@@ -278,6 +278,285 @@ spec:
278278 type : object
279279 maxItems : 10
280280 type : array
281+ egressPolicy :
282+ description : |-
283+ EgressPolicy defines the default outbound network policy for actors
284+ created from this template.
285+ properties :
286+ allow :
287+ description : Allow contains destination rules actors created from
288+ this template may reach.
289+ items :
290+ properties :
291+ headers :
292+ description : Headers defines logging and trace handling
293+ for headers on matching traffic.
294+ properties :
295+ redact :
296+ description : Redact is the list of headers that must
297+ be redacted from egress logs and traces.
298+ items :
299+ type : string
300+ type : array
301+ type : object
302+ name :
303+ description : Name is an optional human-readable identifier
304+ for this rule.
305+ type : string
306+ pathPrefixes :
307+ description : PathPrefixes is the list of HTTP path prefixes
308+ matched by this rule.
309+ items :
310+ type : string
311+ type : array
312+ paths :
313+ description : Paths is the list of exact HTTP paths matched
314+ by this rule.
315+ items :
316+ type : string
317+ type : array
318+ ports :
319+ description : |-
320+ Ports is the list of destination ports matched by this rule.
321+ If empty, the rule applies to all destination ports.
322+ items :
323+ properties :
324+ port :
325+ description : Port is the destination port number.
326+ format : int32
327+ type : integer
328+ protocol :
329+ description : Protocol is the transport protocol for
330+ this port.
331+ type : string
332+ required :
333+ - port
334+ type : object
335+ type : array
336+ rateLimit :
337+ description : RateLimit defines request or token rate limits
338+ for matching traffic.
339+ items :
340+ properties :
341+ dimensions :
342+ description : |-
343+ Dimensions selects the bucket keys used by the enforcement layer, such as
344+ actor, template, or namespace.
345+ items :
346+ type : string
347+ type : array
348+ max :
349+ description : Max is the maximum number of requests
350+ or tokens allowed during Window.
351+ format : int64
352+ type : integer
353+ type :
354+ description : Type selects request-based or LLM token-based
355+ rate limiting.
356+ enum :
357+ - Requests
358+ - Tokens
359+ type : string
360+ window :
361+ description : Window is the time window for this limit,
362+ such as 1m or 1h.
363+ type : string
364+ required :
365+ - max
366+ - type
367+ - window
368+ type : object
369+ type : array
370+ tls :
371+ description : TLS defines transport security requirements
372+ for this destination.
373+ properties :
374+ mode :
375+ description : Mode controls how TLS is handled for matching
376+ egress traffic.
377+ enum :
378+ - Require
379+ - Originate
380+ - Disable
381+ type : string
382+ required :
383+ description : Required controls whether matching egress
384+ traffic must use TLS.
385+ type : boolean
386+ type : object
387+ to :
388+ description : To lists the destinations matched by this rule.
389+ items :
390+ properties :
391+ host :
392+ description : Host is the DNS name to match for egress
393+ traffic.
394+ type : string
395+ ipBlock :
396+ description : IPBlock is the IP range to match for
397+ egress traffic.
398+ properties :
399+ cidr :
400+ description : CIDR is an IP address range in CIDR
401+ notation.
402+ type : string
403+ required :
404+ - cidr
405+ type : object
406+ type : object
407+ type : array
408+ type : object
409+ type : array
410+ audit :
411+ description : Audit configures egress logging and tracing for actors
412+ created from this template.
413+ properties :
414+ logs :
415+ description : Logs enables egress access logs for actors created
416+ from this template.
417+ type : boolean
418+ redactHeaders :
419+ description : RedactHeaders is the list of headers that must
420+ be redacted from audit output.
421+ items :
422+ type : string
423+ type : array
424+ traces :
425+ description : Traces enables egress tracing for actors created
426+ from this template.
427+ type : boolean
428+ type : object
429+ defaultAction :
430+ description : DefaultAction is applied when no allow rule matches.
431+ enum :
432+ - Allow
433+ - Deny
434+ type : string
435+ deny :
436+ description : Deny contains destination rules actors created from
437+ this template may not reach.
438+ items :
439+ properties :
440+ headers :
441+ description : Headers defines logging and trace handling
442+ for headers on matching traffic.
443+ properties :
444+ redact :
445+ description : Redact is the list of headers that must
446+ be redacted from egress logs and traces.
447+ items :
448+ type : string
449+ type : array
450+ type : object
451+ name :
452+ description : Name is an optional human-readable identifier
453+ for this rule.
454+ type : string
455+ pathPrefixes :
456+ description : PathPrefixes is the list of HTTP path prefixes
457+ matched by this rule.
458+ items :
459+ type : string
460+ type : array
461+ paths :
462+ description : Paths is the list of exact HTTP paths matched
463+ by this rule.
464+ items :
465+ type : string
466+ type : array
467+ ports :
468+ description : |-
469+ Ports is the list of destination ports matched by this rule.
470+ If empty, the rule applies to all destination ports.
471+ items :
472+ properties :
473+ port :
474+ description : Port is the destination port number.
475+ format : int32
476+ type : integer
477+ protocol :
478+ description : Protocol is the transport protocol for
479+ this port.
480+ type : string
481+ required :
482+ - port
483+ type : object
484+ type : array
485+ rateLimit :
486+ description : RateLimit defines request or token rate limits
487+ for matching traffic.
488+ items :
489+ properties :
490+ dimensions :
491+ description : |-
492+ Dimensions selects the bucket keys used by the enforcement layer, such as
493+ actor, template, or namespace.
494+ items :
495+ type : string
496+ type : array
497+ max :
498+ description : Max is the maximum number of requests
499+ or tokens allowed during Window.
500+ format : int64
501+ type : integer
502+ type :
503+ description : Type selects request-based or LLM token-based
504+ rate limiting.
505+ enum :
506+ - Requests
507+ - Tokens
508+ type : string
509+ window :
510+ description : Window is the time window for this limit,
511+ such as 1m or 1h.
512+ type : string
513+ required :
514+ - max
515+ - type
516+ - window
517+ type : object
518+ type : array
519+ tls :
520+ description : TLS defines transport security requirements
521+ for this destination.
522+ properties :
523+ mode :
524+ description : Mode controls how TLS is handled for matching
525+ egress traffic.
526+ enum :
527+ - Require
528+ - Originate
529+ - Disable
530+ type : string
531+ required :
532+ description : Required controls whether matching egress
533+ traffic must use TLS.
534+ type : boolean
535+ type : object
536+ to :
537+ description : To lists the destinations matched by this rule.
538+ items :
539+ properties :
540+ host :
541+ description : Host is the DNS name to match for egress
542+ traffic.
543+ type : string
544+ ipBlock :
545+ description : IPBlock is the IP range to match for
546+ egress traffic.
547+ properties :
548+ cidr :
549+ description : CIDR is an IP address range in CIDR
550+ notation.
551+ type : string
552+ required :
553+ - cidr
554+ type : object
555+ type : object
556+ type : array
557+ type : object
558+ type : array
559+ type : object
281560 pauseImage :
282561 description : |-
283562 PauseImage is the container to use as the root sandbox container.
0 commit comments