |
data | int64 | -1 |
payload | int64 | -1 |
| Field | Type |
|---|
allow | string[] |
deny | string[] |
| Field | Type |
|---|
max | int |
ttl | duration |
| Field | Type | Notes |
|---|
src | string[] | CIDR allow list |
times | TimeRange[] | Allowed time windows |
timesLocation | string | Timezone location |
| Field | Type |
|---|
start | string |
end | string |
| Field | Type | Notes |
|---|
name | string | |
subject | string | |
type | enum (stream, service) | |
tokenReq | bool | |
revocations | map[string]int64 | |
responseType | enum (Singleton, Stream, Chunked) | Service exports only |
responseThreshold | duration | |
serviceLatency | ServiceLatency | |
accountTokenPosition | uint | |
advertise | bool | |
allowTrace | bool | |
| Field | Type | Required | Notes |
|---|
accountRef | AccountRef | Yes | Referenced account resource |
name | string | No | |
subject | string | No | Exported subject to import |
account | string | No | Raw account id |
localSubject | string | No | Local remapped subject |
type | enum (stream, service) | No | |
share | bool | No | |
allowTrace | bool | No | |
| Field | Type | Required |
|---|
sampling | int | Yes |
results | string | Yes |
| Field | Type | Required |
|---|
name | string | Yes |
namespace | string | Yes |
Contains a list of Account.
Contains a list of User.
Contains a list of NatsCluster.
