--- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: controller-gen.kubebuilder.io/version: v0.18.0 operatorframework.io/installed-alongside-4bd893de2d7a381: kuadrant-system/rhcl-operator.v1.3.1 creationTimestamp: "2026-03-18T16:54:24Z" generation: 1 labels: olm.managed: "true" operators.coreos.com/rhcl-operator.kuadrant-system: "" managedFields: - apiVersion: apiextensions.k8s.io/v1 fieldsType: FieldsV1 fieldsV1: f:metadata: f:annotations: .: {} f:controller-gen.kubebuilder.io/version: {} f:operatorframework.io/installed-alongside-4bd893de2d7a381: {} f:labels: .: {} f:olm.managed: {} f:spec: f:conversion: .: {} f:strategy: {} f:group: {} f:names: f:kind: {} f:listKind: {} f:plural: {} f:shortNames: {} f:singular: {} f:scope: {} f:versions: {} manager: catalog operation: Update time: "2026-03-18T16:54:24Z" - apiVersion: apiextensions.k8s.io/v1 fieldsType: FieldsV1 fieldsV1: f:status: f:acceptedNames: f:kind: {} f:listKind: {} f:plural: {} f:shortNames: {} f:singular: {} f:conditions: k:{"type":"Established"}: .: {} f:lastTransitionTime: {} f:message: {} f:reason: {} f:status: {} f:type: {} k:{"type":"NamesAccepted"}: .: {} f:lastTransitionTime: {} f:message: {} f:reason: {} f:status: {} f:type: {} manager: kube-apiserver operation: Update subresource: status time: "2026-03-18T16:54:24Z" - apiVersion: apiextensions.k8s.io/v1 fieldsType: FieldsV1 fieldsV1: f:metadata: f:labels: f:operators.coreos.com/rhcl-operator.kuadrant-system: {} manager: olm operation: Update time: "2026-03-18T16:54:59Z" name: apikeys.devportal.kuadrant.io resourceVersion: "16766" uid: 5fbcbca0-e8b2-4901-8c3c-04caf84ac438 spec: conversion: strategy: None group: devportal.kuadrant.io names: kind: APIKey listKind: APIKeyList plural: apikeys shortNames: - apik singular: apikey scope: Namespaced versions: - additionalPrinterColumns: - jsonPath: .status.phase name: Phase type: string - jsonPath: .spec.apiProductRef.name name: API type: string - jsonPath: .spec.planTier name: Plan type: string - jsonPath: .spec.requestedBy.userId name: User type: string - jsonPath: .metadata.creationTimestamp name: Age type: date name: v1alpha1 schema: openAPIV3Schema: description: APIKey is the Schema for the apikeys API. properties: apiVersion: description: |- APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: description: |- Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object spec: description: APIKeySpec defines the desired state of APIKey. properties: apiProductRef: description: Reference to the APIProduct this APIKey belongs to. properties: name: type: string required: - name type: object planTier: description: PlanTier is the tier of the plan (e.g., "premium", "basic", "enterprise") type: string requestedBy: description: RequestedBy contains information about who requested the API key properties: email: description: Email is the email address of the user pattern: ^[a-zA-Z0-9._%+-]+@[a-zA-Z0-9.-]+\.[a-zA-Z]{2,}$ type: string userId: description: UserID is the identifier of the user requesting the API key type: string required: - email - userId type: object useCase: description: UseCase describes how the API key will be used type: string required: - apiProductRef - planTier - requestedBy - useCase type: object status: description: APIKeyStatus defines the observed state of APIKey. properties: apiHostname: description: APIHostname is the hostname from the HTTPRoute type: string authScheme: description: AuthScheme displays the APIKey AuthScheme properties: authenticationSpec: description: Settings to select the API key Kubernetes secrets. properties: allNamespaces: default: false description: |- Whether Authorino should look for API key secrets in all namespaces or only in the same namespace as the AuthConfig. Enabling this option in namespaced Authorino instances has no effect. type: boolean selector: description: Label selector used by Authorino to match secrets from the cluster storing valid credentials to authenticate to this service properties: matchExpressions: description: matchExpressions is a list of label selector requirements. The requirements are ANDed. items: description: |- A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. properties: key: description: key is the label key that the selector applies to. type: string operator: description: |- operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. type: string values: description: |- values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. items: type: string type: array x-kubernetes-list-type: atomic required: - key - operator type: object type: array x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string description: |- matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. type: object type: object x-kubernetes-map-type: atomic required: - selector type: object credentials: properties: authorizationHeader: properties: prefix: type: string type: object cookie: properties: name: type: string required: - name type: object customHeader: properties: name: type: string required: - name type: object queryString: properties: name: type: string required: - name type: object type: object type: object canReadSecret: default: true description: CanReadSecret expresses the permission to read the APIKey's secret type: boolean conditions: description: Conditions represent the latest available observations of the APIKey's state items: description: Condition contains details for one aspect of the current state of this API Resource. properties: lastTransitionTime: description: |- lastTransitionTime is the last time the condition transitioned from one status to another. This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. format: date-time type: string message: description: |- message is a human readable message indicating details about the transition. This may be an empty string. maxLength: 32768 type: string observedGeneration: description: |- observedGeneration represents the .metadata.generation that the condition was set based upon. For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date with respect to the current state of the instance. format: int64 minimum: 0 type: integer reason: description: |- reason contains a programmatic identifier indicating the reason for the condition's last transition. Producers of specific condition types may define expected values and meanings for this field, and whether the values are considered a guaranteed API. The value should be a CamelCase string. This field may not be empty. maxLength: 1024 minLength: 1 pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ type: string status: description: status of the condition, one of True, False, Unknown. enum: - "True" - "False" - Unknown type: string type: description: type of condition in CamelCase or in foo.example.com/CamelCase. maxLength: 316 pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ type: string required: - lastTransitionTime - message - reason - status - type type: object type: array limits: description: Limits contains the rate limits for the plan properties: custom: description: Custom defines any additional limits defined in terms of a RateLimitPolicy Rate. items: description: Rate defines the actual rate limit that will be used when there is a match properties: limit: description: Limit defines the max value allowed for a given period of time type: integer window: description: Window defines the time period for which the Limit specified above applies. pattern: ^([0-9]{1,5}(h|m|s|ms)){1,4}$ type: string required: - limit - window type: object type: array daily: description: Daily limit of requests for this plan. type: integer monthly: description: Monthly limit of requests for this plan. type: integer weekly: description: Weekly limit of requests for this plan. type: integer yearly: description: Yearly limit of requests for this plan. type: integer type: object phase: description: |- Phase represents the current phase of the APIKey Valid values are "Pending", "Approved", or "Rejected" enum: - Pending - Approved - Rejected type: string reviewedAt: description: ReviewedAt is the timestamp when the request was reviewed format: date-time type: string reviewedBy: description: ReviewedBy indicates who approved or rejected the request type: string secretRef: description: SecretRef is a reference to the created Secret properties: key: description: The key of the secret to select from. Must be a valid secret key. type: string name: description: The name of the secret in the Authorino's namespace to select from. type: string required: - key - name type: object type: object type: object served: true storage: true subresources: status: {} status: acceptedNames: kind: APIKey listKind: APIKeyList plural: apikeys shortNames: - apik singular: apikey conditions: - lastTransitionTime: "2026-03-18T16:54:24Z" message: no conflicts found reason: NoConflicts status: "True" type: NamesAccepted - lastTransitionTime: "2026-03-18T16:54:24Z" message: the initial names have been accepted reason: InitialNamesAccepted status: "True" type: Established storedVersions: - v1alpha1